diff --git a/app/templates/user_profile.html b/app/templates/user_profile.html index 80a8504..6b9e3ba 100644 --- a/app/templates/user_profile.html +++ b/app/templates/user_profile.html @@ -19,7 +19,7 @@
-

Edit my profile{% if external_account %} [Disabled - Authenticated externally]{% endif %}

+

Edit my profile{% if session['authentication_type'] != 'LOCAL' %} [Disabled - Authenticated externally]{% endif %}

@@ -29,10 +29,11 @@ Info
  • Change Avatar
    • - {% if not external_account %}
  • Change - Password
    • -
  • Authentication -
    • + {% if session['authentication_type'] == 'LOCAL' %} +
  • Change Password
    • + {% endif %} + {% if session['authentication_type'] in ['LOCAL', 'LDAP'] %} +
  • Authentication
    • {% endif %}
    @@ -41,18 +42,18 @@
    + placeholder="{{ current_user.firstname }}" {% if session['authentication_type'] != 'LOCAL' %}disabled{% endif %}>
    + placeholder="{{ current_user.lastname }}" {% if session['authentication_type'] != 'LOCAL' %}disabled{% endif %}>
    -
    {% if not external_account %} + placeholder="{{ current_user.email }}" {% if session['authentication_type'] != 'LOCAL' %}disabled{% endif %}> +
    {% if session['authentication_type'] == 'LOCAL' %}
    {% endif %} @@ -70,50 +71,50 @@ else %} {% endif %} -
    {% if not external_account %} +
    {% if session['authentication_type'] == 'LOCAL' %}
    {% endif %} -
    {% if not external_account %} + {% if session['authentication_type'] == 'LOCAL' %}
    NOTE!  Only supports .PNG, .JPG, .JPEG. The best size to use is 200x200.
    {% endif %} - {% if not external_account %} + {% if session['authentication_type'] == 'LOCAL' %}
    {% endif %} - {% if not external_account %}
    - {% if not current_user.password %} Your account password is - managed via LDAP which isn't supported to change here. {% else - %} + {% if session['authentication_type'] == 'LOCAL' %} +
    + {% if not current_user.password %} + Your account password is managed via LDAP which isn't supported to change here. + {% else %}
    + type="password" class="form-control" name="password" id="newpassword"/>
    + type="password" class="form-control" name="rpassword" id="rpassword"/>
    - +
    {% endif %}
    + {% endif %} +
    - + {% if current_user.otp_secret %}
    @@ -125,7 +126,8 @@ {% endif %}
    -
    {% endif %} +
    +
    diff --git a/app/views.py b/app/views.py index 67a9c98..bd11139 100644 --- a/app/views.py +++ b/app/views.py @@ -263,7 +263,7 @@ def saml_authorized(): history.add() user.plain_text_password = None user.update_profile() - session['external_auth'] = True + session['authentication_type'] = 'SAML' login_user(user, remember=False) return redirect(url_for('index')) else: @@ -300,7 +300,7 @@ def login(): session['user_id'] = user.id login_user(user, remember = False) - session['external_auth'] = True + session['authentication_type'] = 'OAuth' return redirect(url_for('index')) if 'github_token' in session: @@ -324,7 +324,7 @@ def login(): return redirect(url_for('login')) session['user_id'] = user.id - session['external_auth'] = True + session['authentication_type'] = 'OAuth' login_user(user, remember = False) return redirect(url_for('index')) @@ -343,8 +343,7 @@ def login(): email = request.form.get('email') rpassword = request.form.get('rpassword') - if auth_method != 'LOCAL': - session['external_auth'] = True + session['authentication_type'] = 'LDAP' if auth_method != 'LOCAL' else 'LOCAL' if None in [firstname, lastname, email]: #login case @@ -399,6 +398,7 @@ def clear_session(): session.pop('user_id', None) session.pop('github_token', None) session.pop('google_token', None) + session.pop('authentication_type', None) session.clear() logout_user() @@ -411,9 +411,9 @@ def logout(): if app.config.get('SAML_LOGOUT_URL'): return redirect(auth.logout(name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", return_to = app.config.get('SAML_LOGOUT_URL'), - session_index = session['samlSessionIndex'], name_id=session['samlNameId'])) + session_index = session['samlSessionIndex'], name_id=session['samlNameId'])) return redirect(auth.logout(name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - session_index = session['samlSessionIndex'], + session_index = session['samlSessionIndex'], name_id=session['samlNameId'])) clear_session() return redirect(url_for('login')) @@ -1464,45 +1464,50 @@ def admin_setting_authentication(): @app.route('/user/profile', methods=['GET', 'POST']) @login_required def user_profile(): - external_account = False - if 'external_auth' in session: - external_account = session['external_auth'] - if request.method == 'GET' or external_account: - return render_template('user_profile.html', external_account=external_account) + if request.method == 'GET': + return render_template('user_profile.html') if request.method == 'POST': - # get new profile info - firstname = request.form['firstname'] if 'firstname' in request.form else '' - lastname = request.form['lastname'] if 'lastname' in request.form else '' - email = request.form['email'] if 'email' in request.form else '' - new_password = request.form['password'] if 'password' in request.form else '' + if session['authentication_type'] == 'LOCAL': + firstname = request.form['firstname'] if 'firstname' in request.form else '' + lastname = request.form['lastname'] if 'lastname' in request.form else '' + email = request.form['email'] if 'email' in request.form else '' + new_password = request.form['password'] if 'password' in request.form else '' + else: + firstname = lastname = email = new_password = '' + logging.warning('Authenticated externally. User {0} information will not allowed to update the profile'.format(current_user.username)) - # json data if request.data: jdata = request.json data = jdata['data'] if jdata['action'] == 'enable_otp': - enable_otp = data['enable_otp'] - user = User(username=current_user.username) - user.update_profile(enable_otp=enable_otp) - return make_response(jsonify( { 'status': 'ok', 'msg': 'Change OTP Authentication successfully. Status: {0}'.format(enable_otp) } ), 200) + if session['authentication_type'] in ['LOCAL', 'LDAP']: + enable_otp = data['enable_otp'] + user = User(username=current_user.username) + user.update_profile(enable_otp=enable_otp) + return make_response(jsonify( { 'status': 'ok', 'msg': 'Change OTP Authentication successfully. Status: {0}'.format(enable_otp) } ), 200) + else: + return make_response(jsonify( { 'status': 'error', 'msg': 'User {0} is externally. You are not allowed to update the OTP'.format(current_user.username) } ), 400) # get new avatar save_file_name = None if 'file' in request.files: - file = request.files['file'] - if file: - filename = secure_filename(file.filename) - file_extension = filename.rsplit('.', 1)[1] + if session['authentication_type'] in ['LOCAL', 'LDAP']: + file = request.files['file'] + if file: + filename = secure_filename(file.filename) + file_extension = filename.rsplit('.', 1)[1] - if file_extension.lower() in ['jpg', 'jpeg', 'png']: - save_file_name = current_user.username + '.' + file_extension - file.save(os.path.join(app.config['UPLOAD_DIR'], 'avatar', save_file_name)) + if file_extension.lower() in ['jpg', 'jpeg', 'png']: + save_file_name = current_user.username + '.' + file_extension + file.save(os.path.join(app.config['UPLOAD_DIR'], 'avatar', save_file_name)) + else: + logging.error('Authenticated externally. User {0} is not allowed to update the avatar') + abort(400) - # update user profile user = User(username=current_user.username, plain_text_password=new_password, firstname=firstname, lastname=lastname, email=email, avatar=save_file_name, reload_info=False) user.update_profile() - return render_template('user_profile.html', external_account=external_account) + return render_template('user_profile.html') @app.route('/user/avatar/') diff --git a/config_template.py b/config_template.py index 10e1e7f..7ed3d60 100644 --- a/config_template.py +++ b/config_template.py @@ -26,10 +26,10 @@ SQLA_DB_NAME = 'pda' SQLALCHEMY_TRACK_MODIFICATIONS = True # DATBASE - MySQL -SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+'/'+SQLA_DB_NAME +#SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_DB_HOST+'/'+SQLA_DB_NAME # DATABSE - SQLite -#SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db') +SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db') # SAML Authnetication SAML_ENABLED = False