def _sign_in_impl(is_for_refresh):
form = SigninForm()
has_errors = False
if form.validate_on_submit():
username = form.username.data
# enforce lowercase for username to ensure case insensitivity
# TODO: move this to the model and logic layer
username = username.lower()
password = form.password.data
user = login(username, password)
if is_for_refresh:
if user and user == flask_login.current_user:
flask_login.confirm_login()
return _redirect_to_next_url()
else:
if user:
remember_me = form.remember_me.data
flask_login.login_user(user, remember=remember_me)
if user.is_admin and password == 'password':
flask.flash(
'You are using the default admin password from the '
'SampleDB documentation. Please change your password '
'before making this SampleDB instance available to '
'other users.', 'warning')
return _redirect_to_next_url()
has_errors = True
elif form.errors:
has_errors = True
return flask.render_template('sign_in.html',
form=form,
is_for_refresh=is_for_refresh,
has_errors=has_errors)
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm()
if form.validate_on_submit():
confirm_login()
new_user = User.query.filter(User.name == form.name.data).first()
new_cam = Cam.query.filter(Cam.name == form.name.data).first()
if User.query.filter(User.name == form.name.data).first() is not None:
if not new_user.check_password(form.password.data):
flash('Invalid user name or password')
return redirect(url_for('login'))
flash('login user: okay')
login_user(new_user, remember=form.remember_me.data)
session['account_type'] = 'session_user'
elif new_cam is not None:
if not new_cam.check_password(form.password.data):
flash('Invalid cam name or password')
return redirect(url_for('login'))
flash('login cam: okay')
login_user(new_cam, remember=form.remember_me.data)
session['account_type'] = 'session_cam'
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index')
return redirect(next_page)
return render_template('login.html', title='Sign In', form=form)
def reauth():
form = ReAuthForm(request.form)
if request.method == 'POST' and form.validate():
confirm_login()
return redirect(request.args.get('next', '/'))
else:
return render_template('reauth.html', form=form, title='ReAuthenticate')
def reauth():
if request.method == "POST":
confirm_login()
#flash(u"Reauthenticated.")
print('reauth')
return redirect(request.args.get("next") or url_for("index"))
return render_template("reauth.html")
def reauthenticate():
"""Ask the user to confirm their password."""
form = ReauthenticationForm()
# Logout if not active
if not current_user.is_active:
logout_user()
flash(_('User is not active'), 'warning')
return redirect(url_for('auth.login'))
if form.validate_on_submit():
# Check credentials
if crypto_manager.verify(form.password.data, current_user.password):
# Show invalid credentials message
flash(_('Invalid credentials'), 'error')
return render_template('auth/reauthenticate.html', form=form)
# Refresh session
confirm_login()
# Validate destination
next_url = request.args.get('next')
if next_url and is_safe_url(next_url):
return redirect(next_url)
return render_template('auth/reauthenticate.html', form=form)
def refresh_login():
if current_user.is_authenticated and login_fresh():
next_page = get_next_page(request.args.get("next"))
return redirect(next_page)
prefered_webauthn = strtobool(request.args.get("webauthn", "false"))
if prefered_webauthn:
return render_template("webauthn/login_with_webauthn.html")
form = RefreshLogin()
user_id = current_user.get_id()
database_id = User.get_database_id(user_id)
user = User.query.filter_by(did=database_id).first()
webauthn = Webauthn.query.filter_by(user_id=database_id).first()
webauthn_enabled = webauthn.is_enabled if webauthn is not None else False
if form.validate_on_submit():
if user.check_password(form.password.data):
confirm_login()
else:
flash(_("Invalid password"))
return redirect(url_for("auth.refresh_login"))
next_page = get_next_page(request.args.get("next"))
return redirect(next_page)
return render_template(
"auth/refresh_login.html",
title=_("Refresh your session"),
form=form,
webauthn_enabled=webauthn_enabled,
)
def get(self):
if current_user.is_authenticated:
user = current_user
fresh = login_fresh()
logger.info('User %s (%s) already authenticated. Fresh: %s',
user.username, user.id, fresh)
confirm_login()
else:
user = create_anonymous_user()
login_user(user, remember=True)
parsed_user = row_to_dict(user)
response = jsonify({
'user': {
k: parsed_user[k]
for k in ['anonymous', 'confirmed', 'email', 'id', 'username']
}
})
response = set_cookies(
response, {
'username': user.username,
'email': '',
'user_id': user.id,
'confirmed': False,
'anonymous': True
})
return response
def frontpage():
if current_user.is_authenticated:
# Weird bug happening where only when accessing '/' after closing browser, our remember_me cookie is wiped
# Confirming the login refreshes the cookie, prevents that bug or re-sets the cookie after it's deleted
confirm_login()
return redirect(url_for('dashboard'))
else:
return render_template('frontpage.html')
def reauth():
""" confirm_login sets the current session as fresh. Sessions become stale when they are reloaded from a cookie.
"""
if request.method == "POST":
confirm_login()
#~ flash(u"Регистрация обновлена.")
return redirect(request.args.get("next") or url_for("cabinetPage"))
return render_template("reauth.html")
def re_authenticate():
if login_fresh(): # How does this do ??
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(form.password.data):
confirm_login() # How does this do ??
return redirect_back()
return render_template('auth/login.html', form=form)
def reauth():
if request.method == "POST":
confirm_login()
flash(u"Reauthenticated.")
if not is_safe_url(next):
return flask.abort(400)
return redirect(request.args.get("next") or url_for("index"))
return render_template("reauth.html")
def attempt_sign_up():
pw_hash = generate_password_hash(request.form['password'])
user = User(request.form['username'], pw_hash)
db.session.add(user)
db.session.commit()
login_user(user, remember=False)
confirm_login()
return redirect(url_for('profile'))
def get(self):
if not login_fresh():
if current_user.password is None:
if current_app.discordAuth.authorized:
confirm_login()
return current_app.discordAuth.create_session()
return render_template("auth/reauth.html", form=self.form())
return redirect_or_next(current_user.url)
def reauth():
if request.method == "POST":
confirm_login()
# flash(u"Reauthenticated.")
return redirect(request.args.get("next") or '/admin')
templateData = {}
return render_template("/auth/reauth.html", **templateData)
def attempt_sign_in():
user = User.query.filter_by(username=request.form['user_username']).first()
if user and check_password_hash(user.password,
request.form['user_password']):
login_user(user, remember=False)
confirm_login()
return render_template('userprofile.html')
else:
return render_template('signin.html')
def re_authenticated():
if login_fresh():
return redirect(url_for("main.index"))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template("auth/login.html", form=form)
def re_authenticate():
"""当用户‘不新鲜’时访问带@fresh_login_required的视图时,重新认证"""
if login_fresh():
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/login.html', form=form)
def re_authenticate():
"""处理非新鲜登录的重认证"""
if login_fresh():
return redirect(url_for('blog.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/signin.html', form=form)
def sign():
if current_app.config.get('DB_FALL', None):
return redirect(url_for('emcweb.index'))
status, _, error_str = get_block_status()
if status != 2:
return redirect(url_for('emcweb.index'))
confirm_login()
endpoint_list = get_tools_endpoint_list()
return render_template('sign.html', endpoint_list=endpoint_list)
def re_authenticate():
if login_fresh():
return redirect(url_for('main.index'))
form = ReLoginForm()
if form.validate_on_submit():
if current_user.validate_password(form.password.data):
confirm_login()
return redirect_back()
flash('密码错误, 请重新输入', 'warning')
return render_template('auth/login.jinja2', form=form)
def post(self):
form = self.form()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
flash(_("Wrong password."), "danger")
return render_template("auth/reauth.html", form=form)
def minfo():
if current_app.config.get('DB_FALL', None):
return redirect(url_for('emcweb.index'))
status, _, error_str = get_block_status()
if status != 2:
return redirect(url_for('emcweb.index'))
confirm_login()
endpoint_list = get_tools_endpoint_list()
return render_template('minfo.html',
endpoint_list=endpoint_list)
def re_authenticate():
if login_fresh():
flash('活跃用户不需要重新登录', 'info')
return redirect(url_for('base'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template('user/login.html', form=form)
def receive():
if current_app.config.get('DB_FALL', None):
return redirect(url_for('emcweb.index'))
status, _, error_str = get_block_status()
if status != 2:
return redirect(url_for('emcweb.index'))
confirm_login()
endpoint_list = get_tools_endpoint_list()
return render_template('receive.html', mailer=current_app.config.get('EMAIL_ENABLED', False),
endpoint_list=endpoint_list)
def login():
if request.method == "POST" and "username" in request.form and "password" in request.form:
username = request.form["username"]
passw = request.form["password"]
if username in USER_NAMES and passw in USER_PASSW:
remember = request.form.get("remember", "no") == "yes"
if login_user(USER_NAMES[username], remember=remember):
confirm_login()
return redirect(url_for("home"))
else:
return redirect(url_for('Stranger'))
return render_template("login.html")
def login():
if request.method == "POST" and "username" in request.form and "password" in request.form:
username = request.form["username"]
passw = request.form["password"]
if username in USER_NAMES and passw in USER_PASSW:
remember = request.form.get("remember","no") == "yes"
if login_user(USER_NAMES[username], remember=remember):
confirm_login()
return redirect(url_for("home"))
else:
return redirect(url_for('Stranger'))
return render_template("login.html")
def settings():
if current_app.config.get('DB_FALL', None):
return redirect(url_for('emcweb.index'))
status, _, error_str = get_block_status()
if status != 2:
return redirect(url_for('emcweb.index'))
confirm_login()
live_coin = False if not current_app.config.get('LIVECOIN_ENABLE', False) else True
endpoint_list = get_tools_endpoint_list()
return render_template('settings.html', live_coin=live_coin,
endpoint_list=endpoint_list)
def re_authenticate():
''''对已经登录的用户重新认证,保持 “新鲜”。
类似 Github 等认证。对于一些敏感操作需要重新认证,例如修改密码。
'''
if login_fresh():
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/login.html', form=form)
def reauth():
form = ReAuthForm(request.form)
if request.method == "POST" and form.validate():
try:
user = authenticate_user(current_user.name, form.password.data)
except LoginException, e:
form.errors["login"] = [e.message]
return render_template("reauth.html", form=form)
confirm_login() # Note: Cookies are a bit glitchy with the dev domains it seems, don't panic
flash("Reauthenticated.", category="success")
return redirect(request.args.get("next", '/'))
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
flash(_('Reauthenticated.'), 'success')
return redirect(form.next.data or url_for('user.change_password'))
flash(_('Password is incorrect.'), 'warning')
return render_template('user/reauth.html', form=form)
def re_authenticate():
if login_fresh():
return redirect(url_for('front.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
log_user(content=render_template('logs/auth/login.html'))
return redirect_back()
return render_template('auth/login.html', form=form)
def receive():
if current_app.config.get('DB_FALL', None):
return redirect(url_for('emcweb.index'))
status, _, error_str = get_block_status()
if status != 2:
return redirect(url_for('emcweb.index'))
confirm_login()
endpoint_list = get_tools_endpoint_list()
return render_template('receive.html',
mailer=current_app.config.get(
'EMAIL_ENABLED', False),
endpoint_list=endpoint_list)
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
flash(_('Reauthenticated.'), 'success')
return redirect(form.next.data or url_for('user.change_password'))
flash(_('Password is incorrect.'), 'warning')
return render_template('user/reauth.html', form=form)
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
flash('Reauthenticated.', 'success')
return redirect('/change_password')
flash('Password is wrong.', 'danger')
return render_template('frontend/reauth.html', form=form)
def reauth():
form = ReAuthForm(request.form)
if request.method == "POST" and form.validate():
try:
user = authenticate_user(current_user.name, form.password.data)
except LoginException, e:
form.errors["login"] = [e.message]
return render_template("reauth.html", form=form)
confirm_login() # Note: Cookies are a bit glitchy with the dev domains it seems, don't panic
flash("Reauthenticated.", category="success")
return redirect(request.args.get("next", "/"))
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
flash('Reauthenticated.', 'success')
return redirect('/change_password')
flash('Password is wrong.', 'danger')
return render_template('frontend/reauth.html', form=form)
def reauth():
"""Reauthenticates a user."""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
flash(_("Wrong password."), "danger")
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or current_user.url)
def reauth():
"""Reauthenticates a user."""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
flash(_("Wrong password."), "danger")
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or current_user.url)
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
current_app.logger.debug('reauth: %s' % session['_fresh'])
flash(_('Reauthenticated.'), 'success')
return redirect('/change_password')
flash(_('Password is wrong.'), 'error')
return render_template('frontend/reauth.html', form=form)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.choose_service'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user and user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if user and session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address != invited_user['email_address']:
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
if user:
# Remember me login
if not login_fresh() and \
not current_user.is_anonymous and \
current_user.id == user.id and \
user.is_active:
confirm_login()
services = service_api_client.get_active_services({'user_id': str(user.id)}).get('data', [])
if (len(services) == 1):
return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
session['user_details'] = {"email": user.email_address, "id": user.id}
if user.is_active:
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
if request.args.get('next'):
return redirect(url_for('.two_factor', next=request.args.get('next')))
else:
return redirect(url_for('.two_factor'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(Markup((
"The email address or password you entered is incorrect."
" <a href={password_reset}>Forgot your password</a>?"
).format(password_reset=url_for('.forgot_password'))
))
return render_template('views/signin.html', form=form)
def reauth():
"""
Reauthenticates a user
"""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
confirm_login()
flash("Reauthenticated", "success")
return redirect(request.args.get("next") or
url_for("user.profile"))
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or
url_for("user.profile", username=current_user.username))
def refresh_user():
auth_methods = {am.name: am for am in current_app.auth_methods}
user_auth_method = auth_methods[flask_login.current_user.authmethod]
if user_auth_method.refresh(flask_login.current_user):
current_app.logger.debug("Marking '{}' as fresh".format(
flask_login.current_user))
flask_login.confirm_login()
# Call the original endpoint
view = current_app.view_functions[request.endpoint]
return view(**request.view_args)
else:
flash(login_manager.needs_refresh_message,
category=login_manager.needs_refresh_message_category)
original_url = url_for(request.endpoint, **request.view_args)
return redirect(url_for('login.login', next=original_url,
_anchor=user_auth_method.safe_name))
def wallets():
if current_app.config.get('DB_FALL', None):
return redirect(url_for('emcweb.index'))
status, _, error_str = get_block_status()
if status != 2:
return redirect(url_for('emcweb.index'))
confirm_login()
endpoint_list = get_tools_endpoint_list()
return render_template(
'wallets.html',
google=os.path.exists(os.path.join(os.path.dirname(__file__),
'..', '..', '..', 'static',
'google_secrets.json')),
endpoint_list=endpoint_list
)
def refresh_login(password: str) -> Optional['User']:
"""
Try to refresh the current user's login.
:param password: The user's (plaintext) password.
:return: The user if the password is valid for the given user; `None` otherwise.
"""
user_id = current_user.get_id()
if user_id is None:
return None
user = User.load_from_id(user_id)
if not user.check_password(password):
return None
confirm_login()
return user
def post(self):
form = self.form()
if form.validate_on_submit():
reauth_manager = self.reauthentication_factory()
try:
reauth_manager.reauthenticate(
user=current_user, secret=form.password.data
)
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
except StopAuthentication as e:
flash(e.reason, "danger")
except Exception:
flash(_("Unrecoverable error while handling reauthentication"))
raise
return render_template("auth/reauth.html", form=form)
def dispatch_request(self, *args, **kwargs):
confirm_login()
return super(LoginResource, self).dispatch_request(*args, **kwargs)
def reauth():
if request.method == "POST":
confirm_login()
return redirect(url_for("home"))
return render_template("reauth.html")
def confirm_login_lit_review_user():
confirm_login()
return 'Reauthenticated'
def _confirm_login():
confirm_login()
return u''