def login(*args, **kwargs): if request.method == 'GET': # Note: it is critical to not have the action parameter on the form return ''' Please log in to access your account <form method='POST'> <input type='text' name='email' id='email' placeholder='email'></input> <input type='password' name='pw' id='pw' placeholder='password'></input> <input type='submit' name='submit'></input> </form> ''' email = request.form['email'] user = User.query.get(email) if request.form['pw']: user = User.find_with_password(request.form['email'], request.form['pw']) flask_login.login_user(user) next = request.args.get("next") if next is None: next = 'auth/protected' return redirect(next) return 'Bad login'
def authorize(*args, **kwargs): # pylint: disable=unused-argument """ This endpoint asks user if he grants access to his data to the requesting application. """ # TODO: improve implementation. This implementation is broken because we # don't use cookies, so there is no session which client could carry on. # OAuth2 server should probably be deployed on a separate domain, so we # can implement a login page and store cookies with a session id. # ALTERNATIVELY, authorize page can be implemented as SPA (single page # application) from flask_login import login_user user = current_user() if request.method == 'GET': try: grant = oauth2.validate_consent_request(end_user=user) except OAuth2Error as error: return error.error return render_template('authorize.html', user=user, grant=grant) if not user and 'username' in request.form: username = request.form.get('username') password = request.form.get('password') user = User.find_with_password(username, password) if user: login_user(user) if request.form['confirm']: grant_user = user else: grant_user = None with db.session.begin(): response = oauth2.create_authorization_response(grant_user=grant_user) return response or None
def _usergetter(self, username, password, client, request): # pylint: disable=method-hidden,unused-argument # Avoid circular dependencies from app.modules.users.models import User return User.find_with_password(username, password)
def authenticate_user(self, username, password): return User.find_with_password(username, password)
def _usergetter(self, username, password, client, request): # Avoid circular dependencies from app.modules.users.models import User return User.find_with_password(username, password)