def do_login():
"""Authenticate users of the web-UI"""
if not admin_exists():
return redirect('/create_admin')
elif flask_login.current_user.is_authenticated:
flash(gettext(u"Cannot access login page if you're already logged in"),
"error")
return redirect(url_for('general_routes.home'))
form_login = forms_authentication.Login()
# Check if the user is banned from logging in (too many incorrect attempts)
if banned_from_login():
flash(
gettext(
u"Too many failed login attempts. Please wait %(min)s "
u"minutes before attempting to log in again",
min=(int(LOGIN_BAN_SECONDS - session['ban_time_left']) / 60) +
1), "info")
else:
if request.method == 'POST':
username = form_login.username.data.lower()
user_ip = request.environ.get('REMOTE_ADDR', 'unknown address')
user = User.query.filter(func.lower(User.name) == username).first()
if not user:
login_log(username, 'NA', user_ip, 'NOUSER')
failed_login()
elif form_login.validate_on_submit():
if User().check_password(
form_login.password.data,
user.password_hash) == user.password_hash:
login_log(username, user.roles.name, user_ip, 'LOGIN')
# flask-login user
login_user = User()
login_user.id = user.id
remember_me = True if form_login.remember.data else False
flask_login.login_user(login_user, remember=remember_me)
return redirect(url_for('general_routes.home'))
else:
login_log(username, user.roles.name, user_ip, 'FAIL')
failed_login()
else:
login_log(username, 'NA', user_ip, 'FAIL')
failed_login()
return redirect('/login')
return render_template(
'login.html',
form_login=form_login,
)
def remote_admin_login():
"""Authenticate Remote Admin login"""
password_hash = request.form.get('password_hash', None)
username = request.form.get('username', None)
if username and password_hash:
user = User.query.filter(func.lower(User.name) == username).first()
else:
user = None
if user and user.password_hash == password_hash:
login_user = User()
login_user.id = user.id
flask_login.login_user(login_user, remember=False)
return "Logged in via Remote Admin"
def newremote():
"""Verify authentication as a client computer to the remote admin."""
username = request.args.get('user')
pass_word = request.args.get('passw')
user = User.query.filter(User.name == username).first()
if user:
if User().check_password(pass_word,
user.password_hash) == user.password_hash:
try:
with open(
'/var/mycodo-root/mycodo/mycodo_flask/ssl_certs/cert.pem',
'r') as cert:
certificate_data = cert.read()
except Exception:
certificate_data = None
return jsonify(status=0,
error_msg=None,
hash=str(user.password_hash),
certificate=certificate_data)
return jsonify(status=1,
error_msg="Unable to authenticate with user and password.",
hash=None,
certificate=None)
def create_admin():
if admin_exists():
flash(gettext(
u"Cannot access admin creation form if an admin user "
u"already exists."), "error")
return redirect(url_for('general_routes.home'))
# If login token cookie from previous session exists, delete
if request.cookies.get('remember_token'):
response = clear_cookie_auth()
return response
form = flaskforms.CreateAdmin()
if request.method == 'POST':
if form.validate():
username = form.username.data.lower()
error = False
if form.password.data != form.password_repeat.data:
flash(gettext(u"Passwords do not match. Please try again."),
"error")
error = True
if not test_username(username):
flash(gettext(
u"Invalid user name. Must be between 2 and 64 characters "
u"and only contain letters and numbers."),
"error")
error = True
if not test_password(form.password.data):
flash(gettext(
u"Invalid password. Must be between 6 and 64 characters "
u"and only contain letters, numbers, and symbols."),
"error")
error = True
if error:
return redirect(url_for('general_routes.home'))
new_user = User()
new_user.name = username
new_user.email = form.email.data
new_user.set_password(form.password.data)
new_user.role = 1 # Admin
new_user.theme = 'slate'
try:
db.session.add(new_user)
db.session.commit()
flash(gettext(u"User '%(user)s' successfully created. Please "
u"log in below.", user=username),
"success")
return redirect(url_for('authentication_routes.do_login'))
except Exception as except_msg:
flash(gettext(u"Failed to create user '%(user)s': %(err)s",
user=username,
err=except_msg), "error")
else:
flash_form_errors(form)
return render_template('create_admin.html',
form=form)
def user_add(form):
action = '{action} {controller} {user}'.format(
action=gettext("Add"),
controller=gettext("User"),
user=form.user_name.data.lower())
error = []
if form.validate():
new_user = User()
new_user.name = form.user_name.data.lower()
if not test_username(new_user.name):
error.append(
gettext(
"Invalid user name. Must be between 2 and 64 characters "
"and only contain letters and numbers."))
new_user.email = form.email.data
if User.query.filter_by(email=new_user.email).count():
error.append(
gettext("Another user already has that email address."))
if not test_password(form.password_new.data):
error.append(
gettext(
"Invalid password. Must be between 6 and 64 characters "
"and only contain letters, numbers, and symbols."))
if form.password_new.data != form.password_repeat.data:
error.append(gettext("Passwords do not match. Please try again."))
if not error:
new_user.set_password(form.password_new.data)
role = Role.query.filter(Role.name == form.addRole.data).first().id
new_user.role = role
new_user.theme = form.theme.data
try:
new_user.save()
except sqlalchemy.exc.OperationalError as except_msg:
error.append(except_msg)
except sqlalchemy.exc.IntegrityError as except_msg:
error.append(except_msg)
flash_success_errors(error, action,
url_for('routes_settings.settings_users'))
else:
flash_form_errors(form)
def login_keypad_code(code):
"""Check code from keypad."""
if not admin_exists():
return redirect('/create_admin')
elif flask_login.current_user.is_authenticated:
flash(gettext("Cannot access login page if you're already logged in"),
"error")
return redirect(url_for('routes_general.home'))
# Check if the user is banned from logging in (too many incorrect attempts)
if banned_from_login():
flash(
gettext(
"Too many failed login attempts. Please wait %(min)s "
"minutes before attempting to log in again",
min=int(
(LOGIN_BAN_SECONDS - session['ban_time_left']) / 60) + 1),
"info")
else:
user = User.query.filter(User.code == code).first()
user_ip = request.environ.get('HTTP_X_FORWARDED_FOR',
'unknown address')
if not user:
login_log(code, 'NA', user_ip, 'FAIL')
failed_login()
flash("Invalid Code", "error")
time.sleep(2)
else:
role_name = Role.query.filter(Role.id == user.role_id).first().name
login_log(user.name, role_name, user_ip, 'LOGIN')
# flask-login user
login_user = User()
login_user.id = user.id
remember_me = True
flask_login.login_user(login_user, remember=remember_me)
return redirect(url_for('routes_general.home'))
return render_template('login_keypad.html',
dict_translation=TRANSLATIONS,
host=socket.gethostname())
def add_user(admin=False):
new_user = User()
print('\nAdd user to database')
while True:
user_name = raw_input('User (a-z, A-Z, 2-64 chars): ').lower()
if test_username(user_name):
new_user.name = user_name
break
while True:
user_password = getpass.getpass('Password: '******'Password (again): ')
if user_password != user_password_again:
print("Passwords don't match")
else:
if test_password(user_password):
new_user.set_password(user_password)
break
while True:
email = raw_input('Email: ')
if is_email(email):
new_user.email = email
break
if admin:
new_user.role = 1
else:
new_user.role = 4
new_user.theme = 'slate'
try:
with session_scope(MYCODO_DB_PATH) as db_session:
db_session.add(new_user)
sys.exit(0)
except sqlalchemy.exc.OperationalError:
print("Failed to create user. You most likely need to "
"create the DB before trying to create users.")
sys.exit(1)
except sqlalchemy.exc.IntegrityError:
print("Username already exists.")
sys.exit(1)
def user_roles(form):
action = None
if form.add_role.data:
action = gettext("Add")
elif form.save_role.data:
action = gettext("Modify")
elif form.delete_role.data:
action = gettext("Delete")
action = '{action} {controller}'.format(
action=action,
controller=gettext("User Role"))
error = []
if not error:
if form.add_role.data:
new_role = Role()
new_role.name = form.name.data
new_role.view_logs = form.view_logs.data
new_role.view_camera = form.view_camera.data
new_role.view_stats = form.view_stats.data
new_role.view_settings = form.view_settings.data
new_role.edit_users = form.edit_users.data
new_role.edit_settings = form.edit_settings.data
new_role.edit_controllers = form.edit_controllers.data
try:
new_role.save()
except sqlalchemy.exc.OperationalError as except_msg:
error.append(except_msg)
except sqlalchemy.exc.IntegrityError as except_msg:
error.append(except_msg)
elif form.save_role.data:
mod_role = Role.query.filter(Role.unique_id == form.role_id.data).first()
mod_role.view_logs = form.view_logs.data
mod_role.view_camera = form.view_camera.data
mod_role.view_stats = form.view_stats.data
mod_role.view_settings = form.view_settings.data
mod_role.edit_users = form.edit_users.data
mod_role.edit_settings = form.edit_settings.data
mod_role.edit_controllers = form.edit_controllers.data
db.session.commit()
elif form.delete_role.data:
if User().query.filter(User.role_id == form.role_id.data).count():
error.append(
"Cannot delete role if it is assigned to a user. "
"Change the user to another role and try again.")
else:
delete_entry_with_id(Role,
form.role_id.data)
flash_success_errors(error, action, url_for('routes_settings.settings_users'))
def newremote():
"""Verify authentication as a client computer to the remote admin"""
username = request.args.get('user')
pass_word = request.args.get('passw')
user = User.query.filter(User.name == username).first()
# TODO: Change sleep() to max requests per duration of time
time.sleep(1) # Slow down requests (hackish, prevent brute force attack)
if user:
if User().check_password(pass_word,
user.password_hash) == user.password_hash:
return jsonify(status=0,
message="{hash}".format(hash=user.password_hash))
return jsonify(status=1,
message="Unable to authenticate with user and password.")
user_valid = True
email = input("Email Address: ")
while not passwords_match and not password_valid:
password = getpass("Password: "******"Repeat Password: "******"Password don't math. Try again.")
else:
passwords_match = True
try:
with session_scope(MYCODO_DB_PATH) as db_session:
new_user = User()
new_user.unique_id = set_uuid()
new_user.name = user_name.lower()
new_user.password_hash = set_password(password)
new_user.email = email
new_user.role_id = 1
new_user.theme = 'slate'
new_user.landing_page = 'live'
new_user.language = 'en'
db_session.add(new_user)
print("Admin user '{}' successfully created.".format(user_name.lower()))
except Exception:
print(
"Error creating admin user. Refer the the traceback, below, for the error."
)
user_valid = True
email = input("Email Address: ")
while not passwords_match and not password_valid:
password = getpass("Password: "******"Repeat Password: "******"Password don't math. Try again.")
else:
passwords_match = True
try:
with session_scope(MYCODO_DB_PATH) as db_session:
new_user = User()
new_user.unique_id = set_uuid()
new_user.name = user_name.lower()
new_user.password_hash = set_password(password)
new_user.email = email
new_user.role_id = 1
new_user.theme = 'slate'
new_user.landing_page = 'live'
new_user.language = 'en'
db_session.add(new_user)
print("Admin user '{}' successfully created.".format(user_name.lower()))
except Exception:
print("Error creating admin user. Refer the the traceback, below, for the error.")
traceback.print_exc()
def create_admin():
if admin_exists():
flash(
gettext("Cannot access admin creation form if an admin user "
"already exists."), "error")
return redirect(url_for('routes_general.home'))
# If login token cookie from previous session exists, delete
if request.cookies.get('remember_token'):
response = clear_cookie_auth()
return response
form_create_admin = forms_authentication.CreateAdmin()
form_notice = forms_authentication.InstallNotice()
if request.method == 'POST':
form_name = request.form['form-name']
if form_name == 'acknowledge':
mod_misc = Misc.query.first()
mod_misc.dismiss_notification = 1
db.session.commit()
elif form_create_admin.validate():
username = form_create_admin.username.data.lower()
error = False
if form_create_admin.password.data != form_create_admin.password_repeat.data:
flash(gettext("Passwords do not match. Please try again."),
"error")
error = True
if not test_username(username):
flash(
gettext(
"Invalid user name. Must be between 2 and 64 characters "
"and only contain letters and numbers."), "error")
error = True
if not test_password(form_create_admin.password.data):
flash(
gettext(
"Invalid password. Must be between 6 and 64 characters "
"and only contain letters, numbers, and symbols."),
"error")
error = True
if error:
return redirect(url_for('routes_general.home'))
new_user = User()
new_user.name = username
new_user.email = form_create_admin.email.data
new_user.set_password(form_create_admin.password.data)
new_user.role_id = 1 # Admin
new_user.theme = 'spacelab'
try:
db.session.add(new_user)
db.session.commit()
flash(
gettext(
"User '%(user)s' successfully created. Please "
"log in below.",
user=username), "success")
return redirect(url_for('routes_authentication.login_check'))
except Exception as except_msg:
flash(
gettext("Failed to create user '%(user)s': %(err)s",
user=username,
err=except_msg), "error")
else:
utils_general.flash_form_errors(form_create_admin)
dismiss_notification = Misc.query.first().dismiss_notification
return render_template('create_admin.html',
dict_translation=TRANSLATIONS,
dismiss_notification=dismiss_notification,
form_create_admin=form_create_admin,
form_notice=form_notice)
def login_password():
"""Authenticate users of the web-UI."""
if not admin_exists():
return redirect('/create_admin')
elif flask_login.current_user.is_authenticated:
flash(gettext("Cannot access login page if you're already logged in"),
"error")
return redirect(url_for('routes_general.home'))
form_login = forms_authentication.Login()
# Check if the user is banned from logging in (too many incorrect attempts)
if banned_from_login():
flash(
gettext(
"Too many failed login attempts. Please wait %(min)s "
"minutes before attempting to log in again",
min=int(
(LOGIN_BAN_SECONDS - session['ban_time_left']) / 60) + 1),
"info")
else:
if request.method == 'POST':
username = form_login.username.data.lower()
user_ip = request.environ.get('HTTP_X_FORWARDED_FOR',
'unknown address')
user = User.query.filter(func.lower(User.name) == username).first()
if not user:
login_log(username, 'NA', user_ip, 'NOUSER')
failed_login()
elif form_login.validate_on_submit():
matched_hash = User().check_password(form_login.password.data,
user.password_hash)
# Encode stored password hash if it's a str
password_hash = user.password_hash
if isinstance(user.password_hash, str):
password_hash = user.password_hash.encode('utf-8')
if matched_hash == password_hash:
user = User.query.filter(User.name == username).first()
role_name = Role.query.filter(
Role.id == user.role_id).first().name
login_log(username, role_name, user_ip, 'LOGIN')
# flask-login user
login_user = User()
login_user.id = user.id
remember_me = True if form_login.remember.data else False
flask_login.login_user(login_user, remember=remember_me)
return redirect(url_for('routes_general.home'))
else:
user = User.query.filter(User.name == username).first()
role_name = Role.query.filter(
Role.id == user.role_id).first().name
login_log(username, role_name, user_ip, 'FAIL')
failed_login()
else:
login_log(username, 'NA', user_ip, 'FAIL')
failed_login()
return redirect('/login')
return render_template('login_password.html',
dict_translation=TRANSLATIONS,
form_login=form_login,
host=socket.gethostname())
def do_login():
"""Authenticate users of the web-UI"""
if not admin_exists():
return redirect('/create_admin')
elif flask_login.current_user.is_authenticated:
flash(gettext(u"Cannot access login page if you're already logged in"),
"error")
return redirect(url_for('general_routes.home'))
form = flaskforms.Login()
form_notice = flaskforms.InstallNotice()
misc = Misc.query.first()
dismiss_notification = misc.dismiss_notification
stats_opt_out = misc.stats_opt_out
# Check if the user is banned from logging in (too many incorrect attempts)
if banned_from_login():
flash(gettext(
u"Too many failed login attempts. Please wait %(min)s "
u"minutes before attempting to log in again",
min=(int(LOGIN_BAN_SECONDS - session['ban_time_left']) / 60) + 1),
"info")
else:
if request.method == 'POST':
username = form.username.data.lower()
user_ip = request.environ.get('REMOTE_ADDR', 'unknown address')
form_name = request.form['form-name']
if form_name == 'acknowledge':
try:
mod_misc = Misc.query.first()
mod_misc.dismiss_notification = 1
db.session.commit()
except Exception as except_msg:
flash(gettext(u"Acknowledgement unable to be saved: "
u"%(err)s", err=except_msg), "error")
elif form_name == 'login' and form.validate_on_submit():
user = User.query.filter(
User.name == username).first()
if not user:
login_log(username, 'NA', user_ip, 'NOUSER')
failed_login()
elif User().check_password(
form.password.data,
user.password_hash) == user.password_hash:
login_log(username, user.roles.name, user_ip, 'LOGIN')
# flask-login user
login_user = User()
login_user.id = user.id
remember_me = True if form.remember.data else False
flask_login.login_user(login_user, remember=remember_me)
return redirect(url_for('general_routes.home'))
else:
login_log(username, user.roles.name, user_ip, 'FAIL')
failed_login()
else:
login_log(username, 'NA', user_ip, 'FAIL')
failed_login()
return redirect('/login')
return render_template('login.html',
form=form,
formNotice=form_notice,
dismiss_notification=dismiss_notification,
stats_opt_out=stats_opt_out)
