from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app from flask_login import login_user, logout_user, login_required, current_user from ldap_utils import authenticate_ldap_user from models import User, db from datetime import datetime import logging auth_bp = Blueprint('auth', __name__) @auth_bp.route('/login', methods=['GET', 'POST']) def login(): if current_user.is_authenticated: return redirect(url_for('temp_spec.spec_list')) if request.method == 'POST': username = request.form['username'].strip() password = request.form['password'] # 記錄登入嘗試 print(f"[DEBUG] 登入嘗試 - 帳號: {username}") current_app.logger.info(f"Login attempt for user: {username}") # 驗證帳號格式 if '@' not in username: print(f"[DEBUG] 帳號格式錯誤 - 缺少 @ 符號: {username}") current_app.logger.warning(f"Invalid username format (missing @): {username}") flash('請使用完整的 AD 帳號格式 (包含 @domain)', 'warning') return render_template('login.html') try: # Step 1: Authenticate against LDAP print(f"[DEBUG] 準備進行 LDAP 驗證: {username}") current_app.logger.info(f"Attempting LDAP authentication for: {username}") user_info = authenticate_ldap_user(username, password) print(f"[DEBUG] LDAP 驗證結果: {user_info}") if user_info: print(f"[DEBUG] LDAP 驗證成功: {username}") current_app.logger.info(f"LDAP authentication successful for: {username}") # Step 2: User authenticated successfully, find or create local user local_user = User.query.filter_by(username=user_info['username']).first() if not local_user: print(f"[DEBUG] 建立新的本地使用者帳號: {user_info['username']}") current_app.logger.info(f"Creating new local user account: {user_info['username']}") # Create a new user in the local database # 預設權限為 viewer,特殊帳號設為 admin default_role = 'viewer' # 預設權限 # 特殊處理:設定特定帳號為管理員權限 if user_info['username'].lower() == 'ymirliu@panjit.com.tw': default_role = 'admin' print(f"[DEBUG] 特殊帳號:{user_info['username']} 設定為管理員權限") local_user = User( username=user_info['username'], # password_hash is no longer needed for login, can be empty or random password_hash='ldap_authenticated', role=default_role ) db.session.add(local_user) print(f"[DEBUG] 新使用者建立完成,權限: {default_role}") current_app.logger.info(f"New user created with role: {default_role}") else: print(f"[DEBUG] 找到現有使用者: {user_info['username']}") current_app.logger.info(f"Existing user found: {user_info['username']}") # Update last_login time local_user.last_login = datetime.now() db.session.commit() # Step 3: Log in the user with Flask-Login login_user(local_user) print(f"[DEBUG] 使用者登入成功: {username}") current_app.logger.info(f"User successfully logged in: {username}") return redirect(url_for('temp_spec.spec_list')) else: # LDAP 驗證失敗 print(f"[DEBUG] LDAP 驗證失敗: {username}") current_app.logger.warning(f"LDAP authentication failed for: {username}") flash('AD帳號或密碼錯誤,請檢查後重新輸入', 'danger') except Exception as e: # 系統錯誤 print(f"[DEBUG] 系統錯誤: {str(e)}") current_app.logger.error(f"Login system error for user {username}: {str(e)}") flash('系統登入發生錯誤,請稍後再試或聯繫系統管理員', 'danger') return render_template('login.html') @auth_bp.route('/logout') @login_required def logout(): logout_user() return redirect(url_for('auth.login'))