dan
/
ti-account-app
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
67 KiB
Branch: mistress
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'mistress'
${ noResults }
ti-account-app/accounts/auth/views.py

162 lines
4.8 KiB
Raw Permalink Normal View History

Big login update, combine flask-login with ldap to enable persistent domain-wide cookies
3 years ago
Add cache buster
3 years ago
Big login update, combine flask-login with ldap to enable persistent domain-wide cookies
3 years ago
Remove passwords from db
3 years ago
Big login update, combine flask-login with ldap to enable persistent domain-wide cookies
3 years ago
 
  1. from flask import request, render_template, flash, redirect, \
  2.     url_for, Blueprint, g
  3. from flask_login import current_user, login_user, \
  4.     logout_user, login_required
  5. from ldap3 import MODIFY_REPLACE
  6. from ldap3.core.exceptions import LDAPBindError
  7. from accounts import login_manager, db
  8. from accounts.auth.models import User, LoginForm, get_ldap_connection
  9. from email_validator import validate_email, EmailNotValidError
  10. 

  11.  
  12. auth = Blueprint('auth', __name__)
  13.  
  14.  
  15. @login_manager.user_loader
  16. def load_user(id):
  17.     return User.query.get(int(id))
  18.  
  19.  
  20. @auth.before_request
  21. def get_current_user():
  22.     g.user = current_user
  23.  
  24.  
  25. @auth.route('/')
  26. @login_required
  27. def home():
  28.     return render_template('profile.j2', user = current_user.get_user_dict())
  29. 

  30. 

  31. @auth.route('/update/email', methods=['POST'])
  32. @login_required
  33. def update_email():
  34.     if request.method == 'POST':
  35.         email = request.form['email']
  36.         dn = request.form['dn']
  37. 

  38.         if email != None and len(email) > 0:
  39.             try:
  40.                 # Validate.
  41.                 valid = validate_email(email)
  42. 

  43.                 # Update with the normalized form.
  44.                 conn = get_ldap_connection()
  45.                 conn.modify(dn, {'mail': [(MODIFY_REPLACE, [valid.email])]})
  46.                 return 'Success'
  47.             except EmailNotValidError as e:
  48.                 # email is not valid, exception message is human-readable
  49.                 print(str(e))
  50.                 return 'Invalid email address'
  51.     return 'Email cannot be empty'
  52. 

  53. 

  54. @auth.route('/update/name', methods=['POST'])
  55. @login_required
  56. def update_name():
  57.     if request.method == 'POST':
  58.         firstName = request.form['firstName']
  59.         lastName = request.form['lastName']
  60.         dn = request.form['dn']
  61. 

  62.         if (firstName != None and len(firstName) > 0) and (lastName != None and len(lastName) > 0):
  63.             conn = get_ldap_connection()
  64.             conn.modify(dn, {'givenName': [(MODIFY_REPLACE, [firstName])],
  65.                              'sn': [(MODIFY_REPLACE, [lastName])]})
  66.             return 'Success'
  67.     return 'Name cannot be empty'
  68. 

  69. 

  70. @auth.route('/update/username', methods=['POST'])
  71. @login_required
  72. def update_username():
  73.     if request.method == 'POST':
  74.         userName = request.form['userName']
  75.         dn = request.form['dn']
  76. 

  77.         if userName != None and len(userName) > 0:
  78.             conn = get_ldap_connection()
  79.             conn.modify(dn, {'uid': [(MODIFY_REPLACE, [userName])]})
  80.             return 'Success'
  81.     return 'Username cannot be empty'
  82. 

  83. 

  84. @auth.route('/update/password', methods=['POST'])
  85. @login_required
  86. def update_password():
  87.     if request.method == 'POST':
  88.         currentPassword = request.form['currentPassword']
  89.         newPassword = request.form['newPassword']
  90.         confirmPassword = request.form['confirmPassword']
  91.         dn = request.form['dn']
  92. 

  93.         if currentPassword == '':
  94.             return 'Please enter your current password'
  95. 

  96.         if newPassword == '':
  97.             return 'Please enter a new password'
  98. 

  99.         if confirmPassword == '':
  100.             return 'Please confirm your new password'
  101. 

  102.         if newPassword != confirmPassword:
  103.             return 'Could not confirm new password, please make sure you typed it correctly'
  104. 

  105.         try:
  106.             User.try_login(current_user.username, currentPassword)
  107.         except LDAPBindError:
  108.             return 'Current password is incorrect'
  109. 

  110.         conn = get_ldap_connection()
  111.         conn.extend.standard.modify_password(user=dn, new_password=newPassword)
  112.         return 'Success'
  113.     return 'Error'
  114.  
  115.  
  116. @auth.route('/login', methods=['GET', 'POST'])
  117. def login():
  118.     if current_user.is_authenticated:
  119.         flash('You are already logged in.')
  120.         return redirect(url_for('auth.home'))
  121.  
  122.     form = LoginForm(request.form)
  123.  
  124.     if request.method == 'POST' and form.validate():
  125.         username = request.form.get('username')
  126.         password = request.form.get('password')
  127.  
  128.         try:
  129.             User.try_login(username, password)
  130.         except LDAPBindError:
  131.             flash(
  132.                 'Invalid username or password. Please try again.',
  133.                 'danger')
  134.             return render_template('login.j2', form=form)
  135. 

  136.         user = User.query.filter(User.username == username).first()
  137. 

  138.         print(user)
  139.         if user is None:
  140.             user = User(username)
  141.             db.session.add(user)
  142.         user.authenticated = True
  143.         db.session.commit()
  144.         login_user(user, remember=form.remember_me.data)
  145. 

  146.         print('You have successfully logged in.')
  147.         return redirect(url_for('auth.home'))
  148.  
  149.     if form.errors:
  150.         flash(form.errors, 'danger')
  151.  
  152.     return render_template('login.j2', form=form)
  153.  
  154.  
  155. @auth.route('/logout')
  156. @login_required
  157. def logout():
  158.     user = current_user
  159.     user.authenticated = False
  160.     db.session.add(user)
  161.     db.session.commit()
  162.     logout_user()
  163.     return redirect(url_for('auth.home'))