def initialise(self): """ The application needs initialisation to load the database connection etc. In previous versions this was done with the initialisation of the class in the __init__ method. This is now separated into this function. """ #: Check if the secret key is defined, if not raise an #: exception since it is required assert self.secret_key, 'Secret Key is not defined in config' #: Load the cache self.load_cache() #: Initialise the CSRF handling self.csrf_protection = CsrfProtect() self.csrf_protection.init_app(self) self.view_functions['static'] = self.send_static_file # Backend initialisation self.load_backend() #: Initialise the login handler login_manager = LoginManager() login_manager.user_loader(self._pool.get('nereid.user').load_user) login_manager.header_loader( self._pool.get('nereid.user').load_user_from_header ) login_manager.token_loader( self._pool.get('nereid.user').load_user_from_token ) login_manager.unauthorized_handler( self._pool.get('nereid.user').unauthorized_handler ) login_manager.login_view = "nereid.website.login" login_manager.anonymous_user = self._pool.get('nereid.user.anonymous') login_manager.init_app(self) self.login_manager = login_manager # Monkey patch the url_for method from flask-login to use # the nereid specific url_for flask.ext.login.url_for = url_for self.template_context_processors[None].append( self.get_context_processors() ) # Add the additional template context processors self.template_context_processors[None].append( nereid_default_template_ctx_processor ) # Add template_filters registered using decorator for name, function in self.get_template_filters(): self.jinja_env.filters[name] = function # Finally set the initialised attribute self.initialised = True
def setup_app(app): """Setup login extension.""" app.config.setdefault('CFG_OPENID_AUTHENTICATION', False) app.config.setdefault('CFG_OAUTH1_AUTHENTICATION', False) app.config.setdefault('CFG_OAUTH2_AUTHENTICATION', False) @app.errorhandler(401) def do_login_first(error=401): """Displays login page when user is not authorised.""" if request.is_xhr: return g._("Authorization failure"), 401 if current_user.is_guest: flash(g._("Please sign in to continue."), 'info') else: flash(g._("Authorization failure."), 'danger') from invenio.modules.accounts.views.accounts import login return login(referer=request.url), 401 # Let's create login manager. _login_manager = LoginManager(app) _login_manager.login_view = app.config.get('CFG_LOGIN_VIEW', 'webaccount.login') _login_manager.anonymous_user = UserInfo _login_manager.unauthorized_handler(do_login_first) @_login_manager.user_loader def _load_user(uid): """ Function should not raise an exception if uid is not valid or User was not found in database. """ return UserInfo(int(uid)) return app
def create_app(config): app = Flask(__name__, static_url_path='', static_folder=STATIC_PATH) init_app_config(app, config) init_logger(app) app.url_map.strict_slashes = False lm = LoginManager() lm.unauthorized_handler(basic_unauthorized) lm.init_app(app) lm.user_loader(load_user) lm.session_protection = "strong" # this patch needs because chrome will ignore cookies when using ip. app.session_interface.get_cookie_domain = lambda _app: None flex = FlexRestManager(db_base=Base, db_session_callback=global_session) flex.init_app(app) register_blueprints(app, BLUEPRINTS) @app.after_request def after_request(response): dbs = global_session(create=False) dbs and dbs.close() return response @app.route('/favicon.ico') def favicon(): return app.send_static_file('images/favicon.ico') return app
def initialise(self): """ The application needs initialisation to load the database connection etc. In previous versions this was done with the initialisation of the class in the __init__ method. This is now separated into this function. """ #: Check if the secret key is defined, if not raise an #: exception since it is required assert self.secret_key, 'Secret Key is not defined in config' #: Load the cache self.load_cache() #: Initialise the CSRF handling self.csrf_protection = NereidCsrfProtect() self.csrf_protection.init_app(self) self.view_functions['static'] = self.send_static_file # Backend initialisation self.load_backend() #: Initialise the login handler login_manager = LoginManager() login_manager.user_loader(self._pool.get('nereid.user').load_user) login_manager.header_loader( self._pool.get('nereid.user').load_user_from_header) login_manager.token_loader( self._pool.get('nereid.user').load_user_from_token) login_manager.unauthorized_handler( self._pool.get('nereid.user').unauthorized_handler) login_manager.login_view = "nereid.website.login" login_manager.anonymous_user = self._pool.get('nereid.user.anonymous') login_manager.init_app(self) self.login_manager = login_manager # Monkey patch the url_for method from flask-login to use # the nereid specific url_for flask.ext.login.url_for = url_for self.template_context_processors[None].append( self.get_context_processors()) # Add the additional template context processors self.template_context_processors[None].append( nereid_default_template_ctx_processor) # Add template_filters registered using decorator for name, function in self.get_template_filters(): self.jinja_env.filters[name] = function # Initialize Babel Babel(self) # Finally set the initialised attribute self.initialised = True
def record_login_manager(state): login_manager = LoginManager() login_manager.login_view = 'FoodTruck.login' login_manager.user_loader(load_user) if state.app.config['SECRET_KEY'] == 'temp-key': def _handler(): from flask import render_template return render_template('error.html', error="No secret key has been set!") logger.debug("No secret key found, disabling website login.") login_manager.unauthorized_handler(_handler) login_manager.login_view = None login_manager.init_app(state.app)
def setup_app(app): """Setup login extension.""" app.config.setdefault("CFG_OPENID_AUTHENTICATION", False) app.config.setdefault("CFG_OAUTH1_AUTHENTICATION", False) app.config.setdefault("CFG_OAUTH2_AUTHENTICATION", False) @app.errorhandler(401) def do_login_first(error=401): """Display login page when user is not authorised.""" if request.is_xhr: return g._("Authorization failure"), 401 secure_url = url_for(request.endpoint, _external=True, _scheme="https", **request.view_args) if not urllib.unquote(secure_url).startswith(request.base_url): return redirect(secure_url) if current_user.is_guest: flash(g._("Please sign in to continue."), "info") from invenio.modules.accounts.views.accounts import login return login(referer=request.url), 401 else: flash(g._("Authorization failure."), "danger") from flask import render_template return render_template("401.html"), 401 # Let's create login manager. _login_manager = LoginManager(app) _login_manager.login_view = app.config.get("CFG_LOGIN_VIEW", "webaccount.login") _login_manager.anonymous_user = UserInfo _login_manager.unauthorized_handler(do_login_first) @user_logged_in.connect_via(app) def _logged_in(sender, user): """Update last login date.""" from invenio.modules.accounts.models import User User.query.filter_by(id=user.get_id()).update(dict(last_login=datetime.now())) @_login_manager.user_loader def _load_user(uid): """Do not raise an exception if uid is not valid or missing.""" return UserInfo(int(uid)) return app
hist_css = Bundle('css/jquery.dataTables.css') assets.register('js', main_js) assets.register('css', main_css) assets.register('foos_js', foos_js) assets.register('foos_css', foos_css) assets.register('hist_js', hist_js) assets.register('hist_css', hist_css) assets.register('players_css', players_css) #import this after db is initualized above from foosweb.views.player import mod as playersModule from foosweb.views.auth import mod as authModule from foosweb.views.foos import mod as foosModule from foosweb.views.history import mod as histModule from foosweb.views.teams import mod as teamModule from foosweb.views.readme import mod as readmeModule from foosweb.views.error import mod as errorModule app.register_blueprint(playersModule) app.register_blueprint(authModule) app.register_blueprint(foosModule) app.register_blueprint(histModule) app.register_blueprint(teamModule) app.register_blueprint(readmeModule) app.register_blueprint(errorModule) from foosweb.utils import user_loader, unauthorized lm.user_loader(user_loader) lm.unauthorized_handler(unauthorized)
class Auth: GHOST = 0 USER = 1 ADMIN = 2 SUPER_ADMIN = 3 class Anonymous(AnonymousUserMixin): def __init__(self): self._id = None def get_id(self): return unicode('') def __init__(self): self.__login_manager = LoginManager() self.config = {} def init_app(self, app, config): print 'Attaching LoginManager to app.' self.__login_manager.init_app(app) self.__login_manager.anonymous_user = Auth.Anonymous self.config = config def load_user(user_id): if user_id == '': return None Users = Database['Users'] try: return Users.User.find_one({'_id': ObjectId(user_id)}) except: return None def unauthorized(): return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED self.__login_manager.user_loader(load_user) self.__login_manager.unauthorized_handler(unauthorized) self.__bcrypt = Bcrypt(app) def login_manager(self): return self.__login_manager def require(self, user_level): def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): if current_user.is_authenticated( ) and current_user.get_access_level() >= user_level: return f(*args, **kwargs) return self.__login_manager.unauthorized() return decorated_function return login_required def login(self, user_object, password): if user_object is not None: if self.__bcrypt.check_password_hash(user_object['password'], password): if not login_user(user_object): return resource_strings["USER_NOT_ACTIVATED"] else: return 'Invalid password' else: return 'Invalid email' return None def login_social(self, login_type, token): user_object = None try: user_object = SocialSignin.verify(login_type, token) except SocialSignin.Invalid as e: return str(e) login_user(user_object) def logout(self): logout_user() def hash_password(self, password): return self.__bcrypt.generate_password_hash(password) # decorator that protects other users from PUT/POST/DELETE on you stuff # user_id _must_ be passed in as 'user_id' def only_me(self, function): @wraps(function) def inner(*args, **kwargs): if kwargs['user_id'] != 'me': return '{}', HTTP_401_UNAUTHORIZED return function(*args, **kwargs) return inner
class AuthLoginManager(object): """ Auth login manager """ manager = None app = None user_cls = None token_cls = None db = None req_tok_type = None def __init__(self, app, db, user_cls, token_cls): """ Constructor """ self.db = db self.user_cls = user_cls self.token_cls = token_cls self.app = app self.req_tok_type = ( app.config.get( 'AUTH_TOKEN_TYPE', REQ_TOK_TYPES['header'] ) ) self.manager = LoginManager() self.manager.request_loader(self._load_user_from_request) self.manager.user_loader(self._load_user) self.manager.token_loader(self._user_from_token) self.manager.unauthorized_handler(self.unauthorized) self.manager.init_app(self.app) return None def get_manager(self): """ Get login manager """ return self.manager def _load_user_from_request(self, request): """ Callback to load a user from a Flask request object See: https://flask-login.readthedocs.org /en/latest/#custom-login-using-request-loader """ req_token = ( request_helpers .get_request_token( self.req_tok_type, request ) ) if req_token is None: return None auth_token = self.token_cls.query.filter_by(token=req_token).first() if auth_token is None: return None session['is_authenticated'] = True session['auth_token'] = auth_token.token return auth_token.user def _load_user(self, user_id): """ Load a user from a user id """ return self.user_cls.get(user_id) def _user_from_token(self, token): """ Gets a user from a token """ auth_token = self.token_cls.query.filter_by(token=token).first() if auth_token is None: return None return auth_token.user def unauthorized(self): """ Unauthorized handler """ headers = {} headers['Content-Type'] = "application/json" payload = { 'msg': "Not authorized", 'code': 'not_authorized' } return Response(json.dumps(payload), 401, headers)
def _setup_auth(self): manager = LoginManager() manager.init_app(self) manager.request_loader(auth.authenticate) manager.unauthorized_handler(auth.unauthorized)
class Auth: GHOST = 0 USER = 1 ADMIN = 2 SUPER_ADMIN = 3 class Anonymous(AnonymousUserMixin): def __init__(self): self._id = None def get_id(self): return unicode('') def __init__(self): self.__login_manager = LoginManager() self.config = {} def init_app(self, app, config): print 'Attaching LoginManager to app.' self.__login_manager.init_app(app) self.__login_manager.anonymous_user = Auth.Anonymous self.config = config def load_user(user_id): if user_id == '': return None Users = Database['Users'] try: return Users.User.find_one({'_id': ObjectId(user_id)}) except: return None def unauthorized(): return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED self.__login_manager.user_loader(load_user) self.__login_manager.unauthorized_handler(unauthorized) self.__bcrypt = Bcrypt(app) def login_manager(self): return self.__login_manager def require(self, user_level): def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): if current_user.is_authenticated() and current_user.get_access_level() >= user_level: return f(*args, **kwargs) return self.__login_manager.unauthorized() return decorated_function return login_required def login(self, user_object, password): if user_object is not None: if self.__bcrypt.check_password_hash(user_object['password'], password): if not login_user(user_object): return resource_strings["USER_NOT_ACTIVATED"] else: return 'Invalid password' else: return 'Invalid email' return None def login_social(self, login_type, token): user_object = None try: user_object = SocialSignin.verify(login_type, token) except SocialSignin.Invalid as e: return str(e) login_user(user_object) def logout(self): logout_user() def hash_password(self, password): return self.__bcrypt.generate_password_hash(password) # decorator that protects other users from PUT/POST/DELETE on you stuff # user_id _must_ be passed in as 'user_id' def only_me(self, function): @wraps(function) def inner(*args, **kwargs): if kwargs['user_id'] != 'me': return '{}', HTTP_401_UNAUTHORIZED return function(*args, **kwargs) return inner
admin_pwd = g.config.get('security/password') return User(admin_id, admin_pwd) return None login_manager = LoginManager() login_manager.init_app(app) login_manager.login_view = 'login' login_manager.user_loader(load_user) if _missing_secret_key: def _handler(): raise FoodTruckConfigNotFoundError() logger.debug("No secret key found, disabling website.") login_manager.unauthorized_handler(_handler) login_manager.login_view = None try: from flask.ext.bcrypt import Bcrypt except ImportError: logging.warning("Bcrypt not available... falling back to SHA512.") logging.warning("Run `pip install Flask-Bcrypt` for more secure " "password hashing.") import hashlib def generate_password_hash(password): return hashlib.sha512(password.encode('utf8')).hexdigest()
cur = db.execute("select wishstr from wishlists where usr=?",[g.user.id]) items = cur.fetchall() items = [i[0] for i in items] return render_template("wishlist_search.html", user=g.user, items=items, form=form) """ Users and login """ @lm.user_loader def load_user(userid): return User.get(userid) lm.unauthorized_handler(require_login) @app.before_request def before_request(): g.user = current_user """ SocketIO """ @socketio.on('message', namespace='/thechat') def send_message(message): if current_user.is_authenticated(): escaped_message = Markup.escape(message['data']) # escape the message before broadcasting it! emit('response',{'data': escaped_message, 'user': current_user.id},broadcast=True) else: