()
| 16 | @routes.route('/api/user/login/magic/start', methods = ['POST']) |
| 17 | @limiter.limit("10 per day") |
| 18 | def start_magic_login_api(): |
| 19 | with sessionMaker.session_scope() as session: |
| 20 | |
| 21 | log = {} |
| 22 | log['success'] = False |
| 23 | log['error'] = {} |
| 24 | |
| 25 | data = request.get_json(force = True) # Force = true if not set as application/json' |
| 26 | |
| 27 | user_email_proposed = data.get('email', None) |
| 28 | if user_email_proposed is None or len(user_email_proposed) == 0: |
| 29 | log['error']['email'] = "No email provided" |
| 30 | return jsonify(log = log), 400 |
| 31 | if settings.USE_OAUTH2: |
| 32 | log['error']['OAUTH2'] = 'OAUTH2 Login is enabled. Cannot use magic link login. Please use SSO or contact your admin.' |
| 33 | return jsonify(log=log), 400 |
| 34 | |
| 35 | user_email_proposed = user_email_proposed.lower() |
| 36 | user = session.query(User).filter_by(email = user_email_proposed).first() |
| 37 | |
| 38 | if user is None: |
| 39 | log['error']['email'] = "Invalid email" |
| 40 | return jsonify(log = log), 400 |
| 41 | |
| 42 | # QUESTION do we want to have this here? or as a decorator? |
| 43 | if user.security_disable_global is True: |
| 44 | log['error']['email'] = "Please contact us to unlock account." |
| 45 | return jsonify(log = log), 400 |
| 46 | |
| 47 | if user.password_attempt_count >= settings.MAX_PASSWORD_ATTEMPTS_BEFORE_LOCKOUT: |
| 48 | log['error']['email'] = "Please contact us to unlock account. (Too many attempts.)" |
| 49 | return jsonify(log = log), 400 |
| 50 | |
| 51 | ### MAIN |
| 52 | auth_result, message, auth = auth_code.new( |
| 53 | session = session, |
| 54 | user = user, |
| 55 | email_sent_to = user.email, |
| 56 | auth_code_type = "magic_login") |
| 57 | ### |
| 58 | # TODO use message var? |
| 59 | if auth_result is False: |
| 60 | log['error']['magic'] = "Existing attempt, check your email" |
| 61 | return jsonify(log = log), 400 |
| 62 | |
| 63 | ### SUCCESS |
| 64 | session.add(user) |
| 65 | user.password_attempt_count += 1 |
| 66 | |
| 67 | email_result = send_magic_login_email(auth = auth) |
| 68 | |
| 69 | log['success'] = True |
| 70 | #### |
| 71 | |
| 72 | return jsonify(log = log), 200 |
| 73 | |
| 74 | |
| 75 | def send_magic_login_email(auth): |
nothing calls this directly
no test coverage detected