Mark LDAP authentication as external_auth. Fix OTP secret update. #237

2025-07-05 13:44:04 +00:00 · 2018-04-10 08:59:28 +07:00
parent fdf849744b
commit 84d4bfaed0
2 changed files with 59 additions and 34 deletions
--- a/app/views.py
+++ b/app/views.py
@ -312,12 +312,13 @@ def login():
        return redirect(url_for('index'))

    if request.method == 'GET':
-        return render_template('login.html',
-                               github_enabled=GITHUB_ENABLE,
-                               google_enabled=GOOGLE_ENABLE,
-                               saml_enabled=SAML_ENABLED,
-                               ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
-                               basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
+        return render_template('login.html', github_enabled=GITHUB_ENABLE,
+                                             google_enabled=GOOGLE_ENABLE,
+                                             saml_enabled=SAML_ENABLED,
+                                             ldap_enabled=LDAP_ENABLED,
+                                             login_title=LOGIN_TITLE,
+                                             basic_enabled=BASIC_ENABLED,
+                                             signup_enabled=SIGNUP_ENABLED)

    # process login
    username = request.form['username']
@ -331,6 +332,9 @@ def login():
    email = request.form.get('email')
    rpassword = request.form.get('rpassword')

+    if auth_method != 'LOCAL':
+        session['external_auth'] = True
+
    if None in [firstname, lastname, email]:
        #login case
        remember_me = False
@ -342,37 +346,46 @@ def login():
        try:
            auth = user.is_validate(method=auth_method)
            if auth == False:
-                return render_template('login.html', error='Invalid credentials', ldap_enabled=LDAP_ENABLED,
-                                       login_title=LOGIN_TITLE,
-                                       basic_enabled=BASIC_ENABLED,
-                                       signup_enabled=SIGNUP_ENABLED,
-                                       github_enabled=GITHUB_ENABLE,
-                                       saml_enabled=SAML_ENABLED)
+                return render_template('login.html', error='Invalid credentials',
+                                                     github_enabled=GITHUB_ENABLE,
+                                                     google_enabled=GOOGLE_ENABLE,
+                                                     saml_enabled=SAML_ENABLED,
+                                                     ldap_enabled=LDAP_ENABLED,
+                                                     login_title=LOGIN_TITLE,
+                                                     basic_enabled=BASIC_ENABLED,
+                                                     signup_enabled=SIGNUP_ENABLED)
        except Exception as e:
-            return render_template('login.html', error=e, ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
-                                   basic_enabled=BASIC_ENABLED,
-                                   signup_enabled=SIGNUP_ENABLED,
-                                   github_enabled=GITHUB_ENABLE,
-                                   saml_enabled=SAML_ENABLED)
+            return render_template('login.html', error=e,
+                                                 github_enabled=GITHUB_ENABLE,
+                                                 google_enabled=GOOGLE_ENABLE,
+                                                 saml_enabled=SAML_ENABLED,
+                                                 ldap_enabled=LDAP_ENABLED,
+                                                 login_title=LOGIN_TITLE,
+                                                 basic_enabled=BASIC_ENABLED,
+                                                 signup_enabled=SIGNUP_ENABLED)

        # check if user enabled OPT authentication
        if user.otp_secret:
            if otp_token:
                good_token = user.verify_totp(otp_token)
                if not good_token:
-                    return render_template('login.html', error='Invalid credentials', ldap_enabled=LDAP_ENABLED,
-                                           login_title=LOGIN_TITLE,
-                                           basic_enabled=BASIC_ENABLED,
-                                           signup_enabled=SIGNUP_ENABLED,
-                                           github_enabled=GITHUB_ENABLE,
-                                           saml_enabled=SAML_ENABLED)
+                    return render_template('login.html', error='Invalid credentials',
+                                                         github_enabled=GITHUB_ENABLE,
+                                                         google_enabled=GOOGLE_ENABLE,
+                                                         saml_enabled=SAML_ENABLED,
+                                                         ldap_enabled=LDAP_ENABLED,
+                                                         login_title=LOGIN_TITLE,
+                                                         basic_enabled=BASIC_ENABLED,
+                                                         signup_enabled=SIGNUP_ENABLED)
            else:
-                return render_template('login.html', error='Token required', ldap_enabled=LDAP_ENABLED,
-                                       login_title=LOGIN_TITLE,
-                                       basic_enabled=BASIC_ENABLED,
-                                       signup_enabled=SIGNUP_ENABLED,
-                                       github_enabled = GITHUB_ENABLE,
-                                       saml_enabled = SAML_ENABLED)
+                return render_template('login.html', error='Token required',
+                                                     github_enabled=GITHUB_ENABLE,
+                                                     google_enabled=GOOGLE_ENABLE,
+                                                     saml_enabled=SAML_ENABLED,
+                                                     ldap_enabled=LDAP_ENABLED,
+                                                     login_title=LOGIN_TITLE,
+                                                     basic_enabled=BASIC_ENABLED,
+                                                     signup_enabled=SIGNUP_ENABLED)

        login_user(user, remember = remember_me)
        return redirect(request.args.get('next') or url_for('index'))
@ -389,9 +402,14 @@ def login():
        try:
            result = user.create_local_user()
            if result == True:
-                return render_template('login.html', username=username, password=password, ldap_enabled=LDAP_ENABLED,
-                                       login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED,
-                                       github_enabled=GITHUB_ENABLE,saml_enabled=SAML_ENABLED)
+                return render_template('login.html', username=username, password=password,
+                                                     github_enabled=GITHUB_ENABLE,
+                                                     google_enabled=GOOGLE_ENABLE,
+                                                     saml_enabled=SAML_ENABLED,
+                                                     ldap_enabled=LDAP_ENABLED,
+                                                     login_title=LOGIN_TITLE,
+                                                     basic_enabled=BASIC_ENABLED,
+                                                     signup_enabled=SIGNUP_ENABLED)
            else:
                return render_template('register.html', error=result['msg'])
        except Exception as e: