Reintroduce ProxyFix. Use two buttons for logging in.

master
Dimitri Huisman 3 years ago
parent c42ad8e71e
commit 503044ef6e

@ -25,6 +25,7 @@ def create_app_from_config(config):
utils.babel.init_app(app) utils.babel.init_app(app)
utils.login.init_app(app) utils.login.init_app(app)
utils.login.user_loader(models.User.get) utils.login.user_loader(models.User.get)
utils.proxy.init_app(app)
utils.migrate.init_app(app, models.db) utils.migrate.init_app(app, models.db)
app.device_cookie_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('DEVICE_COOKIE_KEY', 'utf-8'), 'sha256').digest() app.device_cookie_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('DEVICE_COOKIE_KEY', 'utf-8'), 'sha256').digest()

@ -11,8 +11,9 @@ LOCALPART_REGEX = "^[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`
class LoginForm(flask_wtf.FlaskForm): class LoginForm(flask_wtf.FlaskForm):
class Meta: class Meta:
csrf = False csrf = False
target = fields.SelectField( _('Go to') ) email = fields.StringField(_('E-mail'), [validators.Email(), validators.DataRequired()])
email = fields.StringField(_('E-mail'), [validators.Email()])
pw = fields.PasswordField(_('Password'), [validators.DataRequired()]) pw = fields.PasswordField(_('Password'), [validators.DataRequired()])
submit = fields.SubmitField(_('Sign in')) submitAdmin = fields.SubmitField(_('Sign in'))
submitWebmail = fields.SubmitField(_('Sign in'))

@ -2,6 +2,10 @@
{%- block content %} {%- block content %}
{%- call macros.card() %} {%- call macros.card() %}
{{ macros.form(form) }} <form class="form" method="post" role="form">
{{ macros.form_field(form.email) }}
{{ macros.form_field(form.pw) }}
{{ macros.form_fields( fields, label=False, class="btn btn-default", spacing=False) }}
</form>
{%- endcall %} {%- endcall %}
{%- endblock %} {%- endblock %}

@ -10,22 +10,20 @@ import flask_login
@sso.route('/login', methods=['GET', 'POST']) @sso.route('/login', methods=['GET', 'POST'])
def login(): def login():
form = forms.LoginForm() form = forms.LoginForm()
endpoint = flask.request.args.get('next', 'ui.index') form.submitAdmin.label.text = form.submitAdmin.label.text + ' Admin'
form.submitWebmail.label.text = form.submitWebmail.label.text + ' Webmail'
form.target.choices = []
fields = []
if str(app.config["ADMIN"]).upper() != "FALSE": if str(app.config["ADMIN"]).upper() != "FALSE":
form.target.choices += [("Admin", "Admin")] fields.append(form.submitAdmin)
if str(app.config["WEBMAIL"]).upper() != "NONE": if str(app.config["WEBMAIL"]).upper() != "NONE":
form.target.choices += [("Webmail", "Webmail")] fields.append(form.submitWebmail)
if endpoint == "ui.webmail": fields = tuple(fields)
form.target.choices.reverse()
if form.validate_on_submit(): if form.validate_on_submit():
if str(form.target.data) == 'Admin': if form.submitAdmin.data:
endpoint = 'ui.user_settings'
destination = app.config['WEB_ADMIN'] destination = app.config['WEB_ADMIN']
elif str(form.target.data) == 'Webmail': elif form.submitWebmail.data:
endpoint = 'ui.webmail'
destination = app.config['WEB_WEBMAIL'] destination = app.config['WEB_WEBMAIL']
user = models.User.login(form.email.data, form.pw.data) user = models.User.login(form.email.data, form.pw.data)
@ -37,7 +35,7 @@ def login():
flask.flash('Wrong e-mail or password', 'error') flask.flash('Wrong e-mail or password', 'error')
client_ip = flask.request.headers["X-Real-IP"] if 'X-Real-IP' in flask.request.headers else flask.request.remote_addr client_ip = flask.request.headers["X-Real-IP"] if 'X-Real-IP' in flask.request.headers else flask.request.remote_addr
flask.current_app.logger.warn(f'Login failed for {str(form.email.data)} from {client_ip}.') flask.current_app.logger.warn(f'Login failed for {str(form.email.data)} from {client_ip}.')
return flask.render_template('login.html', form=form, endpoint=endpoint) return flask.render_template('login.html', form=form, fields=fields)
@sso.route('/logout', methods=['GET']) @sso.route('/logout', methods=['GET'])
@access.authenticated @access.authenticated

@ -18,8 +18,12 @@
{%- endif %} {%- endif %}
{%- endmacro %} {%- endmacro %}
{%- macro form_fields(fields, prepend='', append='', label=True) %} {%- macro form_fields(fields, prepend='', append='', label=True, spacing=True) %}
{%- if spacing %}
{%- set width = (12 / fields|length)|int %} {%- set width = (12 / fields|length)|int %}
{%- else %}
{%- set width = 0 %}
{% endif %}
<div class="form-group"> <div class="form-group">
<div class="row"> <div class="row">
{%- for field in fields %} {%- for field in fields %}

@ -38,7 +38,7 @@ login.login_view = "sso.login"
def handle_needs_login(): def handle_needs_login():
""" redirect unauthorized requests to login page """ """ redirect unauthorized requests to login page """
return flask.redirect( return flask.redirect(
flask.url_for('sso.login', next=flask.request.endpoint) flask.url_for('sso.login')
) )
# DNS stub configured to do DNSSEC enabled queries # DNS stub configured to do DNSSEC enabled queries
@ -95,6 +95,23 @@ def get_locale():
flask.session['language'] = language flask.session['language'] = language
return language return language
# Proxy fixer
class PrefixMiddleware(object):
""" fix proxy headers """
def __init__(self):
self.app = None
def __call__(self, environ, start_response):
return self.app(environ, start_response)
def init_app(self, app):
self.app = fixers.ProxyFix(app.wsgi_app, x_for=1, x_proto=1)
app.wsgi_app = self
proxy = PrefixMiddleware()
# Data migrate # Data migrate
migrate = flask_migrate.Migrate() migrate = flask_migrate.Migrate()

@ -176,7 +176,7 @@ http {
} }
location @webmail_login { location @webmail_login {
return 302 /sso/login?next=ui.webmail; return 302 /sso/login;
} }
{% else %} {% else %}

Loading…
Cancel
Save