|
|
|
@ -1354,21 +1354,21 @@ def login():
|
|
|
|
|
@limiter.limit("3/minute", key_func=lambda: request.form.get('username', "").strip().lower())
|
|
|
|
|
def login_post():
|
|
|
|
|
form = request.form.to_dict()
|
|
|
|
|
username = form.get('username', "").strip().lower().replace("\n","\\n").replace("\r","")
|
|
|
|
|
try:
|
|
|
|
|
limiter.check()
|
|
|
|
|
except RateLimitExceeded:
|
|
|
|
|
flash(_(u"Please wait one minute before next login"), category="error")
|
|
|
|
|
return render_login(form.get("username", ""), form.get("password", ""))
|
|
|
|
|
return render_login(username, form.get("password", ""))
|
|
|
|
|
if current_user is not None and current_user.is_authenticated:
|
|
|
|
|
return redirect(url_for('web.index'))
|
|
|
|
|
if config.config_login_type == constants.LOGIN_LDAP and not services.ldap:
|
|
|
|
|
log.error(u"Cannot activate LDAP authentication")
|
|
|
|
|
flash(_(u"Cannot activate LDAP authentication"), category="error")
|
|
|
|
|
user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form.get('username', "").strip().lower()) \
|
|
|
|
|
.first()
|
|
|
|
|
user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == username).first()
|
|
|
|
|
remember_me = bool(form.get('remember_me'))
|
|
|
|
|
if config.config_login_type == constants.LOGIN_LDAP and services.ldap and user and form['password'] != "":
|
|
|
|
|
login_result, error = services.ldap.bind_user(form['username'], form['password'])
|
|
|
|
|
login_result, error = services.ldap.bind_user(username, form['password'])
|
|
|
|
|
if login_result:
|
|
|
|
|
log.debug(u"You are now logged in as: '{}'".format(user.name))
|
|
|
|
|
return handle_login_user(user,
|
|
|
|
@ -1388,7 +1388,7 @@ def login_post():
|
|
|
|
|
flash(_(u"Could not login: %(message)s", message=error), category="error")
|
|
|
|
|
else:
|
|
|
|
|
ip_address = request.headers.get('X-Forwarded-For', request.remote_addr)
|
|
|
|
|
log.warning('LDAP Login failed for user "%s" IP-address: %s', form['username'], ip_address)
|
|
|
|
|
log.warning('LDAP Login failed for user "%s" IP-address: %s', username, ip_address)
|
|
|
|
|
flash(_(u"Wrong Username or Password"), category="error")
|
|
|
|
|
else:
|
|
|
|
|
ip_address = request.headers.get('X-Forwarded-For', request.remote_addr)
|
|
|
|
@ -1397,7 +1397,7 @@ def login_post():
|
|
|
|
|
ret, __ = reset_password(user.id)
|
|
|
|
|
if ret == 1:
|
|
|
|
|
flash(_(u"New Password was send to your email address"), category="info")
|
|
|
|
|
log.info('Password reset for user "%s" IP-address: %s', form['username'], ip_address)
|
|
|
|
|
log.info('Password reset for user "%s" IP-address: %s', username, ip_address)
|
|
|
|
|
else:
|
|
|
|
|
log.error(u"An unknown error occurred. Please try again later")
|
|
|
|
|
flash(_(u"An unknown error occurred. Please try again later."), category="error")
|
|
|
|
@ -1413,9 +1413,9 @@ def login_post():
|
|
|
|
|
_(u"You are now logged in as: '%(nickname)s'", nickname=user.name),
|
|
|
|
|
"success")
|
|
|
|
|
else:
|
|
|
|
|
log.warning('Login failed for user "{}" IP-address: {}'.format(form['username'], ip_address))
|
|
|
|
|
log.warning('Login failed for user "{}" IP-address: {}'.format(username, ip_address))
|
|
|
|
|
flash(_(u"Wrong Username or Password"), category="error")
|
|
|
|
|
return render_login(form.get("username", ""), form.get("password", ""))
|
|
|
|
|
return render_login(username, form.get("password", ""))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@web.route('/logout')
|
|
|
|
|