def login(org_slug=None): index_url = url_for("redash.index", org_slug=org_slug) next_path = request.args.get('next', index_url) if not settings.LDAP_LOGIN_ENABLED: logger.error("Cannot use LDAP for login without being enabled in settings") return redirect(url_for('redash.index', next=next_path)) if current_user.is_authenticated: return redirect(next_path) if request.method == 'POST': user = auth_ldap_user(request.form['email'], request.form['password']) if user is not None: create_and_login_user(current_org, user[settings.LDAP_DISPLAY_NAME_KEY][0], user[settings.LDAP_EMAIL_KEY][0]) return redirect(next_path or url_for('redash.index')) else: flash("Incorrect credentials.") return render_template("login.html", org_slug=org_slug, next=next_path, email=request.form.get('email', ''), show_password_login=True, username_prompt=settings.LDAP_CUSTOM_USERNAME_PROMPT, hide_forgot_password=True)
def login(): next_path = request.args.get('next') jwt = request.args.get('jwt') if not settings.JWT_LOGIN_ENABLED: logger.error("Cannot use jwt for login without being enabled in settings") return redirect(url_for('redash.index', next=next_path)) auth_server = settings.JWT_AUTH_SERVER if not auth_server: logger.error("Cannot use jwt for login when there's no auth server") return redirect(url_for('redash.index', next=next_path)) try: logger.error('JWT=={}'.format(jwt)) profile = requests.get(auth_server, data={'jwt':jwt}).json() if profile is not None and profile.get('authenticated') is True: profile = profile['profile'] create_and_login_user(current_org, profile['name'], profile['email']) else: logger.warning("Failed to verify user with jwt {}".format(jwt)) except Exception as e: logger.error("Failed to verify jwt: {}".format(e)) return redirect(next_path or url_for('redash.index'), code=302)
def test_creates_vaild_new_user(self): email = '*****@*****.**' name = 'Test User' with patch('redash.authentication.google_oauth.login_user') as login_user_mock: create_and_login_user(self.factory.org, name, email) self.assertTrue(login_user_mock.called) user = models.User.get(models.User.email == email)
def test_creates_vaild_new_user(self): email = u'*****@*****.**' name = 'Test User' with patch('redash.authentication.login_user') as login_user_mock: create_and_login_user(self.factory.org, name, email) self.assertTrue(login_user_mock.called) user = models.User.query.filter(models.User.email == email).one() self.assertEqual(user.email, email)
def idp_initiated(org_slug=None): if not current_org.get_setting("auth_saml_enabled"): logger.error("SAML Login is not enabled") return redirect(url_for('redash.index', org_slug=org_slug)) saml_client = get_saml_client(current_org) authn_response = saml_client.parse_authn_request_response( request.form['SAMLResponse'], entity.BINDING_HTTP_POST) authn_response.get_identity() user_info = authn_response.get_subject() email = user_info.text name = "%s %s" % (authn_response.ava['FirstName'][0], authn_response.ava['LastName'][0]) # This is what as known as "Just In Time (JIT) provisioning". # What that means is that, if a user in a SAML assertion # isn't in the user store, we create that user first, then log them in user = create_and_login_user(current_org, name, email) if 'RedashGroups' in authn_response.ava: group_names = authn_response.ava.get('RedashGroups') user.update_group_assignments(group_names) url = url_for('redash.index', org_slug=org_slug) return redirect(url)
def idp_initiated(): saml_client = get_saml_client() authn_response = saml_client.parse_authn_request_response( request.form['SAMLResponse'], entity.BINDING_HTTP_POST) authn_response.get_identity() user_info = authn_response.get_subject() email = user_info.text name = "%s %s" % (authn_response.ava['FirstName'][0], authn_response.ava['LastName'][0]) # This is what as known as "Just In Time (JIT) provisioning". # What that means is that, if a user in a SAML assertion # isn't in the user store, we create that user first, then log them in create_and_login_user(current_org, name, email) url = url_for('index') return redirect(url)
def login(org_slug=None): next_path = request.args.get('next') if not settings.REMOTE_USER_LOGIN_ENABLED: logger.error("Cannot use remote user for login without being enabled in settings") return redirect(url_for('redash.index', next=next_path, org_slug=org_slug)) email = request.headers.get(settings.REMOTE_USER_HEADER) # Some Apache auth configurations will, stupidly, set (null) instead of a # falsey value. Special case that here so it Just Works for more installs. # '(null)' should never really be a value that anyone wants to legitimately # use as a redash user email. if email == '(null)': email = None if not email: logger.error("Cannot use remote user for login when it's not provided in the request (looked in headers['" + settings.REMOTE_USER_HEADER + "'])") return redirect(url_for('redash.index', next=next_path, org_slug=org_slug)) # Check if there is a header of user groups and if yes # check it against a list of allowed user groups from the settings if settings.REMOTE_GROUPS_ENABLED: remote_groups = settings.set_from_string( request.headers.get(settings.REMOTE_GROUPS_HEADER) or '' ) allowed_groups = settings.REMOTE_GROUPS_ALLOWED if not allowed_groups.intersection(remote_groups): logger.error( "User groups provided in the %s header are not " "matching the allowed groups.", settings.REMOTE_GROUPS_HEADER ) return redirect(url_for('redash.index', next=next_path)) logger.info("Logging in " + email + " via remote user") create_and_login_user(current_org, email, email) return redirect(next_path or url_for('redash.index', org_slug=org_slug), code=302)
def login(): next_path = request.args.get('next') if not settings.REMOTE_USER_LOGIN_ENABLED: logger.error("Cannot use remote user for login without being enabled in settings") return redirect(url_for('redash.index', next=next_path)) email = request.headers.get(settings.REMOTE_USER_HEADER) # Some Apache auth configurations will, stupidly, set (null) instead of a # falsey value. Special case that here so it Just Works for more installs. # '(null)' should never really be a value that anyone wants to legitimately # use as a redash user email. if email == '(null)': email = None if not email: logger.error("Cannot use remote user for login when it's not provided in the request (looked in headers['" + settings.REMOTE_USER_HEADER + "'])") return redirect(url_for('redash.index', next=next_path)) logger.info("Logging in " + email + " via remote user") create_and_login_user(current_org, email, email) return redirect(next_path or url_for('redash.index'), code=302)
def idp_initiated(): saml_client = get_saml_client() authn_response = saml_client.parse_authn_request_response( request.form['SAMLResponse'], entity.BINDING_HTTP_POST) authn_response.get_identity() user_info = authn_response.get_subject() email = user_info.text name = "%s %s" % (authn_response.ava['FirstName'][0], authn_response.ava['LastName'][0]) # This is what as known as "Just In Time (JIT) provisioning". # What that means is that, if a user in a SAML assertion # isn't in the user store, we create that user first, then log them in user = create_and_login_user(current_org, name, email) if 'RedashGroups' in authn_response.ava: group_names = authn_response.ava.get('RedashGroups') user.update_group_assignments(group_names) url = url_for('redash.index') return redirect(url)
def test_logins_valid_user(self): user = self.factory.create_user(email='*****@*****.**') with patch('redash.authentication.google_oauth.login_user') as login_user_mock: create_and_login_user(self.factory.org, user.name, user.email) login_user_mock.assert_called_once_with(user, remember=True)
def test_updates_user_name(self): user = self.factory.create_user(email='*****@*****.**') with patch('redash.authentication.login_user') as login_user_mock: create_and_login_user(self.factory.org, "New Name", user.email) login_user_mock.assert_called_once_with(user, remember=True)
def test_logins_valid_user(self): user = self.factory.create_user(email="*****@*****.**") with patch("redash.authentication.login_user") as login_user_mock: create_and_login_user(self.factory.org, user.name, user.email) login_user_mock.assert_called_once_with(user, remember=True)
def test_updates_user_name(self): user = self.factory.create_user(email=u'*****@*****.**') with patch('redash.authentication.login_user') as login_user_mock: create_and_login_user(self.factory.org, "New Name", user.email) login_user_mock.assert_called_once_with(user, remember=True)