def validate(self): # Use super of LoginForm, not super of CustomLoginForm, since I # want to skip the LoginForm validate logic if not super(LoginForm, self).validate(): return False self.email.data = remove_null_caracters(self.email.data) self.user = _datastore.get_user(self.email.data) if self.user is None: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False self.user.password = remove_null_caracters(self.user.password) if not self.user.password: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False self.password.data = remove_null_caracters(self.password.data) if not verify_and_update_password(self.password.data, self.user): self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False # if requires_confirmation(self.user): # self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) # return False if not self.user.is_active: self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def validate(self): user_ip = request.headers.get('X-Forwarded-For', request.remote_addr) time_now = datetime.datetime.now() # Use super of LoginForm, not super of CustomLoginForm, since I # want to skip the LoginForm validate logic if not super(LoginForm, self).validate(): audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}]" ) return False self.email.data = remove_null_caracters(self.email.data) self.user = _datastore.find_user(username=self.email.data) if self.user is None: audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - " f"Reason: [Invalid Username]") self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False self.user.password = remove_null_caracters(self.user.password) if not self.user.password: audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - " f"Reason: [Invalid Password]") self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False self.password.data = remove_null_caracters(self.password.data) if not verify_and_update_password(self.password.data, self.user): audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - " f"Reason: [Invalid Password]") self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False # if requires_confirmation(self.user): # self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) # return False if not self.user.is_active: audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - " f"Reason: [Disabled Account]") self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True