def oauth_authorize(): auth_obj = session['auth_obj'] auth_obj.set_current_source(auth_obj.source.get_source_name()) status, msg = auth_obj.login() if status: session['auth_source_manager'] = auth_obj.as_dict() if 'auth_obj' in session: session.pop('auth_obj') return redirect(get_post_login_redirect()) if 'auth_obj' in session: session.pop('auth_obj') logout_user() flash(msg, 'danger') return redirect(get_post_login_redirect())
def login(provider_id): """Starts the provider login OAuth flow""" provider = get_provider_or_404(provider_id) callback_url = get_authorize_callback('login', provider_id) post_login = request.form.get('next', get_post_login_redirect()) session[config_value('POST_OAUTH_LOGIN_SESSION_KEY')] = post_login return provider.authorize(callback_url)
def login_handler(response, provider, query): """Shared method to handle the signin process""" connection = _datastore.find_connection(**query) if connection: after_this_request(_commit) token_pair = get_token_pair_from_oauth_response(provider, response) if (token_pair['access_token'] != connection.access_token or token_pair['secret'] != connection.secret): connection.access_token = token_pair['access_token'] connection.secret = token_pair['secret'] _datastore.put(connection) user = connection.user login_user(user) key = _social.post_oauth_login_session_key redirect_url = session.pop(key, get_post_login_redirect()) login_completed.send(current_app._get_current_object(), provider=provider, user=user) return redirect(redirect_url) login_failed.send(current_app._get_current_object(), provider=provider, oauth_response=response) next_url = get_url(_security.login_manager.login_view) msg = '%s account not associated with an existing user' % provider.name do_flash(msg, 'error') return redirect(next_url)
def connect_handler(cv, provider): """Shared method to handle the connection process :param connection_values: A dictionary containing the connection values :param provider_id: The provider ID the connection shoudl be made to """ cv.setdefault('user_id', current_user.get_id()) connection = _datastore.find_connection( provider_id=cv['provider_id'], provider_user_id=cv['provider_user_id']) if connection is None: after_this_request(_commit) connection = _datastore.create_connection(**cv) msg = ('Connection established to %s' % provider.name, 'success') connection_created.send(current_app._get_current_object(), user=current_user._get_current_object(), connection=connection) else: msg = ('A connection is already established with %s ' 'to your account' % provider.name, 'notice') connection_failed.send(current_app._get_current_object(), user=current_user._get_current_object()) next_url = request.form.get('next', get_post_login_redirect()) redirect_url = (next_url or session.pop( config_value('POST_OAUTH_CONNECT_SESSION_KEY'), get_url(config_value('CONNECT_ALLOW_VIEW')))) do_flash(*msg) return redirect(redirect_url)
def remove_connection(provider_id, provider_user_id): """Remove a specific connection for the authenticated user to the specified provider """ provider = get_provider_or_404(provider_id) ctx = dict(provider=provider.name, user=current_user, provider_user_id=provider_user_id) deleted = _datastore.delete_connection(user_id=current_user.get_id(), provider_id=provider_id, provider_user_id=provider_user_id) if deleted: after_this_request(_commit) msg = ('Connection to %(provider)s removed' % ctx, 'info') connection_removed.send(current_app._get_current_object(), user=current_user._get_current_object(), provider_id=provider_id) else: msg = ('Unabled to remove connection to %(provider)s' % ctx, 'error') do_flash(*msg) return redirect(request.referrer or get_post_login_redirect())
def login_handler(response, provider, query): """Shared method to handle the signin process""" connection = _datastore.find_connection(**query) if connection: after_this_request(_commit) token_pair = get_token_pair_from_oauth_response(provider, response) if (token_pair['access_token'] != connection.access_token or token_pair['secret'] != connection.secret): connection.access_token = token_pair['access_token'] connection.secret = token_pair['secret'] _datastore.put(connection) user = connection.user login_user(user) key = _social.post_oauth_login_session_key redirect_url = session.pop(key, get_post_login_redirect()) login_completed.send(current_app._get_current_object(), provider=provider, user=user) return redirect(redirect_url) login_failed.send(current_app._get_current_object(), provider=provider, oauth_response=response) next = get_url(_security.login_manager.login_view) msg = '%s account not associated with an existing user' % provider.name do_flash(msg, 'error') return redirect(next)
def login(provider_id): """Starts the provider login OAuth flow""" provider = get_provider_or_404(provider_id) callback_url = get_authorize_callback('oauth.login', provider_id) post_login = request.form.get('next', get_post_login_redirect()) session['post_oauth_login_url'] = post_login return provider.authorize(callback_url)
def login_handler(response, provider, query): """Shared method to handle the signin process""" connection = _datastore.find_connection(**query) if connection: after_this_request(_commit) user = connection.user login_user(user) key = _social.post_oauth_login_session_key redirect_url = session.pop(key, get_post_login_redirect()) login_completed.send(current_app._get_current_object(), provider=provider, user=user) return redirect(redirect_url) login_failed.send(current_app._get_current_object(), provider=provider, oauth_response=response) session['failed_login_connection'] = \ get_connection_values_from_oauth_response(provider, response) next = make_external('/#!login/provider/' + provider.id) #next = get_url(_security.login_manager.login_view) #msg = '%s account not associated with an existing user' % provider.name #do_flash(msg, 'error') return redirect(next)
def login(): if request.is_json: form = _security.login_form(MultiDict(request.get_json())) else: form = _security.login_form(request.form) if form.validate_on_submit(): login_user(form.user, remember=form.remember.data) after_this_request(_commit) if not request.is_json: return redirect(get_post_login_redirect(form.next.data)) if not request.is_json: return _security.render_template(config_value('LOGIN_USER_TEMPLATE'), login_user_form=form, **_ctx('login')) # override error messages if necessary confirmation_required = get_message('CONFIRMATION_REQUIRED')[0] if confirmation_required in form.errors.get('email', []): return jsonify({ 'error': confirmation_required, }), HTTPStatus.UNAUTHORIZED elif form.errors: username_fields = config_value('USER_IDENTITY_ATTRIBUTES') return jsonify({ 'error': f"Invalid {', '.join(username_fields)} and/or password." }), HTTPStatus.UNAUTHORIZED return jsonify({ 'user': form.user, 'token': form.user.get_auth_token(), })
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES) session['_auth_source_manager_obj'] = None # Validate the user if not auth_obj.validate(): for field in form.errors: for error in form.errors[field]: flash(error, 'warning') return flask.redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() if not status: flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect()) session['_auth_source_manager_obj'] = auth_obj.as_dict() return flask.redirect(get_post_login_redirect()) flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect())
def oidc_login(): auth_obj = AuthSourceManager(None, ['oidc']) print("Logging auth_obj") print(auth_obj) session['_auth_source_manager_obj'] = auth_obj.as_dict() print("added _auth_source_manager_obj to session") oidc_auth_source = get_auth_sources("oidc") print("Logging oidc_auth_source") print(oidc_auth_source) unique_id = "u" + oidc.user_getfield('sub') + "@cyton" display_name = oidc.user_getfield('preferred_username') email = oidc.user_getfield('email') if email is None or email == "None": email = unique_id user = User.query.filter_by(username=unique_id).first() if user is None: res, user = create_user({ 'username': unique_id, 'email': email, 'role': 2, 'active': True, 'is_active': True, 'auth_source': 'oidc' }) print("Logging res and user") print(res) print(user) print("querying for user") user = User.query.filter_by(username=unique_id).first() print("Logging user:"******"loading servers.json for user") storage_dir = get_storage_directory() print("storage_dir") print(storage_dir) system('rm -f ' + storage_dir + '/pgpassfile') system('cp /pgadmin4/pgpass/pgpassfile ' + storage_dir + '/') system('chmod 0600 ' + storage_dir + '/pgpassfile') system('/usr/local/bin/python /pgadmin4/setup.py --load-servers "' + environ.get('PGADMIN_SERVER_JSON_FILE') + '" --user ' + unique_id) return redirect(get_post_login_redirect())
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES) session['_auth_source_manager_obj'] = None # Validate the user if not auth_obj.validate(): for field in form.errors: for error in form.errors[field]: flash(error, 'warning') return flask.redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() current_auth_obj = auth_obj.as_dict() if not status: if current_auth_obj['current_source'] ==\ KERBEROS: return flask.redirect('{0}?next={1}'.format( url_for('authenticate.kerberos_login'), url_for('browser.index'))) flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect()) session['_auth_source_manager_obj'] = current_auth_obj return flask.redirect(get_post_login_redirect()) elif isinstance(msg, Response): return msg flash(gettext(msg), 'danger') response = flask.redirect(get_post_logout_redirect()) return response
def login_handler(response, provider, query): """Shared method to handle the signin process""" connection = _datastore.find_connection(**query) if connection: after_this_request(_commit) user = connection.user login_user(user) key = _social.post_oauth_login_session_key redirect_url = session.pop(key, get_post_login_redirect()) login_completed.send(current_app._get_current_object(), provider=provider, user=user) return redirect(redirect_url) login_failed.send(current_app._get_current_object(), provider=provider, oauth_response=response) session['failed_login_connection'] = \ get_connection_values_from_oauth_response(provider, response) next = make_external('/#!login/provider/'+provider.id) #next = get_url(_security.login_manager.login_view) #msg = '%s account not associated with an existing user' % provider.name #do_flash(msg, 'error') return redirect(next)
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, copy.deepcopy(config.AUTHENTICATION_SOURCES)) if OAUTH2 in config.AUTHENTICATION_SOURCES \ and 'oauth2_button' in request.form: session['auth_obj'] = auth_obj session['auth_source_manager'] = None username = form.data['email'] user = User.query.filter_by(username=username, auth_source=INTERNAL).first() if user: if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0: user.locked = True else: user.locked = False db.session.commit() if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0: flash( gettext('Your account is locked. Please contact the ' 'Administrator.'), 'warning') logout_user() return redirect(get_post_logout_redirect()) # Validate the user if not auth_obj.validate(): for field in form.errors: flash_login_attempt_error = None if user and field in config.LOGIN_ATTEMPT_FIELDS: if config.MAX_LOGIN_ATTEMPTS > 0: user.login_attempts += 1 left_attempts = \ config.MAX_LOGIN_ATTEMPTS - user.login_attempts if left_attempts > 1: flash_login_attempt_error = \ gettext('{0} more attempts remaining.'. format(left_attempts)) else: flash_login_attempt_error = \ gettext('{0} more attempt remaining.'. format(left_attempts)) db.session.commit() for error in form.errors[field]: if flash_login_attempt_error: error = error + flash_login_attempt_error flash_login_attempt_error = None flash(error, 'warning') return redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() current_auth_obj = auth_obj.as_dict() if not status: if current_auth_obj['current_source'] == \ KERBEROS: return redirect('{0}?next={1}'.format( url_for('authenticate.kerberos_login'), url_for('browser.index'))) flash(msg, 'danger') return redirect(get_post_logout_redirect()) session['auth_source_manager'] = current_auth_obj if user: user.login_attempts = 0 db.session.commit() if 'auth_obj' in session: session.pop('auth_obj') return redirect(get_post_login_redirect()) elif isinstance(msg, Response): return msg elif 'oauth2_button' in request.form and not isinstance(msg, str): return msg if 'auth_obj' in session: session.pop('auth_obj') flash(msg, 'danger') response = redirect(get_post_logout_redirect()) return response
if form.validate_on_submit(): try: user = _security.auth_provider.authenticate(form) except ConfirmationError, e: msg = str(e) confirm_url = url_for('send_confirmation', email=e.user.email) except BadCredentialsError, e: msg = str(e) form.password.errors.append(msg) if user: if login_user(user, remember=form.remember.data): after_this_request(_commit) if request.json: return _json_auth_ok(user) return redirect(get_post_login_redirect()) form.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) _logger.debug('Unsuccessful authentication attempt: %s' % msg) if request.json: return _json_auth_error(msg) if confirm_url: do_flash(msg, 'error') return redirect(confirm_url) return render_template('security/login.html', login_form=form, **_ctx('login'))