def passive_login():
logger = logging.getLogger(__name__)
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(flask_login.current_user)
else:
user = flask_login.current_user
remote_address = get_remote_address(flask.request)
ip_check_enabled = settings().getBoolean(["server", "ipCheck", "enabled"])
ip_check_trusted = settings().get(["server", "ipCheck", "trustedSubnets"])
if user is not None and not user.is_anonymous() and user.is_active():
flask_principal.identity_changed.send(flask.current_app._get_current_object(),
identity=flask_principal.Identity(user.get_id()))
if hasattr(user, "session"):
flask.session["usersession.id"] = user.session
flask.g.user = user
logger.info("Passively logging in user {} from {}".format(user.get_id(), remote_address))
response = user.asDict()
response["_is_external_client"] = ip_check_enabled and not is_lan_address(remote_address,
additional_private=ip_check_trusted)
return flask.jsonify(response)
elif settings().getBoolean(["accessControl", "autologinLocal"]) \
and settings().get(["accessControl", "autologinAs"]) is not None \
and settings().get(["accessControl", "localNetworks"]) is not None \
and not "active_logout" in flask.request.cookies:
autologin_as = settings().get(["accessControl", "autologinAs"])
local_networks = _local_networks()
logger.debug("Checking if remote address {} is in localNetworks ({!r})".format(remote_address, local_networks))
try:
if netaddr.IPAddress(remote_address) in local_networks:
user = octoprint.server.userManager.findUser(autologin_as)
if user is not None and user.is_active():
user = octoprint.server.userManager.login_user(user)
flask.session["usersession.id"] = user.session
flask.g.user = user
flask_login.login_user(user)
flask_principal.identity_changed.send(flask.current_app._get_current_object(),
identity=flask_principal.Identity(user.get_id()))
logger.info("Passively logging in user {} from {} via autologin".format(user.get_id(),
remote_address))
response = user.asDict()
response["_is_external_client"] = ip_check_enabled and not is_lan_address(remote_address,
additional_private=ip_check_trusted)
return flask.jsonify(response)
except:
logger.exception("Could not autologin user {} for networks {}".format(autologin_as, local_networks))
return "", 204
def passive_login():
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(flask_login.current_user)
else:
user = flask_login.current_user
remoteAddr = get_remote_address(flask.request)
ipCheckEnabled = settings().getBoolean(["server", "ipCheck", "enabled"])
ipCheckTrusted = settings().get(["server", "ipCheck", "trustedSubnets"])
if user is not None and not user.is_anonymous() and user.is_active():
flask_principal.identity_changed.send(flask.current_app._get_current_object(),
identity=flask_principal.Identity(user.get_id()))
if hasattr(user, "session"):
flask.session["usersession.id"] = user.session
flask.g.user = user
logging.getLogger(__name__).info("Passively logging in user {} from {}".format(user.get_id(), remoteAddr))
response = user.asDict()
response["_is_external_client"] = ipCheckEnabled and not is_lan_address(remoteAddr,
additional_private=ipCheckTrusted)
return flask.jsonify(response)
elif settings().getBoolean(["accessControl", "autologinLocal"]) \
and settings().get(["accessControl", "autologinAs"]) is not None \
and settings().get(["accessControl", "localNetworks"]) is not None:
autologinAs = settings().get(["accessControl", "autologinAs"])
localNetworks = netaddr.IPSet([])
for ip in settings().get(["accessControl", "localNetworks"]):
localNetworks.add(ip)
try:
if netaddr.IPAddress(remoteAddr) in localNetworks:
user = octoprint.server.userManager.findUser(autologinAs)
if user is not None and user.is_active():
user = octoprint.server.userManager.login_user(user)
flask.session["usersession.id"] = user.session
flask.g.user = user
flask_login.login_user(user)
flask_principal.identity_changed.send(flask.current_app._get_current_object(),
identity=flask_principal.Identity(user.get_id()))
logging.getLogger(__name__).info("Passively logging in user {} from {} via autologin".format(user.get_id(),
remoteAddr))
response = user.asDict()
response["_is_external_client"] = ipCheckEnabled and not is_lan_address(remoteAddr,
additional_private=ipCheckTrusted)
return flask.jsonify(response)
except:
logger = logging.getLogger(__name__)
logger.exception("Could not autologin user %s for networks %r" % (autologinAs, localNetworks))
return "", 204
def login():
data = request.get_json()
if not data:
data = request.values
if octoprint.server.userManager.enabled and "user" in data and "pass" in data:
username = data["user"]
password = data["pass"]
if "remember" in data and data["remember"] in valid_boolean_trues:
remember = True
else:
remember = False
if "usersession.id" in session:
_logout(current_user)
user = octoprint.server.userManager.find_user(username)
if user is not None:
if octoprint.server.userManager.check_password(username, password):
if not user.is_active:
return make_response(
("Your account is deactivated", 403, []))
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(user)
session["usersession.id"] = user.session
g.user = user
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
remote_addr = get_remote_address(request)
logging.getLogger(__name__).info(
"Actively logging in user {} from {}".format(
user.get_id(), remote_addr))
response = user.as_dict()
response["_is_external_client"] = s().getBoolean(["server", "ipCheck", "enabled"]) \
and not util_net.is_lan_address(remote_addr,
additional_private=s().get(["server", "ipCheck", "trustedSubnets"]))
r = make_response(jsonify(response))
r.delete_cookie("active_logout")
eventManager().fire(Events.USER_LOGGED_IN,
payload=dict(username=user.get_id()))
return r
return make_response(("User unknown or password incorrect", 403, []))
elif "passive" in data:
return passive_login()
return make_response(
"Neither user and pass attributes nor passive flag present", 400)
def login():
data = request.values
if hasattr(request, "json") and request.json:
data = request.json
if octoprint.server.userManager.enabled and "user" in data and "pass" in data:
username = data["user"]
password = data["pass"]
if "remember" in data and data["remember"] in valid_boolean_trues:
remember = True
else:
remember = False
if "usersession.id" in session:
_logout(current_user)
user = octoprint.server.userManager.findUser(username)
if user is not None:
if octoprint.server.userManager.checkPassword(username, password):
if not user.is_active():
return make_response(
("Your account is deactivated", 403, []))
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(user)
session["usersession.id"] = user.session
g.user = user
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
remote_addr = get_remote_address(request)
logging.getLogger(__name__).info(
"Actively logging in user {} from {}".format(
user.get_id(), remote_addr))
response = user.asDict()
response["_is_external_client"] = s().getBoolean(["server", "ipCheck", "enabled"]) \
and not util_net.is_lan_address(remote_addr,
additional_private=s().get(["server", "ipCheck", "trustedSubnets"]))
return jsonify(response)
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in data:
return passive_login()
return NO_CONTENT
def login():
data = request.values
if hasattr(request, "json") and request.json:
data = request.json
if octoprint.server.userManager.enabled and "user" in data and "pass" in data:
username = data["user"]
password = data["pass"]
if "remember" in data and data["remember"] in valid_boolean_trues:
remember = True
else:
remember = False
if "usersession.id" in session:
_logout(current_user)
user = octoprint.server.userManager.findUser(username)
if user is not None:
if octoprint.server.userManager.checkPassword(username, password):
if not user.is_active():
return make_response(("Your account is deactivated", 403, []))
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(user)
session["usersession.id"] = user.session
g.user = user
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id()))
remote_addr = get_remote_address(request)
logging.getLogger(__name__).info("Actively logging in user {} from {}".format(user.get_id(), remote_addr))
response = user.asDict()
response["_is_external_client"] = s().getBoolean(["server", "ipCheck", "enabled"]) \
and not util_net.is_lan_address(remote_addr,
additional_private=s().get(["server", "ipCheck", "trustedSubnets"]))
return jsonify(response)
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in data:
return passive_login()
return NO_CONTENT
def passive_login():
logger = logging.getLogger(__name__)
user = flask_login.current_user
remote_address = get_remote_address(flask.request)
ip_check_enabled = settings().getBoolean(["server", "ipCheck", "enabled"])
ip_check_trusted = settings().get(["server", "ipCheck", "trustedSubnets"])
if isinstance(user, LocalProxy):
# noinspection PyProtectedMember
user = user._get_current_object()
def login(u):
# login known user
if not u.is_anonymous:
u = octoprint.server.userManager.login_user(u)
flask_login.login_user(u)
flask_principal.identity_changed.send(flask.current_app._get_current_object(),
identity=flask_principal.Identity(u.get_id()))
if hasattr(u, "session"):
flask.session["usersession.id"] = u.session
flask.g.user = u
return u
if user is not None and user.is_active:
# login known user
logger.info("Passively logging in user {} from {}".format(user.get_id(), remote_address))
user = login(user)
elif settings().getBoolean(["accessControl", "autologinLocal"]) \
and settings().get(["accessControl", "autologinAs"]) is not None \
and settings().get(["accessControl", "localNetworks"]) is not None:
autologin_as = settings().get(["accessControl", "autologinAs"])
local_networks = _local_networks()
try:
if netaddr.IPAddress(remote_address) in local_networks:
autologin_user = octoprint.server.userManager.findUser(autologin_as)
if autologin_user is not None and autologin_user.is_active:
autologin_user = octoprint.server.userManager.login_user(autologin_user)
logger.info("Passively logging in user {} from {} via autologin".format(user.get_id(), local_networks))
user = login(autologin_user)
if netaddr.IPAddress(remote_address) in local_networks:
user = octoprint.server.userManager.findUser(autologin_as)
if user is not None and user.is_active():
user = octoprint.server.userManager.login_user(user)
flask.session["usersession.id"] = user.session
flask.g.user = user
flask_login.login_user(user)
flask_principal.identity_changed.send(flask.current_app._get_current_object(),
identity=flask_principal.Identity(user.get_id()))
logger.info("Passively logging in user {} from {} via autologin".format(user.get_id(),
remote_address))
response = user.asDict()
response["_is_external_client"] = ip_check_enabled and not is_lan_address(remote_address,
additional_private=ip_check_trusted)
return flask.jsonify(response)
except Exception:
logger.exception("Could not autologin user {} for networks {}".format(autologin_as, local_networks))
response = user.as_dict()
response["_is_external_client"] = ip_check_enabled and not is_lan_address(remote_address,
additional_private=ip_check_trusted)
return flask.jsonify(response)
