mirror of https://github.com/CIRCL/AIL-framework
chg: [UI user_management] incorrect passwords: display errors
Terrtia
parent
e4ab9b6a05
commit
7ecd43db99
|
|
@ -193,18 +193,26 @@ def login():
|
|||
def change_password():
|
||||
password1 = request.form.get('password1')
|
||||
password2 = request.form.get('password2')
|
||||
error = request.args.get('error')
|
||||
|
||||
# # TODO: display errors message
|
||||
if error:
|
||||
return render_template("change_password.html", error=error)
|
||||
|
||||
if current_user.is_authenticated and password1!=None and password1==password2:
|
||||
if check_password_strength(password1):
|
||||
user_id = current_user.get_id()
|
||||
create_user_db(user_id , password1, update=True)
|
||||
return redirect(url_for('dashboard.index'))
|
||||
if current_user.is_authenticated and password1!=None:
|
||||
if password1==password2:
|
||||
if check_password_strength(password1):
|
||||
user_id = current_user.get_id()
|
||||
create_user_db(user_id , password1, update=True)
|
||||
return redirect(url_for('dashboard.index'))
|
||||
else:
|
||||
error = 'Incorrect password'
|
||||
return render_template("change_password.html", error=error)
|
||||
else:
|
||||
return render_template("change_password.html")
|
||||
error = "Passwords don't match"
|
||||
return render_template("change_password.html", error=error)
|
||||
else:
|
||||
return render_template("change_password.html")
|
||||
error = 'Please choose a new password'
|
||||
return render_template("change_password.html", error=error)
|
||||
|
||||
@app.route('/logout')
|
||||
@login_required
|
||||
|
|
@ -229,7 +237,7 @@ def searchbox():
|
|||
@app.errorhandler(404)
|
||||
@login_required
|
||||
def page_not_found(e):
|
||||
# note that we set the 404 status explicitly
|
||||
# avoid endpoint enumeration
|
||||
return render_template('error/404.html'), 404
|
||||
|
||||
# ========== INITIAL taxonomies ============
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
import configparser
|
||||
import redis
|
||||
import os
|
||||
import re
|
||||
import sys
|
||||
|
||||
# FLASK #
|
||||
|
|
@ -175,6 +176,9 @@ max_dashboard_logs = int(cfg.get("Flask", "max_dashboard_logs"))
|
|||
|
||||
crawler_enabled = cfg.getboolean("Crawler", "activate_crawler")
|
||||
|
||||
email_regex = r'[^@]+@[^@]+\.[^@]+'
|
||||
email_regex = re.compile(email_regex)
|
||||
|
||||
# VT
|
||||
try:
|
||||
from virusTotalKEYS import vt_key
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ max_preview_char = Flask_config.max_preview_char
|
|||
max_preview_modal = Flask_config.max_preview_modal
|
||||
REPO_ORIGIN = Flask_config.REPO_ORIGIN
|
||||
dict_update_description = Flask_config.dict_update_description
|
||||
email_regex = Flask_config.email_regex
|
||||
|
||||
settings = Blueprint('settings', __name__, template_folder='templates')
|
||||
|
||||
|
|
@ -36,6 +37,13 @@ settings = Blueprint('settings', __name__, template_folder='templates')
|
|||
def one():
|
||||
return 1
|
||||
|
||||
def check_email(email):
|
||||
result = email_regex.match(email)
|
||||
if result:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def generate_new_token(user_id):
|
||||
# create user token
|
||||
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
|
||||
|
|
@ -142,13 +150,15 @@ def new_token_user():
|
|||
@login_admin
|
||||
def create_user():
|
||||
user_id = request.args.get('user_id')
|
||||
error = request.args.get('error')
|
||||
error_mail = request.args.get('error_mail')
|
||||
role = None
|
||||
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
|
||||
role = r_serv_db.hget('user_metadata:{}'.format(user_id), 'role')
|
||||
else:
|
||||
user_id = None
|
||||
all_roles = get_all_roles()
|
||||
return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role)
|
||||
return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role, error=error, error_mail=error_mail)
|
||||
|
||||
@settings.route("/settings/create_user_post", methods=['POST'])
|
||||
@login_required
|
||||
|
|
@ -161,7 +171,7 @@ def create_user_post():
|
|||
|
||||
all_roles = get_all_roles()
|
||||
|
||||
if email and len(email)< 300 and role:
|
||||
if email and len(email)< 300 and check_email(email) and role:
|
||||
if role in all_roles:
|
||||
# password set
|
||||
if password1 and password2:
|
||||
|
|
@ -169,9 +179,9 @@ def create_user_post():
|
|||
if check_password_strength(password1):
|
||||
password = password1
|
||||
else:
|
||||
return render_template("create_user.html", all_roles=all_roles)
|
||||
return render_template("create_user.html", all_roles=all_roles, error="Incorrect Password")
|
||||
else:
|
||||
return render_template("create_user.html", all_roles=all_roles)
|
||||
return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match")
|
||||
# generate password
|
||||
else:
|
||||
password = secrets.token_urlsafe()
|
||||
|
|
@ -193,7 +203,7 @@ def create_user_post():
|
|||
else:
|
||||
return render_template("create_user.html", all_roles=all_roles)
|
||||
else:
|
||||
return render_template("create_user.html", all_roles=all_roles)
|
||||
return render_template("create_user.html", all_roles=all_roles, error_mail=True)
|
||||
|
||||
@settings.route("/settings/users_list", methods=['GET'])
|
||||
@login_required
|
||||
|
|
|
|||
|
|
@ -33,7 +33,12 @@
|
|||
|
||||
<h1 class="h3 mt-1 mb-3 text-center text-secondary">Create User</h1>
|
||||
<label for="inputEmail" class="sr-only">Email address</label>
|
||||
<input type="email" id="inputEmail" name="username" class="form-control" placeholder="Email address" autocomplete="off" required {% if user_id %}value="{{user_id}}"{% else %}{% endif %}>
|
||||
<input type="email" id="inputEmail" name="username" class="form-control {% if error_mail %}is-invalid{% endif %}" placeholder="Email address" autocomplete="off" required {% if user_id %}value="{{user_id}}"{% else %}{% endif %}>
|
||||
{% if error_mail %}
|
||||
<div class="invalid-feedback">
|
||||
Please provide a valid email address
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<label class="mt-3" for="role_selector">User Role</label>
|
||||
<select class="custom-select" id="role_selector" name="user_role">
|
||||
|
|
@ -54,9 +59,14 @@
|
|||
<div id="password-section">
|
||||
<h1 class="h3 mb-3 text-center text-secondary">Create Password</h1>
|
||||
<label for="inputPassword1" class="sr-only">Password</label>
|
||||
<input type="password" id="inputPassword1" name="password1" class="form-control" placeholder="Password" autocomplete="new-password">
|
||||
<input type="password" id="inputPassword1" name="password1" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Password" autocomplete="new-password">
|
||||
<label for="inputPassword2" class="sr-only">Confirm Password</label>
|
||||
<input type="password" id="inputPassword2" name="password2" class="form-control" placeholder="Confirm Password" value="" autocomplete="new-password">
|
||||
<input type="password" id="inputPassword2" name="password2" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Confirm Password" value="" autocomplete="new-password">
|
||||
{% if error %}
|
||||
<div class="invalid-feedback">
|
||||
{{error}}
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
</div>
|
||||
<button class="btn btn-lg btn-primary btn-block mt-3" type="submit">Submit</button>
|
||||
|
|
@ -104,6 +114,10 @@ $(document).ready(function(){
|
|||
$("#password-section-info").hide();
|
||||
$("#nav_create_user").addClass("active");
|
||||
$("#nav_user_management").removeClass("text-muted");
|
||||
|
||||
{% if error %}
|
||||
toggle_password_fields();
|
||||
{% endif %}
|
||||
} );
|
||||
|
||||
function toggle_password_fields() {
|
||||
|
|
|
|||
|
|
@ -65,10 +65,15 @@
|
|||
<img class="mb-4" src="{{ url_for('static', filename='image/logo-small.png')}}" width="300">
|
||||
<h1 class="h3 mb-3 text-secondary">Change Password</h1>
|
||||
<label for="inputPassword1" class="sr-only">Password</label>
|
||||
<input type="password" id="inputPassword1" name="password1" class="form-control" placeholder="Password" autocomplete="new-password" required autofocus>
|
||||
<input type="password" id="inputPassword1" name="password1" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Password" autocomplete="new-password" required autofocus>
|
||||
<label for="inputPassword2" class="sr-only">Confirm Password</label>
|
||||
<input type="password" id="inputPassword2" name="password2" class="form-control" placeholder="Confirm Password" value="" autocomplete="new-password" required>
|
||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button>
|
||||
<input type="password" id="inputPassword2" name="password2" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Confirm Password" value="" autocomplete="new-password" required>
|
||||
{% if error %}
|
||||
<div class="invalid-feedback">
|
||||
{{error}}
|
||||
</div>
|
||||
{% endif %}
|
||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
<html>
|
||||
|
||||
<head>
|
||||
<title>403 - AIL</title>
|
||||
<title>404 - AIL</title>
|
||||
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
|
||||
|
||||
<!-- Core CSS -->
|
||||
|
|
|
|||
Loading…
Reference in New Issue