def login(): form = LoginForm(request.form) error = None if request.method == 'POST': if form.validate_on_submit(): # user = User.query.filter_by(username=request.form['username']).first() input_username = request.form['username'][:128] password = request.form['password'][:256] # if user is not None and bcrypt.check_password_hash(user.password, request.form['password']): username = input_username.split('@')[0] # making some orderings so as to accept both DOMAIN\USER, USER at login ad_domain = os.environ['USERDNSDOMAIN'].lower().split(".")[0] username = username.split("\\")[-1] ldap_username = ad_domain + "\\" + username # ldap login try: ldap_login_user = User.ldap_login(ldap_username, password) if ldap_login_user: log_msg = "Authentication Success against LDAP: {}".format( ldap_username) send_wr_log(log_msg) # verify if the user exists in DB and besides if DB is working!! try: user = User.query.filter_by(username=username).first() except (ProgrammingError, OperationalError) as e: error = str(e) log_msg = "Database error on login: {}".format(error) send_wr_log(log_msg) return render_template('login.html', form=form, error=error) if not user: email_suffix = ad_domain + ".com" email = username + "@" + email_suffix try: name, surname = username.split('.') except ValueError: name = username surname = 'service_user' password = '******' users_exist = User.query.all() # first user who logs in is going to be admin if users_exist: user = User(username, password, email, name, surname) else: user = User(username, password, email, name, surname, admin=True, operator=True) db.session.add(user) db.session.commit() if not user.alt_id: user.alt_id = get_random_alt_id() db.session.add(user) db.session.commit() login_user(user, remember=False) # (flask_login) session created log_msg = "User logged in: {}".format( current_user.username) send_wr_log(log_msg) if current_user.operator: return redirect(url_for('operator.new_network')) elif current_user.admin: return redirect(url_for('admin.admin_users')) else: return render_template('403.html', title='403'), 403 except INVALID_CREDENTIALS: error = 'Invalid Credentials. Please try again.' log_msg = "Authentication Failure: {}: {}".format( ldap_username, error) send_wr_log(log_msg) except SERVER_DOWN: error = 'Authentication Server Unreachable' send_wr_log("Login attempt: {}".format(error)) return render_template('login.html', form=form, error=error, current_user=False)