def webpush_save():
provider = Provider()
settings = provider.settings()
vapid_private = request.form['vapid_private'].strip()
vapid_public = request.form['vapid_public'].strip()
webpush_enabled = True if int(request.form.get('webpush_enabled',
0)) == 1 else False
if len(vapid_private) == 0:
flash('Please enter a VAPID Private Key', 'error')
return redirect(url_for('config.webpush'))
elif vapid_private == '********' and len(settings.get('vapid_private',
'')) == 0:
flash('Please enter a VAPID Private Key', 'error')
return redirect(url_for('config.webpush'))
elif len(vapid_public) == 0:
flash('Please enter a VAPID Public Key', 'error')
return redirect(url_for('config.webpush'))
if vapid_private != '********':
settings.save('vapid_private', vapid_private)
settings.save('vapid_public', vapid_public)
settings.save('webpush_enabled', webpush_enabled)
flash('Settings saved', 'success')
return redirect(url_for('config.webpush'))
def radius_save():
provider = Provider()
settings = provider.settings()
radius_enabled = True if int(request.form.get('radius_enabled',
0)) == 1 else False
radius_host = request.form['radius_host'].strip()
radius_port = request.form['radius_port'].strip()
radius_port = int(radius_port) if radius_port.isdigit else 0
radius_secret = request.form['radius_secret'].strip()
if len(radius_host) == 0:
flash('RADIUS Host cannot be empty', 'error')
return redirect(url_for('config.radius'))
elif radius_port <= 0:
flash('Invalid RADIUS port', 'error')
return redirect(url_for('config.radius'))
settings.save('radius_host', radius_host)
settings.save('radius_port', radius_port)
settings.save('radius_enabled', radius_enabled)
# If the password is not '********' then save it. This is because we show that value instead of the actual password.
if len(radius_secret) > 0 and radius_secret != '********':
settings.save('radius_secret', radius_secret)
flash('Settings saved', 'success')
return redirect(url_for('config.radius'))
def login_process():
if current_user.is_authenticated:
return redirect(url_for('home.index'))
provider = Provider()
ldap = provider.ldap()
users = provider.users()
settings = provider.settings()
username = request.form['username']
password = request.form['password']
next = urllib.parse.unquote_plus(request.form['next'].strip())
allow_logins = int(settings.get('allow_logins', 0))
# First check if user is local. Local users take priority.
user = UserModel.query.filter(
and_(
func.lower(UserModel.username) == func.lower(username),
UserModel.ldap == 0)).first()
if user:
if not users.validate_password(user.password, password):
flash('Invalid credentials', 'error')
return redirect(url_for('auth.login', next=next))
elif ldap.is_enabled() and allow_logins == 1:
if not ldap.authenticate(username, password, True):
flash('Invalid credentials', 'error')
return redirect(url_for('auth.login', next=next))
user = UserModel.query.filter(
and_(
func.lower(UserModel.username) == func.lower(username),
UserModel.ldap == 1)).first()
if not user:
flash(
'Could not create your local account. Please contact the administrator.',
'error')
return redirect(url_for('auth.login', next=next))
else:
flash('Invalid credentials', 'error')
return redirect(url_for('auth.login', next=next))
# If we reach this point it means that our user exists. Check if the user is active.
if user.active is False:
flash('Your account has been disabled by the Administrator.', 'error')
return redirect(url_for('auth.login', next=next))
user = users.login_session(user)
login_user(user)
users.record_login(user.id)
# On every login we get the hashcat version and the git hash version.
system = provider.system()
system.run_updates()
if next and url_parse(next).netloc == '':
return redirect(next)
return redirect(url_for('home.index'))
def slack_save():
provider = Provider()
settings = provider.settings()
slack_enabled = True if int(request.form.get('slack_enabled', 0)) == 1 else False
settings.save('slack_enabled', slack_enabled)
flash('Settings saved', 'success')
return redirect(url_for('config.slack'))
def settings_general_save():
provider = Provider()
settings = provider.settings()
filesystem = provider.filesystem()
if not current_user.admin:
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
wordlists_path = request.form['wordlists_path'].strip()
uploaded_hashes_path = request.form['uploaded_hashes_path'].strip()
theme = request.form['theme'].strip()
webpush_enabled = int(request.form.get('webpush_enabled', 0))
vapid_private = request.form['vapid_private'].strip()
vapid_public = request.form['vapid_public'].strip()
has_errors = False
if len(wordlists_path) == 0 or not os.path.isdir(wordlists_path):
has_errors = True
flash('Wordlist directory does not exist', 'error')
elif not os.access(wordlists_path, os.R_OK):
has_errors = True
flash('Wordlist directory is not readable', 'error')
if len(uploaded_hashes_path) > 0 and not os.path.isdir(
uploaded_hashes_path):
has_errors = True
flash('Uploaded Hashes directory does not exist', 'error')
elif len(uploaded_hashes_path) > 0 and not os.access(
uploaded_hashes_path, os.R_OK):
has_errors = True
flash('Uploaded Hashes directory is not readable', 'error')
themes = filesystem.get_files(
os.path.join(current_app.root_path, 'static', 'css', 'themes'))
if not (theme + '.css') in themes:
flash('Invalid theme', 'error')
return redirect(url_for('admin.settings_general'))
if has_errors:
return redirect(url_for('admin.settings_general'))
settings.save('wordlists_path', wordlists_path)
settings.save('uploaded_hashes_path', uploaded_hashes_path)
settings.save('theme', theme)
# Only update if it's not '********' because we don't show it in the UI.
if vapid_private != '********':
settings.save('vapid_private', vapid_private)
settings.save('vapid_public', vapid_public)
settings.save('webpush_enabled', webpush_enabled)
flash('Settings saved', 'success')
return redirect(url_for('admin.settings_general'))
def messages_save():
provider = Provider()
settings = provider.settings()
system_message_login = request.form['system_message_login'].strip()
system_message_login_show = int(request.form.get('system_message_login_show', 0))
settings.save('system_message_login', system_message_login)
settings.save('system_message_login_show', system_message_login_show)
flash('Settings saved', 'success')
return redirect(url_for('config.messages'))
def settings_hashcat_save():
if not current_user.admin:
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
provider = Provider()
settings = provider.settings()
hashcat_binary = request.form['hashcat_binary'].strip()
hashcat_rules_path = request.form['hashcat_rules_path'].strip()
hashcat_status_interval = request.form['hashcat_status_interval'].strip()
hashcat_force = int(request.form.get('hashcat_force', 0))
has_errors = False
if len(hashcat_binary) == 0 or not os.path.isfile(hashcat_binary):
has_errors = True
flash('Hashcat executable does not exist', 'error')
elif not os.access(hashcat_binary, os.X_OK):
has_errors = True
flash('Hashcat file is not executable', 'error')
if len(hashcat_rules_path) == 0 or not os.path.isdir(hashcat_rules_path):
has_errors = True
flash('Hashcat rules directory does not exist', 'error')
elif not os.access(hashcat_rules_path, os.R_OK):
has_errors = True
flash('Hashcat rules directory is not readable', 'error')
if len(hashcat_status_interval) == 0:
has_errors = True
flash('Hashcat Status Interval must be set', 'error')
hashcat_status_interval = int(hashcat_status_interval)
if hashcat_status_interval <= 0:
hashcat_status_interval = 10
if has_errors:
return redirect(url_for('admin.settings_hashcat'))
settings.save('hashcat_binary', hashcat_binary)
settings.save('hashcat_rules_path', hashcat_rules_path)
settings.save('hashcat_status_interval', hashcat_status_interval)
settings.save('hashcat_force', hashcat_force)
# When settings are saved, run system updates.
system = provider.system()
system.run_updates()
flash('Settings saved', 'success')
return redirect(url_for('admin.settings_hashcat'))
def webpush_save():
provider = Provider()
settings = provider.settings()
webpush_enabled = int(request.form.get('webpush_enabled', 0))
vapid_private = request.form['vapid_private'].strip()
vapid_public = request.form['vapid_public'].strip()
if vapid_private != '********':
settings.save('vapid_private', vapid_private)
settings.save('vapid_public', vapid_public)
settings.save('webpush_enabled', webpush_enabled)
flash('Settings saved', 'success')
return redirect(url_for('config.webpush'))
def general_save():
provider = Provider()
settings = provider.settings()
filesystem = provider.filesystem()
theme = request.form['theme'].strip()
themes = filesystem.get_files(
os.path.join(current_app.root_path, 'static', 'css', 'themes'))
if not (theme + '.css') in themes:
flash('Invalid theme', 'error')
return redirect(url_for('config.general'))
settings.save('theme', theme)
flash('Settings saved', 'success')
return redirect(url_for('config.general'))
def __run_db_update(self):
provider = Provider()
settings = provider.settings()
db_version = settings.get('db_version', '0.0.0')
installed_version = version.parse(db_version)
if installed_version >= version.parse(app_version.__version__):
print("No database updates required")
return True
if installed_version < version.parse('1.1.0'):
migration = v1_1_0.DBMigration(provider)
if migration.run():
settings.save('db_version', '1.1.0')
return True
def system_messages_save():
if not current_user.admin:
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
provider = Provider()
settings = provider.settings()
system_message_login = request.form['system_message_login'].strip()
system_message_login_show = int(
request.form.get('system_message_login_show', 0))
settings.save('system_message_login', system_message_login)
settings.save('system_message_login_show', system_message_login_show)
flash('Settings saved', 'success')
return redirect(url_for('admin.system_messages'))
def settings_auth_save_general():
if not current_user.admin:
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
provider = Provider()
settings = provider.settings()
allow_logins = request.form.get('allow_logins', 0)
settings.save('allow_logins', allow_logins)
# When settings are saved, run system updates.
system = provider.system()
system.run_updates()
flash('Settings saved', 'success')
return redirect(url_for('admin.settings_auth'))
def theme():
provider = Provider()
users = provider.users()
filesystem = provider.filesystem()
user_settings = provider.user_settings()
settings = provider.settings()
user = users.get_by_id(current_user.id)
themes = filesystem.get_files(
os.path.join(current_app.root_path, 'static', 'css', 'themes'))
theme = user_settings.get(current_user.id, 'theme',
settings.get('theme', 'lumen'))
return render_template('config/account/theme.html',
user=user,
themes=themes,
selected_theme=theme)
def password_complexity_save():
pwd_min_length = int(request.form['pwd_min_length'].strip())
pwd_min_lower = int(request.form['pwd_min_lower'].strip())
pwd_min_upper = int(request.form['pwd_min_upper'].strip())
pwd_min_digits = int(request.form['pwd_min_digits'].strip())
pwd_min_special = int(request.form['pwd_min_special'].strip())
provider = Provider()
settings = provider.settings()
settings.save('pwd_min_length', pwd_min_length)
settings.save('pwd_min_lower', pwd_min_lower)
settings.save('pwd_min_upper', pwd_min_upper)
settings.save('pwd_min_digits', pwd_min_digits)
settings.save('pwd_min_special', pwd_min_special)
flash('Settings saved', 'success')
return redirect(url_for('config.password_complexity'))
def smtp_save():
provider = Provider()
settings = provider.settings()
smtp_enabled = True if int(request.form.get('smtp_enabled',
0)) == 1 else False
smtp_host = request.form['smtp_host'].strip()
smtp_port = int(request.form['smtp_port'].strip())
smtp_tls = True if int(request.form.get('smtp_tls', 0)) == 1 else False
smtp_user = request.form['smtp_user'].strip()
smtp_pass = request.form['smtp_pass'].strip()
smtp_sender = request.form['smtp_sender'].strip()
if len(smtp_host) == 0:
flash('Please enter SMTP Host', 'error')
return redirect(url_for('config.smtp'))
elif smtp_port <= 0 or smtp_port > 65535:
flash('Please enter SMTP Port', 'error')
return redirect(url_for('config.smtp'))
elif len(smtp_user) == 0:
flash('Please enter SMTP User', 'error')
return redirect(url_for('config.smtp'))
elif len(smtp_pass) == 0:
flash('Please enter SMTP Pass', 'error')
return redirect(url_for('config.smtp'))
elif smtp_pass == '********' and len(settings.get('smtp_pass', '')) == 0:
flash('Please enter SMTP Pass', 'error')
return redirect(url_for('config.smtp'))
elif len(smtp_sender) == 0:
flash('Please enter SMTP Sender E-mail', 'error')
return redirect(url_for('config.smtp'))
settings.save('smtp_enabled', smtp_enabled)
settings.save('smtp_host', smtp_host)
settings.save('smtp_port', smtp_port)
settings.save('smtp_tls', smtp_tls)
settings.save('smtp_user', smtp_user)
settings.save('smtp_sender', smtp_sender)
if smtp_pass != '********':
settings.save('smtp_pass', smtp_pass)
flash('Settings saved', 'success')
return redirect(url_for('config.smtp'))
def theme(user_id):
if current_user.id != user_id:
flash('Access denied', 'error')
return redirect(url_for('home.index'))
provider = Provider()
users = provider.users()
filesystem = provider.filesystem()
user_settings = provider.user_settings()
settings = provider.settings()
user = users.get_by_id(current_user.id)
themes = filesystem.get_files(
os.path.join(current_app.root_path, 'static', 'css', 'themes'))
theme = user_settings.get(user_id, 'theme', settings.get('theme', 'lumen'))
return render_template('account/theme.html',
user=user,
themes=themes,
selected_theme=theme)
def settings_auth_save_complexity():
if not current_user.admin:
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
pwd_min_length = int(request.form['pwd_min_length'].strip())
pwd_min_lower = int(request.form['pwd_min_lower'].strip())
pwd_min_upper = int(request.form['pwd_min_upper'].strip())
pwd_min_digits = int(request.form['pwd_min_digits'].strip())
pwd_min_special = int(request.form['pwd_min_special'].strip())
provider = Provider()
settings = provider.settings()
settings.save('pwd_min_length', pwd_min_length)
settings.save('pwd_min_lower', pwd_min_lower)
settings.save('pwd_min_upper', pwd_min_upper)
settings.save('pwd_min_digits', pwd_min_digits)
settings.save('pwd_min_special', pwd_min_special)
flash('Settings saved', 'success')
return redirect(url_for('admin.settings_auth'))
def system_daemon():
provider = Provider()
daemon = provider.daemon()
settings = provider.settings()
# First check to see is everyoneis allowed to start the daemon.
dns_daemon_start_everyone = settings.get('dns_daemon_start_everyone', False, type=bool)
if not dns_daemon_start_everyone:
# If it's not an admin, return to homepage.
if not current_user.admin:
flash('Access Denied', 'error')
return redirect(url_for('home.index'))
action = request.form['action'].strip()
if not daemon.is_configured():
flash('DNS Daemon is not configured', 'error')
return redirect(url_for('config.system'))
elif action not in ['start', 'stop']:
flash('Invalid action', 'error')
return redirect(url_for('config.system'))
if action == 'start':
if daemon.start():
flash('DNS Daemon Started', 'success')
else:
flash('Could not start DNS Daemon', 'error')
elif action == 'stop' and current_user.admin:
# Only admins can stop the service.
if daemon.stop():
flash('DNS Daemon Stopped', 'success')
else:
flash('Could not stop DNS Daemon', 'error')
redirect_to = 'config.system' if current_user.admin else 'home.index'
return redirect(url_for(redirect_to))
def hashcat_save():
provider = Provider()
settings = provider.settings()
hashcat_binary = request.form['hashcat_binary'].strip()
hashcat_rules_path = request.form['hashcat_rules_path'].strip()
hashcat_masks_path = request.form['hashcat_masks_path'].strip()
hashcat_status_interval = request.form['hashcat_status_interval'].strip()
hashcat_force = int(request.form.get('hashcat_force', 0))
wordlists_path = request.form['wordlists_path'].strip()
uploaded_hashes_path = request.form['uploaded_hashes_path'].strip()
has_errors = False
# Validate wordlist
if len(wordlists_path) == 0 or not os.path.isdir(wordlists_path):
has_errors = True
flash('Wordlist directory does not exist', 'error')
elif not os.access(wordlists_path, os.R_OK):
has_errors = True
flash('Wordlist directory is not readable', 'error')
# Validate uploaded hash path
if len(uploaded_hashes_path) > 0 and not os.path.isdir(
uploaded_hashes_path):
has_errors = True
flash('Uploaded Hashes directory does not exist', 'error')
elif len(uploaded_hashes_path) > 0 and not os.access(
uploaded_hashes_path, os.R_OK):
has_errors = True
flash('Uploaded Hashes directory is not readable', 'error')
# Validate executable
if len(hashcat_binary) == 0 or not os.path.isfile(hashcat_binary):
has_errors = True
flash('Hashcat executable does not exist', 'error')
elif not os.access(hashcat_binary, os.X_OK):
has_errors = True
flash('Hashcat file is not executable', 'error')
# Validate rules
if len(hashcat_rules_path) == 0 or not os.path.isdir(hashcat_rules_path):
has_errors = True
flash('Hashcat rules directory does not exist', 'error')
elif not os.access(hashcat_rules_path, os.R_OK):
has_errors = True
flash('Hashcat rules directory is not readable', 'error')
# Validate masks
if len(hashcat_masks_path) == 0 or not os.path.isdir(hashcat_masks_path):
has_errors = True
flash('Hashcat masks directory does not exist', 'error')
elif not os.access(hashcat_masks_path, os.R_OK):
has_errors = True
flash('Hashcat masks directory is not readable', 'error')
# Validate interval
if len(hashcat_status_interval) == 0:
has_errors = True
flash('Hashcat Status Interval must be set', 'error')
if has_errors:
return redirect(url_for('config.hashcat'))
hashcat_status_interval = int(hashcat_status_interval)
if hashcat_status_interval <= 0:
hashcat_status_interval = 10
settings.save('hashcat_binary', hashcat_binary)
settings.save('hashcat_rules_path', hashcat_rules_path)
settings.save('hashcat_masks_path', hashcat_masks_path)
settings.save('hashcat_status_interval', hashcat_status_interval)
settings.save('hashcat_force', hashcat_force)
settings.save('wordlists_path', wordlists_path)
settings.save('uploaded_hashes_path', uploaded_hashes_path)
flash('Settings saved', 'success')
return redirect(url_for('config.hashcat'))
def ldap_save():
provider = Provider()
settings = provider.settings()
ldap_enabled = int(request.form.get('ldap_enabled', 0))
ldap_ssl = int(request.form.get('ldap_ssl', 0))
ldap_bind_pass = request.form['ldap_bind_pass'].strip()
# Put the rest of the ldap options in a dict to make it easier to validate and save.
ldap_settings = {
'ldap_auth_type': {
'value': request.form['ldap_auth_type'].strip(),
'error': 'Please select authentication type'
},
'ldap_host': {
'value': request.form['ldap_host'].strip(),
'error': 'LDAP Host cannot be empty'
},
'ldap_base_dn': {
'value': request.form['ldap_base_dn'].strip(),
'error': 'LDAP Base cannot be empty'
},
'ldap_domain': {
'value': request.form['ldap_domain'].strip(),
'error': 'LDAP Domain cannot be empty'
},
'ldap_bind_user': {
'value': request.form['ldap_bind_user'].strip(),
'error': 'LDAP Bind User cannot be empty'
},
'ldap_mapping_username': {
'value': request.form['ldap_mapping_username'].strip(),
'error': 'LDAP Mapping Username cannot be empty'
},
'ldap_mapping_fullname': {
'value': request.form['ldap_mapping_fullname'].strip(),
'error': 'LDAP Mapping Full Name cannot be empty'
}
}
has_errors = False
if ldap_enabled == 1:
# If it's disabled it doesn't make sense to validate any settings.
for key, data in ldap_settings.items():
if len(data['value']) == 0:
has_errors = True
flash(data['error'], 'error')
if has_errors:
return redirect(url_for('config.ldap'))
settings.save('ldap_mapping_email',
request.form['ldap_mapping_email'].strip())
settings.save('ldap_enabled', ldap_enabled)
settings.save('ldap_ssl', ldap_ssl)
for key, data in ldap_settings.items():
settings.save(key, data['value'])
# If the password is not '********' then save it. This is because we show that value instead of the actual password.
if len(ldap_bind_pass) > 0 and ldap_bind_pass != '********':
settings.save('ldap_bind_pass', ldap_bind_pass)
# When settings are saved, run system updates.
system = provider.system()
system.run_updates()
flash('Settings saved', 'success')
return redirect(url_for('config.ldap'))
def setting_get(name, default=None):
provider = Provider()
return provider.settings().get(name, default)
def dns_save():
provider = Provider()
settings = provider.settings()
dns = provider.dns_manager()
# DNS Base Domain
dns_base_domain = request.form['dns_base_domain'].strip()
# DNS Daemon
dns_daemon_bind_ip = request.form['dns_daemon_bind_ip'].strip()
dns_daemon_bind_port = request.form['dns_daemon_bind_port'].strip()
dns_daemon_bind_port = int(
dns_daemon_bind_port) if dns_daemon_bind_port.isdigit() else 0
dns_daemon_start_everyone = True if int(
request.form.get('dns_daemon_start_everyone', 0)) == 1 else False
# DNS Forwarding
forward_dns_address = request.form['forward_dns_address'].strip()
forward_dns_enabled = True if int(
request.form.get('forward_dns_enabled', 0)) == 1 else False
# DNS CSV Logging
csv_logging_file = request.form['csv_logging_file'].strip()
csv_logging_enabled = True if int(
request.form.get('csv_logging_enabled', 0)) == 1 else False
# DNS Daemon Validation
if not dns.is_valid_ip_address(dns_daemon_bind_ip):
flash('Invalid IP Address', 'error')
return redirect(url_for('config.dns'))
elif dns_daemon_bind_port <= 0 or dns_daemon_bind_port > 65535:
flash('Invalid Port', 'error')
return redirect(url_for('config.dns'))
elif dns_daemon_bind_port < 1024:
flash(
'Please enter a port between 1024 and 65535. Port numbers below 1024 require root access.',
'error')
return redirect(url_for('config.dns'))
# DNS Forwarding Validation
forwarders = []
for item in forward_dns_address.split(','):
item = item.strip()
if len(item) > 0:
if dns.is_valid_ip_address(item):
forwarders.append(item)
# DNS CSV Logging Validation
if csv_logging_enabled:
if len(csv_logging_file) == 0:
flash('Please enter a CSV output location', 'error')
return redirect(url_for('config.dns'))
elif not dns.is_file_writable(csv_logging_file):
flash('CSV output location is not writable', 'error')
return redirect(url_for('config.dns'))
# Save Base Domain
settings.save('dns_base_domain', dns_base_domain)
# Save Daemon
settings.save('dns_daemon_bind_ip', dns_daemon_bind_ip)
settings.save('dns_daemon_bind_port', dns_daemon_bind_port)
settings.save('dns_daemon_start_everyone', dns_daemon_start_everyone)
# Save Forwarding
settings.save('forward_dns_address', forwarders)
settings.save('forward_dns_enabled', forward_dns_enabled)
# Save Logging
settings.save('csv_logging_file', csv_logging_file)
settings.save('csv_logging_enabled', csv_logging_enabled)
flash('Settings saved - Please restart the DNS Daemon.', 'success')
return redirect(url_for('config.dns'))
def login_process():
if current_user.is_authenticated:
return redirect(url_for('home.index'))
provider = Provider()
ldap = provider.ldap()
users = provider.users()
settings = provider.settings()
username = request.form['username']
password = request.form['password']
next = urllib.parse.unquote_plus(request.form['next'].strip())
# First check if user is local. Local users take priority.
user = UserModel.query.filter(and_(func.lower(UserModel.username) == func.lower(username), UserModel.ldap == 0)).first()
if user:
if not users.validate_password(user.password, password):
flash('Invalid credentials', 'error')
return redirect(url_for('auth.login', next=next))
elif ldap.is_enabled():
ldap_result = ldap.authenticate(username, password)
if ldap_result is False:
if len(ldap.error_message) > 0:
flash(ldap.error_message, 'error')
else:
flash('Invalid credentials', 'error')
return redirect(url_for('auth.login', next=next))
elif ldap_result['result'] == ldap.AUTH_SUCCESS:
ldap_user = ldap_result['user']
elif ldap_result['result'] == ldap.AUTH_CHANGE_PASSWORD:
session['ldap_username'] = username
session['ldap_time'] = int(time.time())
flash('Your LDAP password has expired or needs changing', 'error')
return redirect(url_for('auth.ldap_changepwd', next=next))
elif ldap_result['result'] == ldap.AUTH_LOCKED:
flash('Your AD account is disabled', 'error')
return redirect(url_for('auth.login', next=next))
else:
if len(ldap.error_message) > 0:
flash(ldap.error_message, 'error')
else:
flash('Invalid credentials', 'error')
return redirect(url_for('auth.login', next=next))
user = users.get_ldap_user(ldap_user['username'])
if not user:
# Create
user = users.create_ldap_user(ldap_user['username'], ldap_user['fullname'], ldap_user['email'])
if not user:
flash('Could not create LDAP user', 'error')
return redirect(url_for('auth.login', next=next))
else:
flash('Invalid credentials', 'error')
return redirect(url_for('auth.login', next=next))
# If we reach this point it means that our user exists. Check if the user is active.
if user.active is False:
flash('Your account has been disabled by the Administrator.', 'error')
return redirect(url_for('auth.login', next=next))
user = users.login_session(user)
login_user(user)
users.record_login(user.id)
# On every login we get the hashcat version and the git hash version.
system = provider.system()
system.run_updates()
if next and url_parse(next).netloc == '':
return redirect(next)
return redirect(url_for('home.index'))
