def cas_login():
ticket = request.args['ticket']
target_url = request.args.get('url')
uid, attributes, proxy_granting_ticket = _cas_client(
target_url).verify_ticket(ticket)
app.logger.info(f'Logged into CAS as user {uid}')
user = User(uid)
if not user.is_active:
app.logger.error(
f'Sorry, user with UID {uid} is not authorized to use Diablo.')
param = ('error', f"""
Sorry, you are not registered to use Diablo.
Please <a href="mailto:{app.config['EMAIL_DIABLO_SUPPORT']}">email us</a> for assistance.
""")
redirect_url = add_param_to_url('/', param)
else:
login_user(user)
flash('Logged in successfully.')
# Check if url is safe for redirects per https://flask-login.readthedocs.io/en/latest/
if not _is_safe_url(request.args.get('next')):
return abort(400)
if not target_url:
target_url = '/'
# Our googleAnalyticsService uses 'casLogin' marker to track CAS login events
redirect_url = add_param_to_url(target_url, ('casLogin', 'true'))
return redirect(redirect_url)
def cas_login():
ticket = request.args['ticket']
target_url = request.args.get('url')
uid, attributes, proxy_granting_ticket = _cas_client(target_url).verify_ticket(ticket)
app.logger.info(f'Logged into CAS as user {uid}')
user = User(uid)
if not user.is_active:
redirect_url = add_param_to_url('/', ('error', f'Sorry, {user.name} is not authorized to use this tool.'))
else:
login_user(user)
if _is_safe_url(request.args.get('next')):
# Is safe URL per https://flask-login.readthedocs.io/en/latest/
flash('Logged in successfully.')
redirect_url = target_url or '/'
else:
return abort(400)
return redirect(redirect_url)
def dev_auth_login():
if app.config['DEV_AUTH_ENABLED']:
params = request.get_json() or {}
uid = params.get('uid')
password = params.get('password')
if password != app.config['DEV_AUTH_PASSWORD']:
return tolerant_jsonify({'message': 'Invalid credentials'}, 401)
user = User(uid)
if not user.is_active:
msg = f'UID {uid} is neither an Admin user nor active in CalNet.'
app.logger.error(msg)
return tolerant_jsonify({'message': msg}, 403)
if not login_user(user, force=True, remember=True):
msg = f'The system failed to log in user with UID {uid}.'
app.logger.error(msg)
return tolerant_jsonify({'message': msg}, 403)
return tolerant_jsonify(current_user.to_api_json(include_courses=True))
else:
raise ResourceNotFoundError('Unknown path')
def _user_loader(user_id=None):
from diablo.models.user import User
return User(user_id)