Add our own login form

We gain multiple things with this, but the main point is to do audit logging in case a valid user
enters an invalid password.
This commit is contained in:
Gergely Polonkai 2018-07-08 22:49:10 +02:00
parent 2b8e976543
commit aede5873d2
2 changed files with 35 additions and 1 deletions

View File

@ -75,6 +75,7 @@ class CalendarSocialApp(Flask):
""" """
def __init__(self, name, config=None): def __init__(self, name, config=None):
from .forms import LoginForm
from .models import db, User, Role from .models import db, User, Role
from .security import security, AnonymousUser from .security import security, AnonymousUser
@ -91,7 +92,7 @@ class CalendarSocialApp(Flask):
babel.localeselector(get_locale) babel.localeselector(get_locale)
user_store = SQLAlchemyUserDatastore(db, User, Role) user_store = SQLAlchemyUserDatastore(db, User, Role)
security.init_app(self, datastore=user_store, anonymous_user=AnonymousUser) security.init_app(self, datastore=user_store, anonymous_user=AnonymousUser, login_form=LoginForm)
self.context_processor(template_vars) self.context_processor(template_vars)

View File

@ -18,6 +18,7 @@
""" """
from flask_babelex import lazy_gettext as _ from flask_babelex import lazy_gettext as _
from flask_security.forms import LoginForm as BaseLoginForm
from flask_wtf import FlaskForm from flask_wtf import FlaskForm
import pytz import pytz
from wtforms import BooleanField, PasswordField, SelectField, StringField from wtforms import BooleanField, PasswordField, SelectField, StringField
@ -159,3 +160,35 @@ class SettingsForm(FlaskForm):
continue continue
user.settings[name] = str(field.data) user.settings[name] = str(field.data)
class LoginForm(BaseLoginForm):
"""Login form for Calendar.social
"""
email = StringField(_('Username or email'), validators=[DataRequired()])
def __init__(self, *args, **kwargs):
super(LoginForm, self).__init__(*args, **kwargs)
self.user = None
def validate(self):
from flask_security.utils import _datastore
from flask_security.utils import verify_and_update_password
from .models import AuditLog
ret = super(LoginForm, self).validate()
if self.user is None:
self.user = _datastore.get_user(self.email.data)
if self.user is None:
# We cant figure out the user thats trying to log in, just return
return ret
if not verify_and_update_password(self.password.data, self.user):
AuditLog.log(self.user, AuditLog.TYPE_LOGIN_FAIL)
return ret