mirror of
https://github.com/simple-login/app.git
synced 2024-09-27 20:31:30 +02:00
Allow to login with proton to enter sudo mode (#1141)
* Allow to login with proton to enter sudo mode * Updated wording * lint * Only enabled if the user has the account linked * Add exit-sudo route for tests Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
046748c443
commit
c2bb6488e4
@ -1,5 +1,6 @@
|
|||||||
import json
|
import json
|
||||||
import secrets
|
import secrets
|
||||||
|
from time import time
|
||||||
|
|
||||||
import webauthn
|
import webauthn
|
||||||
from flask import (
|
from flask import (
|
||||||
@ -107,6 +108,7 @@ def fido():
|
|||||||
Session.commit()
|
Session.commit()
|
||||||
del session[MFA_USER_ID]
|
del session[MFA_USER_ID]
|
||||||
|
|
||||||
|
session["sudo_time"] = int(time())
|
||||||
login_user(user)
|
login_user(user)
|
||||||
flash(f"Welcome back!", "success")
|
flash(f"Welcome back!", "success")
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
from time import time
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
from flask import session, redirect, url_for, request
|
from flask import session, redirect, url_for, request
|
||||||
@ -31,6 +32,7 @@ def after_login(user, next_url):
|
|||||||
else:
|
else:
|
||||||
LOG.d("log user %s in", user)
|
LOG.d("log user %s in", user)
|
||||||
login_user(user)
|
login_user(user)
|
||||||
|
session["sudo_time"] = int(time())
|
||||||
|
|
||||||
# User comes to login page from another page
|
# User comes to login page from another page
|
||||||
if next_url:
|
if next_url:
|
||||||
|
@ -8,6 +8,8 @@ from wtforms import PasswordField, validators
|
|||||||
|
|
||||||
from app.dashboard.base import dashboard_bp
|
from app.dashboard.base import dashboard_bp
|
||||||
from app.log import LOG
|
from app.log import LOG
|
||||||
|
from app.models import PartnerUser
|
||||||
|
from app.proton.utils import is_connect_with_proton_enabled, get_proton_partner
|
||||||
from app.utils import sanitize_next_url
|
from app.utils import sanitize_next_url
|
||||||
|
|
||||||
_SUDO_GAP = 900
|
_SUDO_GAP = 900
|
||||||
@ -39,8 +41,18 @@ def enter_sudo():
|
|||||||
else:
|
else:
|
||||||
flash("Incorrect password", "warning")
|
flash("Incorrect password", "warning")
|
||||||
|
|
||||||
|
proton_enabled = is_connect_with_proton_enabled()
|
||||||
|
if proton_enabled:
|
||||||
|
# Only for users that have the account linked
|
||||||
|
partner_user = PartnerUser.get_by(user_id=current_user.id)
|
||||||
|
if not partner_user or partner_user.partner_id != get_proton_partner().id:
|
||||||
|
proton_enabled = False
|
||||||
|
|
||||||
return render_template(
|
return render_template(
|
||||||
"dashboard/enter_sudo.html", password_check_form=password_check_form
|
"dashboard/enter_sudo.html",
|
||||||
|
password_check_form=password_check_form,
|
||||||
|
next=request.args.get("next"),
|
||||||
|
connect_with_proton=proton_enabled,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -1 +1,2 @@
|
|||||||
from .integrations import set_enable_proton_cookie
|
from .integrations import set_enable_proton_cookie
|
||||||
|
from .exit_sudo import exit_sudo_mode
|
||||||
|
10
app/internal/exit_sudo.py
Normal file
10
app/internal/exit_sudo.py
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
from flask import session, redirect, url_for, flash
|
||||||
|
|
||||||
|
from app.internal.base import internal_bp
|
||||||
|
|
||||||
|
|
||||||
|
@internal_bp.route("/exit-sudo-mode")
|
||||||
|
def exit_sudo_mode():
|
||||||
|
session["sudo_time"] = 0
|
||||||
|
flash("Exited sudo mode", "info")
|
||||||
|
return redirect(url_for("dashboard.index"))
|
@ -16,6 +16,19 @@
|
|||||||
{{ render_field_errors(password_check_form.password) }}
|
{{ render_field_errors(password_check_form.password) }}
|
||||||
<button class="btn btn-lg btn-danger mt-2">Submit</button>
|
<button class="btn btn-lg btn-danger mt-2">Submit</button>
|
||||||
</form>
|
</form>
|
||||||
|
{% if connect_with_proton %}
|
||||||
|
|
||||||
|
<div class="my-3">
|
||||||
|
<p>
|
||||||
|
Alternatively you can use your Proton credentials to ensure it's you.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
<a class="btn btn-primary btn-block mt-2 proton-button w-25"
|
||||||
|
href="{{ url_for("auth.proton_login", next=next) }}">
|
||||||
|
<img class="mr-2" src="/static/images/proton.svg" />
|
||||||
|
Authenticate with Proton
|
||||||
|
</a>
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
Loading…
Reference in New Issue
Block a user