mirror of https://github.com/CIRCL/AIL-framework
chg: [UI user_management] incorrect passwords: display errors
parent
e4ab9b6a05
commit
7ecd43db99
|
@ -193,18 +193,26 @@ def login():
|
||||||
def change_password():
|
def change_password():
|
||||||
password1 = request.form.get('password1')
|
password1 = request.form.get('password1')
|
||||||
password2 = request.form.get('password2')
|
password2 = request.form.get('password2')
|
||||||
|
error = request.args.get('error')
|
||||||
|
|
||||||
# # TODO: display errors message
|
if error:
|
||||||
|
return render_template("change_password.html", error=error)
|
||||||
|
|
||||||
if current_user.is_authenticated and password1!=None and password1==password2:
|
if current_user.is_authenticated and password1!=None:
|
||||||
|
if password1==password2:
|
||||||
if check_password_strength(password1):
|
if check_password_strength(password1):
|
||||||
user_id = current_user.get_id()
|
user_id = current_user.get_id()
|
||||||
create_user_db(user_id , password1, update=True)
|
create_user_db(user_id , password1, update=True)
|
||||||
return redirect(url_for('dashboard.index'))
|
return redirect(url_for('dashboard.index'))
|
||||||
else:
|
else:
|
||||||
return render_template("change_password.html")
|
error = 'Incorrect password'
|
||||||
|
return render_template("change_password.html", error=error)
|
||||||
else:
|
else:
|
||||||
return render_template("change_password.html")
|
error = "Passwords don't match"
|
||||||
|
return render_template("change_password.html", error=error)
|
||||||
|
else:
|
||||||
|
error = 'Please choose a new password'
|
||||||
|
return render_template("change_password.html", error=error)
|
||||||
|
|
||||||
@app.route('/logout')
|
@app.route('/logout')
|
||||||
@login_required
|
@login_required
|
||||||
|
@ -229,7 +237,7 @@ def searchbox():
|
||||||
@app.errorhandler(404)
|
@app.errorhandler(404)
|
||||||
@login_required
|
@login_required
|
||||||
def page_not_found(e):
|
def page_not_found(e):
|
||||||
# note that we set the 404 status explicitly
|
# avoid endpoint enumeration
|
||||||
return render_template('error/404.html'), 404
|
return render_template('error/404.html'), 404
|
||||||
|
|
||||||
# ========== INITIAL taxonomies ============
|
# ========== INITIAL taxonomies ============
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
import configparser
|
import configparser
|
||||||
import redis
|
import redis
|
||||||
import os
|
import os
|
||||||
|
import re
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
# FLASK #
|
# FLASK #
|
||||||
|
@ -175,6 +176,9 @@ max_dashboard_logs = int(cfg.get("Flask", "max_dashboard_logs"))
|
||||||
|
|
||||||
crawler_enabled = cfg.getboolean("Crawler", "activate_crawler")
|
crawler_enabled = cfg.getboolean("Crawler", "activate_crawler")
|
||||||
|
|
||||||
|
email_regex = r'[^@]+@[^@]+\.[^@]+'
|
||||||
|
email_regex = re.compile(email_regex)
|
||||||
|
|
||||||
# VT
|
# VT
|
||||||
try:
|
try:
|
||||||
from virusTotalKEYS import vt_key
|
from virusTotalKEYS import vt_key
|
||||||
|
|
|
@ -27,6 +27,7 @@ max_preview_char = Flask_config.max_preview_char
|
||||||
max_preview_modal = Flask_config.max_preview_modal
|
max_preview_modal = Flask_config.max_preview_modal
|
||||||
REPO_ORIGIN = Flask_config.REPO_ORIGIN
|
REPO_ORIGIN = Flask_config.REPO_ORIGIN
|
||||||
dict_update_description = Flask_config.dict_update_description
|
dict_update_description = Flask_config.dict_update_description
|
||||||
|
email_regex = Flask_config.email_regex
|
||||||
|
|
||||||
settings = Blueprint('settings', __name__, template_folder='templates')
|
settings = Blueprint('settings', __name__, template_folder='templates')
|
||||||
|
|
||||||
|
@ -36,6 +37,13 @@ settings = Blueprint('settings', __name__, template_folder='templates')
|
||||||
def one():
|
def one():
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
|
def check_email(email):
|
||||||
|
result = email_regex.match(email)
|
||||||
|
if result:
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
def generate_new_token(user_id):
|
def generate_new_token(user_id):
|
||||||
# create user token
|
# create user token
|
||||||
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
|
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
|
||||||
|
@ -142,13 +150,15 @@ def new_token_user():
|
||||||
@login_admin
|
@login_admin
|
||||||
def create_user():
|
def create_user():
|
||||||
user_id = request.args.get('user_id')
|
user_id = request.args.get('user_id')
|
||||||
|
error = request.args.get('error')
|
||||||
|
error_mail = request.args.get('error_mail')
|
||||||
role = None
|
role = None
|
||||||
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
|
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
|
||||||
role = r_serv_db.hget('user_metadata:{}'.format(user_id), 'role')
|
role = r_serv_db.hget('user_metadata:{}'.format(user_id), 'role')
|
||||||
else:
|
else:
|
||||||
user_id = None
|
user_id = None
|
||||||
all_roles = get_all_roles()
|
all_roles = get_all_roles()
|
||||||
return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role)
|
return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role, error=error, error_mail=error_mail)
|
||||||
|
|
||||||
@settings.route("/settings/create_user_post", methods=['POST'])
|
@settings.route("/settings/create_user_post", methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
|
@ -161,7 +171,7 @@ def create_user_post():
|
||||||
|
|
||||||
all_roles = get_all_roles()
|
all_roles = get_all_roles()
|
||||||
|
|
||||||
if email and len(email)< 300 and role:
|
if email and len(email)< 300 and check_email(email) and role:
|
||||||
if role in all_roles:
|
if role in all_roles:
|
||||||
# password set
|
# password set
|
||||||
if password1 and password2:
|
if password1 and password2:
|
||||||
|
@ -169,9 +179,9 @@ def create_user_post():
|
||||||
if check_password_strength(password1):
|
if check_password_strength(password1):
|
||||||
password = password1
|
password = password1
|
||||||
else:
|
else:
|
||||||
return render_template("create_user.html", all_roles=all_roles)
|
return render_template("create_user.html", all_roles=all_roles, error="Incorrect Password")
|
||||||
else:
|
else:
|
||||||
return render_template("create_user.html", all_roles=all_roles)
|
return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match")
|
||||||
# generate password
|
# generate password
|
||||||
else:
|
else:
|
||||||
password = secrets.token_urlsafe()
|
password = secrets.token_urlsafe()
|
||||||
|
@ -193,7 +203,7 @@ def create_user_post():
|
||||||
else:
|
else:
|
||||||
return render_template("create_user.html", all_roles=all_roles)
|
return render_template("create_user.html", all_roles=all_roles)
|
||||||
else:
|
else:
|
||||||
return render_template("create_user.html", all_roles=all_roles)
|
return render_template("create_user.html", all_roles=all_roles, error_mail=True)
|
||||||
|
|
||||||
@settings.route("/settings/users_list", methods=['GET'])
|
@settings.route("/settings/users_list", methods=['GET'])
|
||||||
@login_required
|
@login_required
|
||||||
|
|
|
@ -33,7 +33,12 @@
|
||||||
|
|
||||||
<h1 class="h3 mt-1 mb-3 text-center text-secondary">Create User</h1>
|
<h1 class="h3 mt-1 mb-3 text-center text-secondary">Create User</h1>
|
||||||
<label for="inputEmail" class="sr-only">Email address</label>
|
<label for="inputEmail" class="sr-only">Email address</label>
|
||||||
<input type="email" id="inputEmail" name="username" class="form-control" placeholder="Email address" autocomplete="off" required {% if user_id %}value="{{user_id}}"{% else %}{% endif %}>
|
<input type="email" id="inputEmail" name="username" class="form-control {% if error_mail %}is-invalid{% endif %}" placeholder="Email address" autocomplete="off" required {% if user_id %}value="{{user_id}}"{% else %}{% endif %}>
|
||||||
|
{% if error_mail %}
|
||||||
|
<div class="invalid-feedback">
|
||||||
|
Please provide a valid email address
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
<label class="mt-3" for="role_selector">User Role</label>
|
<label class="mt-3" for="role_selector">User Role</label>
|
||||||
<select class="custom-select" id="role_selector" name="user_role">
|
<select class="custom-select" id="role_selector" name="user_role">
|
||||||
|
@ -54,9 +59,14 @@
|
||||||
<div id="password-section">
|
<div id="password-section">
|
||||||
<h1 class="h3 mb-3 text-center text-secondary">Create Password</h1>
|
<h1 class="h3 mb-3 text-center text-secondary">Create Password</h1>
|
||||||
<label for="inputPassword1" class="sr-only">Password</label>
|
<label for="inputPassword1" class="sr-only">Password</label>
|
||||||
<input type="password" id="inputPassword1" name="password1" class="form-control" placeholder="Password" autocomplete="new-password">
|
<input type="password" id="inputPassword1" name="password1" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Password" autocomplete="new-password">
|
||||||
<label for="inputPassword2" class="sr-only">Confirm Password</label>
|
<label for="inputPassword2" class="sr-only">Confirm Password</label>
|
||||||
<input type="password" id="inputPassword2" name="password2" class="form-control" placeholder="Confirm Password" value="" autocomplete="new-password">
|
<input type="password" id="inputPassword2" name="password2" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Confirm Password" value="" autocomplete="new-password">
|
||||||
|
{% if error %}
|
||||||
|
<div class="invalid-feedback">
|
||||||
|
{{error}}
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<button class="btn btn-lg btn-primary btn-block mt-3" type="submit">Submit</button>
|
<button class="btn btn-lg btn-primary btn-block mt-3" type="submit">Submit</button>
|
||||||
|
@ -104,6 +114,10 @@ $(document).ready(function(){
|
||||||
$("#password-section-info").hide();
|
$("#password-section-info").hide();
|
||||||
$("#nav_create_user").addClass("active");
|
$("#nav_create_user").addClass("active");
|
||||||
$("#nav_user_management").removeClass("text-muted");
|
$("#nav_user_management").removeClass("text-muted");
|
||||||
|
|
||||||
|
{% if error %}
|
||||||
|
toggle_password_fields();
|
||||||
|
{% endif %}
|
||||||
} );
|
} );
|
||||||
|
|
||||||
function toggle_password_fields() {
|
function toggle_password_fields() {
|
||||||
|
|
|
@ -65,9 +65,14 @@
|
||||||
<img class="mb-4" src="{{ url_for('static', filename='image/logo-small.png')}}" width="300">
|
<img class="mb-4" src="{{ url_for('static', filename='image/logo-small.png')}}" width="300">
|
||||||
<h1 class="h3 mb-3 text-secondary">Change Password</h1>
|
<h1 class="h3 mb-3 text-secondary">Change Password</h1>
|
||||||
<label for="inputPassword1" class="sr-only">Password</label>
|
<label for="inputPassword1" class="sr-only">Password</label>
|
||||||
<input type="password" id="inputPassword1" name="password1" class="form-control" placeholder="Password" autocomplete="new-password" required autofocus>
|
<input type="password" id="inputPassword1" name="password1" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Password" autocomplete="new-password" required autofocus>
|
||||||
<label for="inputPassword2" class="sr-only">Confirm Password</label>
|
<label for="inputPassword2" class="sr-only">Confirm Password</label>
|
||||||
<input type="password" id="inputPassword2" name="password2" class="form-control" placeholder="Confirm Password" value="" autocomplete="new-password" required>
|
<input type="password" id="inputPassword2" name="password2" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Confirm Password" value="" autocomplete="new-password" required>
|
||||||
|
{% if error %}
|
||||||
|
<div class="invalid-feedback">
|
||||||
|
{{error}}
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button>
|
<button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button>
|
||||||
|
|
||||||
<br>
|
<br>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
<html>
|
<html>
|
||||||
|
|
||||||
<head>
|
<head>
|
||||||
<title>403 - AIL</title>
|
<title>404 - AIL</title>
|
||||||
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
|
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
|
||||||
|
|
||||||
<!-- Core CSS -->
|
<!-- Core CSS -->
|
||||||
|
|
Loading…
Reference in New Issue