예제 #1
0
def test_otp_enabled():
    user_email = '*****@*****.**'
    assert otp.is_enabled(user_email, current_app.config) is True
예제 #2
0
def test_otp_disabled_user_no_bypass():
    user_email = '*****@*****.**'
    assert otp.is_enabled(user_email, current_app.config) is False
예제 #3
0
def signin():
    """
    Signin method for PYBOSSA users.

    Returns a Jinja2 template with the result of signing process.

    """
    form = LoginForm(request.body)
    isLdap = current_app.config.get('LDAP_HOST', False)
    if (request.method == 'POST' and form.validate()
            and isLdap is False):
        password = form.password.data
        email_addr = form.email.data.lower()
        user = user_repo.search_by_email(email_addr=email_addr)
        if user and user.check_password(password):
            # Check if the user can bypass two-factor authentication.
            if otp.is_enabled(user.email_addr, current_app.config):
                # Enforce two-factor authentication.
                if not user.enabled:
                    return disable_redirect()
                _email_two_factor_auth(user)
                url_token = otp.generate_url_token(user.email_addr)
                next_url = is_own_url_or_else(request.args.get('next'), url_for('home.home'))

                return redirect_content_type(url_for('account.otpvalidation',
                                             token=url_token,
                                             next=next_url))
            else:
                # Bypass two-factor authentication.
                msg_1 = gettext('Welcome back') + ' ' + user.fullname
                flash(msg_1, 'success')
                return _sign_in_user(user)
        elif user:
            msg, method = get_user_signup_method(user)
            if method == 'local':
                msg = gettext('Ooops, Incorrect email/password')
                flash(msg, 'error')
            else:
                flash(msg, 'info')
        else:
            msg = gettext("Ooops, we didn't find you in the system, \
                          did you sign up?")
            flash(msg, 'info')

    if (request.method == 'POST' and form.validate()
            and isLdap):
        password = form.password.data
        cn = form.email.data
        ldap_user = None
        if ldap.bind_user(cn, password):
            ldap_user = ldap.get_object_details(cn)
            key = current_app.config.get('LDAP_USER_FILTER_FIELD')
            value = ldap_user[key][0]
            user_db = user_repo.get_by(ldap=value)
            if (user_db is None):
                keyfields = current_app.config.get('LDAP_PYBOSSA_FIELDS')
                user_data = dict(fullname=ldap_user[keyfields['fullname']][0],
                                 name=ldap_user[keyfields['name']][0],
                                 email_addr=ldap_user[keyfields['email_addr']][0],
                                 valid_email=True,
                                 ldap=value,
                                 consent=True)
                create_account(user_data, ldap_disabled=False)
            else:
                login_user(user_db, remember=True)
        else:
            msg = gettext("User LDAP credentials are wrong.")
            flash(msg, 'info')

    if request.method == 'POST' and not form.validate():
        flash(gettext('Please correct the errors'), 'error')
    auth = {'twitter': False, 'facebook': False, 'google': False}
    if current_user.is_anonymous:
        # If Twitter is enabled in config, show the Twitter Sign in button
        if (isLdap is False):
            if ('twitter' in current_app.blueprints):  # pragma: no cover
                auth['twitter'] = True
            if ('facebook' in current_app.blueprints):  # pragma: no cover
                auth['facebook'] = True
            if ('google' in current_app.blueprints):  # pragma: no cover
                auth['google'] = True
        next_url = is_own_url_or_else(request.args.get('next'), url_for('home.home'))
        response = dict(template='account/signin.html',
                        title="Sign in",
                        form=form,
                        auth=auth,
                        next=next_url)
        return handle_content_type(response)
    else:
        # User already signed in, so redirect to home page
        return redirect_content_type(url_for("home.home"))