def get_user(db, role, defaults):
while True:
new_social = 'local$' + random_alphanumeric(32)
existing_user = UserModel.query.filter_by(social_id=new_social).first()
if existing_user:
continue
break
the_user = UserModel.query.filter_by(nickname=defaults['nickname']).first()
if the_user:
return the_user
user_auth = UserAuthModel(password=app.user_manager.hash_password(
defaults.get('password', 'password')))
the_user = UserModel(active=defaults.get('active', True),
nickname=defaults['nickname'],
social_id=new_social,
email=defaults['email'],
user_auth=user_auth,
first_name=defaults.get('first_name', ''),
last_name=defaults.get('last_name', ''),
country=defaults.get('country', ''),
subdivisionfirst=defaults.get('subdivisionfirst', ''),
subdivisionsecond=defaults.get(
'subdivisionsecond', ''),
subdivisionthird=defaults.get('subdivisionthird', ''),
organization=defaults.get('organization', ''),
confirmed_at=datetime.datetime.now())
the_user.roles.append(role)
db.session.add(user_auth)
db.session.add(the_user)
db.session.commit()
return the_user
def user_add():
setup_translation()
user_role = db.session.execute(
select(Role).filter_by(name='user')).scalar_one()
add_form = UserAddForm(request.form, role_id=[str(user_role.id)])
add_form.role_id.choices = [(r.id, r.name) for r in db.session.execute(
select(Role.id, Role.name).where(Role.name != 'cron').order_by('name'))
]
add_form.role_id.default = user_role.id
if str(add_form.role_id.data) == 'None':
add_form.role_id.data = user_role.id
if request.method == 'POST' and add_form.validate():
user, user_email = app.user_manager.find_user_by_email(
add_form.email.data)
if user:
flash(word("A user with that e-mail has already registered"),
"error")
return redirect(url_for('user_add'))
user_auth = UserAuthModel(
password=app.user_manager.hash_password(add_form.password.data))
while True:
new_social = 'local$' + random_alphanumeric(32)
existing_user = db.session.execute(
select(UserModel).filter_by(social_id=new_social)).scalar()
if existing_user:
continue
break
the_user = UserModel(active=True,
nickname=re.sub(r'@.*', '', add_form.email.data),
social_id=new_social,
email=add_form.email.data,
user_auth=user_auth,
first_name=add_form.first_name.data,
last_name=add_form.last_name.data,
confirmed_at=datetime.datetime.now())
num_roles = 0
for role in db.session.execute(select(Role).order_by('id')).scalars():
if role.id in add_form.role_id.data:
the_user.roles.append(role)
num_roles += 1
if num_roles == 0:
the_user.roles.append(user_role)
db.session.add(user_auth)
db.session.add(the_user)
db.session.commit()
#docassemble.webapp.daredis.clear_user_cache()
flash(word("The new user has been created"), "success")
return redirect(url_for('user_list'))
response = make_response(
render_template('users/add_user_page.html',
version_warning=None,
bodyclass='daadminbody',
page_title=word('Add User'),
tab_title=word('Add User'),
form=add_form), 200)
response.headers[
'Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0'
return response
def validate(self):
#import redis
from docassemble.webapp.daredis import r
#import docassemble.base.util
from flask import request, abort
#r = redis.StrictRedis(host=docassemble.base.util.redis_server, db=0)
key = 'da:failedlogin:ip:' + str(request.remote_addr)
failed_attempts = r.get(key)
if failed_attempts is not None and int(
failed_attempts) > daconfig['attempt limit']:
abort(404)
if daconfig['ldap login'].get('enable', False):
ldap_server = daconfig['ldap login'].get('server',
'localhost').strip()
username = self.email.data
password = self.password.data
connect = ldap.open(ldap_server)
try:
connect.simple_bind_s(username, password)
connect.unbind_s()
from flask import current_app
user_manager = current_app.user_manager
user, user_email = user_manager.find_user_by_email(
self.email.data)
if not user:
from docassemble.base.generate_key import random_alphanumeric
from docassemble.webapp.db_object import db
from docassemble.webapp.users.models import UserModel, Role
while True:
new_social = 'ldap$' + random_alphanumeric(32)
existing_user = UserModel.query.filter_by(
social_id=new_social).first()
if existing_user:
continue
break
user = UserModel(social_id=new_social,
email=self.email.data,
nickname='',
active=True)
user_role = Role.query.filter_by(name='user').first()
user.roles.append(user_role)
db.session.add(user)
db.session.commit()
result = True
except ldap.LDAPError:
connect.unbind_s()
result = super(MySignInForm, self).validate()
else:
result = super(MySignInForm, self).validate()
if result is False:
r.incr(key)
r.expire(key, daconfig['ban period'])
elif failed_attempts is not None:
r.delete(key)
return result
def user_add():
user_role = Role.query.filter_by(name='user').first()
add_form = UserAddForm(request.form, role_id=[text_type(user_role.id)])
add_form.role_id.choices = [(r.id, r.name)
for r in db.session.query(Role).filter(
Role.name != 'cron').order_by('name')]
add_form.role_id.default = user_role.id
if text_type(add_form.role_id.data) == 'None':
add_form.role_id.data = user_role.id
if request.method == 'POST' and add_form.validate():
user, user_email = app.user_manager.find_user_by_email(
add_form.email.data)
if user:
flash(word("A user with that e-mail has already registered"),
"error")
return redirect(url_for('user_add'))
user_auth = UserAuthModel(
password=app.user_manager.hash_password(add_form.password.data))
while True:
new_social = 'local$' + random_alphanumeric(32)
existing_user = UserModel.query.filter_by(
social_id=new_social).first()
if existing_user:
continue
break
the_user = UserModel(active=True,
nickname=re.sub(r'@.*', '', add_form.email.data),
social_id=new_social,
email=add_form.email.data,
user_auth=user_auth,
first_name=add_form.first_name.data,
last_name=add_form.last_name.data,
confirmed_at=datetime.datetime.now())
num_roles = 0
for role in Role.query.order_by('id'):
if role.id in add_form.role_id.data:
the_user.roles.append(role)
num_roles += 1
if num_roles == 0:
the_user.roles.append(user_role)
db.session.add(user_auth)
db.session.add(the_user)
db.session.commit()
#docassemble.webapp.daredis.clear_user_cache()
flash(word("The new user has been created"), "success")
return redirect(url_for('user_list'))
return render_template('users/add_user_page.html',
version_warning=None,
bodyclass='daadminbody',
page_title=word('Add User'),
tab_title=word('Add User'),
form=add_form)
def get_user(the_db, role, defaults, result=None):
if result is None:
result = {}
the_user = the_db.session.execute(
select(UserModel).filter_by(nickname=defaults['nickname'])).scalar()
if the_user:
return the_user
while True:
new_social = 'local$' + random_alphanumeric(32)
existing_user = the_db.session.execute(
select(UserModel).filter_by(social_id=new_social)).scalar()
if existing_user:
continue
break
user_auth = UserAuthModel(password=app.user_manager.hash_password(
defaults.get('password', 'password')))
the_user = UserModel(active=defaults.get('active', True),
nickname=defaults['nickname'],
social_id=new_social,
email=defaults['email'],
user_auth=user_auth,
first_name=defaults.get('first_name', ''),
last_name=defaults.get('last_name', ''),
country=defaults.get('country', ''),
subdivisionfirst=defaults.get('subdivisionfirst', ''),
subdivisionsecond=defaults.get(
'subdivisionsecond', ''),
subdivisionthird=defaults.get('subdivisionthird', ''),
organization=defaults.get('organization', ''),
confirmed_at=datetime.datetime.now())
the_user.roles.append(role)
the_db.session.add(user_auth)
the_db.session.add(the_user)
the_db.session.commit()
result['changed'] = True
return the_user
def validate(self):
key = 'da:failedlogin:ip:' + str(get_requester_ip(request))
failed_attempts = r.get(key)
if failed_attempts is not None and int(
failed_attempts) > daconfig['attempt limit']:
abort(404)
if daconfig['ldap login'].get('enable', False):
ldap_server = daconfig['ldap login'].get('server',
'localhost').strip()
username = self.email.data
password = self.password.data
connect = ldap.initialize('ldap://' + ldap_server)
connect.set_option(ldap.OPT_REFERRALS, 0)
try:
connect.simple_bind_s(username, password)
if connect.whoami_s() is not None:
connect.unbind_s()
user_manager = current_app.user_manager
user, user_email = user_manager.find_user_by_email(
self.email.data)
if not user:
while True:
new_social = 'ldap$' + random_alphanumeric(32)
existing_user = db.session.execute(
select(UserModel).filter_by(
social_id=new_social)).scalar()
if existing_user:
continue
break
user = UserModel(social_id=new_social,
email=self.email.data,
nickname='',
active=True)
user_role = db.session.execute(
select(Role).filter_by(name='user')).scalar_one()
user.roles.append(user_role)
db.session.add(user)
db.session.commit()
result = True
else:
connect.unbind_s()
result = super().validate()
except (ldap.LDAPError, ldap.INVALID_CREDENTIALS):
connect.unbind_s()
result = super().validate()
else:
user_manager = current_app.user_manager
user, user_email = user_manager.find_user_by_email(self.email.data)
if user is None:
if daconfig.get('confirm registration', False):
self.email.errors = []
self.email.errors.append(
word("Incorrect Email and/or Password"))
self.password.errors = []
self.password.errors.append(
word("Incorrect Email and/or Password"))
else:
self.email.errors = list(self.email.errors)
self.email.errors.append(word("Account did not exist."))
return False
if user and (user.password is None or
(user.social_id is not None
and not user.social_id.startswith('local$'))):
self.email.errors = list(self.email.errors)
if user.social_id.startswith('google$'):
self.email.errors.append(
word("You need to log in with Google."))
elif user.social_id.startswith('azure$'):
self.email.errors.append(
word("You need to log in with Azure."))
elif user.social_id.startswith('auth0$'):
self.email.errors.append(
word("You need to log in with Auth0."))
elif user.social_id.startswith('twitter$'):
self.email.errors.append(
word("You need to log in with Twitter."))
elif user.social_id.startswith('facebook$'):
self.email.errors.append(
word("You need to log in with Facebook."))
else:
self.email.errors.append(
word("You cannot log in this way."))
return False
#sys.stderr.write("Trying super validate\n")
result = super().validate()
#sys.stderr.write("Super validate response was " + repr(result) + "\n")
if result is False:
r.incr(key)
r.expire(key, daconfig['ban period'])
elif failed_attempts is not None:
r.delete(key)
return result
def validate(self):
from docassemble.webapp.daredis import r
from flask import request, abort
key = 'da:failedlogin:ip:' + str(request.remote_addr)
failed_attempts = r.get(key)
if failed_attempts is not None and int(
failed_attempts) > daconfig['attempt limit']:
abort(404)
if daconfig['ldap login'].get('enable', False):
ldap_server = daconfig['ldap login'].get('server',
'localhost').strip()
username = self.email.data
password = self.password.data
connect = ldap.open(ldap_server)
try:
connect.simple_bind_s(username, password)
connect.unbind_s()
from flask import current_app
user_manager = current_app.user_manager
user, user_email = user_manager.find_user_by_email(
self.email.data)
if not user:
from docassemble.base.generate_key import random_alphanumeric
from docassemble.webapp.db_object import db
from docassemble.webapp.users.models import UserModel, Role
while True:
new_social = 'ldap$' + random_alphanumeric(32)
existing_user = UserModel.query.filter_by(
social_id=new_social).first()
if existing_user:
continue
break
user = UserModel(social_id=new_social,
email=self.email.data,
nickname='',
active=True)
user_role = Role.query.filter_by(name='user').first()
user.roles.append(user_role)
db.session.add(user)
db.session.commit()
result = True
except ldap.LDAPError:
connect.unbind_s()
result = super(MySignInForm, self).validate()
else:
from flask import current_app
user_manager = current_app.user_manager
user, user_email = user_manager.find_user_by_email(self.email.data)
if user is None:
return False
if user and (user.password is None or
(user.social_id is not None
and not user.social_id.startswith('local$'))):
self.email.errors = list(self.email.errors)
if user.social_id.startswith('google$'):
self.email.errors.append(
word("You need to log in with Google."))
elif user.social_id.startswith('azure$'):
self.email.errors.append(
word("You need to log in with Azure."))
elif user.social_id.startswith('auth0$'):
self.email.errors.append(
word("You need to log in with Auth0."))
elif user.social_id.startswith('twitter$'):
self.email.errors.append(
word("You need to log in with Twitter."))
elif user.social_id.startswith('facebook$'):
self.email.errors.append(
word("You need to log in with Facebook."))
else:
self.email.errors.append(
word("You cannot log in this way."))
return False
#sys.stderr.write("Trying super validate\n")
result = super(MySignInForm, self).validate()
#sys.stderr.write("Super validate response was " + repr(result) + "\n")
if result is False:
r.incr(key)
r.expire(key, daconfig['ban period'])
elif failed_attempts is not None:
r.delete(key)
return result
