def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.choose_account'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user:
if user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address.lower() != invited_user['email_address'].lower():
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
session['user_details'] = {
'id': user.id,
'email': user.email_address,
}
if user.is_active:
if user.auth_type == 'email_auth':
return sign_in_email(user.id, user.email_address)
elif user.auth_type == 'sms_auth':
return sign_in_sms(user.id, user.mobile_number)
# Vague error message for login in case of user not known,
# locked, inactive or password not verified
flash(Markup(
(
"The email address or password you entered is incorrect."
" <a href={password_reset}>Forgot your password</a>?"
).format(password_reset=url_for('.forgot_password'))
))
other_device = current_user.logged_in_elsewhere()
return render_template(
'views/signin.html',
form=form,
again=bool(request.args.get('next')),
other_device=other_device
)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for("main.show_accounts_or_dashboard"))
form = LoginForm()
if form.validate_on_submit():
login_data = {
"user-agent": request.headers["User-Agent"],
"location": _geolocate_ip(get_remote_addr(request)),
}
user = User.from_email_address_and_password_or_none(form.email_address.data, form.password.data, login_data)
if user and user.locked:
flash(
_("Your account has been locked after {} sign-in attempts. Please email us at [email protected]").format(
user.max_failed_login_count
)
)
abort(400)
if user and user.state == "pending":
return redirect(url_for("main.resend_email_verification"))
if user and session.get("invited_user"):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower():
flash(_("You cannot accept an invite for another person."))
session.pop("invited_user", None)
abort(403)
else:
invited_user.accept_invite()
requires_email_login = user and user.requires_email_login
if user and user.sign_in():
if user.sms_auth and not requires_email_login:
return redirect(url_for(".two_factor_sms_sent", next=request.args.get("next")))
if user.email_auth or requires_email_login:
args = {"requires_email_login": True} if requires_email_login else {}
return redirect(url_for(".two_factor_email_sent", **args))
# Vague error message for login in case of user not known, inactive or password not verified
flash(_("The email address or password you entered is incorrect."))
other_device = current_user.logged_in_elsewhere()
return render_template(
"views/signin.html",
form=form,
again=bool(request.args.get("next")),
other_device=other_device,
)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.show_accounts_or_dashboard'))
form = LoginForm()
password_reset_url = url_for('.forgot_password',
next=request.args.get('next'))
redirect_url = request.args.get('next')
if form.validate_on_submit():
user = User.from_email_address_and_password_or_none(
form.email_address.data, form.password.data)
if user and user.state == 'pending':
return redirect(
url_for('main.resend_email_verification', next=redirect_url))
if user and session.get('invited_user'):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower(
):
flash("You cannot accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invited_user.accept_invite()
if user and user.sign_in():
if user.sms_auth:
return redirect(url_for('.two_factor', next=redirect_url))
if user.email_auth:
return redirect(
url_for('.two_factor_email_sent', next=redirect_url))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(
Markup(
(f"The email address or password you entered is incorrect."
f" <a href={password_reset_url}>Forgotten your password?</a>"
)))
other_device = current_user.logged_in_elsewhere()
return render_template('views/signin.html',
form=form,
again=bool(redirect_url),
other_device=other_device,
password_reset_url=password_reset_url)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.show_accounts_or_dashboard'))
form = LoginForm()
if form.validate_on_submit():
login_data = {
"user-agent": request.headers["User-Agent"],
"location": _geolocate_ip(request.remote_addr)
}
user = User.from_email_address_and_password_or_none(
form.email_address.data, form.password.data, login_data)
if user and user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if user and session.get('invited_user'):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower(
):
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invited_user.accept_invite()
if user and user.sign_in():
if user.sms_auth:
return redirect(
url_for('.two_factor', next=request.args.get('next')))
if user.email_auth:
return redirect(url_for('.two_factor_email_sent'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(_("The email address or password you entered is incorrect."))
other_device = current_user.logged_in_elsewhere()
return render_template('views/signin.html',
form=form,
again=bool(request.args.get('next')),
other_device=other_device)