def as_user(client: testing.FlaskClient):
ui = regular_user_info()
with client.session_transaction() as session:
session["user_info"] = ui
user = User(full_name=ui["name"], login=ui["email"], profile_picture=ui["picture"])
user.roles = [
Role(name=PredefinedRoles.USER),
]
return user
def as_user(client: testing.FlaskClient):
ui = regular_user_info()
with client.session_transaction() as session:
session['user_info'] = ui
user = User(full_name=ui['name'],
email=ui['email'],
profile_picture=ui['picture'])
user.roles = [
Role(name=PredefinedRoles.USER),
]
return user
def as_admin(client: testing.FlaskClient):
ui = admin_user_info()
with client.session_transaction() as session:
session['user_info'] = ui
session['google_token'] = 'testing-admin'
user = User(full_name=ui['name'],
email=ui['email'],
profile_picture=ui['picture'])
user.roles = [
Role(name=PredefinedRoles.ADMIN),
Role(name=PredefinedRoles.REVIEWER),
Role(name=PredefinedRoles.USER),
]
return user
def load_user():
# pylint: disable=too-many-return-statements,too-many-branches
# TODO: split into smaller functions
# continue for assets
if request.path.startswith("/static"):
return
# continue for logout page
if request.path == url_for("auth.logout"):
return
# continue for terms page
if request.path == url_for("auth.terms"):
return
if not is_authenticated():
g.user = None
return
log.debug("Loading user")
# Ignore all non-admin users during maintenance or restricted mode.
if (current_app.config["MAINTENANCE_MODE"]
or current_app.config["RESTRICT_LOGIN"]
and not current_app.config["IS_LOCAL"]) and not is_admin():
logout()
flash("Login restricted.", "danger")
return
# don't override existing user
if getattr(g, "user", None) is not None:
log.debug("Reusing existing user %s", g.user)
return
data = session["user_info"]
# Make sure old and incompatible sessions get dropped.
if "type" not in data.keys():
logout()
return
login_type = LoginType(data["type"])
if login_type in (LoginType.GOOGLE, LoginType.LOCAL):
login_id = data["email"]
picture = data.get("picture")
elif login_type == LoginType.GITHUB:
login_id = data["login"]
picture = data.get("avatar_url")
else:
log.error("Unsupported login type %r", login_type)
flash("Login unsupported.", "danger")
logout()
return
user = User.query.filter_by(login=login_id).one_or_none()
is_new = False
is_changed = False
if not user:
resp, invite_code = registration_required(login_id=login_id)
if resp is not None:
return resp
if "@" in login_id:
name, host = login_id.rsplit("@", 1)
log.info("Creating new user %s...%s@%s (%s)", name[0], name[-1],
host, login_type)
else:
name = login_id
log.info(
"Creating new user %s...%s (%s)",
login_id[:2],
login_id[-2:],
login_type,
)
user = User(
login=login_id,
full_name=data.get("name", name),
profile_picture=picture,
login_type=login_type,
)
is_new = True
if invite_code is not None:
session.pop("invite_code")
user.roles = invite_code.roles
user.invite_code = invite_code
invite_code.remaining_uses -= 1
if current_app.config["AUTO_ENABLE_INVITED_USERS"]:
user.enable()
db.session.add(invite_code)
else:
log.info("Updating user %s", user)
if "name" in data and not user.full_name:
user.full_name = data["name"]
is_changed = True
if picture and not user.profile_picture:
user.profile_picture = picture
is_changed = True
if user.login_type is None:
user.login_type = login_type
# update automatic roles
if is_new:
user.roles.append(get_or_create_role(PredefinedRoles.USER))
email = data.get("email")
if email in current_app.config["APPLICATION_ADMINS"]:
user.roles.append(get_or_create_role(PredefinedRoles.ADMIN))
user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER))
if is_new:
user.state = UserState.ACTIVE
is_changed = True
elif email == "*****@*****.**":
user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER))
is_changed = True
if is_changed or is_new:
log.info("Saving user %s", user)
db.session.add(user)
db.session.commit()
if user.is_blocked():
logout()
flash("Account blocked", "danger")
elif user.is_enabled():
g.user = user
log.debug("Loaded user %s", g.user)
if user.is_first_login():
user.enable()
db.session.add(user)
db.session.commit()
flash(
jinja2.Markup(
"Welcome to Vulncode-DB!<br>"
"Please take a look at your "
f'<a href="{url_for("profile.index")}">profile page</a> '
"to review your settings."),
"info",
)
else:
logout()
flash("Account not yet activated", "danger")
