def test_load_permissions_on_identity_loaded(app):
"""Check that the needs are loaded properly in the user Identity."""
InvenioAccess(app)
with app.test_request_context():
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
assert g.identity.provides == {any_user}
with app.test_request_context():
user = testutils.create_test_user('*****@*****.**')
login_user(user)
assert g.identity.provides == {
any_user, authenticated_user, UserNeed(user.id)
}
logout_user()
# FIXME: The user is still authenticatd when the identity loader
# is called during logout. We could filter on AnonymousIdentity, but
# This would be inconsistent as the UserNeed(user.id) is still there.
# This will pass even if it is unexpected:
# assert g.identity.provides == {
# any_user, authenticated_user, UserNeed(user.id)
# }
# Forcing the identity to reload again cleans the mess. In practice
# this won't be needed as the identity is reloaded between requests.
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
assert g.identity.provides == {any_user}
def logoutsponsor():
"""User log-out logic."""
logout_user()
# tell flask principal the user is annonymous
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
# print annonymousidentity to console
identity_object = AnonymousIdentity()
# printing identity_object to console for verification
print('Sent: ', identity_object, ' ...to current_app', file=sys.stderr)
return redirect(url_for('auth_bp.login'))
def stop_frontdesk():
Work = work.query.filter(work.employeeID == current_user.employeeID,
work.endTimeAuto == None,
work.endTimeManual == None).first()
if Work == None:
flash("No work have been started, please start a new session",
"danger")
return redirect(url_for('startstop_frontdesk'))
code = work.query.filter(work.employeeID == current_user.employeeID,
work.endTimeAuto == None,
work.endTimeManual == None).first()
if code:
limit = timedelta(days=1, hours=0, minutes=0, seconds=0)
if ((datetime.now() - code.startTimeAuto) > limit) or (
(datetime.now() - code.startTimeManual) > limit):
code.endTimeAuto = datetime(9999, 1, 1, 1, 1, 1)
code.endTimeManual = datetime(9999, 1, 1, 1, 1, 1)
db.session.commit()
flash(
"Start time exceeds 24 hours, please contact Ken/Brandon to adjust previous work",
"danger")
return render_template('startstop_frontdesk.html')
Work.endTimeManual = datetime.now()
Work.endTimeAuto = datetime.now()
db.session.commit()
logout_user()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
flash("successfully stopped this shift!", "success")
return redirect(url_for('home'))
def get(self):
"""
Log user out by revoking his auth tokens.
---
description: Once logged out, current user cannot access the API anymore.
tags:
- Authentification
responses:
200:
description: Logout successful
500:
description: Access token not found
"""
try:
logout()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
except KeyError:
return {"Access token not found."}, 500
logout_data = {"logout": True}
if is_from_browser(request.user_agent):
response = jsonify(logout_data)
unset_jwt_cookies(response)
return response
else:
return logout_data
def logout():
"""Log out the current user"""
logout_user()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect(url_for('auth.login'))
def logout_user():
"""Logs out the current user.
This will also clean up the remember me cookie if it exists.
This sends an ``identity_changed`` signal to note that the current
identity is now the `AnonymousIdentity`
"""
for key in ("identity.name", "identity.auth_type", "fs_paa", "fs_gexp"):
session.pop(key, None)
# Clear csrf token between sessions.
# Ideally this would be handled by Flask-WTF but...
# We don't clear entire session since Flask-Login seems to like having it.
csrf_field_name = find_csrf_field_name()
if csrf_field_name:
session.pop(csrf_field_name, None)
# Flask-WTF 'caches' csrf_token - and only set the session if not already
# in 'g'. Be sure to clear both. This affects at least /confirm
g.pop(csrf_field_name, None)
session["fs_cc"] = "clear"
identity_changed.send(
current_app._get_current_object(), identity=AnonymousIdentity()
)
_logout_user()
def logout():
logout_user()
# notify the change of role
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect("/")
def update_user(user=None):
"""
Install the user as current user of the app.
Setup the g.current_user variable.
Add the user to the session.
Update Flask-Principal.
If no user, install AnonymousIdentity
"""
if user:
db.session.add(user)
db.session.commit()
g.current_user = user
# Tell Flask-Principal the identity changed
identity = Identity(user.id)
identity.user = user
# By default we can self need
identity.provides.add(UserNeed(user.id))
# Add roles
for role in user.roles:
identity.provides.add(RoleNeed(role.name))
identity_changed.send(current_app._get_current_object(),
identity=identity)
else:
# Tell Flask-Principal the user is anonymous
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
def logout():
""" log the user out """
# persist the user's logout time before loging them out
hist = (
AuthHistory.query.filter_by(user_id=current_user.id)
.order_by(AuthHistory.login.desc())
.first()
)
if hist is not None:
hist.logout = datetime.now()
db.session.add(hist)
db.session.commit()
# handy-dandy convenience function from Flask-Login to log the user out and invalidate
# their session
logout_user()
# remove session keys set by Flask-Principal
for key in ("identity.id", "identity.auth_type"):
session.pop(key, None)
# tell flask-principal the user is anonymous
identity_changed.send(
current_app._get_current_object(), identity=AnonymousIdentity()
)
return redirect(url_for("auth.login"))
def logout():
next_url = request.args.get('next')
logout_user()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
flash(u"注销成功!", category="success")
return redirect(next_url or url_for('blog.index'))
def add_permissions(self, item, **kwargs):
"""Add permissions to record.
:param item: Dict representing the record.
:returns: Modified dict.
"""
service = sonar.service('projects')
identity = g.get('identity', AnonymousIdentity())
item['metadata']['permissions'] = {
'read':
service.permission_policy('read', **{
'record': item
}).allows(identity),
'update':
service.permission_policy('update', **{
'record': item
}).allows(identity),
'delete':
service.permission_policy('delete', **{
'record': item
}).allows(identity)
}
return item
def __call__(self, ids):
"""Return the mapping when evaluated."""
identity = AnonymousIdentity()
if not self.cache:
vocabs = current_service.read_many(identity,
type=self.vocabulary,
ids=ids,
fields=self.fields)
else:
vocabs = current_service.read_all(identity,
type=self.vocabulary,
fields=self.fields)
labels = {}
vocab_list = list(vocabs.hits) # the service returns a generator
ids = set(ids)
seen = set()
for vocab in vocab_list:
# cannot loop over ids because vocab id is inside each item
if len(ids) == len(seen):
break
id_ = vocab["id"]
if id_ in ids:
labels[id_] = lazy_get_label(vocab["title"])
seen.add(id_)
return labels
def set_identity():
if current_user and not current_user.is_anonymous:
if not hasattr(g, 'identity'):
g.identity = Identity(current_user.id)
else:
if not hasattr(g, 'identity'):
g.identity = AnonymousIdentity()
def logout():
"""Remove the user and data from the session"""
logout_user()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
flash("You have been logged out.", category="success")
return redirect(url_for('.login'))
def logout():
session.pop('name')
# Using the Flask-Login to processing and check the logout status for user.
logout_user()
identity_changed.send(app._get_current_object(),
identity=AnonymousIdentity())
return redirect(url_for('home.login'))
def logout():
logout_user()
for key in ('identity.name', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect(url_for('frame.index1'))
def get(self):
logout_user()
for key in ('identity.id', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect(request.args.get('next') or '/')
def logout():
logout_user()
# Tell Flask-Principal the user is anonymous
identity_changed.send(auth, dentity=AnonymousIdentity())
return redirect(url_for('auth.login'))
def logout():
logout_user()
#注销后身份变成匿名
identity_changed.send(
current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect(url_for('auth.login'))
def user_passwd_edit(post_id):
error = None
# if not writer_permission.can():
# error = u'你没有验证账户,不能修改密码,请尽快验证账户.'
# return jsonify(judge=False, error=error)
form = EditPasswdForm()
action = EditManager(post_id, form)
if form.validate_on_submit() and request.method == "POST":
user = User.query.filter_by(id=post_id).first()
if check_password_hash(user.password, form.passwd.data):
action.edit_user_passwd()
flash('密码修改成功,请重新登陆')
logout_user()
for key in ('identity.id', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
error = "密码修改"
return jsonify(judge=True, error=error)
else:
error = u'密码错误,请重新输入'
return jsonify(judge=False, error=error)
else:
if form.errors:
return return_errors(form)
else:
pass
return redirect(url_for('index.index'))
def logout():
for key in ['identity.id', 'identity.auth_type']:
session.pop(key, None)
logout_user()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return jsonify({"message": "User Logged Out."}), 200
def load_identity():
if request.path.startswith("/static/"):
return AnonymousIdentity()
reconfig = session.get('reload_roles', False)
if reconfig:
session.pop('reload_roles')
username = session.get('user')
if not username or reconfig:
app.logger.debug("New user loaded")
if app.config['DEBUG']:
username = load_user_debug(app.config['ADMIN_USER'])
else:
username = load_user_header('REMOTE_USER')
session['user'] = username
roles = session.get('roles')
if not roles or reconfig:
user = User.query.filter_by(name=username).first()
if not user:
g.user = '******'
return AnonymousIdentity()
roles = [role.name for role in user.roles] if user.active else []
app.logger.debug("New roles loaded: %s", roles)
session['roles'] = roles
session['active'] = user.active
user_groups = [x.group_name for x in user.groups]
app.logger.debug("New group ACL loaded: %s->%s", username, user_groups)
session['groups'] = user_groups
identity = Identity(username)
if session.get('active'):
for role in roles:
identity.provides.add(RoleNeed(role))
# Do we really want a Need() per group? Better to do it ourselves
# for group in session.get('groups', []):
# identity.provides.add(RoleNeed(group))
# Utilities stored in request context (g)
g.user = username
g.roles = roles
g.can_change = lambda x: can_change_group(x.full_name)
return identity
def setting():
'''用户设置'''
error = None
form = SettingForm()
passwd_form = NewPasswdForm()
mode = request.args.get('mode')
if mode == 'setting':
if form.validate_on_submit() and request.method == "POST":
introduce = form.introduce.data
school = form.school.data
word = form.word.data
current_user.infor.introduce = introduce
current_user.infor.school = school
current_user.infor.word = word
db.session.commit()
flash('资料更新成功')
return jsonify(judge=True, error=error)
else:
if form.errors:
return return_errors(form)
else:
pass
return redirect(url_for('user.setting'))
elif mode == 'password':
if passwd_form.validate_on_submit() and request.method == "POST":
user = User.query.filter_by(name=current_user.name).first()
passwd = passwd_form.passwd.data
rpasswd = passwd_form.rpasswd.data
if not User.check_password(user.passwd, passwd):
error = u'密码错误'
return jsonify(judge=False, error=error)
else:
user.passwd = generate_password_hash(rpasswd)
db.session.commit()
logout_user()
session.clear()
for key in ('identity.id', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
flash('密码修改成功,请重新登陆')
return jsonify(judge=True, error=error)
else:
if passwd_form.passwd.errors:
error = passwd_form.passwd.errors
return jsonify(judge=False, error=error)
elif passwd_form.npasswd.errors:
error = passwd_form.npasswd.errors
return jsonify(judge=False, error=error)
else:
return redirect(url_for('user.setting'))
else:
form.school.data = current_user.infor.school
form.word.data = current_user.infor.word
form.introduce.data = current_user.infor.introduce
return render_template('user/user_settings.html',
category=category,
passwd_form=passwd_form,
form=form)
def logout():
logout_user()
identity_changed.send(
current_app._get_current_object(),
identity=AnonymousIdentity()
)
flash("你已注销!", category="success")
return redirect(url_for('blog.home'))
def logout():
logout_user()
identity_changed.send(
current_app._get_current_object(),
identity=AnonymousIdentity()
)
flash('注销成功', category='success')
return redirect(url_for('bp_seq.index'))
def logout():
logout_user()
# Notify flask principal that the user has logged out
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect(url_for('index.render_feed'))
def logout():
logout_user()
for key in ('indentity_name', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
next_url = request.args.get('next', '/')
return redirect(next_url)
def logout():
logout_user()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
flash('退出账户!', category='success')
return redirect(url_for('.home'))
def logout():
logout_user()
identity_changed.send(
current_app._get_current_object(),
identity=AnonymousIdentity()
)
flash(u"成功退出", category='success')
return redirect(url_for('basic.login'))
def logout():
logout_user()
for key in ('identity.name', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(app, identity=AnonymousIdentity())
return redirect(url_for('login'))
