def logout_client(): """ Client-initiated logout """ client = Client.query.filter_by(key=request.args['client_id']).first() if client is None: # No such client. Possible CSRF. Don't logout and don't send them back flash(logout_errormsg, 'error') return redirect(url_for('index')) if client.trusted: # This is a trusted client. Does the referring domain match? clienthost = urlparse.urlsplit(client.redirect_uri).hostname if request.referrer: if clienthost != urlparse.urlsplit(request.referrer).hostname: # Doesn't. Don't logout and don't send back flash(logout_errormsg, 'error') return redirect(url_for('index')) # else: no referrer? Either stripped out by browser or a proxy, or this is a direct link. # We can't do anything about that, so assume it's a legit case. # # If there is a next destination, is it in the same domain? if 'next' in request.args: if clienthost != urlparse.urlsplit(request.args['next']).hostname: # Doesn't. Assume CSRF and redirect to index without logout flash(logout_errormsg, 'error') return redirect(url_for('index')) # All good. Log them out and send them back logout_internal() return redirect(get_next_url(external=True)) else: # We know this client, but it's not trusted. Send back without logout. return redirect(get_next_url(external=True))
def decorated_function(*args, **kwargs): g.login_required = True data = f(*args, **kwargs) metarefresh = getbool(request.args.get('metarefresh')) if 'cookietest' in request.args: next = get_next_url() else: next = data.get('next') or get_next_url(referrer=True) if session.new and 'cookietest' not in request.args: # Check if the user's browser supports cookies session['cookies'] = True # Reconstruct current URL with ?cookietest=1 or &cookietest=1 appended url_parts = urlparse.urlsplit(request.url) if url_parts.query: return redirect(request.url + '&cookietest=1&next=' + urllib.quote(next)) else: return redirect(request.url + '?cookietest=1&next=' + urllib.quote(next)) else: if session.new: # No support for cookies. Abort login return self._auth_error_handler('no_cookies', error_description=u"Your browser must accept cookies for you to login.", error_uri="") else: # The 'cookies' key is not needed anymore session.pop('cookies', None) scope = data.get('scope', 'id') message = data.get('message') or request.args.get('message') if isinstance(message, unicode): message = message.encode('utf-8') return self._login_handler_internal(scope, next, message, metarefresh)
def login(): # If user is already logged in, send them back if g.user: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() service_forms = {} for service, provider in login_registry.items(): if provider.at_login and provider.form is not None: service_forms[service] = provider.get_form() loginmethod = None if request.method == 'GET': loginmethod = request.cookies.get('login') formid = request.form.get('form.id') if request.method == 'POST' and formid == 'passwordlogin': if loginform.validate(): user = loginform.user login_internal(user) db.session.commit() flash('You are now logged in', category='success') return set_loginmethod_cookie(render_redirect(get_next_url(session=True), code=303), 'password') elif request.method == 'POST' and formid in service_forms: form = service_forms[formid]['form'] if form.validate(): return set_loginmethod_cookie(login_registry[formid].do(form=form), formid) elif request.method == 'POST': abort(500) if request.is_xhr and formid == 'passwordlogin': return render_template('forms/loginform.html', loginform=loginform, Markup=Markup) else: return render_template('login.html', loginform=loginform, lastused=loginmethod, service_forms=service_forms, Markup=Markup)
def login(): # If user is already logged in, send them back if g.user: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() openidform = OpenIdForm() if request.method == 'GET': openidform.openid.data = 'http://' formid = request.form.get('form.id') if request.method == 'POST' and formid == 'openid': if openidform.validate(): return oid.try_login(openidform.openid.data, ask_for=['email', 'fullname', 'nickname']) elif request.method == 'POST' and formid == 'login': if loginform.validate(): user = loginform.user login_internal(user) if loginform.remember.data: session.permanent = True else: session.permanent = False db.session.commit() flash('You are now logged in', category='success') return render_redirect(get_next_url(session=True), code=303) if request.is_xhr and formid == 'login': return render_template('forms/loginform.html', loginform=loginform, Markup=Markup) else: return render_template('login.html', openidform=openidform, loginform=loginform, oiderror=oid.fetch_error(), oidnext=oid.get_next_url(), Markup=Markup)
def account_merge(): if 'merge_buid' not in session: return redirect(get_next_url(), code=302) other_user = User.get(buid=session['merge_buid']) if other_user is None: session.pop('merge_buid', None) return redirect(get_next_url(), code=302) form = ProfileMergeForm() if form.validate_on_submit(): if 'merge' in request.form: new_user = merge_users(current_auth.user, other_user) login_internal(new_user) flash(_("Your accounts have been merged"), 'success') session.pop('merge_buid', None) db.session.commit() user_data_changed.send(new_user, changes=['merge']) return redirect(get_next_url(), code=303) else: session.pop('merge_buid', None) return redirect(get_next_url(), code=303) return render_template( 'merge.html.jinja2', form=form, user=current_auth.user, other_user=other_user, login_registry=login_registry, )
def login(): # If user is already logged in, send them back if g.user: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() service_forms = {} for service, provider in login_registry.items(): if provider.at_login and provider.form is not None: service_forms[service] = provider.get_form() loginmethod = None if request.method == 'GET': loginmethod = request.cookies.get('login') formid = request.form.get('form.id') if request.method == 'POST' and formid == 'passwordlogin': if loginform.validate(): user = loginform.user login_internal(user) db.session.commit() flash('You are now logged in', category='success') return set_loginmethod_cookie(render_redirect(get_next_url(session=True), code=303), 'password') elif request.method == 'POST' and formid in service_forms: form = service_forms[formid]['form'] if form.validate(): return set_loginmethod_cookie(login_registry[formid].do(form=form), formid) elif request.method == 'POST': abort(500) if request.is_xhr and formid == 'passwordlogin': return render_template('forms/loginform.html', loginform=loginform, Markup=Markup) else: return render_template('login.html', loginform=loginform, lastused=loginmethod, service_forms=service_forms, Markup=Markup, login_registry=login_registry)
def decorated_function(*args, **kwargs): data = f(*args, **kwargs) if "cookietest" in request.args: next = get_next_url() else: next = data.get("next") or get_next_url(referrer=True) if session.new and "cookietest" not in request.args: # Check if the user's browser supports cookies session["cookies"] = True # Reconstruct current URL with ?cookietest=1 or &cookietest=1 appended url_parts = urlparse.urlsplit(request.url) if url_parts.query: return redirect(request.url + "&cookietest=1&next=" + urllib.quote(next)) else: return redirect(request.url + "?cookietest=1&next=" + urllib.quote(next)) else: if session.new: # No support for cookies. Abort login return self._auth_error_handler( "no_cookies", error_description=u"Your browser must accept cookies for you to login.", error_uri="", ) else: # The 'cookies' key is not needed anymore session.pop("cookies", None) scope = data.get("scope", "id") return self._login_handler_internal(scope, next)
def decorated_function(*args, **kwargs): data = f(*args, **kwargs) if 'cookietest' in request.args: next = get_next_url() else: next = data.get('next') or get_next_url(referrer=True) if session.new and 'cookietest' not in request.args: # Check if the user's browser supports cookies session['cookies'] = True # Reconstruct current URL with ?cookietest=1 or &cookietest=1 appended url_parts = urlparse.urlsplit(request.url) if url_parts.query: return redirect(request.url + '&cookietest=1&next=' + urllib.quote(next)) else: return redirect(request.url + '?cookietest=1&next=' + urllib.quote(next)) else: if session.new: # No support for cookies. Abort login return self._auth_error_handler( 'no_cookies', error_description= u"Your browser must accept cookies for you to login.", error_uri="") else: # The 'cookies' key is not needed anymore session.pop('cookies', None) scope = data.get('scope', 'id') return self._login_handler_internal(scope, next)
def test_get_next_url(self): with self.app.test_request_context('/?next=http://example.com'): self.assertEqual(get_next_url(external=True), 'http://example.com') self.assertEqual(get_next_url(), '/') self.assertEqual(get_next_url(default=()), ()) with self.app.test_request_context('/'): session['next'] = '/external' self.assertEqual(get_next_url(session=True), '/external')
def test_get_next_url(self): with self.app.test_request_context('/?next=http://example.com'): assert get_next_url(external=True) == 'http://example.com' assert get_next_url() == '/' assert get_next_url(default=()) == () with self.app.test_request_context('/'): session['next'] = '/external' assert get_next_url(session=True) == '/external'
def login_service(service): """ Handle login with a registered service. """ if service not in login_registry: abort(404) provider = login_registry[service] next_url = get_next_url(referrer=False, default=None) callback_url = url_for('.login_service_callback', service=service, next=next_url, _external=True) try: return provider.do(callback_url=callback_url) except LoginInitError, e: flash("%s login failed: %s" % (provider.title, unicode(e)), category='error') return redirect(next_url or get_next_url(referrer=True))
def login(): # If user is already logged in, send them back if current_auth.is_authenticated: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() service_forms = {} for service, provider in login_registry.items(): if provider.at_login and provider.form is not None: service_forms[service] = provider.get_form() loginmethod = None if request.method == 'GET': loginmethod = request.cookies.get('login') formid = request.form.get('form.id') if request.method == 'POST' and formid == 'passwordlogin': try: if loginform.validate(): user = loginform.user login_internal(user) db.session.commit() flash(_("You are now logged in"), category='success') return set_loginmethod_cookie( render_redirect(get_next_url(session=True), code=303), 'password') except LoginPasswordResetException: return render_redirect( url_for('.reset', expired=1, username=loginform.username.data)) elif request.method == 'POST' and formid in service_forms: form = service_forms[formid]['form'] if form.validate(): return set_loginmethod_cookie(login_registry[formid].do(form=form), formid) elif request.method == 'POST': abort(500) iframe_block = {'X-Frame-Options': 'SAMEORIGIN'} if request.is_xhr and formid == 'passwordlogin': return render_template('loginform.html.jinja2', loginform=loginform, Markup=Markup), 200, iframe_block else: return render_template( 'login.html.jinja2', loginform=loginform, lastused=loginmethod, service_forms=service_forms, Markup=Markup, login_registry=login_registry), 200, iframe_block
def logout_return(): if 'code' in request.args: code = LoginCode.query.filter_by(code=request.args['code']).first() if code: db.session.delete(code) db.session.commit() return redirect(get_next_url(external=False, referrer=True))
def lastuserauth(): # Make profiles for the user's organizations username = g.user.username or g.user.userid profile = Profile.query.filter_by(userid=g.user.userid).first() if profile is None: profile = Profile(userid=g.user.userid, name=g.user.username or g.user.userid, title=g.user.fullname, type=PROFILE_TYPE.PERSON) db.session.add(profile) else: if profile.name != username: profile.name = username if profile.title != g.user.fullname: profile.title = g.user.fullname for org in g.user.organizations_owned(): profile = Profile.query.filter_by(userid=org['userid']).first() if profile is None: profile = Profile(userid=org['userid'], name=org['name'], title=org['title'], type=PROFILE_TYPE.ORGANIZATION) db.session.add(profile) else: if profile.name != org['name']: profile.name = org['name'] if profile.title != org['title']: profile.title = org['title'] db.session.commit() return redirect(get_next_url())
def new(self): if not current_auth.user.has_verified_contact_info: flash( _("You need to have a verified email address " "or phone number to create an organization"), 'error', ) return redirect(get_next_url(referrer=True), code=303) form = OrganizationForm() if form.validate_on_submit(): org = Organization(owner=current_auth.user) form.populate_obj(org) db.session.add(org) org.profile.make_public() db.session.commit() org_data_changed.send(org, changes=['new'], user=current_auth.user) return render_redirect(org.profile.url_for('edit'), code=303) return render_form( form=form, title=_("Create a new organization"), formid='org_new', submit=_("Next"), ajax=False, )
def lastuserauth(): # Make channels for the user's organizations username = g.user.username or g.user.userid channel = Channel.query.filter_by(userid=g.user.userid).first() if channel is None: channel = Channel(userid=g.user.userid, name=g.user.username or g.user.userid, title=g.user.fullname, type=CHANNEL_TYPE.PERSON) db.session.add(channel) else: if channel.name != username: channel.name = username if channel.title != g.user.fullname: channel.title = g.user.fullname for org in g.user.organizations_owned(): channel = Channel.query.filter_by(userid=org['userid']).first() if channel is None: channel = Channel(userid=org['userid'], name=org['name'], title=org['title'], type=CHANNEL_TYPE.ORGANIZATION) db.session.add(channel) else: if channel.name != org['name']: channel.name = org['name'] if channel.title != org['title']: channel.title = org['title'] db.session.commit() return redirect(get_next_url())
def profile_new(): form = ProfileNewForm(obj=g.user) form.fullname.description = app.config.get('FULLNAME_REASON') form.email.description = app.config.get('EMAIL_REASON') form.username.description = app.config.get('USERNAME_REASON') form.description.description = app.config.get('BIO_REASON') if form.validate_on_submit(): # Can't auto-populate here because user.email is read-only g.user.fullname = form.fullname.data g.user.username = form.username.data g.user.description = form.description.data if form.existing_email is None: useremail = UserEmailClaim(user=g.user, email=form.email.data) db.session.add(useremail) db.session.commit() send_email_verify_link(useremail) flash("Your profile was successfully updated. We sent you an email to confirm your address", category='success') else: db.session.commit() flash("Your profile was successfully updated.", category='success') return render_redirect(get_next_url(), code=303) return render_form(form, title="Update profile", formid="profile_new", submit="Continue", message=u"Hello, %s. Please spare a minute to fill out your profile." % g.user.fullname, ajax=True)
def login_github(): next_url = get_next_url(referrer=False) try: return redirect(github['auth_url'] % (github['key'], quote(url_for('login_github_authorized', _external=True, next=next_url)))) except OAuthException, e: flash(u"GitHub login failed: %s" % unicode(e), category="error") return redirect(next_url)
def logout_client(): """ Client-initiated logout """ cred = ClientCredential.get(request.args['client_id']) client = cred.client if cred else None if client is None or not request.referrer or not client.host_matches( request.referrer): # No referrer or such client, or request didn't come from the client website. # Possible CSRF. Don't logout and don't send them back flash( current_app.config.get('LOGOUT_UNAUTHORIZED_MESSAGE') or logout_errormsg, 'danger') return redirect(url_for('index')) # If there is a next destination, is it in the same domain as the client? if 'next' in request.args: if not client.host_matches(request.args['next']): # Host doesn't match. Assume CSRF and redirect to index without logout flash( current_app.config.get('LOGOUT_UNAUTHORIZED_MESSAGE') or logout_errormsg, 'danger') return redirect(url_for('index')) # All good. Log them out and send them back logout_internal() db.session.commit() return redirect(get_next_url(external=True))
def login_service(service): """ Handle login with a registered service. """ if service not in login_registry: abort(404) provider = login_registry[service] next_url = get_next_url(referrer=False, default=None) callback_url = url_for('.login_service_callback', service=service, next=next_url, _external=True) try: return provider.do(callback_url=callback_url) except (LoginInitError, LoginCallbackError) as e: msg = _(u"{service} login failed: {error}").format(service=provider.title, error=unicode(e)) exception_catchall.send(e, message=msg) flash(msg, category='danger') return redirect(next_url or get_next_url(referrer=True))
def lastuser_error(error, error_description=None, error_uri=None): if error == "access_denied": flash("You denied the request to login", category="error") return redirect(get_next_url()) return Response( u"Error: %s\n" u"Description: %s\n" u"URI: %s" % (error, error_description, error_uri), mimetype="text/plain" )
def register(): if current_auth.is_authenticated: return redirect(url_for('index')) form = RegisterForm() # Make Recaptcha optional if not (current_app.config.get('RECAPTCHA_PUBLIC_KEY') and current_app.config.get('RECAPTCHA_PRIVATE_KEY')): del form.recaptcha form.fullname.description = current_app.config.get('FULLNAME_REASON') form.email.description = current_app.config.get('EMAIL_REASON') form.username.description = current_app.config.get('USERNAME_REASON') if form.validate_on_submit(): user = register_internal(form.username.data, form.fullname.data, form.password.data) useremail = UserEmailClaim(user=user, email=form.email.data) db.session.add(useremail) send_email_verify_link(useremail) login_internal(user) db.session.commit() flash(_("You are now one of us. Welcome aboard!"), category='success') return redirect(get_next_url(session=True), code=303) return render_form( form=form, title=_("Create an account"), formid='register', submit=_("Register"), message=current_app.config.get('CREATE_ACCOUNT_MESSAGE'))
def lastuserauth(): Workspace.update_from_user(g.user, db.session, make_user_profiles=False, make_org_profiles=False) db.session.commit() return redirect(get_next_url())
def login_twitter_authorized(resp): if resp is None: flash(u'You denied the request to login via Twitter.', 'error') return redirect(url_for('login')) next_url = get_next_url(session=True) # Try to read more from the user's Twitter profile try: twinfo = json.loads(urlopen('http://api.twitter.com/1/users/lookup.json?%s' % urlencode({'user_id': resp['user_id']})).read())[0] except URLError: twinfo = {} return_url = config_external_id(service='twitter', service_name='Twitter', user=None, userid=resp['user_id'], username=resp['screen_name'], fullname=twinfo.get('name', '@' + resp['screen_name']), avatar=twinfo.get('profile_image_url', '').replace("normal.", "bigger."), access_token=resp['oauth_token'], secret=resp['oauth_token_secret'], token_type=None, next_url=next_url) if return_url is not None: next_url = return_url # Redirect with 303 because users hitting the back button # cause invalid/expired token errors from Twitter return redirect(next_url, code=303)
def lastuserauth(): Profile.update_from_user(g.user, db.session, type_user=PROFILE_TYPE.PERSON, type_org=PROFILE_TYPE.ORGANIZATION) db.session.commit() return redirect(get_next_url())
def profile_new(): form = ProfileNewForm(obj=g.user) form.fullname.description = app.config.get('FULLNAME_REASON') form.email.description = app.config.get('EMAIL_REASON') form.username.description = app.config.get('USERNAME_REASON') form.description.description = app.config.get('BIO_REASON') if form.validate_on_submit(): # Can't auto-populate here because user.email is read-only g.user.fullname = form.fullname.data g.user.username = form.username.data g.user.description = form.description.data if form.existing_email is None: useremail = UserEmailClaim(user=g.user, email=form.email.data) db.session.add(useremail) db.session.commit() send_email_verify_link(useremail) flash( "Your profile was successfully updated. We sent you an email to confirm your address", category='success') else: db.session.commit() flash("Your profile was successfully updated.", category='success') return render_redirect(get_next_url(), code=303) return render_form( form, title="Update profile", formid="profile_new", submit="Continue", message=u"Hello, %s. Please spare a minute to fill out your profile." % g.user.fullname, ajax=True)
def toggle_featured(self): if not current_auth.user.is_site_editor: return abort(403) featured_form = forms.Form() if featured_form.validate_on_submit(): self.obj.featured = not self.obj.featured db.session.commit() return redirect(get_next_url(referrer=True), 303)
def lastuserauth(): Board.update_from_user(g.user, db.session, make_user_profiles=False, make_org_profiles=False) signal_login.send(app, user=g.user) db.session.commit() return redirect(get_next_url())
def logout_session(session): if not request.referrer or (urlparse.urlsplit(request.referrer).netloc != urlparse.urlsplit(request.url).netloc) or (session.user != current_auth.user): flash(current_app.config.get('LOGOUT_UNAUTHORIZED_MESSAGE') or logout_errormsg, 'danger') return redirect(url_for('index')) session.revoke() db.session.commit() return redirect(get_next_url(referrer=True), code=303)
def lastuser_error(error, error_description=None, error_uri=None): if error == 'access_denied': flash("You denied the request to login", category='error') return redirect(get_next_url()) return render_template("autherror.html", error=error, error_description=error_description, error_uri=error_uri)
def login_twitter(): next_url = get_next_url(referrer=False) try: return twitter.authorize(callback=url_for('login_twitter_authorized', next=next_url)) except (OAuthException, BadStatusLine), e: flash("Twitter login failed: %s" % unicode(e), category="error") return redirect(url_for('login'))
def lastuser_error(error, error_description=None, error_uri=None): if error == 'access_denied': flash("You denied the request to login", category='error') return redirect(get_next_url()) return Response(u"Error: %s\n" u"Description: %s\n" u"URI: %s" % (error, error_description, error_uri), mimetype="text/plain")
def lastuser_error(error, error_description=None, error_uri=None): if error == 'access_denied': flash(_("You denied the request to login"), category='error') return redirect(get_next_url()) return render_message(title=_("Error: {error}").format(error=error), message=Markup( "<p>{desc}</p><p>URI: {uri}</p>".format( desc=escape(error_description or ''), uri=escape(error_uri or _('NA')))))
def account_edit(newprofile=False): form = ProfileForm(obj=current_auth.user) form.edit_user = current_auth.user form.fullname.description = current_app.config.get('FULLNAME_REASON') form.email.description = current_app.config.get('EMAIL_REASON') form.username.description = current_app.config.get('USERNAME_REASON') form.timezone.description = current_app.config.get('TIMEZONE_REASON') if current_auth.user.email or newprofile is False: del form.email if form.validate_on_submit(): # Can't auto-populate here because user.email is read-only current_auth.user.fullname = form.fullname.data current_auth.user.username = form.username.data current_auth.user.timezone = form.timezone.data if newprofile and not current_auth.user.email: useremail = UserEmailClaim.get(user=current_auth.user, email=form.email.data) if useremail is None: useremail = UserEmailClaim(user=current_auth.user, email=form.email.data) db.session.add(useremail) send_email_verify_link(useremail) db.session.commit() user_data_changed.send(current_auth.user, changes=['profile', 'email-claim']) flash(_( "Your profile has been updated. We sent you an email to confirm your address" ), category='success') else: db.session.commit() user_data_changed.send(current_auth.user, changes=['profile']) flash(_("Your profile has been updated"), category='success') if newprofile: return render_redirect(get_next_url(), code=303) else: return render_redirect(url_for('account'), code=303) if newprofile: return render_form( form, title=_("Update profile"), formid='account_new', submit=_("Continue"), message=Markup( _(u"Hello, <strong>{fullname}</strong>. Please spare a minute to fill out your profile" ).format(fullname=escape(current_auth.user.fullname))), ajax=True) else: return render_form(form, title=_("Edit profile"), formid='account_edit', submit=_("Save changes"), ajax=True)
def lastuserauth(): for org in g.user.organizations_memberof(): workspace = Workspace.query.filter_by(userid=org['userid']).first() if workspace: if workspace.name != org['name']: workspace.name = org['name'] if workspace.title != org['title']: workspace.title = org['title'] db.session.commit() return redirect(get_next_url())
def login(): code = LoginCode(next_url=get_next_url(external=False, referrer=True), return_url=url_for('login_return', _external=True)) db.session.add(code) db.session.commit() if app.config.get('USE_SSL'): scheme = 'https://' else: scheme = 'http://' return redirect(urljoin(scheme + app.config['ADMIN_HOSTS'][0], '/login/event?code=' + code.code))
def logout(): code = None if 'code' in request.args: code = LoginCode.query.filter_by(code=request.args['code']).first() if code: next = url_for('logout_event', code=code.code) else: next = get_next_url() flash(u"You are now logged out", category='success') signal_logout.send(app, user=g.user) return next
def profile_merge(): if "merge_userid" not in session: return redirect(get_next_url(), code=302) other_user = User.query.filter_by(userid=session["merge_userid"]).first() if other_user is None: session.pop("merge_userid", None) return redirect(get_next_url(), code=302) form = ProfileMergeForm() if form.validate_on_submit(): if "merge" in request.form: new_user = merge_users(g.user, other_user) login_internal(new_user) user_data_changed.send(new_user, changes=["merge"]) flash("Your accounts have been merged.", "success") session.pop("merge_userid", None) return redirect(get_next_url(), code=303) else: session.pop("merge_userid", None) return redirect(get_next_url(), code=303) return render_template("merge.html", form=form, user=g.user, other_user=other_user, login_registry=login_registry)
def lastuser_error(error, error_description=None, error_uri=None): if error == 'access_denied': flash("You denied the request to login", category='error') return redirect(get_next_url()) return render_message( title="Error: {0}".format(error), message=Markup( "<p>{desc}</p><p>URI: {uri}</p>".format( desc=escape(error_description or ''), uri=escape(error_uri or _('NA'))) ) )
def login_service(service): """ Handle login with a registered service. """ if service not in login_registry: abort(404) provider = login_registry[service] next_url = get_next_url(referrer=False, default=None) callback_url = url_for('.login_service_callback', service=service, next=next_url, _external=True) try: return provider.do(callback_url=callback_url) except (LoginInitError, LoginCallbackError) as e: msg = _("{service} login failed: {error}").format( service=provider.title, error=str(e)) exception_catchall.send(e, message=msg) flash(msg, category='danger') return redirect(next_url or get_next_url(referrer=True))
def login(): # If user is already logged in, send them back if current_auth.is_authenticated: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() service_forms = {} for service, provider in login_registry.items(): if provider.at_login and provider.form is not None: service_forms[service] = provider.get_form() loginmethod = None if request.method == 'GET': loginmethod = request.cookies.get('login') formid = request.form.get('form.id') if request.method == 'POST' and formid == 'passwordlogin': try: if loginform.validate(): user = loginform.user login_internal(user) db.session.commit() flash(_("You are now logged in"), category='success') return set_loginmethod_cookie(render_redirect(get_next_url(session=True), code=303), 'password') except LoginPasswordResetException: flash(_(u"Your account does not have a password set. Please enter your username " "or email address to request a reset code and set a new password"), category='danger') return render_redirect(url_for('.reset', username=loginform.username.data)) elif request.method == 'POST' and formid in service_forms: form = service_forms[formid]['form'] if form.validate(): return set_loginmethod_cookie(login_registry[formid].do(form=form), formid) elif request.method == 'POST': abort(500) iframe_block = {'X-Frame-Options': 'SAMEORIGIN'} if request.is_xhr and formid == 'passwordlogin': return render_template('loginform.html.jinja2', loginform=loginform, Markup=Markup), 200, iframe_block else: return render_template('login.html.jinja2', loginform=loginform, lastused=loginmethod, service_forms=service_forms, Markup=Markup, login_registry=login_registry), 200, iframe_block
def logout_user(): """ User-initiated logout """ if not request.referrer or (urlparse.urlsplit(request.referrer).hostname != urlparse.urlsplit(request.url).hostname): # TODO: present a logout form flash(current_app.config.get('LOGOUT_UNAUTHORIZED_MESSAGE') or logout_errormsg, 'danger') return redirect(url_for('index')) else: logout_internal() flash('You are now logged out', category='info') return redirect(get_next_url())
def lastuser_error(error, error_description=None, error_uri=None): if error == "access_denied": flash(_(u"You denied the request to login"), category="error") return redirect(get_next_url()) return render_message( title=_(u"Error: {error}").format(error=error), message=Markup( u"<p>{desc}</p><p>URI: {uri}</p>".format( desc=escape(error_description or u""), uri=escape(error_uri or _(u"NA")) ) ), )
def logout_user(): """ User-initiated logout """ if not request.referrer or (urlparse.urlsplit(request.referrer).hostname != urlparse.urlsplit(request.url).hostname): # TODO: present a logout form flash(logout_errormsg, 'error') return redirect(url_for('index')) else: logout_internal() flash('You are now logged out', category='success') return redirect(get_next_url())
def login(scope='', next=None): if next is None: next = get_next_url(external=False, referrer=True) code = LoginCode(next_url=next, return_url=url_for('login_return', _external=True), scope=scope) db.session.add(code) db.session.commit() if app.config.get('USE_SSL'): scheme = 'https://' else: scheme = 'http://' return redirect(urljoin(scheme + app.config['LOGIN_HOST'], '/login/event?code=' + code.code))
def transition(self): form = self.obj.forms.transition(obj=self.obj) if form.validate_on_submit(): transition_name = form.transition.data getattr(self.obj, transition_name)() db.session.commit() flash(_("Your changes have been saved"), 'info') else: flash( _("There was a problem saving your changes. Please try again"), 'error') return redirect(get_next_url(referrer=True), code=303)
def logout(): code = LoginCode(next_url=get_next_url(external=False, referrer=True), return_url=url_for('logout_return', _external=True)) session.pop('userid', None) signal_logout.send(eventapp, user=g.user) g.user = None db.session.add(code) db.session.commit() if app.config.get('USE_SSL'): scheme = 'https://' else: scheme = 'http://' return redirect(urljoin(scheme + app.config['LOGIN_HOST'], '/logout?code=' + code.code))
def account_merge(): if 'merge_buid' not in session: return redirect(get_next_url(), code=302) other_user = User.get(buid=session['merge_buid']) if other_user is None: session.pop('merge_buid', None) return redirect(get_next_url(), code=302) form = ProfileMergeForm() if form.validate_on_submit(): if 'merge' in request.form: new_user = merge_users(current_auth.user, other_user) login_internal(new_user) flash(_("Your accounts have been merged"), 'success') session.pop('merge_buid', None) db.session.commit() user_data_changed.send(new_user, changes=['merge']) return redirect(get_next_url(), code=303) else: session.pop('merge_buid', None) return redirect(get_next_url(), code=303) return render_template('merge.html.jinja2', form=form, user=current_auth.user, other_user=other_user, login_registry=login_registry)