85 lines
2.7 KiB
Python
85 lines
2.7 KiB
Python
|
from flask import request, flash, make_response, redirect, url_for, abort
|
|||
|
from flask_login import current_user, login_user, logout_user, login_required
|
|||
|
from itsdangerous import Serializer
|
|||
|
from itsdangerous.exc import BadSignature
|
|||
|
from app import app
|
|||
|
from app.utils.render import render
|
|||
|
from app.utils.login_as import is_vandal
|
|||
|
from app.models.user import Member
|
|||
|
from app.forms.login_as import LoginAsForm
|
|||
|
|
|||
|
|
|||
|
@app.route("/admin/vandalisme", methods=['GET', 'POST'])
|
|||
|
@login_required
|
|||
|
def adm_login_as():
|
|||
|
""" Show a basic form and login as arbitrary user when asked """
|
|||
|
|
|||
|
# Basic permission
|
|||
|
if (not current_user.priv("misc.arbitrary-login") and
|
|||
|
not current_user.priv("misc.community-login")):
|
|||
|
abort(403)
|
|||
|
if is_vandal():
|
|||
|
flash("Vous êtes déjà authentifié", "error")
|
|||
|
return redirect(url_for('index'))
|
|||
|
|
|||
|
# Handle form
|
|||
|
form = LoginAsForm()
|
|||
|
if form.validate_on_submit():
|
|||
|
user = Member.query.filter_by(name=form.username.data).first()
|
|||
|
if user is None:
|
|||
|
flash("Utilisateur invalide", "error")
|
|||
|
return render('admin/login_as.html', form=form)
|
|||
|
|
|||
|
# Apply for community login
|
|||
|
is_community = True # TODO: check if user is community
|
|||
|
if not is_community and not user.priv("misc.arbitrary-login"):
|
|||
|
abort(403)
|
|||
|
|
|||
|
# Create a safe token to flee when needed
|
|||
|
s = Serializer(app.config["SECRET_KEY"])
|
|||
|
vandal_token = s.dumps(current_user.id)
|
|||
|
|
|||
|
# Login and display some messages
|
|||
|
login_user(user)
|
|||
|
if user.name == "GLaDOS":
|
|||
|
flash("Vous espérez quoi exactement ? Survivre ? "
|
|||
|
"Dans ce cas, évitez de me faire du mal.")
|
|||
|
else:
|
|||
|
flash(f"Connecté en tant que {user.name}")
|
|||
|
|
|||
|
# Return the response
|
|||
|
resp = make_response(redirect(url_for('index')))
|
|||
|
resp.set_cookie('vandale', vandal_token)
|
|||
|
return resp
|
|||
|
|
|||
|
# Else return form
|
|||
|
return render('admin/login_as.html', form=form)
|
|||
|
|
|||
|
@app.route("/admin/vandalisme/fuir")
|
|||
|
@login_required
|
|||
|
def adm_logout_as():
|
|||
|
""" Log out as a vandalized user, login back as admin """
|
|||
|
s = Serializer(app.config["SECRET_KEY"])
|
|||
|
|
|||
|
vandal_token = request.cookies.get('vandale')
|
|||
|
if vandal_token is None:
|
|||
|
abort(403)
|
|||
|
|
|||
|
try:
|
|||
|
id = s.loads(vandal_token)
|
|||
|
except BadSignature:
|
|||
|
flash("Vous avez vraiment agit de manière stupide.", "error")
|
|||
|
abort(403)
|
|||
|
|
|||
|
user = Member.query.get(id)
|
|||
|
logout_user()
|
|||
|
login_user(user)
|
|||
|
|
|||
|
if request.referrer:
|
|||
|
resp = make_response(redirect(request.referrer))
|
|||
|
else:
|
|||
|
resp = make_response(redirect(url_for('index')))
|
|||
|
|
|||
|
resp.set_cookie('vandale', '', expires=0)
|
|||
|
return resp
|