mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-12 16:40:26 +00:00
Mark LDAP authentication as external_auth. Fix OTP secret update. #237
This commit is contained in:
Khanh Ngo
parent
fdf849744b
commit
84d4bfaed0
@ -135,6 +135,9 @@ class User(db.Model):
|
|||||||
def get_hashed_password(self, plain_text_password=None):
|
def get_hashed_password(self, plain_text_password=None):
|
||||||
# Hash a password for the first time
|
# Hash a password for the first time
|
||||||
# (Using bcrypt, the salt is saved into the hash itself)
|
# (Using bcrypt, the salt is saved into the hash itself)
|
||||||
|
if plain_text_password == None:
|
||||||
|
return plain_text_password
|
||||||
|
|
||||||
pw = plain_text_password if plain_text_password else self.plain_text_password
|
pw = plain_text_password if plain_text_password else self.plain_text_password
|
||||||
return bcrypt.hashpw(pw.encode('utf-8'), bcrypt.gensalt())
|
return bcrypt.hashpw(pw.encode('utf-8'), bcrypt.gensalt())
|
||||||
|
|
||||||
@ -315,6 +318,8 @@ class User(db.Model):
|
|||||||
self.role_id = Role.query.filter_by(name='Administrator').first().id
|
self.role_id = Role.query.filter_by(name='Administrator').first().id
|
||||||
|
|
||||||
self.password = self.get_hashed_password(self.plain_text_password)
|
self.password = self.get_hashed_password(self.plain_text_password)
|
||||||
|
|
||||||
|
if self.password:
|
||||||
self.password = self.password.decode("utf-8")
|
self.password = self.password.decode("utf-8")
|
||||||
|
|
||||||
db.session.add(self)
|
db.session.add(self)
|
||||||
@ -336,7 +341,9 @@ class User(db.Model):
|
|||||||
user.password = self.get_hashed_password(self.plain_text_password) if self.plain_text_password else user.password
|
user.password = self.get_hashed_password(self.plain_text_password) if self.plain_text_password else user.password
|
||||||
user.avatar = self.avatar if self.avatar else user.avatar
|
user.avatar = self.avatar if self.avatar else user.avatar
|
||||||
|
|
||||||
|
if enable_otp is not None:
|
||||||
user.otp_secret = ""
|
user.otp_secret = ""
|
||||||
|
|
||||||
if enable_otp == True:
|
if enable_otp == True:
|
||||||
# generate the opt secret key
|
# generate the opt secret key
|
||||||
user.otp_secret = base64.b32encode(os.urandom(10)).decode('utf-8')
|
user.otp_secret = base64.b32encode(os.urandom(10)).decode('utf-8')
|
||||||
|
|||||||
68
app/views.py
68
app/views.py
@ -312,12 +312,13 @@ def login():
|
|||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
|
|
||||||
if request.method == 'GET':
|
if request.method == 'GET':
|
||||||
return render_template('login.html',
|
return render_template('login.html', github_enabled=GITHUB_ENABLE,
|
||||||
github_enabled=GITHUB_ENABLE,
|
|
||||||
google_enabled=GOOGLE_ENABLE,
|
google_enabled=GOOGLE_ENABLE,
|
||||||
saml_enabled=SAML_ENABLED,
|
saml_enabled=SAML_ENABLED,
|
||||||
ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
|
ldap_enabled=LDAP_ENABLED,
|
||||||
basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
|
login_title=LOGIN_TITLE,
|
||||||
|
basic_enabled=BASIC_ENABLED,
|
||||||
|
signup_enabled=SIGNUP_ENABLED)
|
||||||
|
|
||||||
# process login
|
# process login
|
||||||
username = request.form['username']
|
username = request.form['username']
|
||||||
@ -331,6 +332,9 @@ def login():
|
|||||||
email = request.form.get('email')
|
email = request.form.get('email')
|
||||||
rpassword = request.form.get('rpassword')
|
rpassword = request.form.get('rpassword')
|
||||||
|
|
||||||
|
if auth_method != 'LOCAL':
|
||||||
|
session['external_auth'] = True
|
||||||
|
|
||||||
if None in [firstname, lastname, email]:
|
if None in [firstname, lastname, email]:
|
||||||
#login case
|
#login case
|
||||||
remember_me = False
|
remember_me = False
|
||||||
@ -342,37 +346,46 @@ def login():
|
|||||||
try:
|
try:
|
||||||
auth = user.is_validate(method=auth_method)
|
auth = user.is_validate(method=auth_method)
|
||||||
if auth == False:
|
if auth == False:
|
||||||
return render_template('login.html', error='Invalid credentials', ldap_enabled=LDAP_ENABLED,
|
return render_template('login.html', error='Invalid credentials',
|
||||||
|
github_enabled=GITHUB_ENABLE,
|
||||||
|
google_enabled=GOOGLE_ENABLE,
|
||||||
|
saml_enabled=SAML_ENABLED,
|
||||||
|
ldap_enabled=LDAP_ENABLED,
|
||||||
login_title=LOGIN_TITLE,
|
login_title=LOGIN_TITLE,
|
||||||
basic_enabled=BASIC_ENABLED,
|
basic_enabled=BASIC_ENABLED,
|
||||||
signup_enabled=SIGNUP_ENABLED,
|
signup_enabled=SIGNUP_ENABLED)
|
||||||
github_enabled=GITHUB_ENABLE,
|
|
||||||
saml_enabled=SAML_ENABLED)
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return render_template('login.html', error=e, ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE,
|
return render_template('login.html', error=e,
|
||||||
basic_enabled=BASIC_ENABLED,
|
|
||||||
signup_enabled=SIGNUP_ENABLED,
|
|
||||||
github_enabled=GITHUB_ENABLE,
|
github_enabled=GITHUB_ENABLE,
|
||||||
saml_enabled=SAML_ENABLED)
|
google_enabled=GOOGLE_ENABLE,
|
||||||
|
saml_enabled=SAML_ENABLED,
|
||||||
|
ldap_enabled=LDAP_ENABLED,
|
||||||
|
login_title=LOGIN_TITLE,
|
||||||
|
basic_enabled=BASIC_ENABLED,
|
||||||
|
signup_enabled=SIGNUP_ENABLED)
|
||||||
|
|
||||||
# check if user enabled OPT authentication
|
# check if user enabled OPT authentication
|
||||||
if user.otp_secret:
|
if user.otp_secret:
|
||||||
if otp_token:
|
if otp_token:
|
||||||
good_token = user.verify_totp(otp_token)
|
good_token = user.verify_totp(otp_token)
|
||||||
if not good_token:
|
if not good_token:
|
||||||
return render_template('login.html', error='Invalid credentials', ldap_enabled=LDAP_ENABLED,
|
return render_template('login.html', error='Invalid credentials',
|
||||||
login_title=LOGIN_TITLE,
|
|
||||||
basic_enabled=BASIC_ENABLED,
|
|
||||||
signup_enabled=SIGNUP_ENABLED,
|
|
||||||
github_enabled=GITHUB_ENABLE,
|
github_enabled=GITHUB_ENABLE,
|
||||||
saml_enabled=SAML_ENABLED)
|
google_enabled=GOOGLE_ENABLE,
|
||||||
else:
|
saml_enabled=SAML_ENABLED,
|
||||||
return render_template('login.html', error='Token required', ldap_enabled=LDAP_ENABLED,
|
ldap_enabled=LDAP_ENABLED,
|
||||||
login_title=LOGIN_TITLE,
|
login_title=LOGIN_TITLE,
|
||||||
basic_enabled=BASIC_ENABLED,
|
basic_enabled=BASIC_ENABLED,
|
||||||
signup_enabled=SIGNUP_ENABLED,
|
signup_enabled=SIGNUP_ENABLED)
|
||||||
github_enabled = GITHUB_ENABLE,
|
else:
|
||||||
saml_enabled = SAML_ENABLED)
|
return render_template('login.html', error='Token required',
|
||||||
|
github_enabled=GITHUB_ENABLE,
|
||||||
|
google_enabled=GOOGLE_ENABLE,
|
||||||
|
saml_enabled=SAML_ENABLED,
|
||||||
|
ldap_enabled=LDAP_ENABLED,
|
||||||
|
login_title=LOGIN_TITLE,
|
||||||
|
basic_enabled=BASIC_ENABLED,
|
||||||
|
signup_enabled=SIGNUP_ENABLED)
|
||||||
|
|
||||||
login_user(user, remember = remember_me)
|
login_user(user, remember = remember_me)
|
||||||
return redirect(request.args.get('next') or url_for('index'))
|
return redirect(request.args.get('next') or url_for('index'))
|
||||||
@ -389,9 +402,14 @@ def login():
|
|||||||
try:
|
try:
|
||||||
result = user.create_local_user()
|
result = user.create_local_user()
|
||||||
if result == True:
|
if result == True:
|
||||||
return render_template('login.html', username=username, password=password, ldap_enabled=LDAP_ENABLED,
|
return render_template('login.html', username=username, password=password,
|
||||||
login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED,
|
github_enabled=GITHUB_ENABLE,
|
||||||
github_enabled=GITHUB_ENABLE,saml_enabled=SAML_ENABLED)
|
google_enabled=GOOGLE_ENABLE,
|
||||||
|
saml_enabled=SAML_ENABLED,
|
||||||
|
ldap_enabled=LDAP_ENABLED,
|
||||||
|
login_title=LOGIN_TITLE,
|
||||||
|
basic_enabled=BASIC_ENABLED,
|
||||||
|
signup_enabled=SIGNUP_ENABLED)
|
||||||
else:
|
else:
|
||||||
return render_template('register.html', error=result['msg'])
|
return render_template('register.html', error=result['msg'])
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user