def login():
form = LoginForm(request.form)
error = None
if request.method == 'POST':
if form.validate_on_submit():
# user = User.query.filter_by(username=request.form['username']).first()
input_username = request.form['username'][:128]
password = request.form['password'][:256]
# if user is not None and bcrypt.check_password_hash(user.password, request.form['password']):
username = input_username.split('@')[0]
# making some orderings so as to accept both DOMAIN\USER, USER at login
ad_domain = os.environ['USERDNSDOMAIN'].lower().split(".")[0]
username = username.split("\\")[-1]
ldap_username = ad_domain + "\\" + username
# ldap login
try:
ldap_login_user = User.ldap_login(ldap_username, password)
if ldap_login_user:
log_msg = "Authentication Success against LDAP: {}".format(
ldap_username)
send_wr_log(log_msg)
# verify if the user exists in DB and besides if DB is working!!
try:
user = User.query.filter_by(username=username).first()
except (ProgrammingError, OperationalError) as e:
error = str(e)
log_msg = "Database error on login: {}".format(error)
send_wr_log(log_msg)
return render_template('login.html',
form=form,
error=error)
if not user:
email_suffix = ad_domain + ".com"
email = username + "@" + email_suffix
try:
name, surname = username.split('.')
except ValueError:
name = username
surname = 'service_user'
password = '******'
users_exist = User.query.all()
# first user who logs in is going to be admin
if users_exist:
user = User(username, password, email, name,
surname)
else:
user = User(username,
password,
email,
name,
surname,
admin=True,
operator=True)
db.session.add(user)
db.session.commit()
if not user.alt_id:
user.alt_id = get_random_alt_id()
db.session.add(user)
db.session.commit()
login_user(user,
remember=False) # (flask_login) session created
log_msg = "User logged in: {}".format(
current_user.username)
send_wr_log(log_msg)
if current_user.operator:
return redirect(url_for('operator.new_network'))
elif current_user.admin:
return redirect(url_for('admin.admin_users'))
else:
return render_template('403.html', title='403'), 403
except INVALID_CREDENTIALS:
error = 'Invalid Credentials. Please try again.'
log_msg = "Authentication Failure: {}: {}".format(
ldap_username, error)
send_wr_log(log_msg)
except SERVER_DOWN:
error = 'Authentication Server Unreachable'
send_wr_log("Login attempt: {}".format(error))
return render_template('login.html',
form=form,
error=error,
current_user=False)
