Ensures that in-active users are not allowed to login. (#618)

This commit is contained in:
kevgliss 2016-12-19 22:58:57 -08:00 committed by GitHub
parent c7fdb2acd7
commit 2f5f82d797
4 changed files with 30 additions and 4 deletions

View File

@ -68,7 +68,7 @@ def create_token(user):
def login_required(f): def login_required(f):
""" """
Validates the JWT and ensures that is has not expired. Validates the JWT and ensures that is has not expired and the user is still active.
:param f: :param f:
:return: :return:
@ -94,7 +94,12 @@ def login_required(f):
except jwt.InvalidTokenError: except jwt.InvalidTokenError:
return dict(message='Token is invalid'), 403 return dict(message='Token is invalid'), 403
g.current_user = user_service.get(payload['sub']) user = user_service.get(payload['sub'])
if not user.active:
return dict(message='User is not currently active'), 403
g.current_user = user
if not g.current_user: if not g.current_user:
return dict(message='You are not logged in'), 403 return dict(message='You are not logged in'), 403

View File

@ -93,7 +93,7 @@ class Login(Resource):
else: else:
user = user_service.get_by_username(args['username']) user = user_service.get_by_username(args['username'])
if user and user.check_password(args['password']): if user and user.check_password(args['password']) and user.active:
# Tell Flask-Principal the identity changed # Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(), identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id)) identity=Identity(user.id))
@ -194,6 +194,7 @@ class Ping(Resource):
roles.append(role) roles.append(role)
role = role_service.get_by_name(profile['email']) role = role_service.get_by_name(profile['email'])
if not role: if not role:
role = role_service.create(profile['email'], description='This is a user specific role') role = role_service.create(profile['email'], description='This is a user specific role')
roles.append(role) roles.append(role)
@ -231,9 +232,14 @@ class Ping(Resource):
roles roles
) )
if not user.active:
metrics.send('invalid_login', 'counter', 1)
return dict(message='The supplied credentials are invalid'), 403
# Tell Flask-Principal the identity changed # Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
metrics.send('successful_login', 'counter', 1)
return dict(token=create_token(user)) return dict(token=create_token(user))
@ -272,10 +278,16 @@ class Google(Resource):
user = user_service.get_by_email(profile['email']) user = user_service.get_by_email(profile['email'])
if not user.active:
metrics.send('invalid_login', 'counter', 1)
return dict(message='The supplied credentials are invalid.'), 401
if user: if user:
metrics.send('successful_login', 'counter', 1) metrics.send('successful_login', 'counter', 1)
return dict(token=create_token(user)) return dict(token=create_token(user))
metrics.send('invalid_login', 'counter', 1)
class Providers(Resource): class Providers(Resource):
def get(self): def get(self):

View File

@ -105,6 +105,15 @@
RestangularConfigurer.setBaseUrl('http://localhost:8000/api/1'); RestangularConfigurer.setBaseUrl('http://localhost:8000/api/1');
RestangularConfigurer.setDefaultHttpFields({withCredentials: true}); RestangularConfigurer.setDefaultHttpFields({withCredentials: true});
// handle situation where our token has become invalid.
RestangularConfigurer.setErrorInterceptor(function (response) {
if (response.status === 403) {
$auth.logout();
$location.path('/login');
return false;
}
});
RestangularConfigurer.addResponseInterceptor(function (data, operation) { RestangularConfigurer.addResponseInterceptor(function (data, operation) {
var extractedData; var extractedData;

View File

@ -27,7 +27,7 @@
<td data-title="'Active'" sortable="'active'"> <td data-title="'Active'" sortable="'active'">
<i class="glyphicon glyphicon-ok" ng-show="certificate.san == 'true'"></i> <i class="glyphicon glyphicon-ok" ng-show="certificate.san == 'true'"></i>
<i class="glyphicon glyphicon-remove" ng-show="certificate.san == 'false'"></i> <i class="glyphicon glyphicon-remove" ng-show="certificate.san == 'false'"></i>
<i ng-show="user.active" class="glyphicon glyphicon-ok"></i><i ng-show="!user.active" class="glyphicon gplyphinco-remove"></i> <i ng-show="user.active" class="glyphicon glyphicon-ok"></i><i ng-show="!user.active" class="glyphicon glyphicon-remove"></i>
</td> </td>
<td data-title="''"> <td data-title="''">
<div class="btn-group-vertical pull-right"> <div class="btn-group-vertical pull-right">