def login():
data = dict(request.get_json())
if 'email' not in data or 'password' not in data:
return login_response(None, False, False)
with DBConnection() as conn:
col = conn.db.get_collection(db_config.USER_COL)
user = col.find_one({'email': data['email']})
if not user:
return login_response(data['email'], None, False, False)
auth_success = auth_user(user, data['password'])
user_id = user['user_id'] if auth_success else None
return login_response(data['email'], user_id, True, auth_success)
def login():
error = None
next_url = request.args.get('next', url_for('index'))
if request.method == 'POST':
email = request.form.get('email')
password = request.form.get('password')
remember = request.form.get('remember', "no") == "yes"
if not all([email, password]):
error = 'Email and password is required!'
else:
user = auth_user(email, password)
if user is None:
error = 'Invalid email or password!'
else:
if login_user(user, remember=remember):
flash('Logged in successfully.')
return redirect(next_url)
return render_template('login.html', error=error)
def login():
error = None
next_url = request.args.get('next', url_for('index'))
if request.method == 'POST':
email = request.form.get('email')
password = request.form.get('password')
remember = request.form.get('remember', "no") == "yes"
if not all([email, password]):
error = 'Email and password is required!'
else:
user = auth_user(email, password)
if user is None:
error = 'Invalid email or password!'
else:
if login_user(user, remember=remember):
flash('Logged in successfully.')
return redirect(next_url)
return render_template('login.html', error=error)
def show_login():
page_name = 'login'
if request.method.lower() == 'get':
page_content = render_template("login.html")
return render_page(page_content, "login")
username = request.form.get("username") or ""
password = request.form.get("password") or ""
verification_code = request.form.get("verification_code") or ""
if not (username and password and verification_code):
page_content = render_template("login.html", message='Missing field')
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template("login.html",
message='Invalid credentials')
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user["user_ip"])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template("login.html",
message='Invalid verification code')
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config["COOKIE_SECRET"], username,
request.remote_addr)
response = app.make_response(redirect("/"))
response.set_cookie('session', session_cookie)
return response
page_content = render_template("login.html")
return render_page(page_content, page_name)
def show_login():
page_name = 'login'
if request.method.lower() == 'get':
page_content = render_template("login.html")
return render_page(page_content, "login")
username = request.form.get("username") or ""
password = request.form.get("password") or ""
verification_code = request.form.get("verification_code") or ""
if not (username and password and verification_code):
page_content = render_template("login.html", message='Missing field')
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template("login.html", message='Invalid credentials')
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user["user_ip"])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template("login.html", message='Invalid verification code')
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config["COOKIE_SECRET"], username, request.remote_addr)
response = app.make_response(redirect("/"))
response.set_cookie('session', session_cookie)
return response
page_content = render_template("login.html")
return render_page(page_content, page_name)
def show_login():
page_name = "login"
if request.method.lower() == "get":
page_content = render_template('login.html')
return render_page(page_content, 'login')
username = request.form.get('username') or ''
password = request.form.get('password') or ''
verification_code = request.form.get('verification_code') or ''
if not (username and password and verification_code):
page_content = render_template('login.html', message="Missing field")
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template('login.html', message="Invalid credentials")
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user['user_ip'])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template('login.html', message="Invalid verification code")
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config['COOKIE_SECRET'], username, request.remote_addr)
response = app.make_response(redirect('/'))
response.set_cookie("session", session_cookie)
return response
page_content = render_template('login.html')
return render_page(page_content, page_name)
