def post()

in lemur/auth/views.py [0:0]

• 44 lines of code
• 12 McCabe index (conditional complexity)

    def post(self):
        """
        .. http:post:: /auth/login

           Login with username:password

           **Example request**:

           .. sourcecode:: http

              POST /auth/login HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                "username": "test",
                "password": "test"
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                "token": "12343243243"
              }

           :arg username: username
           :arg password: password
           :statuscode 401: invalid credentials
           :statuscode 200: no error
        """
        self.reqparse.add_argument("username", type=str, required=True, location="json")
        self.reqparse.add_argument("password", type=str, required=True, location="json")

        args = self.reqparse.parse_args()

        if self.deny_login(args["username"]):
            return dict(message="The supplied username is not allowed to login with username/password"), 403

        if "@" in args["username"]:
            user = user_service.get_by_email(args["username"])
        else:
            user = user_service.get_by_username(args["username"])

        # default to local authentication
        if user and user.check_password(args["password"]) and user.active:
            # Tell Flask-Principal the identity changed
            identity_changed.send(
                current_app._get_current_object(), identity=Identity(user.id)
            )

            metrics.send(
                "login", "counter", 1, metric_tags={"status": SUCCESS_METRIC_STATUS}
            )
            return dict(token=create_token(user))

        # try ldap login
        if current_app.config.get("LDAP_AUTH"):
            try:
                ldap_principal = ldap.LdapPrincipal(args)
                user = ldap_principal.authenticate()
                if user and user.active:
                    # Tell Flask-Principal the identity changed
                    identity_changed.send(
                        current_app._get_current_object(), identity=Identity(user.id)
                    )
                    metrics.send(
                        "login",
                        "counter",
                        1,
                        metric_tags={"status": SUCCESS_METRIC_STATUS},
                    )
                    return dict(token=create_token(user))
            except Exception as e:
                current_app.logger.error("ldap error: {0}".format(e))
                ldap_message = "ldap error: %s" % e
                metrics.send(
                    "login", "counter", 1, metric_tags={"status": FAILURE_METRIC_STATUS}
                )
                return dict(message=ldap_message), 403

        # if not valid user - no certificates for you
        metrics.send(
            "login", "counter", 1, metric_tags={"status": FAILURE_METRIC_STATUS}
        )
        return dict(message="The supplied credentials are invalid"), 403