Пример #1
0
def _sign_in_impl(is_for_refresh):
    form = SigninForm()
    has_errors = False
    if form.validate_on_submit():
        username = form.username.data
        # enforce lowercase for username to ensure case insensitivity
        # TODO: move this to the model and logic layer
        username = username.lower()
        password = form.password.data
        user = login(username, password)
        if is_for_refresh:
            if user and user == flask_login.current_user:
                flask_login.confirm_login()
                return _redirect_to_next_url()
        else:
            if user:
                remember_me = form.remember_me.data
                flask_login.login_user(user, remember=remember_me)
                if user.is_admin and password == 'password':
                    flask.flash(
                        'You are using the default admin password from the '
                        'SampleDB documentation. Please change your password '
                        'before making this SampleDB instance available to '
                        'other users.', 'warning')
                return _redirect_to_next_url()
        has_errors = True
    elif form.errors:
        has_errors = True
    return flask.render_template('sign_in.html',
                                 form=form,
                                 is_for_refresh=is_for_refresh,
                                 has_errors=has_errors)
Пример #2
0
def login():
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    form = LoginForm()
    if form.validate_on_submit():
        confirm_login()
        new_user = User.query.filter(User.name == form.name.data).first()
        new_cam = Cam.query.filter(Cam.name == form.name.data).first()
        if User.query.filter(User.name == form.name.data).first() is not None:
            if not new_user.check_password(form.password.data):
                flash('Invalid user name or password')
                return redirect(url_for('login'))
            flash('login user: okay')
            login_user(new_user, remember=form.remember_me.data)
            session['account_type'] = 'session_user'
        elif new_cam is not None:
            if not new_cam.check_password(form.password.data):
                flash('Invalid cam name or password')
                return redirect(url_for('login'))
            flash('login cam: okay')
            login_user(new_cam, remember=form.remember_me.data)
            session['account_type'] = 'session_cam'
        next_page = request.args.get('next')
        if not next_page or url_parse(next_page).netloc != '':
            next_page = url_for('index')
        return redirect(next_page)
    return render_template('login.html', title='Sign In', form=form)
Пример #3
0
def reauth():
    form = ReAuthForm(request.form)
    if request.method == 'POST' and form.validate():
        confirm_login()
        return redirect(request.args.get('next', '/'))
    else:
        return render_template('reauth.html', form=form, title='ReAuthenticate')        
Пример #4
0
def reauth():
    if request.method == "POST":
        confirm_login()
        #flash(u"Reauthenticated.")
        print('reauth')
        return redirect(request.args.get("next") or url_for("index"))
    return render_template("reauth.html")
Пример #5
0
def reauthenticate():
    """Ask the user to confirm their password."""
    form = ReauthenticationForm()

    # Logout if not active
    if not current_user.is_active:
        logout_user()
        flash(_('User is not active'), 'warning')

        return redirect(url_for('auth.login'))

    if form.validate_on_submit():
        # Check credentials
        if crypto_manager.verify(form.password.data, current_user.password):
            # Show invalid credentials message
            flash(_('Invalid credentials'), 'error')

            return render_template('auth/reauthenticate.html', form=form)

        # Refresh session
        confirm_login()

        # Validate destination
        next_url = request.args.get('next')

        if next_url and is_safe_url(next_url):
            return redirect(next_url)

    return render_template('auth/reauthenticate.html', form=form)
Пример #6
0
def refresh_login():
    if current_user.is_authenticated and login_fresh():
        next_page = get_next_page(request.args.get("next"))
        return redirect(next_page)
    prefered_webauthn = strtobool(request.args.get("webauthn", "false"))
    if prefered_webauthn:
        return render_template("webauthn/login_with_webauthn.html")
    form = RefreshLogin()
    user_id = current_user.get_id()
    database_id = User.get_database_id(user_id)
    user = User.query.filter_by(did=database_id).first()
    webauthn = Webauthn.query.filter_by(user_id=database_id).first()
    webauthn_enabled = webauthn.is_enabled if webauthn is not None else False
    if form.validate_on_submit():
        if user.check_password(form.password.data):
            confirm_login()
        else:
            flash(_("Invalid password"))
            return redirect(url_for("auth.refresh_login"))
        next_page = get_next_page(request.args.get("next"))
        return redirect(next_page)
    return render_template(
        "auth/refresh_login.html",
        title=_("Refresh your session"),
        form=form,
        webauthn_enabled=webauthn_enabled,
    )
Пример #7
0
    def get(self):
        if current_user.is_authenticated:
            user = current_user
            fresh = login_fresh()
            logger.info('User %s (%s) already authenticated. Fresh: %s',
                        user.username, user.id, fresh)
            confirm_login()
        else:
            user = create_anonymous_user()
            login_user(user, remember=True)

        parsed_user = row_to_dict(user)
        response = jsonify({
            'user': {
                k: parsed_user[k]
                for k in ['anonymous', 'confirmed', 'email', 'id', 'username']
            }
        })
        response = set_cookies(
            response, {
                'username': user.username,
                'email': '',
                'user_id': user.id,
                'confirmed': False,
                'anonymous': True
            })
        return response
Пример #8
0
def frontpage():
    if current_user.is_authenticated:
        # Weird bug happening where only when accessing '/' after closing browser, our remember_me cookie is wiped
        # Confirming the login refreshes the cookie, prevents that bug or re-sets the cookie after it's deleted
        confirm_login()
        return redirect(url_for('dashboard'))
    else:
        return render_template('frontpage.html')
Пример #9
0
def reauth():
    """ confirm_login sets the current session as fresh. Sessions become stale when they are reloaded from a cookie.
	"""
    if request.method == "POST":
        confirm_login()
        #~ flash(u"Регистрация обновлена.")
        return redirect(request.args.get("next") or url_for("cabinetPage"))
    return render_template("reauth.html")
Пример #10
0
def re_authenticate():
    if login_fresh():  # How does this do ??
        return redirect(url_for('main.index'))
    form = LoginForm()
    if form.validate_on_submit() and current_user.validate_password(form.password.data):
        confirm_login()  # How does this do ??
        return redirect_back()
    return render_template('auth/login.html', form=form)
Пример #11
0
def reauth():
    if request.method == "POST":
        confirm_login()
        flash(u"Reauthenticated.")
        if not is_safe_url(next):
            return flask.abort(400)
        return redirect(request.args.get("next") or url_for("index"))
    return render_template("reauth.html")
Пример #12
0
def attempt_sign_up():
    pw_hash = generate_password_hash(request.form['password'])
    user = User(request.form['username'], pw_hash)
    db.session.add(user)
    db.session.commit()
    login_user(user, remember=False)
    confirm_login()
    return redirect(url_for('profile'))
Пример #13
0
 def get(self):
     if not login_fresh():
         if current_user.password is None:
             if current_app.discordAuth.authorized:
                 confirm_login()
             return current_app.discordAuth.create_session()
         return render_template("auth/reauth.html", form=self.form())
     return redirect_or_next(current_user.url)
Пример #14
0
def reauth():
    if request.method == "POST":
        confirm_login()
        # flash(u"Reauthenticated.")
        return redirect(request.args.get("next") or '/admin')

    templateData = {}
    return render_template("/auth/reauth.html", **templateData)
Пример #15
0
def attempt_sign_in():
    user = User.query.filter_by(username=request.form['user_username']).first()
    if user and check_password_hash(user.password,
                                    request.form['user_password']):
        login_user(user, remember=False)
        confirm_login()
        return render_template('userprofile.html')
    else:
        return render_template('signin.html')
Пример #16
0
def re_authenticated():
    if login_fresh():
        return redirect(url_for("main.index"))
    form = LoginForm()
    if form.validate_on_submit() and current_user.validate_password(
            form.password.data):
        confirm_login()
        return redirect_back()
    return render_template("auth/login.html", form=form)
Пример #17
0
def re_authenticate():
    """当用户‘不新鲜’时访问带@fresh_login_required的视图时,重新认证"""
    if login_fresh():
        return redirect(url_for('main.index'))
    form = LoginForm()
    if form.validate_on_submit() and current_user.validate_password(
            form.password.data):
        confirm_login()
        return redirect_back()
    return render_template('auth/login.html', form=form)
Пример #18
0
def re_authenticate():
    """处理非新鲜登录的重认证"""
    if login_fresh():
        return redirect(url_for('blog.index'))

    form = LoginForm()
    if form.validate_on_submit() and current_user.validate_password(form.password.data):
        confirm_login()
        return redirect_back()
    return render_template('auth/signin.html', form=form)
Пример #19
0
def sign():
    if current_app.config.get('DB_FALL', None):
        return redirect(url_for('emcweb.index'))

    status, _, error_str = get_block_status()
    if status != 2:
        return redirect(url_for('emcweb.index'))
    confirm_login()
    endpoint_list = get_tools_endpoint_list()
    return render_template('sign.html', endpoint_list=endpoint_list)
Пример #20
0
def re_authenticate():
    if login_fresh():
        return redirect(url_for('main.index'))
    form = ReLoginForm()
    if form.validate_on_submit():
        if current_user.validate_password(form.password.data):
            confirm_login()
            return redirect_back()
        flash('密码错误, 请重新输入', 'warning')
    return render_template('auth/login.jinja2', form=form)
Пример #21
0
    def post(self):
        form = self.form()
        if form.validate_on_submit():
            if current_user.check_password(form.password.data):
                confirm_login()
                flash(_("Reauthenticated."), "success")
                return redirect_or_next(current_user.url)

            flash(_("Wrong password."), "danger")
        return render_template("auth/reauth.html", form=form)
Пример #22
0
def minfo():
    if current_app.config.get('DB_FALL', None):
        return redirect(url_for('emcweb.index'))

    status, _, error_str = get_block_status()
    if status != 2:
        return redirect(url_for('emcweb.index'))
    confirm_login()
    endpoint_list = get_tools_endpoint_list()
    return render_template('minfo.html',
                           endpoint_list=endpoint_list)
Пример #23
0
def re_authenticate():
    if login_fresh():
        flash('活跃用户不需要重新登录', 'info')
        return redirect(url_for('base'))

    form = LoginForm()
    if form.validate_on_submit() and current_user.validate_password(
            form.password.data):
        confirm_login()
        return redirect_back()
    return render_template('user/login.html', form=form)
Пример #24
0
def receive():
    if current_app.config.get('DB_FALL', None):
        return redirect(url_for('emcweb.index'))

    status, _, error_str = get_block_status()
    if status != 2:
        return redirect(url_for('emcweb.index'))
    confirm_login()
    endpoint_list = get_tools_endpoint_list()
    return render_template('receive.html', mailer=current_app.config.get('EMAIL_ENABLED', False),
                           endpoint_list=endpoint_list)
Пример #25
0
def login():
    if request.method == "POST" and "username" in request.form and "password" in request.form:
        username = request.form["username"]
        passw = request.form["password"]
        if username in USER_NAMES and passw in USER_PASSW:
            remember = request.form.get("remember", "no") == "yes"
            if login_user(USER_NAMES[username], remember=remember):
                confirm_login()
                return redirect(url_for("home"))
            else:
                return redirect(url_for('Stranger'))
    return render_template("login.html")
Пример #26
0
def login():
    if request.method == "POST" and "username" in request.form and "password" in request.form:
    	username = request.form["username"]
    	passw = request.form["password"]
    	if username in USER_NAMES and passw in USER_PASSW:
    		remember = request.form.get("remember","no") == "yes"
    		if login_user(USER_NAMES[username], remember=remember):
    			confirm_login()
    			return redirect(url_for("home"))
    		else:
    			return redirect(url_for('Stranger'))
    return render_template("login.html")
Пример #27
0
def settings():
    if current_app.config.get('DB_FALL', None):
        return redirect(url_for('emcweb.index'))

    status, _, error_str = get_block_status()
    if status != 2:
        return redirect(url_for('emcweb.index'))
    confirm_login()
    live_coin = False if not current_app.config.get('LIVECOIN_ENABLE', False) else True
    endpoint_list = get_tools_endpoint_list()
    return render_template('settings.html', live_coin=live_coin,
                           endpoint_list=endpoint_list)
Пример #28
0
def re_authenticate():
    ''''对已经登录的用户重新认证,保持 “新鲜”。
    类似 Github 等认证。对于一些敏感操作需要重新认证,例如修改密码。
    '''
    if login_fresh():
        return redirect(url_for('main.index'))

    form = LoginForm()
    if form.validate_on_submit() and current_user.validate_password(
            form.password.data):
        confirm_login()
        return redirect_back()
    return render_template('auth/login.html', form=form)
Пример #29
0
def reauth():
    form = ReAuthForm(request.form)
    if request.method == "POST" and form.validate():
        try:
            user = authenticate_user(current_user.name, form.password.data)
        except LoginException, e:
            form.errors["login"] = [e.message]
            return render_template("reauth.html", form=form)

        confirm_login()  # Note: Cookies are a bit glitchy with the dev domains it seems, don't panic

        flash("Reauthenticated.", category="success")
        return redirect(request.args.get("next", '/'))
Пример #30
0
def reauth():
    form = ReauthForm(next=request.args.get('next'))

    if request.method == 'POST':
        user, authenticated = User.authenticate(current_user.name,
                                                form.password.data)
        if user and authenticated:
            confirm_login()
            flash(_('Reauthenticated.'), 'success')
            return redirect(form.next.data or url_for('user.change_password'))

        flash(_('Password is incorrect.'), 'warning')
    return render_template('user/reauth.html', form=form)
Пример #31
0
def re_authenticate():
    if login_fresh():
        return redirect(url_for('front.index'))

    form = LoginForm()
    if form.validate_on_submit() and current_user.validate_password(
            form.password.data):
        confirm_login()
        log_user(content=render_template('logs/auth/login.html'))

        return redirect_back()

    return render_template('auth/login.html', form=form)
Пример #32
0
def receive():
    if current_app.config.get('DB_FALL', None):
        return redirect(url_for('emcweb.index'))

    status, _, error_str = get_block_status()
    if status != 2:
        return redirect(url_for('emcweb.index'))
    confirm_login()
    endpoint_list = get_tools_endpoint_list()
    return render_template('receive.html',
                           mailer=current_app.config.get(
                               'EMAIL_ENABLED', False),
                           endpoint_list=endpoint_list)
Пример #33
0
def reauth():
    form = ReauthForm(next=request.args.get('next'))

    if request.method == 'POST':
        user, authenticated = User.authenticate(current_user.name,
                                                form.password.data)
        if user and authenticated:
            confirm_login()
            flash(_('Reauthenticated.'), 'success')
            return redirect(form.next.data or url_for('user.change_password'))

        flash(_('Password is incorrect.'), 'warning')
    return render_template('user/reauth.html', form=form)
Пример #34
0
def reauth():
    form = ReauthForm(next=request.args.get('next'))

    if request.method == 'POST':
        user, authenticated = User.authenticate(current_user.name,
                                    form.password.data)
        if user and authenticated:
            confirm_login()
            flash('Reauthenticated.', 'success')
            return redirect('/change_password')

        flash('Password is wrong.', 'danger')
    return render_template('frontend/reauth.html', form=form)
Пример #35
0
def reauth():
    form = ReAuthForm(request.form)
    if request.method == "POST" and form.validate():
        try:
            user = authenticate_user(current_user.name, form.password.data)
        except LoginException, e:
            form.errors["login"] = [e.message]
            return render_template("reauth.html", form=form)

        confirm_login()  # Note: Cookies are a bit glitchy with the dev domains it seems, don't panic

        flash("Reauthenticated.", category="success")
        return redirect(request.args.get("next", "/"))
Пример #36
0
def reauth():
    form = ReauthForm(next=request.args.get('next'))

    if request.method == 'POST':
        user, authenticated = User.authenticate(current_user.name,
                                                form.password.data)
        if user and authenticated:
            confirm_login()
            flash('Reauthenticated.', 'success')
            return redirect('/change_password')

        flash('Password is wrong.', 'danger')
    return render_template('frontend/reauth.html', form=form)
Пример #37
0
def reauth():
    """Reauthenticates a user."""
    if not login_fresh():
        form = ReauthForm(request.form)
        if form.validate_on_submit():
            if current_user.check_password(form.password.data):
                confirm_login()
                flash(_("Reauthenticated."), "success")
                return redirect_or_next(current_user.url)

            flash(_("Wrong password."), "danger")
        return render_template("auth/reauth.html", form=form)
    return redirect(request.args.get("next") or current_user.url)
Пример #38
0
def reauth():
    """Reauthenticates a user."""
    if not login_fresh():
        form = ReauthForm(request.form)
        if form.validate_on_submit():
            if current_user.check_password(form.password.data):
                confirm_login()
                flash(_("Reauthenticated."), "success")
                return redirect_or_next(current_user.url)

            flash(_("Wrong password."), "danger")
        return render_template("auth/reauth.html", form=form)
    return redirect(request.args.get("next") or current_user.url)
Пример #39
0
def reauth():
    form = ReauthForm(next=request.args.get('next'))

    if request.method == 'POST':
        user, authenticated = User.authenticate(current_user.name,
                                    form.password.data)
        if user and authenticated:
            confirm_login()
            current_app.logger.debug('reauth: %s' % session['_fresh'])
            flash(_('Reauthenticated.'), 'success')
            return redirect('/change_password')

        flash(_('Password is wrong.'), 'error')
    return render_template('frontend/reauth.html', form=form)
Пример #40
0
def sign_in():
    if current_user and current_user.is_authenticated:
        return redirect(url_for('main.choose_service'))

    form = LoginForm()
    if form.validate_on_submit():

        user = user_api_client.get_user_by_email_or_none(form.email_address.data)
        user = _get_and_verify_user(user, form.password.data)
        if user and user.state == 'pending':
            return redirect(url_for('main.resend_email_verification'))

        if user and session.get('invited_user'):
            invited_user = session.get('invited_user')
            if user.email_address != invited_user['email_address']:
                flash("You can't accept an invite for another person.")
                session.pop('invited_user', None)
                abort(403)
            else:
                invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
        if user:
            # Remember me login
            if not login_fresh() and \
               not current_user.is_anonymous and \
               current_user.id == user.id and \
               user.is_active:

                confirm_login()
                services = service_api_client.get_active_services({'user_id': str(user.id)}).get('data', [])
                if (len(services) == 1):
                    return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
                else:
                    return redirect(url_for('main.choose_service'))

            session['user_details'] = {"email": user.email_address, "id": user.id}
            if user.is_active:
                user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
                if request.args.get('next'):
                    return redirect(url_for('.two_factor', next=request.args.get('next')))
                else:
                    return redirect(url_for('.two_factor'))
        # Vague error message for login in case of user not known, locked, inactive or password not verified
        flash(Markup((
            "The email address or password you entered is incorrect."
            " <a href={password_reset}>Forgot your password</a>?"
            ).format(password_reset=url_for('.forgot_password'))
        ))

    return render_template('views/signin.html', form=form)
Пример #41
0
def reauth():
    """
    Reauthenticates a user
    """

    if not login_fresh():
        form = ReauthForm(request.form)
        if form.validate_on_submit():
            confirm_login()
            flash("Reauthenticated", "success")
            return redirect(request.args.get("next") or
                            url_for("user.profile"))
        return render_template("auth/reauth.html", form=form)
    return redirect(request.args.get("next") or
                    url_for("user.profile", username=current_user.username))
Пример #42
0
def refresh_user():
    auth_methods = {am.name: am for am in current_app.auth_methods}
    user_auth_method = auth_methods[flask_login.current_user.authmethod]
    if user_auth_method.refresh(flask_login.current_user):
        current_app.logger.debug("Marking '{}' as fresh".format(
            flask_login.current_user))
        flask_login.confirm_login()
        # Call the original endpoint
        view = current_app.view_functions[request.endpoint]
        return view(**request.view_args)
    else:
        flash(login_manager.needs_refresh_message,
                category=login_manager.needs_refresh_message_category)
        original_url = url_for(request.endpoint, **request.view_args)
        return redirect(url_for('login.login', next=original_url,
                _anchor=user_auth_method.safe_name))
Пример #43
0
def wallets():
    if current_app.config.get('DB_FALL', None):
        return redirect(url_for('emcweb.index'))

    status, _, error_str = get_block_status()
    if status != 2:
        return redirect(url_for('emcweb.index'))

    confirm_login()
    endpoint_list = get_tools_endpoint_list()
    return render_template(
        'wallets.html',
        google=os.path.exists(os.path.join(os.path.dirname(__file__),
                                           '..', '..', '..', 'static',
                                           'google_secrets.json')),
        endpoint_list=endpoint_list
    )
Пример #44
0
    def refresh_login(password: str) -> Optional['User']:
        """
            Try to refresh the current user's login.

            :param password: The user's (plaintext) password.
            :return: The user if the password is valid for the given user; `None` otherwise.
        """

        user_id = current_user.get_id()
        if user_id is None:
            return None

        user = User.load_from_id(user_id)
        if not user.check_password(password):
            return None

        confirm_login()
        return user
Пример #45
0
    def post(self):
        form = self.form()
        if form.validate_on_submit():

            reauth_manager = self.reauthentication_factory()
            try:
                reauth_manager.reauthenticate(
                    user=current_user, secret=form.password.data
                )
                confirm_login()
                flash(_("Reauthenticated."), "success")
                return redirect_or_next(current_user.url)
            except StopAuthentication as e:
                flash(e.reason, "danger")
            except Exception:
                flash(_("Unrecoverable error while handling reauthentication"))
                raise

        return render_template("auth/reauth.html", form=form)
Пример #46
0
 def dispatch_request(self, *args, **kwargs):
     confirm_login()
     return super(LoginResource, self).dispatch_request(*args, **kwargs)
Пример #47
0
def reauth():
	if request.method == "POST":
		confirm_login()
		return redirect(url_for("home"))
	return render_template("reauth.html")  
Пример #48
0
def confirm_login_lit_review_user():
    confirm_login()
    return 'Reauthenticated'
Пример #49
0
 def _confirm_login():
     confirm_login()
     return u''