def oauth_authorize():
auth_obj = session['auth_obj']
auth_obj.set_current_source(auth_obj.source.get_source_name())
status, msg = auth_obj.login()
if status:
session['auth_source_manager'] = auth_obj.as_dict()
if 'auth_obj' in session:
session.pop('auth_obj')
return redirect(get_post_login_redirect())
if 'auth_obj' in session:
session.pop('auth_obj')
logout_user()
flash(msg, 'danger')
return redirect(get_post_login_redirect())
def login(provider_id):
"""Starts the provider login OAuth flow"""
provider = get_provider_or_404(provider_id)
callback_url = get_authorize_callback('login', provider_id)
post_login = request.form.get('next', get_post_login_redirect())
session[config_value('POST_OAUTH_LOGIN_SESSION_KEY')] = post_login
return provider.authorize(callback_url)
def login_handler(response, provider, query):
"""Shared method to handle the signin process"""
connection = _datastore.find_connection(**query)
if connection:
after_this_request(_commit)
token_pair = get_token_pair_from_oauth_response(provider, response)
if (token_pair['access_token'] != connection.access_token or
token_pair['secret'] != connection.secret):
connection.access_token = token_pair['access_token']
connection.secret = token_pair['secret']
_datastore.put(connection)
user = connection.user
login_user(user)
key = _social.post_oauth_login_session_key
redirect_url = session.pop(key, get_post_login_redirect())
login_completed.send(current_app._get_current_object(),
provider=provider, user=user)
return redirect(redirect_url)
login_failed.send(current_app._get_current_object(),
provider=provider,
oauth_response=response)
next_url = get_url(_security.login_manager.login_view)
msg = '%s account not associated with an existing user' % provider.name
do_flash(msg, 'error')
return redirect(next_url)
def connect_handler(cv, provider):
"""Shared method to handle the connection process
:param connection_values: A dictionary containing the connection values
:param provider_id: The provider ID the connection shoudl be made to
"""
cv.setdefault('user_id', current_user.get_id())
connection = _datastore.find_connection(
provider_id=cv['provider_id'], provider_user_id=cv['provider_user_id'])
if connection is None:
after_this_request(_commit)
connection = _datastore.create_connection(**cv)
msg = ('Connection established to %s' % provider.name, 'success')
connection_created.send(current_app._get_current_object(),
user=current_user._get_current_object(),
connection=connection)
else:
msg = ('A connection is already established with %s '
'to your account' % provider.name, 'notice')
connection_failed.send(current_app._get_current_object(),
user=current_user._get_current_object())
next_url = request.form.get('next', get_post_login_redirect())
redirect_url = (next_url or
session.pop(
config_value('POST_OAUTH_CONNECT_SESSION_KEY'),
get_url(config_value('CONNECT_ALLOW_VIEW'))))
do_flash(*msg)
return redirect(redirect_url)
def remove_connection(provider_id, provider_user_id):
"""Remove a specific connection for the authenticated user to the
specified provider
"""
provider = get_provider_or_404(provider_id)
ctx = dict(provider=provider.name,
user=current_user,
provider_user_id=provider_user_id)
deleted = _datastore.delete_connection(user_id=current_user.get_id(),
provider_id=provider_id,
provider_user_id=provider_user_id)
if deleted:
after_this_request(_commit)
msg = ('Connection to %(provider)s removed' % ctx, 'info')
connection_removed.send(current_app._get_current_object(),
user=current_user._get_current_object(),
provider_id=provider_id)
else:
msg = ('Unabled to remove connection to %(provider)s' % ctx, 'error')
do_flash(*msg)
return redirect(request.referrer or get_post_login_redirect())
def login(provider_id):
"""Starts the provider login OAuth flow"""
provider = get_provider_or_404(provider_id)
callback_url = get_authorize_callback('login', provider_id)
post_login = request.form.get('next', get_post_login_redirect())
session[config_value('POST_OAUTH_LOGIN_SESSION_KEY')] = post_login
return provider.authorize(callback_url)
def login_handler(response, provider, query):
"""Shared method to handle the signin process"""
connection = _datastore.find_connection(**query)
if connection:
after_this_request(_commit)
token_pair = get_token_pair_from_oauth_response(provider, response)
if (token_pair['access_token'] != connection.access_token or
token_pair['secret'] != connection.secret):
connection.access_token = token_pair['access_token']
connection.secret = token_pair['secret']
_datastore.put(connection)
user = connection.user
login_user(user)
key = _social.post_oauth_login_session_key
redirect_url = session.pop(key, get_post_login_redirect())
login_completed.send(current_app._get_current_object(),
provider=provider, user=user)
return redirect(redirect_url)
login_failed.send(current_app._get_current_object(),
provider=provider,
oauth_response=response)
next = get_url(_security.login_manager.login_view)
msg = '%s account not associated with an existing user' % provider.name
do_flash(msg, 'error')
return redirect(next)
def login(provider_id):
"""Starts the provider login OAuth flow"""
provider = get_provider_or_404(provider_id)
callback_url = get_authorize_callback('oauth.login', provider_id)
post_login = request.form.get('next', get_post_login_redirect())
session['post_oauth_login_url'] = post_login
return provider.authorize(callback_url)
def login_handler(response, provider, query):
"""Shared method to handle the signin process"""
connection = _datastore.find_connection(**query)
if connection:
after_this_request(_commit)
user = connection.user
login_user(user)
key = _social.post_oauth_login_session_key
redirect_url = session.pop(key, get_post_login_redirect())
login_completed.send(current_app._get_current_object(),
provider=provider,
user=user)
return redirect(redirect_url)
login_failed.send(current_app._get_current_object(),
provider=provider,
oauth_response=response)
session['failed_login_connection'] = \
get_connection_values_from_oauth_response(provider, response)
next = make_external('/#!login/provider/' + provider.id)
#next = get_url(_security.login_manager.login_view)
#msg = '%s account not associated with an existing user' % provider.name
#do_flash(msg, 'error')
return redirect(next)
def login():
if request.is_json:
form = _security.login_form(MultiDict(request.get_json()))
else:
form = _security.login_form(request.form)
if form.validate_on_submit():
login_user(form.user, remember=form.remember.data)
after_this_request(_commit)
if not request.is_json:
return redirect(get_post_login_redirect(form.next.data))
if not request.is_json:
return _security.render_template(config_value('LOGIN_USER_TEMPLATE'),
login_user_form=form,
**_ctx('login'))
# override error messages if necessary
confirmation_required = get_message('CONFIRMATION_REQUIRED')[0]
if confirmation_required in form.errors.get('email', []):
return jsonify({
'error': confirmation_required,
}), HTTPStatus.UNAUTHORIZED
elif form.errors:
username_fields = config_value('USER_IDENTITY_ATTRIBUTES')
return jsonify({
'error':
f"Invalid {', '.join(username_fields)} and/or password."
}), HTTPStatus.UNAUTHORIZED
return jsonify({
'user': form.user,
'token': form.user.get_auth_token(),
})
def login():
"""
Entry point for all the authentication sources.
The user input will be validated and authenticated.
"""
form = _security.login_form()
auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES)
session['_auth_source_manager_obj'] = None
# Validate the user
if not auth_obj.validate():
for field in form.errors:
for error in form.errors[field]:
flash(error, 'warning')
return flask.redirect(get_post_logout_redirect())
# Authenticate the user
status, msg = auth_obj.authenticate()
if status:
# Login the user
status, msg = auth_obj.login()
if not status:
flash(gettext(msg), 'danger')
return flask.redirect(get_post_logout_redirect())
session['_auth_source_manager_obj'] = auth_obj.as_dict()
return flask.redirect(get_post_login_redirect())
flash(gettext(msg), 'danger')
return flask.redirect(get_post_logout_redirect())
def login(provider_id):
"""Starts the provider login OAuth flow"""
provider = get_provider_or_404(provider_id)
callback_url = get_authorize_callback('oauth.login', provider_id)
post_login = request.form.get('next', get_post_login_redirect())
session['post_oauth_login_url'] = post_login
return provider.authorize(callback_url)
def connect_handler(cv, provider):
"""Shared method to handle the connection process
:param connection_values: A dictionary containing the connection values
:param provider_id: The provider ID the connection shoudl be made to
"""
cv.setdefault('user_id', current_user.get_id())
connection = _datastore.find_connection(
provider_id=cv['provider_id'], provider_user_id=cv['provider_user_id'])
if connection is None:
after_this_request(_commit)
connection = _datastore.create_connection(**cv)
msg = ('Connection established to %s' % provider.name, 'success')
connection_created.send(current_app._get_current_object(),
user=current_user._get_current_object(),
connection=connection)
else:
msg = ('A connection is already established with %s '
'to your account' % provider.name, 'notice')
connection_failed.send(current_app._get_current_object(),
user=current_user._get_current_object())
next_url = request.form.get('next', get_post_login_redirect())
redirect_url = (next_url or session.pop(
config_value('POST_OAUTH_CONNECT_SESSION_KEY'),
get_url(config_value('CONNECT_ALLOW_VIEW'))))
do_flash(*msg)
return redirect(redirect_url)
def oidc_login():
auth_obj = AuthSourceManager(None, ['oidc'])
print("Logging auth_obj")
print(auth_obj)
session['_auth_source_manager_obj'] = auth_obj.as_dict()
print("added _auth_source_manager_obj to session")
oidc_auth_source = get_auth_sources("oidc")
print("Logging oidc_auth_source")
print(oidc_auth_source)
unique_id = "u" + oidc.user_getfield('sub') + "@cyton"
display_name = oidc.user_getfield('preferred_username')
email = oidc.user_getfield('email')
if email is None or email == "None":
email = unique_id
user = User.query.filter_by(username=unique_id).first()
if user is None:
res, user = create_user({
'username': unique_id,
'email': email,
'role': 2,
'active': True,
'is_active': True,
'auth_source': 'oidc'
})
print("Logging res and user")
print(res)
print(user)
print("querying for user")
user = User.query.filter_by(username=unique_id).first()
print("Logging user:"******"loading servers.json for user")
storage_dir = get_storage_directory()
print("storage_dir")
print(storage_dir)
system('rm -f ' + storage_dir + '/pgpassfile')
system('cp /pgadmin4/pgpass/pgpassfile ' + storage_dir + '/')
system('chmod 0600 ' + storage_dir + '/pgpassfile')
system('/usr/local/bin/python /pgadmin4/setup.py --load-servers "' +
environ.get('PGADMIN_SERVER_JSON_FILE') + '" --user ' + unique_id)
return redirect(get_post_login_redirect())
def login():
"""
Entry point for all the authentication sources.
The user input will be validated and authenticated.
"""
form = _security.login_form()
auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES)
session['_auth_source_manager_obj'] = None
# Validate the user
if not auth_obj.validate():
for field in form.errors:
for error in form.errors[field]:
flash(error, 'warning')
return flask.redirect(get_post_logout_redirect())
# Authenticate the user
status, msg = auth_obj.authenticate()
if status:
# Login the user
status, msg = auth_obj.login()
current_auth_obj = auth_obj.as_dict()
if not status:
if current_auth_obj['current_source'] ==\
KERBEROS:
return flask.redirect('{0}?next={1}'.format(
url_for('authenticate.kerberos_login'),
url_for('browser.index')))
flash(gettext(msg), 'danger')
return flask.redirect(get_post_logout_redirect())
session['_auth_source_manager_obj'] = current_auth_obj
return flask.redirect(get_post_login_redirect())
elif isinstance(msg, Response):
return msg
flash(gettext(msg), 'danger')
response = flask.redirect(get_post_logout_redirect())
return response
def remove_connection(provider_id, provider_user_id):
"""Remove a specific connection for the authenticated user to the
specified provider
"""
provider = get_provider_or_404(provider_id)
ctx = dict(provider=provider.name, user=current_user,
provider_user_id=provider_user_id)
deleted = _datastore.delete_connection(user_id=current_user.get_id(),
provider_id=provider_id,
provider_user_id=provider_user_id)
if deleted:
after_this_request(_commit)
msg = ('Connection to %(provider)s removed' % ctx, 'info')
connection_removed.send(current_app._get_current_object(),
user=current_user._get_current_object(),
provider_id=provider_id)
else:
msg = ('Unabled to remove connection to %(provider)s' % ctx, 'error')
do_flash(*msg)
return redirect(request.referrer or get_post_login_redirect())
def login_handler(response, provider, query):
"""Shared method to handle the signin process"""
connection = _datastore.find_connection(**query)
if connection:
after_this_request(_commit)
user = connection.user
login_user(user)
key = _social.post_oauth_login_session_key
redirect_url = session.pop(key, get_post_login_redirect())
login_completed.send(current_app._get_current_object(),
provider=provider, user=user)
return redirect(redirect_url)
login_failed.send(current_app._get_current_object(),
provider=provider,
oauth_response=response)
session['failed_login_connection'] = \
get_connection_values_from_oauth_response(provider, response)
next = make_external('/#!login/provider/'+provider.id)
#next = get_url(_security.login_manager.login_view)
#msg = '%s account not associated with an existing user' % provider.name
#do_flash(msg, 'error')
return redirect(next)
def login():
"""
Entry point for all the authentication sources.
The user input will be validated and authenticated.
"""
form = _security.login_form()
auth_obj = AuthSourceManager(form,
copy.deepcopy(config.AUTHENTICATION_SOURCES))
if OAUTH2 in config.AUTHENTICATION_SOURCES \
and 'oauth2_button' in request.form:
session['auth_obj'] = auth_obj
session['auth_source_manager'] = None
username = form.data['email']
user = User.query.filter_by(username=username,
auth_source=INTERNAL).first()
if user:
if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
user.locked = True
else:
user.locked = False
db.session.commit()
if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
flash(
gettext('Your account is locked. Please contact the '
'Administrator.'), 'warning')
logout_user()
return redirect(get_post_logout_redirect())
# Validate the user
if not auth_obj.validate():
for field in form.errors:
flash_login_attempt_error = None
if user and field in config.LOGIN_ATTEMPT_FIELDS:
if config.MAX_LOGIN_ATTEMPTS > 0:
user.login_attempts += 1
left_attempts = \
config.MAX_LOGIN_ATTEMPTS - user.login_attempts
if left_attempts > 1:
flash_login_attempt_error = \
gettext('{0} more attempts remaining.'.
format(left_attempts))
else:
flash_login_attempt_error = \
gettext('{0} more attempt remaining.'.
format(left_attempts))
db.session.commit()
for error in form.errors[field]:
if flash_login_attempt_error:
error = error + flash_login_attempt_error
flash_login_attempt_error = None
flash(error, 'warning')
return redirect(get_post_logout_redirect())
# Authenticate the user
status, msg = auth_obj.authenticate()
if status:
# Login the user
status, msg = auth_obj.login()
current_auth_obj = auth_obj.as_dict()
if not status:
if current_auth_obj['current_source'] == \
KERBEROS:
return redirect('{0}?next={1}'.format(
url_for('authenticate.kerberos_login'),
url_for('browser.index')))
flash(msg, 'danger')
return redirect(get_post_logout_redirect())
session['auth_source_manager'] = current_auth_obj
if user:
user.login_attempts = 0
db.session.commit()
if 'auth_obj' in session:
session.pop('auth_obj')
return redirect(get_post_login_redirect())
elif isinstance(msg, Response):
return msg
elif 'oauth2_button' in request.form and not isinstance(msg, str):
return msg
if 'auth_obj' in session:
session.pop('auth_obj')
flash(msg, 'danger')
response = redirect(get_post_logout_redirect())
return response
if form.validate_on_submit():
try:
user = _security.auth_provider.authenticate(form)
except ConfirmationError, e:
msg = str(e)
confirm_url = url_for('send_confirmation', email=e.user.email)
except BadCredentialsError, e:
msg = str(e)
form.password.errors.append(msg)
if user:
if login_user(user, remember=form.remember.data):
after_this_request(_commit)
if request.json:
return _json_auth_ok(user)
return redirect(get_post_login_redirect())
form.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
_logger.debug('Unsuccessful authentication attempt: %s' % msg)
if request.json:
return _json_auth_error(msg)
if confirm_url:
do_flash(msg, 'error')
return redirect(confirm_url)
return render_template('security/login.html',
login_form=form,
**_ctx('login'))
