def authorized():
oauth_response = None
try:
oauth_response = google.authorized_response()
except OAuthException as error:
current_app.logger.warn(oauth_response.message)
flash("{} - try again!".format(oauth_response.message), 'warning')
return redirect(url_for('public.index'))
if oauth_response is None:
flash("Access denied: reason={} error={}"
.format(request.args.get['error_reason'],
request.args['error_description']), 'danger')
return abort(403)
# add token to session, do it before validation to be able to fetch
# additional data (like email) on the authenticated user
session['google_token'] = (oauth_response['access_token'], '')
# get additional user info with the access token
google_user = google.get('userinfo')
google_data = google_user.data
user_obj = store.user(google_data['email'])
if user_obj is None:
flash('your email is not whitelisted, contact admin.', 'warning')
return redirect(url_for('public.index'))
user_obj['name'] = google_data['name']
user_obj['location'] = google_data['locale']
user_obj['accessed_at'] = datetime.now()
store.update_user(user_obj)
return perform_login(user_obj)
def update_tracks_settings():
"""Update custom track settings for a user according to form choices"""
user_obj = store.user(email=current_user.email)
selected_tracks = request.form.getlist("user_tracks") or []
# update user in database with custom tracks info
user_obj["igv_tracks"] = selected_tracks
store.update_user(user_obj)
return redirect(request.referrer)
def login():
"""Login a user if they have access."""
if "next" in request.args:
session["next_url"] = request.args["next"]
user_id = None
user_mail = None
if (current_app.config.get("LDAP_HOST",
current_app.config.get("LDAP_SERVER"))
and request.method == "POST"):
ldap_authorized = controllers.ldap_authorized(
request.form.get("ldap_user"), request.form.get("ldap_password"))
if ldap_authorized is True:
user_id = request.form.get("ldap_user")
else:
flash("User not authorized by LDAP server", "warning")
return redirect(url_for("public.index"))
if current_app.config.get("GOOGLE"):
if session.get("email"):
user_mail = session["email"]
session.pop("email", None)
else:
LOG.info("Google Login!")
redirect_uri = url_for(".authorized", _external=True)
try:
return oauth_client.google.authorize_redirect(redirect_uri)
except Exception as ex:
flash(
"An error has occurred while logging in user using Google OAuth"
)
if request.args.get("email"): # log in against Scout database
user_mail = request.args.get("email")
LOG.info("Validating user %s email %s against Scout database", user_id,
user_mail)
user_obj = store.user(email=user_mail, user_id=user_id)
if user_obj is None:
flash("User not found in Scout database", "warning")
return redirect(url_for("public.index"))
user_obj["accessed_at"] = datetime.now()
if session.get("name"): # These args come from google auth
user_obj["name"] = session.get("name")
user_obj["locale"] = session.get("locale")
store.update_user(user_obj)
user_dict = LoginUser(user_obj)
return perform_login(user_dict)
def login():
"""Login a user if they have access."""
if "next" in request.args:
session["next_url"] = request.args["next"]
user_id = None
user_mail = None
if current_app.config.get("LDAP_HOST") and request.method == "POST":
form = LDAPLoginForm()
LOG.info("Validating LDAP user")
if not form.validate_on_submit():
flash(
"username-password combination is not valid, plase try again",
"warning")
return redirect(url_for("public.index"))
user_id = form.username.data
if current_app.config.get("GOOGLE"):
if session.get("email"):
user_mail = session["email"]
session.pop("email", None)
else:
LOG.info("Google Login!")
redirect_uri = url_for(".authorized", _external=True)
try:
return oauth_client.google.authorize_redirect(redirect_uri)
except Exception as ex:
flash(
"An error has occurred while logging in user using Google OAuth"
)
if request.args.get("email"): # log in against Scout database
user_mail = request.args.get("email")
LOG.info("Validating user %s email %s against Scout database", user_id,
user_mail)
user_obj = store.user(email=user_mail, user_id=user_id)
if user_obj is None:
flash("User not found", "warning")
return redirect(url_for("public.index"))
user_obj["accessed_at"] = datetime.now()
if session.get("name"): # These args come from google auth
user_obj["name"] = session.get("name")
user_obj["locale"] = session.get("locale")
store.update_user(user_obj)
user_dict = LoginUser(user_obj)
return perform_login(user_dict)
def login():
"""Login a user if they have access."""
if "next" in request.args:
session["next_url"] = request.args["next"]
user_id = None
user_mail = None
if current_app.config.get("LDAP_HOST") and request.method == "POST":
form = LDAPLoginForm()
LOG.info("Validating LDAP user")
if not form.validate_on_submit():
flash(
"username-password combination is not valid, plase try again",
"warning")
return redirect(url_for("public.index"))
user_id = form.username.data
if current_app.config.get("GOOGLE"):
if session.get("email"):
user_mail = session["email"]
session.pop("email")
else:
LOG.info("Validating Google user login")
callback_url = url_for(".authorized", _external=True)
return google.authorize(callback=callback_url)
if request.args.get("email"): # log in against Scout database
user_mail = request.args.get("email")
LOG.info("Validating user {} against Scout database".format(user_id))
user_obj = store.user(email=user_mail, user_id=user_id)
if user_obj is None:
flash("User not whitelisted", "warning")
return redirect(url_for("public.index"))
user_obj["accessed_at"] = datetime.now()
if session.get("name"): # These args come from google auth
user_obj["name"] = session.get("name")
user_obj["locale"] = session.get("locale")
store.update_user(user_obj)
user_dict = LoginUser(user_obj)
return perform_login(user_dict)
def authorized():
oauth_response = None
try:
oauth_response = google.authorized_response()
except OAuthException as error:
current_app.logger.warn(oauth_response.message)
flash("{} - try again!".format(oauth_response.message), 'warning')
return redirect(url_for('public.index'))
if oauth_response is None:
flash("Access denied: reason={} error={}"
.format(request.args.get['error_reason'],
request.args['error_description']), 'danger')
return abort(403)
# add token to session, do it before validation to be able to fetch
# additional data (like email) on the authenticated user
session['google_token'] = (oauth_response['access_token'], '')
# get additional user info with the access token
google_user = google.get('userinfo')
google_data = google_user.data
user_obj = store.user(google_data['email'])
# Try again with lower-cased email address if no match
if user_obj is None:
user_obj = store.user(google_data['email'].lower())
if user_obj is None:
flash("email not whitelisted: {}".format(google_data['email']), 'warning')
return redirect(url_for('public.index'))
user_obj['name'] = google_data['name']
user_obj['location'] = google_data['locale']
user_obj['accessed_at'] = datetime.now()
store.update_user(user_obj)
return perform_login(user_obj)
