Reintroduce ProxyFix. Use two buttons for logging in.

master
Dimitri Huisman 3 years ago
parent c42ad8e71e
commit 503044ef6e

@ -25,6 +25,7 @@ def create_app_from_config(config):
utils.babel.init_app(app)
utils.login.init_app(app)
utils.login.user_loader(models.User.get)
utils.proxy.init_app(app)
utils.migrate.init_app(app, models.db)
app.device_cookie_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('DEVICE_COOKIE_KEY', 'utf-8'), 'sha256').digest()

@ -11,8 +11,9 @@ LOCALPART_REGEX = "^[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`
class LoginForm(flask_wtf.FlaskForm):
class Meta:
csrf = False
target = fields.SelectField( _('Go to') )
email = fields.StringField(_('E-mail'), [validators.Email()])
email = fields.StringField(_('E-mail'), [validators.Email(), validators.DataRequired()])
pw = fields.PasswordField(_('Password'), [validators.DataRequired()])
submit = fields.SubmitField(_('Sign in'))
submitAdmin = fields.SubmitField(_('Sign in'))
submitWebmail = fields.SubmitField(_('Sign in'))

@ -2,6 +2,10 @@
{%- block content %}
{%- call macros.card() %}
{{ macros.form(form) }}
<form class="form" method="post" role="form">
{{ macros.form_field(form.email) }}
{{ macros.form_field(form.pw) }}
{{ macros.form_fields( fields, label=False, class="btn btn-default", spacing=False) }}
</form>
{%- endcall %}
{%- endblock %}

@ -10,22 +10,20 @@ import flask_login
@sso.route('/login', methods=['GET', 'POST'])
def login():
form = forms.LoginForm()
endpoint = flask.request.args.get('next', 'ui.index')
form.submitAdmin.label.text = form.submitAdmin.label.text + ' Admin'
form.submitWebmail.label.text = form.submitWebmail.label.text + ' Webmail'
form.target.choices = []
fields = []
if str(app.config["ADMIN"]).upper() != "FALSE":
form.target.choices += [("Admin", "Admin")]
fields.append(form.submitAdmin)
if str(app.config["WEBMAIL"]).upper() != "NONE":
form.target.choices += [("Webmail", "Webmail")]
if endpoint == "ui.webmail":
form.target.choices.reverse()
fields.append(form.submitWebmail)
fields = tuple(fields)
if form.validate_on_submit():
if str(form.target.data) == 'Admin':
endpoint = 'ui.user_settings'
if form.submitAdmin.data:
destination = app.config['WEB_ADMIN']
elif str(form.target.data) == 'Webmail':
endpoint = 'ui.webmail'
elif form.submitWebmail.data:
destination = app.config['WEB_WEBMAIL']
user = models.User.login(form.email.data, form.pw.data)
@ -37,7 +35,7 @@ def login():
flask.flash('Wrong e-mail or password', 'error')
client_ip = flask.request.headers["X-Real-IP"] if 'X-Real-IP' in flask.request.headers else flask.request.remote_addr
flask.current_app.logger.warn(f'Login failed for {str(form.email.data)} from {client_ip}.')
return flask.render_template('login.html', form=form, endpoint=endpoint)
return flask.render_template('login.html', form=form, fields=fields)
@sso.route('/logout', methods=['GET'])
@access.authenticated

@ -18,8 +18,12 @@
{%- endif %}
{%- endmacro %}
{%- macro form_fields(fields, prepend='', append='', label=True) %}
{%- macro form_fields(fields, prepend='', append='', label=True, spacing=True) %}
{%- if spacing %}
{%- set width = (12 / fields|length)|int %}
{%- else %}
{%- set width = 0 %}
{% endif %}
<div class="form-group">
<div class="row">
{%- for field in fields %}

@ -38,7 +38,7 @@ login.login_view = "sso.login"
def handle_needs_login():
""" redirect unauthorized requests to login page """
return flask.redirect(
flask.url_for('sso.login', next=flask.request.endpoint)
flask.url_for('sso.login')
)
# DNS stub configured to do DNSSEC enabled queries
@ -95,6 +95,23 @@ def get_locale():
flask.session['language'] = language
return language
# Proxy fixer
class PrefixMiddleware(object):
""" fix proxy headers """
def __init__(self):
self.app = None
def __call__(self, environ, start_response):
return self.app(environ, start_response)
def init_app(self, app):
self.app = fixers.ProxyFix(app.wsgi_app, x_for=1, x_proto=1)
app.wsgi_app = self
proxy = PrefixMiddleware()
# Data migrate
migrate = flask_migrate.Migrate()

@ -176,7 +176,7 @@ http {
}
location @webmail_login {
return 302 /sso/login?next=ui.webmail;
return 302 /sso/login;
}
{% else %}

Loading…
Cancel
Save