def authenticate_user(self, **kwargs):
name, password = kwargs["username"], kwargs["password"]
if not name or not password:
return False
user = db.get_user(name)
default_method = vs.settings["authentication"]["default"]
user_method = getattr(user, "authentication", default_method)
method = kwargs.get("authentication_method", user_method)
if method not in vs.settings["authentication"]["methods"]:
return False
elif method == "database":
if not user:
return False
hash = vs.settings["security"]["hash_user_passwords"]
verify = argon2.verify if hash else str.__eq__
user_password = self.get_password(user.password)
success = user and user_password and verify(password, user_password)
return user if success else False
else:
authentication_function = getattr(vs.custom, f"{method}_authentication")
response = authentication_function(user, name, password)
if not response:
return False
elif not user:
user = db.factory("user", authentication=method, **response)
db.session.commit()
return user
def decorated_function(*args, **kwargs):
remote_address = request.environ["REMOTE_ADDR"]
client_address = request.environ.get("HTTP_X_FORWARDED_FOR",
remote_address)
rest_request = request.path.startswith("/rest/")
endpoint = "/".join(request.path.split("/")[:2 + rest_request])
request_property = f"{request.method.lower()}_requests"
endpoint_rbac = vs.rbac[request_property].get(endpoint)
if not current_user.is_authenticated:
login_user(db.get_user("admin"))
username = getattr(current_user, "name", "Unknown")
if not endpoint_rbac:
status_code = 404
else:
try:
result = function(*args, **kwargs)
status_code = 200
except (db.rbac_error, Forbidden):
status_code = 403
except NotFound:
status_code = 404
except Exception:
status_code, traceback = 500, format_exc()
log = (f"USER: {username} ({client_address}) - "
f"{request.method} {request.path} ({status_code})")
if status_code == 500:
log += f"\n{traceback}"
env.log(Server.status_log_level[status_code],
log,
change_log=False)
if status_code == 200:
return result
elif endpoint == "/login" or request.method == "GET" and not rest_request:
if (not current_user.is_authenticated and not rest_request
and endpoint != "/login"):
url = url_for("blueprint.route",
page="login",
next_url=request.url)
return redirect(login_url(url))
next_url = request.args.get("next_url")
login_link = login_url(
url_for("blueprint.route", page="login",
next_url=next_url))
return (
render_template("error.html",
error=status_code,
login_url=login_link),
status_code,
)
else:
error_message = Server.status_error_message[status_code]
alert = f"Error {status_code} - {error_message}"
return jsonify({"alert": alert}), status_code
def initialize_database(self):
self.init_plugins()
self.init_services()
db.private_properties_set |= set(
sum(db.private_properties.values(), []))
db.base.metadata.create_all(bind=db.engine)
configure_mappers()
db.configure_model_events(self)
if self.cli_command:
return
self.init_forms()
if not db.get_user("admin"):
self.create_admin_user()
self.migration_import(
name=self.settings["app"].get("startup_migration", "default"),
import_export_types=db.import_export_models,
)
self.update_credentials()
self.get_git_content()
self.configure_server_id()
self.reset_run_status()
db.session.commit()
def get_password(username):
return getattr(db.get_user(username), "password", False)
def request_loader(request):
return db.get_user(request.form.get("name"))
def user_loader(name):
return db.get_user(name)