mirror of
https://github.com/simple-login/app.git
synced 2024-09-20 15:05:59 +08:00
Allow to login with proton to enter sudo mode (#1141)
* Allow to login with proton to enter sudo mode * Updated wording * lint * Only enabled if the user has the account linked * Add exit-sudo route for tests Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
046748c443
commit
c2bb6488e4
|
@ -1,5 +1,6 @@
|
|||
import json
|
||||
import secrets
|
||||
from time import time
|
||||
|
||||
import webauthn
|
||||
from flask import (
|
||||
|
@ -107,6 +108,7 @@ def fido():
|
|||
Session.commit()
|
||||
del session[MFA_USER_ID]
|
||||
|
||||
session["sudo_time"] = int(time())
|
||||
login_user(user)
|
||||
flash(f"Welcome back!", "success")
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
from time import time
|
||||
from typing import Optional
|
||||
|
||||
from flask import session, redirect, url_for, request
|
||||
|
@ -31,6 +32,7 @@ def after_login(user, next_url):
|
|||
else:
|
||||
LOG.d("log user %s in", user)
|
||||
login_user(user)
|
||||
session["sudo_time"] = int(time())
|
||||
|
||||
# User comes to login page from another page
|
||||
if next_url:
|
||||
|
|
|
@ -8,6 +8,8 @@ from wtforms import PasswordField, validators
|
|||
|
||||
from app.dashboard.base import dashboard_bp
|
||||
from app.log import LOG
|
||||
from app.models import PartnerUser
|
||||
from app.proton.utils import is_connect_with_proton_enabled, get_proton_partner
|
||||
from app.utils import sanitize_next_url
|
||||
|
||||
_SUDO_GAP = 900
|
||||
|
@ -39,8 +41,18 @@ def enter_sudo():
|
|||
else:
|
||||
flash("Incorrect password", "warning")
|
||||
|
||||
proton_enabled = is_connect_with_proton_enabled()
|
||||
if proton_enabled:
|
||||
# Only for users that have the account linked
|
||||
partner_user = PartnerUser.get_by(user_id=current_user.id)
|
||||
if not partner_user or partner_user.partner_id != get_proton_partner().id:
|
||||
proton_enabled = False
|
||||
|
||||
return render_template(
|
||||
"dashboard/enter_sudo.html", password_check_form=password_check_form
|
||||
"dashboard/enter_sudo.html",
|
||||
password_check_form=password_check_form,
|
||||
next=request.args.get("next"),
|
||||
connect_with_proton=proton_enabled,
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
from .integrations import set_enable_proton_cookie
|
||||
from .exit_sudo import exit_sudo_mode
|
||||
|
|
10
app/internal/exit_sudo.py
Normal file
10
app/internal/exit_sudo.py
Normal file
|
@ -0,0 +1,10 @@
|
|||
from flask import session, redirect, url_for, flash
|
||||
|
||||
from app.internal.base import internal_bp
|
||||
|
||||
|
||||
@internal_bp.route("/exit-sudo-mode")
|
||||
def exit_sudo_mode():
|
||||
session["sudo_time"] = 0
|
||||
flash("Exited sudo mode", "info")
|
||||
return redirect(url_for("dashboard.index"))
|
|
@ -16,6 +16,19 @@
|
|||
{{ render_field_errors(password_check_form.password) }}
|
||||
<button class="btn btn-lg btn-danger mt-2">Submit</button>
|
||||
</form>
|
||||
{% if connect_with_proton %}
|
||||
|
||||
<div class="my-3">
|
||||
<p>
|
||||
Alternatively you can use your Proton credentials to ensure it's you.
|
||||
</p>
|
||||
</div>
|
||||
<a class="btn btn-primary btn-block mt-2 proton-button w-25"
|
||||
href="{{ url_for("auth.proton_login", next=next) }}">
|
||||
<img class="mr-2" src="/static/images/proton.svg" />
|
||||
Authenticate with Proton
|
||||
</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in a new issue