from flask import request, render_template, flash, redirect, \ url_for, Blueprint, g from flask_login import current_user, login_user, \ logout_user, login_required from ldap3 import MODIFY_REPLACE from ldap3.core.exceptions import LDAPBindError from accounts import login_manager, db from accounts.auth.models import User, LoginForm, get_ldap_connection from email_validator import validate_email, EmailNotValidError auth = Blueprint('auth', __name__) @login_manager.user_loader def load_user(id): return User.query.get(int(id)) @auth.before_request def get_current_user(): g.user = current_user @auth.route('/') @login_required def home(): return render_template('profile.j2', user = current_user.get_user_dict()) @auth.route('/update/email', methods=['POST']) @login_required def update_email(): if request.method == 'POST': email = request.form['email'] dn = request.form['dn'] if email != None and len(email) > 0: try: # Validate. valid = validate_email(email) # Update with the normalized form. conn = get_ldap_connection() conn.modify(dn, {'mail': [(MODIFY_REPLACE, [valid.email])]}) return 'Success' except EmailNotValidError as e: # email is not valid, exception message is human-readable print(str(e)) return 'Invalid email address' return 'Email cannot be empty' @auth.route('/update/name', methods=['POST']) @login_required def update_name(): if request.method == 'POST': firstName = request.form['firstName'] lastName = request.form['lastName'] dn = request.form['dn'] if (firstName != None and len(firstName) > 0) and (lastName != None and len(lastName) > 0): conn = get_ldap_connection() conn.modify(dn, {'givenName': [(MODIFY_REPLACE, [firstName])], 'sn': [(MODIFY_REPLACE, [lastName])]}) return 'Success' return 'Name cannot be empty' @auth.route('/update/username', methods=['POST']) @login_required def update_username(): if request.method == 'POST': userName = request.form['userName'] dn = request.form['dn'] if userName != None and len(userName) > 0: conn = get_ldap_connection() conn.modify(dn, {'uid': [(MODIFY_REPLACE, [userName])]}) return 'Success' return 'Username cannot be empty' @auth.route('/update/password', methods=['POST']) @login_required def update_password(): if request.method == 'POST': currentPassword = request.form['currentPassword'] newPassword = request.form['newPassword'] confirmPassword = request.form['confirmPassword'] dn = request.form['dn'] if currentPassword == '': return 'Please enter your current password' if newPassword == '': return 'Please enter a new password' if confirmPassword == '': return 'Please confirm your new password' if newPassword != confirmPassword: return 'Could not confirm new password, please make sure you typed it correctly' try: User.try_login(current_user.username, currentPassword) except LDAPBindError: return 'Current password is incorrect' conn = get_ldap_connection() conn.extend.standard.modify_password(user=dn, new_password=newPassword) return 'Success' return 'Error' @auth.route('/login', methods=['GET', 'POST']) def login(): if current_user.is_authenticated: flash('You are already logged in.') return redirect(url_for('auth.home')) form = LoginForm(request.form) if request.method == 'POST' and form.validate(): username = request.form.get('username') password = request.form.get('password') try: User.try_login(username, password) except LDAPBindError: flash( 'Invalid username or password. Please try again.', 'danger') return render_template('login.j2', form=form) user = User.query.filter(User.username == username).first() print(user) if user is None: user = User(username) db.session.add(user) user.authenticated = True db.session.commit() login_user(user, remember=form.remember_me.data) print('You have successfully logged in.') return redirect(url_for('auth.home')) if form.errors: flash(form.errors, 'danger') return render_template('login.j2', form=form) @auth.route('/logout') @login_required def logout(): user = current_user user.authenticated = False db.session.add(user) db.session.commit() logout_user() return redirect(url_for('auth.home'))