def test_otp_enabled():
user_email = '*****@*****.**'
assert otp.is_enabled(user_email, current_app.config) is True
def test_otp_disabled_user_no_bypass():
user_email = '*****@*****.**'
assert otp.is_enabled(user_email, current_app.config) is False
def signin():
"""
Signin method for PYBOSSA users.
Returns a Jinja2 template with the result of signing process.
"""
form = LoginForm(request.body)
isLdap = current_app.config.get('LDAP_HOST', False)
if (request.method == 'POST' and form.validate()
and isLdap is False):
password = form.password.data
email_addr = form.email.data.lower()
user = user_repo.search_by_email(email_addr=email_addr)
if user and user.check_password(password):
# Check if the user can bypass two-factor authentication.
if otp.is_enabled(user.email_addr, current_app.config):
# Enforce two-factor authentication.
if not user.enabled:
return disable_redirect()
_email_two_factor_auth(user)
url_token = otp.generate_url_token(user.email_addr)
next_url = is_own_url_or_else(request.args.get('next'), url_for('home.home'))
return redirect_content_type(url_for('account.otpvalidation',
token=url_token,
next=next_url))
else:
# Bypass two-factor authentication.
msg_1 = gettext('Welcome back') + ' ' + user.fullname
flash(msg_1, 'success')
return _sign_in_user(user)
elif user:
msg, method = get_user_signup_method(user)
if method == 'local':
msg = gettext('Ooops, Incorrect email/password')
flash(msg, 'error')
else:
flash(msg, 'info')
else:
msg = gettext("Ooops, we didn't find you in the system, \
did you sign up?")
flash(msg, 'info')
if (request.method == 'POST' and form.validate()
and isLdap):
password = form.password.data
cn = form.email.data
ldap_user = None
if ldap.bind_user(cn, password):
ldap_user = ldap.get_object_details(cn)
key = current_app.config.get('LDAP_USER_FILTER_FIELD')
value = ldap_user[key][0]
user_db = user_repo.get_by(ldap=value)
if (user_db is None):
keyfields = current_app.config.get('LDAP_PYBOSSA_FIELDS')
user_data = dict(fullname=ldap_user[keyfields['fullname']][0],
name=ldap_user[keyfields['name']][0],
email_addr=ldap_user[keyfields['email_addr']][0],
valid_email=True,
ldap=value,
consent=True)
create_account(user_data, ldap_disabled=False)
else:
login_user(user_db, remember=True)
else:
msg = gettext("User LDAP credentials are wrong.")
flash(msg, 'info')
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False}
if current_user.is_anonymous:
# If Twitter is enabled in config, show the Twitter Sign in button
if (isLdap is False):
if ('twitter' in current_app.blueprints): # pragma: no cover
auth['twitter'] = True
if ('facebook' in current_app.blueprints): # pragma: no cover
auth['facebook'] = True
if ('google' in current_app.blueprints): # pragma: no cover
auth['google'] = True
next_url = is_own_url_or_else(request.args.get('next'), url_for('home.home'))
response = dict(template='account/signin.html',
title="Sign in",
form=form,
auth=auth,
next=next_url)
return handle_content_type(response)
else:
# User already signed in, so redirect to home page
return redirect_content_type(url_for("home.home"))