def load_user(user_id):
"""
user loader
hier wird beim aufruf von login.required dekorierten punkten
der in der session gespeicherte benutzer geladen wenn vorhanden
Args:
user_id:
Returns:
"""
if user_id > 0:
user = BeUser()
user.set("id", user_id)
user.load()
session = Session()
session.set_user_id(user.get_id())
if session.load():
session_user = user.create_session_user()
ip_address = get_real_ip()
session_user.ip_address = ip_address
session_user.user_agent = request.user_agent
session_user.token = session.get_token()
session_user.timestamp = session.get_timestamp()
hash = session.get_user_hash_string(session_user)
if session.is_valid(session.encryption.get_generic_hash(hash)):
return session_user
else:
debug_logger.debug("session nicht valid")
session.delete()
return SessionUser()
def login():
"""
Login Endpunkt
Returns:
Rendert das Login Template oder leitet an das Dashboard weiter nach erfolgreichem Login
"""
form = LoginForm()
ip_address = get_real_ip()
if request.method == "POST":
if form.validate_on_submit():
be_user = BeUser()
be_user.set("username", escape(request.form["username"]))
be_user.temp_password = escape(request.form["password"])
if be_user.validate_login():
be_user.load()
session = Session()
session.set_user_id(be_user.get_id())
if session.session_exists():
session.delete()
session = Session()
session.set_user_id(be_user.get_id())
ip_address = escape(ip_address)
user_agent = escape(request.user_agent)
token = session.encryption.create_random_token(32)
session.set_ip_address(ip_address)
session.set_user_agent(user_agent)
session.set_token(token)
time = datetime.now()
session.set_timestamp(time)
if session.save() is not False:
session_user = be_user.create_session_user()
if login_user(session_user):
debug_logger.log(
10, "User mit der ID {0} eingeloggt".format(
session_user.get_id()))
return redirect(url_for("backend.dashboard"))
else:
failed_login_record = FailedLoginRecord()
failed_login_record.set_user_id(be_user.get_id())
failed_login_record.set_username(be_user.get_username())
failed_login_record.set_ip_address(request.remote_addr)
failed_login_record.set_user_agent(str(request.user_agent))
failed_login_record.save()
else:
flash(form.errors)
return render_template("login.html", form=form)
def logout():
"""
Returns:
"""
user = current_user
session = Session()
session.set_user_id(user.get_id())
session.load()
session.delete()
if logout_user():
flash("Erfolgreich abgemeldet", "success")
return redirect(url_for("backend.login"))
