示例#1
0
def login():
    form = LoginForm(request.form)
    if request.method == 'POST' and form.validate():
        username_email = form.username_email.data
        password = form.password.data

        if is_email(username_email):
            user = User.query.filter_by(email=username_email).first()
        else:
            user = User.query.filter_by(username=username_email).first()

        if user is not None and user.verify_password(password) and user.active:
            # log user in
            login_user(user)

            next_url = request.args.get('next')

            # is_safe_url should check if the url is safe for redirects
            if not is_safe_url(next_url):
                return abort(400)

            return redirect(next_url or url_for('admin.dashboard'))
        else:
            # when login details are incorrect
            flash('Please check your credentials', 'danger')
    data = {
        'title': 'Login',
        'form': form,
    }
    return render_template('auth/login.html', **data)
示例#2
0
def user(id=None):
    if id is None:
        return abort(404)
    if not current_user.is_admin:
        return abort(403)

    user = User.query.get(id)
    if user is None:
        return abort(404)

    next = request.args.get("next")
    if not is_safe_url(next):
        return abort(400)
    else:
        next = next or url_for("core.users")

    form = UserForm(obj=user)

    if form.validate_on_submit():
        form.populate_obj(user)
        db.session.commit()
        return redirect(next)

    current_app.logger.error(form.errors.values())

    return render_template("core/user_edit.html",
                           title="User - Admin",
                           form=form,
                           next=next,
                           user=user)
示例#3
0
def edit_talk(id=None):
    talk = Talk() if id is None else Talk.query.get(id)

    if id is not None and talk is None:
        return abort(404)
    if not current_user.is_admin and (
            id is not None and not talk.can_edit(current_user)
            or len(current_user.edited_collections) == 0):
        return abort(403)
    if request.args.get("copy", False):
        talk = copy_row(talk, ["id"])

    next = request.args.get("next")
    if not is_safe_url(next):
        return abort(400)
    else:
        next = next or url_for("core.talks")

    is_new = talk.id is None
    form = TalkForm(obj=talk)

    if form.validate_on_submit():
        form.populate_obj(talk)
        HistoryItem.build_for(talk)
        if is_new:
            db.session.add(talk)
        db.session.commit()
        return redirect(next)

    return render_template("core/talk_edit.html",
                           title="Talk",
                           form=form,
                           new=is_new,
                           next=next,
                           talk=talk)
示例#4
0
def handle_login(form):
	def show_safe_err(err):
		if "@" in username:
			flash("Incorrect email or password", "danger")
		else:
			flash(err, "danger")


	username = form.username.data.strip()
	user = User.query.filter(or_(User.username == username, User.email == username)).first()
	if user is None:
		return show_safe_err("User {} does not exist".format(username))

	if not check_password_hash(user.password, form.password.data):
		return show_safe_err("Incorrect password. Did you set one?")

	if not user.is_active:
		flash("You need to confirm the registration email", "danger")
		return

	addAuditLog(AuditSeverity.USER, user, "Logged in using password",
			url_for("users.profile", username=user.username))
	db.session.commit()

	login_user(user, remember=form.remember_me.data)
	flash("Logged in successfully.", "success")

	next = request.args.get("next")
	if next and not is_safe_url(next):
		abort(400)

	return redirect(next or url_for("homepage.home"))
示例#5
0
def user_signin():
    if current_user.is_authenticated:
        return redirect(url_for('user_show'))
    form = LoginForm()
    if not form.validate_on_submit():
        return render_template('signin.html',
                               form=form,
                               active_page='user_signin',
                               testing=app.testing)
    else:
        username = form.username.data
        password = form.password.data
        user = User.validate(username, password)
        if user is None:
            crx_flash('BAD_USERNAME_OR_PWD')
            return render_template('signin.html',
                                   form=form,
                                   active_page='user_signin',
                                   testing=app.testing)
        else:
            login_user(user, remember=False)
            crx_flash('WELCOME_BACK', user.username)
            next = request.args.get('next')
            if next is not None and utils.is_safe_url(request, next):
                return redirect(next)
            else:
                return redirect(url_for('user_show'))
示例#6
0
def subscription(id):
    subscription = Subscription.query.filter(Subscription.user == current_user,
                                             Subscription.collection_id == id)
    if not subscription:
        return abort(404)
    else:
        subscription = subscription[0]

    next = request.args.get("next")
    if not is_safe_url(next):
        return abort(400)
    else:
        next = next or url_for("auth.profile")

    form = SubscriptionForm(obj=subscription)
    if form.validate_on_submit():
        form.populate_obj(subscription)
        db.session.commit()
        return redirect(next)
    return render_template(
        "auth/subscription.html",
        title=_l("Subscription to %(collection)s",
                 collection=subscription.collection.title),
        subscription=subscription,
        form=form,
        next=next,
    )
示例#7
0
def subscribe(id):
    collection = Collection.query.get(id)
    if collection is None:
        return abort(404)

    db.session.add(Subscription(user=current_user, collection=collection))
    db.session.commit()

    next = request.args.get("next")
    return (abort(400) if not is_safe_url(next) else redirect(
        next or url_for("auth.subscription", id=id)))
示例#8
0
def post_login(user: User, next_url):
	if next_url and is_safe_url(next_url):
		return redirect(next_url)

	if not current_user.password:
		return redirect(url_for("users.set_password", optional=True))

	notif_count = len(user.notifications)
	if notif_count > 0:
		if notif_count >= 10:
			flash("You have a lot of notifications, you should either read or clear them", "info")
		return redirect(url_for("notifications.list_all"))

	return redirect(url_for("homepage.home"))
示例#9
0
def login():
    if current_user.is_authenticated:
        next = request.args.get("next")
        if next and not is_safe_url(next):
            abort(400)

        return redirect(next or url_for("homepage.home"))

    form = LoginForm(request.form)
    if form.validate_on_submit():
        ret = handle_login(form)
        if ret:
            return ret

    return render_template("users/login.html", form=form)
示例#10
0
def login():
    form = Authorization()
    if form.validate_on_submit():
        user = db.session.query(Owner).filter(
            Owner.login == form.login.data).first()
        if user and user.check_password_hash(form.password.data):
            next = request.args.get('next')
            if not is_safe_url(next):
                return abort(400)
            if user.role == 0:
                login_user(user, remember=False)
                return redirect(url_for('main.cabinet', id=user.id))
            elif user.role == 1:
                login_user(user, remember=False)
                return redirect(next or url_for('admin_panel.admin_main'))
    return render_template('auth/login.html', form=form)
示例#11
0
def login_process():
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter(User.name == form.name.data).first()
        if user is None:
            flash('User not found.')
            return redirect(url_for('login'))
        if user.password != form.password.data:
            flash('Password is wrong.')
            return redirect(url_for('login'))
        login_user(user)
        next = request.args.get('next')
        if not is_safe_url(next):
            return abort(400)
        return redirect(next or url_for('index'))
    return render_template('login.html', form=form)
示例#12
0
def edit_collection(id=None):
    collection = Collection() if id is None else Collection.query.get(id)
    can_create = current_user.is_organizer or current_user.is_admin

    if collection is None and id is not None:
        return abort(404)
    if (id is not None and not collection.can_edit(current_user)
            or id is None and not can_create):
        return abort(403)

    if request.args.get("copy", False):
        collection = copy_row(collection, ["id"])

    next = request.args.get("next")
    if not is_safe_url(next):
        return abort(400)
    else:
        next = next or url_for("core.collections")

    is_new = collection.id is None
    if is_new:
        collection.organizer = current_user
    has_full_access = current_user.is_admin or collection.organizer == current_user
    form = CollectionForm(obj=collection)
    if not has_full_access:
        del form["editors"]
        del form["organizer"]
        del form["is_meta"]
        del form["meta_collections"]

    if form.validate_on_submit():
        form.populate_obj(collection)
        HistoryItem.build_for(collection)
        if is_new:
            db.session.add(collection)
        db.session.commit()
        return redirect(next)

    return render_template(
        "core/collection_edit.html",
        title="Collection - Admin",
        form=form,
        new=is_new,
        has_full_access=has_full_access,
        next=next,
        collection=collection,
    )
示例#13
0
def unsubscribe(id):
    subscription = Subscription.query.filter(Subscription.collection_id == id,
                                             Subscription.user == current_user)
    if not subscription:
        return abort(404)
    else:
        subscription = subscription[0]

    next = request.args.get("next")
    if not is_safe_url(next):
        return abort(400)
    else:
        next = next or url_for("auth.profile")

    db.session.delete(subscription)
    db.session.commit()
    return redirect(next)
示例#14
0
def login():
    form = LoginForm()
    if form.validate_on_submit():
        username = form.username.data
        password = form.password.data
        remember = form.remember_me.data
        user = User.query.filter_by(username=username).first()
        if user and user.check_password(password):
            login_user(user, remember=remember)
            next = request.args.get('next')
            flash('登录成功!', 'success')
            if next:  # 验证有没有next
                if is_safe_url(next):
                    return redirect(next)
            return redirect(url_for('main.index'))
        flash('用户名或密码不正确', 'warning')
    return render_template('auth/login.html', form=form)
示例#15
0
def delete_talk(id):
    talk = Talk.query.get(id)

    if talk is None:
        return abort(404)
    if not (talk.can_edit(current_user) or current_user.is_admin):
        return abort(403)

    next = request.args.get("next")
    if not is_safe_url(next):
        return abort(400)
    else:
        next = next or url_for("core.talks")

    db.session.delete(talk)
    HistoryItem.build_for(talk)
    db.session.commit()
    return redirect(next)
示例#16
0
def delete_collection(id):
    collection = Collection.query.get(id)

    if collection is None:
        return abort(404)
    if not (collection.organizer == current_user or current_user.is_admin):
        return abort(403)

    next = request.args.get("next")
    if not is_safe_url(next):
        return abort(400)
    else:
        next = next or url_for("core.collections")

    db.session.delete(collection)
    HistoryItem.build_for(collection)
    db.session.commit()
    return redirect(next)
示例#17
0
def login():
    if current_user.is_authenticated:
        return redirect(url_for('auth.account'))
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter_by(username=form.username.data).first()
        if user is None or not user.check_password(form.password.data):
            flash('Invalid username or password', 'warning')
            return redirect(url_for('auth.login'))
        flash('Successful login.', 'info')
        login_user(user, remember=form.remember_me.data)
        next = request.args.get('next')
        if not is_safe_url(next):
            return abort(400)
        if user.role == 'admin':
            identity_changed.send(current_app._get_current_object(),
                                  identity=Identity(user.id))
        return redirect(next or url_for('main.index'))
    return render_template('auth/login.html', title='Sign In', form=form)
示例#18
0
def login():
    if current_user.is_authenticated:
        return redirect(url_for("core.index"))
    form = LoginForm(request.form)
    if form.validate_on_submit():
        user = User.query.filter_by(email=form.email.data).first()
        if user is None or not user.check_password(form.password.data):
            flash(_("Invalid email or password"), "danger")
            return redirect(url_for("auth.login"))
        login_user(user, remember=form.remember_me.data)
        flash(
            _("Logged in as %(display_name)s.",
              display_name=user.display_name), "info")
        current_app.logger.info(f"User logged in: {user}")
        next = request.args.get("next")
        if not is_safe_url(next):
            return abort(400)
        return redirect(next or url_for("core.index"))
    return render_template("auth/login.html", title="Sign In", form=form)
示例#19
0
def login():
    form = LoginForm()
    if request.method == 'GET':
        return render_template('main/login.html', form=form)
    if form.validate_on_submit():
        user = User.query.filter(
            or_(User.username == form.account.data,
                User.email == form.account.data)).first()
        if user and user.check_password(form.password.data.encode('utf-8')):
            if not user.is_active:
                # todo:
                raise ValidationError('User is not active.')
            # login
            login_user(user, form.remember_me.data)
            # next
            next = request.args.get('next')
            if not is_safe_url(next):
                next = None
            return redirect(next or url_for('main.index'))
        # todo:
        raise ValidationError('User does not exist, or password is wrong.')
    return render_template('main/login.html', form=form)
示例#20
0
def token_login(uuid):
    form = AccessTokenForm(request.form)
    if form.validate_on_submit():
        token = AccessToken.query.filter_by(uuid=uuid).first()
        if token is None:
            return abort(404)
        if not token.check_password(form.password.data):
            flash(_("Invalid password"), "error")
            return redirect(url_for("auth.token_login", uuid=uuid))
        if "access_tokens" not in session:
            session["access_tokens"] = []
        session["access_tokens"].append(token.id)
        session.modified = True
        flash(_("Enabled access token %(uuid)s.", uuid=uuid), "info")
        next = request.args.get("next")
        if not is_safe_url(next):
            return abort(400)
        return redirect(next or url_for("core.index"))
    return render_template("auth/token_login.html",
                           title="Enable token access",
                           uuid=uuid,
                           form=form)
示例#21
0
def reverify():
    send_mail.delay(
        recipient=current_user.email,
        subject="Mail Verification",
        template="messages/verification.html",
        context={
            "user": current_user.display_name,
            "verification_code": current_user.generate_verification_code(),
        },
    )
    db.session.commit()
    flash(
        _("Remember to verify your email address to make full use of Talks.Tue!"
          ),
        "warning",
    )

    next = request.args.get("next")
    if not is_safe_url(next):
        return abort(400)
    else:
        next = next or url_for("core.index")
    return redirect(next)
示例#22
0
 def test_is_safe_url(self):
     with self.app.test_request_context():
         self.assertFalse(is_safe_url('http://externalsite.com'))
         self.assertTrue(is_safe_url('http://' + self.app.config['SERVER_NAME']))
         self.assertTrue(is_safe_url('safe_internal_link'))
示例#23
0
    def redirect(self, endpoint='index', **values):
        if is_safe_url(self.next.data):
            return redirect(self.next.data)

        target = get_redirect_target()
        return redirect(target or url_for(endpoint, **values))