55 lines
2.0 KiB
Python
55 lines
2.0 KiB
Python
from flask import Blueprint, render_template, request, redirect, url_for, flash
|
|
from flask_login import login_user, logout_user, login_required, current_user
|
|
from werkzeug.security import check_password_hash
|
|
from ldap_utils import authenticate_ldap_user
|
|
from models import User, db
|
|
from datetime import datetime
|
|
from werkzeug.security import check_password_hash
|
|
from ldap_utils import authenticate_ldap_user, generate_password_hash
|
|
|
|
auth_bp = Blueprint('auth', __name__)
|
|
|
|
@auth_bp.route('/login', methods=['GET', 'POST'])
|
|
def login():
|
|
if current_user.is_authenticated:
|
|
return redirect(url_for('temp_spec.spec_list'))
|
|
|
|
if request.method == 'POST':
|
|
username = request.form['username']
|
|
password = request.form['password']
|
|
|
|
# Step 1: Authenticate against LDAP
|
|
user_info = authenticate_ldap_user(username, password)
|
|
|
|
if user_info:
|
|
# Step 2: User authenticated successfully, find or create local user
|
|
local_user = User.query.filter_by(username=user_info['username']).first()
|
|
|
|
if not local_user:
|
|
# Create a new user in the local database
|
|
local_user = User(
|
|
username=user_info['username'],
|
|
# password_hash is no longer needed for login, can be empty or random
|
|
password_hash='ldap_authenticated',
|
|
role='viewer' # Default role for new users
|
|
)
|
|
db.session.add(local_user)
|
|
|
|
# Update last_login time
|
|
local_user.last_login = datetime.now()
|
|
db.session.commit()
|
|
|
|
# Step 3: Log in the user with Flask-Login
|
|
login_user(local_user)
|
|
return redirect(url_for('temp_spec.spec_list'))
|
|
else:
|
|
flash('帳號或密碼錯誤,請重新輸入', 'danger')
|
|
|
|
return render_template('login.html')
|
|
|
|
@auth_bp.route('/logout')
|
|
@login_required
|
|
def logout():
|
|
logout_user()
|
|
return redirect(url_for('auth.login'))
|