auth enhancement

06363349 · Markus · 5f2e6f79 · 06363349 · 06363349 · 06363349
Commit 06363349 authored 1 month ago by Markus
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@@ -4,10 +4,12 @@ from flask_wtf import FlaskForm
 from wtforms import PasswordField, StringField, SubmitField
 from wtforms.validators import DataRequired

+
 class LoginForm(FlaskForm):
    """
    Form for users to login
    """
+
    username = StringField('Username', validators=[DataRequired()])
    password = PasswordField('Password', validators=[DataRequired()])
    submit = SubmitField('Login')
--- a/app/auth/views.py
+++ b/app/auth/views.py
@@ -10,6 +10,7 @@ from ..models.models import User
 from ..home.views import redirect_home
 from ..lib.url import is_safe_url

+
 @auth.route('/login', methods=['GET', 'POST'])
 def login():
    """
@@ -31,25 +32,37 @@ def login():
    form = LoginForm()
    if form.validate_on_submit():

-        user = User.query.filter(User.username==form.username.data).one_or_none()
-        # if username did not match any user in the database
+        # compare for siteadmin and try login
+        if form.username.data=='siteadmin':
+            user = User.query.filter(User.username==form.username.data, User.domain_id==1).one_or_none()
+            if try_login(user=user) or domainname.count('.') == 1:
+                break
+
        # try to construct an user by adding a domainname guessed from the request.host and try login
        if not try_login(user=user) and validators.domain(request.host.partition(':')[0]):
            # iterate through subdomains of request.host
            # strip one subdomain from left on each iteration
            domainname = request.host
            for dn in domainname:
+
+                # compare user@<request.host> with username field and domain try login
                un = form.username.data + '@' + domainname
-                # compare with username field and try login
-                user = User.query.filter(User.username==un).one_or_none()
+                user = User.query.filter(User.username==un), User.domainname==domainname.one_or_none()
                # break if we have found the user
                if try_login(user=user):
                    break
-                # compare with localpart and domain fields and try login
+
+                # compare user with localpart and domain fields and try login
                user = User.query.filter(User.localpart==form.username.data, User.domainname==domainname).one_or_none()
                # break if we have found the user or if we reached the main domain
                if try_login(user=user) or domainname.count('.') == 1:
                    break
+
+                #compare user with username field and domain and try login
+                user = User.query.filter(User.username==form.username.data, User.domainname==domainname).one_or_none()
+                if try_login(user=user) or domainname.count('.') == 1:
+                    break
+                
                domainname = domainname.partition('.')[2]

        if not current_user.is_authenticated:

--- a/app/lib/validators.py
+++ b/app/lib/validators.py
@@ -7,12 +7,14 @@ Functions:
 import logging
 from ..config.settings import settings, domaindefaults

+
 def passwordCheck(password, lengthmin=settings['PWDLENGTHMIN'], charallowed=settings['PWDCHARSALLOWED']):
    """
    Check some rules for passwords
    Password length
    Allowed characters
    """
+
    val_msg = []
    val_fail = False