def login(): if request.method == 'POST': name, password = request.form['name'], request.form['password'] try: if request.form['authentication_method'] == 'Local User': user = fetch('User', name=name) if user and password == user.password: login_user(user) return redirect(url_for('base_blueprint.dashboard')) elif request.form['authentication_method'] == 'LDAP Domain': with Connection(ldap_client, user=f'{app.config["LDAP_USERDN"]}\\{name}', password=password, auto_bind=True, authentication=NTLM) as connection: connection.search( app.config['LDAP_BASEDN'], f'(&(objectClass=person)(samaccountname={name}))', search_scope=SUBTREE, get_operational_attributes=True, attributes=['cn', 'memberOf', 'mail']) json_response = loads( connection.response_to_json())['entries'][0] if json_response: user = { 'name': name, 'password': password, 'email': json_response['attributes'].get('mail', '') } if any(app.config['LDAP_ADMIN_GROUP'] in s for s in json_response['attributes']['memberOf']): user['permissions'] = ['Admin'] new_user = factory('User', **user) login_user(new_user) return redirect(url_for('base_blueprint.dashboard')) elif request.form['authentication_method'] == 'TACACS': if tacacs_client.authenticate(name, password).valid: user = factory('User', **{ 'name': name, 'password': password }) login_user(user) return redirect(url_for('base_blueprint.dashboard')) abort(403) except Exception as e: info(f'Authentication failed ({str(e)})') abort(403) if not current_user.is_authenticated: login_form = LoginForm(request.form) authentication_methods = [('Local User', ) * 2] if USE_LDAP: authentication_methods.append(('LDAP Domain', ) * 2) if USE_TACACS: authentication_methods.append(('TACACS', ) * 2) login_form.authentication_method.choices = authentication_methods return render_template('login.html', login_form=login_form) return redirect(url_for('base_blueprint.dashboard'))
def login(): if request.method == 'POST': name = str(request.form['name']) user_password = str(request.form['password']) user = fetch(User, name=name) if user: if app.config['USE_VAULT']: pwd = vault_helper(app, f'user/{user.name}')['password'] else: pwd = user.password if user_password == pwd: login_user(user) return redirect(url_for('base_blueprint.dashboard')) else: try: # tacacs_plus does not support py2 unicode, hence the # conversion to string. # TACACSClient cannot be saved directly to session # as it is not serializable: this temporary fixes will create # a new instance of TACACSClient at each TACACS connection # attemp: clearly suboptimal, to be improved later. tacacs_server = db.session.query(TacacsServer).one() tacacs_client = TACACSClient( str(tacacs_server.ip_address), int(tacacs_server.port), str(tacacs_server.password) ) if tacacs_client.authenticate( name, user_password, TAC_PLUS_AUTHEN_TYPE_ASCII ).valid: user = User(name=name, password=user_password) db.session.add(user) db.session.commit() login_user(user) return redirect(url_for('base_blueprint.dashboard')) except NoResultFound: pass return render_template('errors/page_403.html') if not current_user.is_authenticated: return render_template( 'login.html', login_form=LoginForm(request.form), create_account_form=CreateAccountForm(request.form) ) return redirect(url_for('base_blueprint.dashboard'))
def login(): if request.method == 'POST': name, user_password = request.form['name'], request.form['password'] user = fetch('User', name=name) if user: if app.config['USE_VAULT']: pwd = vault_helper(app, f'user/{user.name}')['password'] else: pwd = user.password if user_password == pwd: login_user(user) return redirect(url_for('base_blueprint.dashboard')) if not current_user.is_authenticated: return render_template('login.html', login_form=LoginForm(request.form), create_account_form=CreateAccountForm( request.form)) return redirect(url_for('base_blueprint.dashboard'))
def login(): if request.method == 'POST': name = str(request.form['name']) password = str(request.form['password']) user = db.session.query(User).filter_by(name=name).first() if user and cisco_type7.verify(password, user.password): flask_login.login_user(user) return redirect(url_for('base_blueprint.dashboard')) else: try: # tacacs_plus does not support py2 unicode, hence the # conversion to string. # TACACSClient cannot be saved directly to session # as it is not serializable: this temporary fixes will create # a new instance of TACACSClient at each TACACS connection # attemp: clearly suboptimal, to be improved later. encrypted_password = cisco_type7.hash(password) tacacs_server = db.session.query(TacacsServer).one() tacacs_client = TACACSClient( str(tacacs_server.ip_address), int(tacacs_server.port), str(cisco_type7.decode(str(tacacs_server.password))) ) if tacacs_client.authenticate( name, password, TAC_PLUS_AUTHEN_TYPE_ASCII ).valid: user = User(name=name, password=encrypted_password) db.session.add(user) db.session.commit() flask_login.login_user(user) return redirect(url_for('base_blueprint.dashboard')) except NoResultFound: pass return render_template('errors/page_403.html') if not flask_login.current_user.is_authenticated: return render_template( 'login.html', login_form=LoginForm(request.form), create_account_form=CreateAccountForm(request.form) ) return redirect(url_for('base_blueprint.dashboard'))
def login(): if request.method == 'POST': name, password = request.form['name'], request.form['password'] user = fetch('User', name=name) if user: if password == user.password: login_user(user) return redirect(url_for('base_blueprint.dashboard')) else: abort(403) elif USE_LDAP: try: with Connection( ldap_client, user=f'{app.config["LDAP_USERDN"]}\\{user}', password=password, auto_bind=True, authentication=NTLM ) as connection: connection.search( app.config['LDAP_BASEDN'], f'(&(objectClass=person)(samaccountname={name}))', search_scope=SUBTREE, get_operational_attributes=True, attributes=['cn', 'memberOf'] ) except LDAPBindError: abort(403) elif USE_TACACS: if tacacs_client.authenticate(name, password).valid: user = factory('User', **{'name': name, 'password': password}) login_user(user) return redirect(url_for('base_blueprint.dashboard')) else: abort(403) else: abort(403) if not current_user.is_authenticated: return render_template('login.html', login_form=LoginForm(request.form)) return redirect(url_for('base_blueprint.dashboard'))
def login(): if request.method == 'POST': name, password = request.form['name'], request.form['password'] user = fetch('User', name=name) if user: if password == user.password: login_user(user) return redirect(url_for('base_blueprint.dashboard')) else: abort(403) elif use_tacacs: if tacacs_client.authenticate(name, password).valid: user = factory('User', **{'name': name, 'password': password}) login_user(user) return redirect(url_for('base_blueprint.dashboard')) else: abort(403) else: abort(403) if not current_user.is_authenticated: return render_template('login.html', login_form=LoginForm(request.form)) return redirect(url_for('base_blueprint.dashboard'))
def login() -> Union[Response, str]: if request.method == "POST": name, password = request.form["name"], request.form["password"] try: if request.form["authentication_method"] == "Local User": user = fetch("User", name=name) if user and password == user.password: login_user(user) return redirect(url_for("base_blueprint.dashboard")) elif request.form["authentication_method"] == "LDAP Domain": with Connection( ldap_client, user=f'{app.config["LDAP_USERDN"]}\\{name}', password=password, auto_bind=True, authentication=NTLM, ) as connection: connection.search( app.config["LDAP_BASEDN"], f"(&(objectClass=person)(samaccountname={name}))", search_scope=SUBTREE, get_operational_attributes=True, attributes=["cn", "memberOf", "mail"], ) json_response = loads( connection.response_to_json())["entries"][0] if json_response: user = { "name": name, "password": password, "email": json_response["attributes"].get("mail", ""), } if any(group in s for group in app.config["LDAP_ADMIN_GROUP"] for s in json_response["attributes"]["memberOf"]): user["permissions"] = ["Admin"] new_user = factory("User", **user) login_user(new_user) return redirect(url_for("base_blueprint.dashboard")) elif request.form["authentication_method"] == "TACACS": if tacacs_client.authenticate(name, password).valid: user = factory("User", **{ "name": name, "password": password }) login_user(user) return redirect(url_for("base_blueprint.dashboard")) abort(403) except Exception as e: info(f"Authentication failed ({str(e)})") abort(403) if not current_user.is_authenticated: login_form = LoginForm(request.form) authentication_methods = [("Local User", ) * 2] if USE_LDAP: authentication_methods.append(("LDAP Domain", ) * 2) if USE_TACACS: authentication_methods.append(("TACACS", ) * 2) login_form.authentication_method.choices = authentication_methods return render_template("login.html", login_form=login_form) return redirect(url_for("base_blueprint.dashboard"))