def needs_login(current_user, **kwargs): if not current_user.is_authenticated: nex = kwargs.get( 'next', request.values.get( 'next', url_for('quokka.modules.accounts.profile_edit'))) return redirect(url_for_security('login', next=nex))
def send_migration_instructions(email): ''' Send migration instructions to the user with the given email. ''' user = get_user_with_email(email) token = generate_reset_password_token(user) path = url_for_security('reset_password', token=token) reset_link = '%s%s' % (get_origin(), path) context = dict( user=user, reset_link=reset_link ) subject = render_template('noi1/migration_email_subject.txt', **context) msg = Message( subject.strip(), sender=current_app.config['SECURITY_EMAIL_SENDER'], recipients=[user.email] ) msg.body = render_template('noi1/migration_email.txt', **context) mail = current_app.extensions.get('mail') mail.send(msg) if user.noi1_migration_info: user.noi1_migration_info.email_sent_at = datetime.datetime.now() db.session.add(user) db.session.commit()
def user_postprocessor_post(result=None, **kw): """Create an User specific POST postprocessor. Accepts a single argument, `result`, which is the dictionary representation of the created instance of the model. """ logger.info('`user_postprocessor_post` used for endpoint') authorization = verify_authorization() role = verify_roles(authorization, ['admin']) """ HACK: We really shouldn't be doing this, however, it's quicker and more straight forward than converting the <dict> to enable dot sytnax that is compatible with Flask-Security """ user = db.session.query(Model).get(result['id']) """ Sends the reset password instructions email for the specified user. :param user: The user to send the instructions to """ token = generate_reset_password_token(user) reset_link = url_for_security('reset_password', token=token, _external=True) send_mail('An administrator has created an account for you', user.email, 'staff', user=user, confirmation_link=reset_link)
def send_migration_instructions(email): ''' Send migration instructions to the user with the given email. ''' user = get_user_with_email(email) token = generate_reset_password_token(user) path = url_for_security('reset_password', token=token) reset_link = '%s%s' % (get_origin(), path) context = dict(user=user, reset_link=reset_link) subject = render_template('noi1/migration_email_subject.txt', **context) msg = Message(subject.strip(), sender=current_app.config['SECURITY_EMAIL_SENDER'], recipients=[user.email]) msg.body = render_template('noi1/migration_email.txt', **context) mail = current_app.extensions.get('mail') mail.send(msg) if user.noi1_migration_info: user.noi1_migration_info.email_sent_at = datetime.datetime.now() db.session.add(user) db.session.commit()
def inaccessible_callback(self, name, **kwargs): """Redirect users when a view is not accessible.""" if current_user.is_authenticated: # permission denied abort(403) else: # login return redirect(url_for_security('login', next=request.url))
def needs_login(**kwargs): if not current_user.is_authenticated: nex = kwargs.get( 'next', request.values.get( 'next', url_for('quokka.modules.accounts.profile_edit') ) ) return redirect(url_for_security('login', next=nex))
def handle_authorize(remote, token, user_info): if user_info and 'email' in user_info: user = models.User.query.filter_by( email=user_info['email']).first() if user: login_user(user) userdatastore.commit() return redirect(app.config.get('SECURITY_POST_LOGIN_VIEW')) return redirect(url_for_security('login'))
def authorize(): token = oauth.gitlab.authorize_access_token() try: identity = gitlab_token_identity(token) login_user(identity.user, remember=False) return redirect(url_for("root.default")) except OAuthError as e: do_flash(str(e)) return redirect(url_for_security("login"))
def index(): if current_user and current_user.is_active() and current_user.active_member: # is an aproved member user = DB.User.query.get(current_user.id) return render_template('my_account/overview.html', user=user) elif current_user and current_user.is_active(): # is logged in but not aproved yet return render_template('my_account/waiting_aproval.html') else: # is not logged in return redirect(url_for_security('login'))
def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) if not self.next.data: self.next.data = request.args.get("next", "") self.remember.default = config_value("DEFAULT_REMEMBER_ME") if (current_app.extensions["security"].recoverable and not self.password.description): html = Markup('<a href="{url}">{message}</a>'.format( url=url_for_security("forgot_password"), message=get_message("FORGOT_PASSWORD")[0], )) self.password.description = html self.requires_confirmation = False
def oauth_login(name): """ Entry point for OAuth logins """ try: if name not in OAUTH_APPS: raise OAuthRegError("%s auth not available" % name.title()) else: configured, _, login = check_oauth_enabled(name) if not (configured and login): raise OAuthRegError("%s login not enabled" % name.title()) return oauth_response(OAUTH_APPS[name]) except OAuthRegError as ex: flash(ex.reason, 'danger') return oauth_redir(url_for_security('login'))
def setup_admin(): if models.User.objects.count() > 0: flash('Admin is already created.', 'warning') return redirect(url_for_security('login')) form_data = request.form form = AdminRegisterForm(form_data) if form.validate_on_submit(): user = register_admin(**form.to_dict()) form.user = user after_this_request(_commit) login_user(user) redirect_url = get_post_register_redirect() return redirect(redirect_url) return _security.render_template('security/setup_admin.html', setup_admin_form=form)
def check_session(): if session.get('ip') != request.remote_addr: session.clear() session['ip'] = request.remote_addr flash('Session expired, please login.') return redirect(url_for_security('login'))
def _handle_view(self, *args, **kwargs): if not current_user.is_authenticated: return redirect(url_for_security('login', next="/admin")) if not self.is_accessible(): return self.render("admin/denied.html")
def inaccessible_callback(self, name, **kwargs): return redirect(url_for_security('login', next=request.url))
def logout(client): client.get(url_for_security('logout'))
def _url_for_security(endpoint, **values): return (url_for_security(endpoint, **values).replace('https://pygame.org', 'https://www.pygame.org'))