cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-08 22:50:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #423 from ngoduykhanh/authentication_fix

Browse Source 
Fix disabling the user registration form
This commit is contained in:
Khanh Ngo 2018-12-11 15:11:01 +07:00 committed by GitHub
commit c1f5d76c6c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/templates/register.html
View File

@ -31,7 +31,7 @@
</div> </div>
{% endif %} {% endif %}
<p class="login-box-msg">Enter your personal details below</p> <p class="login-box-msg">Enter your personal details below</p>
<form action="{{ url_for('login') }}" method="post" data-toggle="validator"> <form action="{{ url_for('register') }}" method="post" data-toggle="validator">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}"> <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="text" class="form-control" placeholder="First Name" name="firstname" data-error="Please input your first name" required> <input type="text" class="form-control" placeholder="First Name" name="firstname" data-error="Please input your first name" required>

96
app/views.py
View File

@ -149,10 +149,35 @@ def error(code, msg=None):
return render_template('errors/404.html'), 404 return render_template('errors/404.html'), 404
@app.route('/register', methods=['GET']) @app.route('/register', methods=['GET', 'POST'])
def register(): def register():
if Setting().get('signup_enabled'): if Setting().get('signup_enabled'):
return render_template('register.html') if request.method == 'GET':
return render_template('register.html')
elif request.method == 'POST':
username = request.form['username']
password = request.form['password']
firstname = request.form.get('firstname')
lastname = request.form.get('lastname')
email = request.form.get('email')
rpassword = request.form.get('rpassword')
if not username or not password or not email:
return render_template('register.html', error='Please input required information')
if password != rpassword:
return render_template('register.html', error = "Password confirmation does not match")
user = User(username=username, plain_text_password=password, firstname=firstname, lastname=lastname, email=email)
try:
result = user.create_local_user()
if result and result['status']:
return redirect(url_for('login'))
else:
return render_template('register.html', error=result['msg'])
except Exception as e:
return render_template('register.html', error=e)
else: else:
return render_template('errors/404.html'), 404 return render_template('errors/404.html'), 404
@ -391,65 +416,34 @@ def login():
if request.method == 'GET': if request.method == 'GET':
return render_template('login.html', saml_enabled=SAML_ENABLED) return render_template('login.html', saml_enabled=SAML_ENABLED)
# process login # process Local-DB authentication
username = request.form['username'] username = request.form['username']
password = request.form['password'] password = request.form['password']
otp_token = request.form.get('otptoken') otp_token = request.form.get('otptoken')
auth_method = request.form.get('auth_method', 'LOCAL') auth_method = request.form.get('auth_method', 'LOCAL')
# addition fields for registration case
firstname = request.form.get('firstname')
lastname = request.form.get('lastname')
email = request.form.get('email')
rpassword = request.form.get('rpassword')
session['authentication_type'] = 'LDAP' if auth_method != 'LOCAL' else 'LOCAL' session['authentication_type'] = 'LDAP' if auth_method != 'LOCAL' else 'LOCAL'
remember_me = True if 'remember' in request.form else False
if None in [firstname, lastname, email]: user = User(username=username, password=password, plain_text_password=password)
#login case
remember_me = False
if 'remember' in request.form:
remember_me = True
user = User(username=username, password=password, plain_text_password=password) try:
auth = user.is_validate(method=auth_method, src_ip=request.remote_addr)
if auth == False:
return render_template('login.html', saml_enabled=SAML_ENABLED, error='Invalid credentials')
except Exception as e:
return render_template('login.html', saml_enabled=SAML_ENABLED, error=e)
try: # check if user enabled OPT authentication
auth = user.is_validate(method=auth_method, src_ip=request.remote_addr) if user.otp_secret:
if auth == False: if otp_token and otp_token.isdigit():
good_token = user.verify_totp(otp_token)
if not good_token:
return render_template('login.html', saml_enabled=SAML_ENABLED, error='Invalid credentials') return render_template('login.html', saml_enabled=SAML_ENABLED, error='Invalid credentials')
except Exception as e: else:
return render_template('login.html', saml_enabled=SAML_ENABLED, error=e) return render_template('login.html', saml_enabled=SAML_ENABLED, error='Token required')
# check if user enabled OPT authentication login_user(user, remember=remember_me)
if user.otp_secret: return redirect(session.get('next', url_for('index')))
if otp_token and otp_token.isdigit():
good_token = user.verify_totp(otp_token)
if not good_token:
return render_template('login.html', saml_enabled=SAML_ENABLED, error='Invalid credentials')
else:
return render_template('login.html', saml_enabled=SAML_ENABLED, error='Token required')
login_user(user, remember = remember_me)
return redirect(session.get('next', url_for('index')))
else:
if not username or not password or not email:
return render_template('register.html', error='Please input required information')
# registration case
user = User(username=username, plain_text_password=password, firstname=firstname, lastname=lastname, email=email)
if password != rpassword:
error = "Password confirmation does not match"
return render_template('register.html', error=error)
try:
result = user.create_local_user()
if result and result['status']:
return render_template('login.html', saml_enabled=SAML_ENABLED, username=username, password=password)
else:
return render_template('register.html', error=result['msg'])
except Exception as e:
return render_template('register.html', error=e)
def clear_session(): def clear_session():