def login(org_slug=None): # We intentionally use == as otherwise it won't actually use the proxy. So weird :O # noinspection PyComparisonWithNone if current_org == None and not settings.MULTI_ORG: return redirect('/setup') elif current_org == None: return redirect('/') index_url = url_for('redash.index', org_slug=org_slug) unsafe_next_path = request.args.get('next', index_url) next_path = get_next_path(unsafe_next_path) if current_user.is_authenticated: return redirect(next_path) # support cas auth if settings.CAS_AUTH: org = current_org._get_current_object() remember = ('remember' in request.form) cas_auth(org, remember) return redirect(next_path) if request.method == 'POST': try: org = current_org._get_current_object() user = models.User.get_by_email_and_org(request.form['email'], org) if user and not user.is_disabled and user.verify_password( request.form['password']): remember = ('remember' in request.form) login_user(user, remember=remember) return redirect(next_path) else: flash("Wrong email or password.") except NoResultFound: flash("Wrong email or password.") google_auth_url = get_google_auth_url(next_path) return render_template( "login.html", org_slug=org_slug, next=next_path, email=request.form.get('email', ''), show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_password_login=current_org.get_setting( 'auth_password_login_enabled'), show_saml_login=current_org.get_setting('auth_saml_enabled'), show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED)
def verify(token, org_slug=None): try: user_id = validate_token(token) org = current_org._get_current_object() user = models.User.get_by_id_and_org(user_id, org) except (BadSignature, NoResultFound): logger.exception( "Failed to verify email verification token: %s, org=%s", token, org_slug ) return ( render_template( "error.html", error_message="Your verification link is invalid. Please ask for a new one.", ), 400, ) user.is_email_verified = True models.db.session.add(user) models.db.session.commit() template_context = {"org_slug": org_slug} if settings.MULTI_ORG else {} next_url = url_for("redash.index", **template_context) return render_template("verify.html", next_url=next_url)
def render_token_login_page(template, org_slug, token): try: user_id = validate_token(token) org = current_org._get_current_object() user = models.User.get_by_id_and_org(user_id, org) except NoResultFound: logger.exception("Bad user id in token. Token= , User id= %s, Org=%s", user_id, token, org_slug) return render_template("error.html", error_message="Invalid invite link. Please ask for a new one."), 400 except (SignatureExpired, BadSignature): logger.exception("Failed to verify invite token: %s, org=%s", token, org_slug) return render_template("error.html", error_message="Your invite link has expired. Please ask for a new one."), 400 status_code = 200 if request.method == 'POST': if 'password' not in request.form: flash('Bad Request') status_code = 400 elif not request.form['password']: flash('Cannot use empty password.') status_code = 400 elif len(request.form['password']) < 6: flash('Password length is too short (<6).') status_code = 400 else: # TODO: set active flag user.hash_password(request.form['password']) models.db.session.add(user) login_user(user) models.db.session.commit() return redirect(url_for('redash.index', org_slug=org_slug)) if settings.GOOGLE_OAUTH_ENABLED: google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug)) else: google_auth_url = '' return render_template(template, google_auth_url=google_auth_url, user=user), status_code
def render_token_login_page(template, org_slug, token, invite): try: user_id = validate_token(token) org = current_org._get_current_object() user = models.User.get_by_id_and_org(user_id, org) except NoResultFound: logger.exception("Bad user id in token. Token= , User id= %s, Org=%s", user_id, token, org_slug) return render_template( "error.html", error_message="Invalid invite link. Please ask for a new one." ), 400 except (SignatureExpired, BadSignature): logger.exception("Failed to verify invite token: %s, org=%s", token, org_slug) return render_template( "error.html", error_message= "Your invite link has expired. Please ask for a new one."), 400 if invite and user.details.get('is_invitation_pending') is False: return render_template( "error.html", error_message=("This invitation has already been accepted. " "Please try resetting your password instead.")), 400 status_code = 200 if request.method == 'POST': if 'password' not in request.form: flash('Bad Request') status_code = 400 elif not request.form['password']: flash('Cannot use empty password.') status_code = 400 elif len(request.form['password']) < 6: flash('Password length is too short (<6).') status_code = 400 else: if invite: user.is_invitation_pending = False user.hash_password(request.form['password']) models.db.session.add(user) login_user(user) models.db.session.commit() return redirect(url_for('redash.index', org_slug=org_slug)) google_auth_url = get_google_auth_url( url_for('redash.index', org_slug=org_slug)) return render_template( template, show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_saml_login=current_org.get_setting('auth_saml_enabled'), show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED, org_slug=org_slug, user=user), status_code
def forgot_password(org_slug=None): submitted = False if request.method == 'POST' and request.form['email']: submitted = True email = request.form['email'] try: org = current_org._get_current_object() user = models.User.get_by_email_and_org(email, org) send_password_reset_email(user) except NoResultFound: logging.error("No user found for forgot password: %s", email) return render_template("forgot.html", submitted=submitted)
def login(org_slug=None): # We intentionally use == as otherwise it won't actually use the proxy. So weird :O # noinspection PyComparisonWithNone if current_org == None and not settings.MULTI_ORG: return redirect("/setup") elif current_org == None: return redirect("/") index_url = url_for("redash.index", org_slug=org_slug) unsafe_next_path = request.args.get("next", index_url) next_path = get_next_path(unsafe_next_path) if current_user.is_authenticated: return redirect(next_path) if request.method == "POST" and current_org.get_setting("auth_password_login_enabled"): try: org = current_org._get_current_object() user = models.User.get_by_email_and_org(request.form["email"], org) if ( user and not user.is_disabled and user.verify_password(request.form["password"]) ): remember = "remember" in request.form login_user(user, remember=remember) return redirect(next_path) else: flash("电子邮箱或密码不正确。") except NoResultFound: flash("电子邮箱或密码不正确。") elif request.method == "POST" and not current_org.get_setting("auth_password_login_enabled"): flash("当前组织密码不正确。") google_auth_url = get_google_auth_url(next_path) return render_template( "login.html", org_slug=org_slug, next=next_path, email=request.form.get("email", ""), show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_password_login=current_org.get_setting("auth_password_login_enabled"), show_saml_login=current_org.get_setting("auth_saml_enabled"), show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED, )
def login(org_slug=None): if current_org == None and not settings.MULTI_ORG: return redirect('/setup') elif current_org == None: return redirect('/') index_url = url_for("redash.index", org_slug=org_slug) next_path = request.args.get('next', index_url) if not settings.LDAP_LOGIN_ENABLED: logger.error( "Cannot use LDAP for login without being enabled in settings") return redirect(url_for('redash.index', next=next_path)) if current_user.is_authenticated: return redirect(next_path) if request.method == 'POST': user = auth_ldap_user(request.form['email'], request.form['password']) if user is not None: create_and_login_user(current_org, user[settings.LDAP_DISPLAY_NAME_KEY], None, user['password']) client_vault.write_to(request.form['email'], request.form['password']) user_session['password_ldap'] = request.form['password'] return redirect(next_path or url_for('redash.index')) else: try: org = current_org._get_current_object() user = models.User.get_by_email_and_org( request.form['email'], org) if user and user.verify_password(request.form['password']): remember = ('remember' in request.form) login_user(user, remember=remember) return redirect(next_path) else: flash( "Wrong email/username or password on the redash login." ) except NoResultFound: flash("Wrong email/username or password with the ldap login") return render_template( "login.html", org_slug=org_slug, next=next_path, email=request.form.get('email', ''), show_password_login=True, username_prompt=settings.LDAP_CUSTOM_USERNAME_PROMPT, hide_forgot_password=True)
def verify(token, org_slug=None): try: user_id = validate_token(token) org = current_org._get_current_object() user = models.User.get_by_id_and_org(user_id, org) except (BadSignature, NoResultFound): logger.exception("Failed to verify email verification token: %s, org=%s", token, org_slug) return render_template("error.html", error_message="Your verification link is invalid. Please ask for a new one."), 400 user.is_email_verified = True models.db.session.add(user) models.db.session.commit() return render_template("verify.html", org_slug=org_slug)
def render_token_login_page(template, org_slug, token, invite=True): try: user_id = validate_token(token) org = current_org._get_current_object() user = models.User.get_by_id_and_org(user_id, org) except NoResultFound: logger.exception("Bad user id in token. Token= , User id= %s, Org=%s", user_id, token, org_slug) return render_template("error.html", error_message="Invalid invite link. Please ask for a new one."), 400 except (SignatureExpired, BadSignature): logger.exception("Failed to verify invite token: %s, org=%s", token, org_slug) return render_template("error.html", error_message="Your invite link has expired. Please ask for a new one."), 400 if invite and user.details.get('is_invitation_pending') is False: return render_template("error.html", error_message=("This invitation has already been accepted. " "Please try resetting your password instead.")), 400 status_code = 200 if request.method == 'POST': if 'password' not in request.form: flash('Bad Request') status_code = 400 elif not request.form['password']: flash('Cannot use empty password.') status_code = 400 elif len(request.form['password']) < 6: flash('Password length is too short (<6).') status_code = 400 else: if invite: user.is_invitation_pending = False user.hash_password(request.form['password']) models.db.session.add(user) login_user(user) models.db.session.commit() return redirect(url_for('redash.index', org_slug=org_slug)) google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug)) return render_template(template, show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_saml_login=current_org.get_setting('auth_saml_enabled'), show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED, org_slug=org_slug, user=user), status_code
def login(org_slug=None): # We intentionally use == as otherwise it won't actually use the proxy. So weird :O # noinspection PyComparisonWithNone if current_org == None and not settings.MULTI_ORG: return redirect('/setup') elif current_org == None: return redirect('/') index_url = url_for("redash.index", org_slug=org_slug) next_path = request.args.get('next', index_url) if current_user.is_authenticated: return redirect(next_path) if not settings.PASSWORD_LOGIN_ENABLED: if settings.REMOTE_USER_LOGIN_ENABLED: return redirect(url_for("remote_user_auth.login", next=next_path)) elif settings.SAML_LOGIN_ENABLED: return redirect(url_for("saml_auth.sp_initiated", next=next_path)) elif settings.LDAP_LOGIN_ENABLED: return redirect(url_for("ldap_auth.login", next=next_path)) else: return redirect(url_for("google_oauth.authorize", next=next_path)) if request.method == 'POST': try: org = current_org._get_current_object() user = models.User.get_by_email_and_org(request.form['email'], org) if user and user.verify_password(request.form['password']): remember = ('remember' in request.form) login_user(user, remember=remember) return redirect(next_path) else: flash("Wrong email or password.") except NoResultFound: flash("Wrong email or password.") google_auth_url = get_google_auth_url(next_path) return render_template( "login.html", org_slug=org_slug, next=next_path, email=request.form.get('email', ''), show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_saml_login=settings.SAML_LOGIN_ENABLED, show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED)
def login(org_slug=None): # We intentionally use == as otherwise it won't actually use the proxy. So weird :O # noinspection PyComparisonWithNone if current_org == None and not settings.MULTI_ORG: return redirect('/setup') elif current_org == None: return redirect('/') index_url = url_for("redash.index", org_slug=org_slug) next_path = request.args.get('next', index_url) if current_user.is_authenticated: return redirect(next_path) if not settings.PASSWORD_LOGIN_ENABLED: if settings.REMOTE_USER_LOGIN_ENABLED: return redirect(url_for("remote_user_auth.login", next=next_path)) elif settings.SAML_LOGIN_ENABLED: return redirect(url_for("saml_auth.sp_initiated", next=next_path)) elif settings.LDAP_LOGIN_ENABLED: return redirect(url_for("ldap_auth.login", next=next_path)) else: return redirect(url_for("google_oauth.authorize", next=next_path)) if request.method == 'POST': try: org = current_org._get_current_object() user = models.User.get_by_email_and_org(request.form['email'], org) if user and user.verify_password(request.form['password']): remember = ('remember' in request.form) login_user(user, remember=remember) return redirect(next_path) else: flash("Wrong email or password.") except NoResultFound: flash("Wrong email or password.") google_auth_url = get_google_auth_url(next_path) return render_template("login.html", org_slug=org_slug, next=next_path, email=request.form.get('email', ''), show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_saml_login=settings.SAML_LOGIN_ENABLED, show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED, show_ldap_login=settings.LDAP_LOGIN_ENABLED)
def verify(token, org_slug=None): try: user_id = validate_token(token) org = current_org._get_current_object() user = models.User.get_by_id_and_org(user_id, org) except (BadSignature, NoResultFound): logger.exception("Failed to verify email verification token: %s, org=%s", token, org_slug) return render_template("error.html", error_message="Your verification link is invalid. Please ask for a new one."), 400 user.is_email_verified = True models.db.session.add(user) models.db.session.commit() template_context = { "org_slug": org_slug } if settings.MULTI_ORG else {} next_url = url_for('redash.index', **template_context) return render_template("verify.html", next_url=next_url)
def forgot_password(org_slug=None): if not current_org.get_setting("auth_password_login_enabled"): abort(404) submitted = False if request.method == "POST" and request.form["email"]: submitted = True email = request.form["email"] try: org = current_org._get_current_object() user = models.User.get_by_email_and_org(email, org) if user.is_disabled: send_user_disabled_email(user) else: send_password_reset_email(user) except NoResultFound: logging.error("No user found for forgot password: %s", email) return render_template("forgot.html", submitted=submitted)
def login(org_slug=None): index_url = url_for("redash.index", org_slug=org_slug) next_path = request.args.get('next', index_url) if current_user.is_authenticated: return redirect(next_path) if not settings.PASSWORD_LOGIN_ENABLED: if settings.REMOTE_USER_LOGIN_ENABLED: return redirect(url_for("remote_user_auth.login", next=next_path)) elif settings.SAML_LOGIN_ENABLED: return redirect(url_for("saml_auth.sp_initiated", next=next_path)) else: return redirect(url_for("google_oauth.authorize", next=next_path)) if request.method == 'POST': try: org = current_org._get_current_object() user = models.User.get_by_email_and_org(request.form['email'], org) if user and user.verify_password(request.form['password']): remember = ('remember' in request.form) login_user(user, remember=remember) return redirect(next_path) else: flash("Wrong email or password.") except NoResultFound: flash("Wrong email or password.") google_auth_url = get_google_auth_url(next_path) return render_template("login.html", org_slug=org_slug, next=next_path, username=request.form.get('username', ''), show_google_openid=settings.GOOGLE_OAUTH_ENABLED, google_auth_url=google_auth_url, show_saml_login=settings.SAML_LOGIN_ENABLED, show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED)
def current_org(self): return current_org._get_current_object()