pgadmin4/web/pgadmin/authenticate/__init__.py

##########################################################################
#
# pgAdmin 4 - PostgreSQL Tools
#
# Copyright (C) 2013 - 2021, The pgAdmin Development Team
# This software is released under the PostgreSQL Licence
#
##########################################################################

"""A blueprint module implementing the Authentication."""

import config
import copy

from flask import current_app, flash, Response, request, url_for, \
    session, redirect
from flask_babelex import gettext
from flask_security.views import _security
from flask_security.utils import get_post_logout_redirect, \
    get_post_login_redirect, logout_user

from pgadmin import db, User
from pgadmin.utils import PgAdminModule
from pgadmin.utils.constants import KERBEROS, INTERNAL, OAUTH2, LDAP
from pgadmin.authenticate.registry import AuthSourceRegistry

MODULE_NAME = 'authenticate'
auth_obj = None


class AuthenticateModule(PgAdminModule):
    def get_exposed_url_endpoints(self):
        return ['authenticate.login']


blueprint = AuthenticateModule(MODULE_NAME, __name__, static_url_path='')


@blueprint.route('/login', endpoint='login', methods=['GET', 'POST'])
def login():
    """
    Entry point for all the authentication sources.
    The user input will be validated and authenticated.
    """
    form = _security.login_form()

    auth_obj = AuthSourceManager(form, copy.deepcopy(
        config.AUTHENTICATION_SOURCES))
    if OAUTH2 in config.AUTHENTICATION_SOURCES \
            and 'oauth2_button' in request.form:
        session['auth_obj'] = auth_obj

    session['auth_source_manager'] = None

    username = form.data['email']
    user = User.query.filter_by(username=username,
                                auth_source=INTERNAL).first()

    if user:
        if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
            user.locked = True
        else:
            user.locked = False
        db.session.commit()

        if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
            flash(gettext('Your account is locked. Please contact the '
                          'Administrator.'),
                  'warning')
            logout_user()
            return redirect(get_post_logout_redirect())

    # Validate the user
    if not auth_obj.validate():
        for field in form.errors:
            flash_login_attempt_error = None
            if user and field in config.LOGIN_ATTEMPT_FIELDS:
                if config.MAX_LOGIN_ATTEMPTS > 0:
                    user.login_attempts += 1
                    left_attempts = \
                        config.MAX_LOGIN_ATTEMPTS - user.login_attempts
                    if left_attempts > 1:
                        flash_login_attempt_error = \
                            gettext('{0} more attempts remaining.'.
                                    format(left_attempts))
                    else:
                        flash_login_attempt_error = \
                            gettext('{0} more attempt remaining.'.
                                    format(left_attempts))
                db.session.commit()
            for error in form.errors[field]:
                if flash_login_attempt_error:
                    error = error + flash_login_attempt_error
                    flash_login_attempt_error = None
                flash(error, 'warning')

        return redirect(get_post_logout_redirect())

    # Authenticate the user
    status, msg = auth_obj.authenticate()
    if status:
        # Login the user
        status, msg = auth_obj.login()
        current_auth_obj = auth_obj.as_dict()

        if not status:
            if current_auth_obj['current_source'] == \
                    KERBEROS:
                return redirect('{0}?next={1}'.format(url_for(
                    'authenticate.kerberos_login'), url_for('browser.index')))

            flash(msg, 'danger')
            return redirect(get_post_logout_redirect())

        session['auth_source_manager'] = current_auth_obj

        if user:
            user.login_attempts = 0
        db.session.commit()

        if 'auth_obj' in session:
            session.pop('auth_obj')
        return redirect(get_post_login_redirect())

    elif isinstance(msg, Response):
        return msg
    elif 'oauth2_button' in request.form and not isinstance(msg, str):
        return msg
    if 'auth_obj' in session:
        session.pop('auth_obj')
    flash(msg, 'danger')
    response = redirect(get_post_logout_redirect())
    return response


class AuthSourceManager:
    """This class will manage all the authentication sources.
     """

    def __init__(self, form, sources):
        self.form = form
        self.auth_sources = sources
        self.source = None
        self.source_friendly_name = INTERNAL
        self.current_source = INTERNAL
        self.update_auth_sources()

    def as_dict(self):
        """
        Returns the dictionary object representing this object.
        """

        res = dict()
        res['source_friendly_name'] = self.source_friendly_name
        res['auth_sources'] = self.auth_sources
        res['current_source'] = self.current_source

        return res

    def update_auth_sources(self):
        for auth_src in [KERBEROS, OAUTH2]:
            if auth_src in self.auth_sources:
                if 'internal_button' in request.form:
                    self.auth_sources.remove(auth_src)
                else:
                    if INTERNAL in self.auth_sources:
                        self.auth_sources.remove(INTERNAL)
                    if LDAP in self.auth_sources:
                        self.auth_sources.remove(LDAP)

    def set_current_source(self, source):
        self.current_source = source

    @property
    def get_current_source(self):
        return self.current_source

    def set_source(self, source):
        self.source = source

    @property
    def get_source(self):
        return self.source

    def set_source_friendly_name(self, name):
        self.source_friendly_name = name

    @property
    def get_source_friendly_name(self):
        return self.source_friendly_name

    def validate(self):
        """Validate through all the sources."""
        for src in self.auth_sources:
            source = get_auth_sources(src)
            if source.validate(self.form):
                return True
        return False

    def authenticate(self):
        """Authenticate through all the sources."""
        status = False
        msg = None
        for src in self.auth_sources:
            source = get_auth_sources(src)
            self.set_source(source)
            current_app.logger.debug(
                "Authentication initiated via source: %s" %
                source.get_source_name())

            status, msg = source.authenticate(self.form)

            if status:
                self.set_current_source(source.get_source_name())
                if msg is not None and 'username' in msg:
                    self.form._fields['email'].data = msg['username']
                return status, msg

        return status, msg

    def login(self):
        status, msg = self.source.login(self.form)
        if status:
            self.set_source_friendly_name(self.source.get_friendly_name())
            current_app.logger.debug(
                "Authentication and Login successfully done via source : %s" %
                self.source.get_source_name())

            # Set the login, logout view as per source  if available
            current_app.login_manager.login_view = getattr(
                self.source, 'LOGIN_VIEW', 'security.login')
            current_app.login_manager.logout_view = getattr(
                self.source, 'LOGOUT_VIEW', 'security.logout')

        return status, msg


def get_auth_sources(type):
    """Get the authenticated source object from the registry"""

    auth_sources = getattr(current_app, '_pgadmin_auth_sources', None)

    if auth_sources is None or not isinstance(auth_sources, dict):
        auth_sources = dict()

    if type in auth_sources:
        return auth_sources[type]

    auth_source = AuthSourceRegistry.get(type)

    if auth_source is not None:
        auth_sources[type] = auth_source
        setattr(current_app, '_pgadmin_auth_sources', auth_sources)

    return auth_source


def init_app(app):
    auth_sources = dict()

    setattr(app, '_pgadmin_auth_sources', auth_sources)
    AuthSourceRegistry.load_modules(app)

    return auth_sources
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`##########################################################################`
			`#`
			`# pgAdmin 4 - PostgreSQL Tools`
			`#`
Update copyright notices for 2021 2021-01-04 04:04:45 -06:00			`# Copyright (C) 2013 - 2021, The pgAdmin Development Team`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`# This software is released under the PostgreSQL Licence`
			`#`
			`##########################################################################`

			`"""A blueprint module implementing the Authentication."""`

Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`import config`
			`import copy`

Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00			`from flask import current_app, flash, Response, request, url_for, \`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`session, redirect`
Added support to connect PostgreSQL servers via Kerberos authentication. Fixes #6158 2021-05-03 05:40:45 -05:00			`from flask_babelex import gettext`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`from flask_security.views import _security`
			`from flask_security.utils import get_post_logout_redirect, \`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00			`get_post_login_redirect, logout_user`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00			`from pgadmin import db, User`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`from pgadmin.utils import PgAdminModule`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`from pgadmin.utils.constants import KERBEROS, INTERNAL, OAUTH2, LDAP`
			`from pgadmin.authenticate.registry import AuthSourceRegistry`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`MODULE_NAME = 'authenticate'`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`auth_obj = None`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00

			`class AuthenticateModule(PgAdminModule):`
			`def get_exposed_url_endpoints(self):`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`return ['authenticate.login']`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00

			`blueprint = AuthenticateModule(MODULE_NAME, __name__, static_url_path='')`


			`@blueprint.route('/login', endpoint='login', methods=['GET', 'POST'])`
			`def login():`
			`"""`
			`Entry point for all the authentication sources.`
			`The user input will be validated and authenticated.`
			`"""`
			`form = _security.login_form()`

Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`auth_obj = AuthSourceManager(form, copy.deepcopy(`
			`config.AUTHENTICATION_SOURCES))`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00			`if OAUTH2 in config.AUTHENTICATION_SOURCES \`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`and 'oauth2_button' in request.form:`
			`session['auth_obj'] = auth_obj`

			`session['auth_source_manager'] = None`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00
			`username = form.data['email']`
Fixed an issue where even if the user is locked, he can reset the password and can login into pgAdmin. Fixes #6664 2021-08-09 03:54:26 -05:00			`user = User.query.filter_by(username=username,`
			`auth_source=INTERNAL).first()`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00
			`if user:`
			`if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:`
			`user.locked = True`
			`else:`
			`user.locked = False`
			`db.session.commit()`

			`if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:`
			`flash(gettext('Your account is locked. Please contact the '`
			`'Administrator.'),`
			`'warning')`
			`logout_user()`
			`return redirect(get_post_logout_redirect())`

Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`# Validate the user`
			`if not auth_obj.validate():`
			`for field in form.errors:`
1) Flash warning message of N no of attempts left for the unsuccessful login attempt. 2) Updated some strings in the Preferences for the "Maximum column width" option. 2021-08-03 06:36:06 -05:00			`flash_login_attempt_error = None`
1. Unverified email id is getting locked. 2. Admin should be able to lock the user, as currently it only unlocks it via user management dialog. 3. There were some indefinite login page loading issues when trying to log in with invalid password, where it should redirect to the login page again instead. refs #6337 (Initial patch by Khushboo Vashi) 2021-08-09 10:25:06 -05:00			`if user and field in config.LOGIN_ATTEMPT_FIELDS:`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00			`if config.MAX_LOGIN_ATTEMPTS > 0:`
			`user.login_attempts += 1`
1) Flash warning message of N no of attempts left for the unsuccessful login attempt. 2) Updated some strings in the Preferences for the "Maximum column width" option. 2021-08-03 06:36:06 -05:00			`left_attempts = \`
			`config.MAX_LOGIN_ATTEMPTS - user.login_attempts`
Fixed an issue where columns with sequences get altered unnecessarily with a schema diff tool. Fixes #6564 2021-08-18 09:03:01 -05:00			`if left_attempts > 1:`
			`flash_login_attempt_error = \`
			`gettext('{0} more attempts remaining.'.`
			`format(left_attempts))`
			`else:`
			`flash_login_attempt_error = \`
			`gettext('{0} more attempt remaining.'.`
			`format(left_attempts))`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00			`db.session.commit()`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`for error in form.errors[field]:`
Fixed an issue where columns with sequences get altered unnecessarily with a schema diff tool. Fixes #6564 2021-08-18 09:03:01 -05:00			`if flash_login_attempt_error:`
			`error = error + flash_login_attempt_error`
			`flash_login_attempt_error = None`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`flash(error, 'warning')`
1) Flash warning message of N no of attempts left for the unsuccessful login attempt. 2) Updated some strings in the Preferences for the "Maximum column width" option. 2021-08-03 06:36:06 -05:00
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`return redirect(get_post_logout_redirect())`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00
			`# Authenticate the user`
			`status, msg = auth_obj.authenticate()`
			`if status:`
			`# Login the user`
			`status, msg = auth_obj.login()`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`current_auth_obj = auth_obj.as_dict()`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`if not status:`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00			`if current_auth_obj['current_source'] == \`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`KERBEROS:`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`return redirect('{0}?next={1}'.format(url_for(`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`'authenticate.kerberos_login'), url_for('browser.index')))`

Ensure that the strings in the LDAP auth module are translatable. Fixes #6274 2021-04-08 07:45:34 -05:00			`flash(msg, 'danger')`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`return redirect(get_post_logout_redirect())`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`session['auth_source_manager'] = current_auth_obj`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00
Fixed an issue where even if the user is locked, he can reset the password and can login into pgAdmin. Fixes #6664 2021-08-09 03:54:26 -05:00			`if user:`
			`user.login_attempts = 0`
Ensure that the login account should be locked after N number of attempts. N is configurable using the 'MAX_LOGIN_ATTEMPTS' parameter. Fixes #6337 2021-07-22 01:54:43 -05:00			`db.session.commit()`

Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`if 'auth_obj' in session:`
Fixed an issue where the user unable to login with OAuth2 when LDAP & OAuth2 configured as login sources. Fixes #6594 2021-07-09 11:20:50 -05:00			`session.pop('auth_obj')`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`return redirect(get_post_login_redirect())`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`elif isinstance(msg, Response):`
			`return msg`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`elif 'oauth2_button' in request.form and not isinstance(msg, str):`
			`return msg`
Fixed an issue where the user unable to login with OAuth2 when LDAP & OAuth2 configured as login sources. Fixes #6594 2021-07-09 11:20:50 -05:00			`if 'auth_obj' in session:`
			`session.pop('auth_obj')`
Ensure that the strings in the LDAP auth module are translatable. Fixes #6274 2021-04-08 07:45:34 -05:00			`flash(msg, 'danger')`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`response = redirect(get_post_logout_redirect())`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`return response`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00

Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`class AuthSourceManager:`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`"""This class will manage all the authentication sources.`
			`"""`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`def __init__(self, form, sources):`
			`self.form = form`
			`self.auth_sources = sources`
			`self.source = None`
Fixed an issue where pgAdmin does not open after password reset in server mode. Fixes #6513 2021-06-10 12:25:31 -05:00			`self.source_friendly_name = INTERNAL`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`self.current_source = INTERNAL`
			`self.update_auth_sources()`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00
			`def as_dict(self):`
			`"""`
			`Returns the dictionary object representing this object.`
			`"""`

			`res = dict()`
			`res['source_friendly_name'] = self.source_friendly_name`
			`res['auth_sources'] = self.auth_sources`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`res['current_source'] = self.current_source`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00
			`return res`

Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`def update_auth_sources(self):`
			`for auth_src in [KERBEROS, OAUTH2]:`
			`if auth_src in self.auth_sources:`
			`if 'internal_button' in request.form:`
			`self.auth_sources.remove(auth_src)`
Fixed an issue where the user unable to login with OAuth2 when LDAP & OAuth2 configured as login sources. Fixes #6594 2021-07-09 11:20:50 -05:00			`else:`
			`if INTERNAL in self.auth_sources:`
			`self.auth_sources.remove(INTERNAL)`
			`if LDAP in self.auth_sources:`
			`self.auth_sources.remove(LDAP)`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`def set_current_source(self, source):`
			`self.current_source = source`

			`@property`
Fixed SonarQube issues 2021-02-15 06:01:20 -06:00			`def get_current_source(self):`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`return self.current_source`

Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`def set_source(self, source):`
			`self.source = source`

			`@property`
			`def get_source(self):`
			`return self.source`

			`def set_source_friendly_name(self, name):`
			`self.source_friendly_name = name`

			`@property`
			`def get_source_friendly_name(self):`
			`return self.source_friendly_name`

			`def validate(self):`
			`"""Validate through all the sources."""`
			`for src in self.auth_sources:`
			`source = get_auth_sources(src)`
			`if source.validate(self.form):`
			`return True`
			`return False`

			`def authenticate(self):`
			`"""Authenticate through all the sources."""`
			`status = False`
			`msg = None`
			`for src in self.auth_sources:`
			`source = get_auth_sources(src)`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00			`self.set_source(source)`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`current_app.logger.debug(`
			`"Authentication initiated via source: %s" %`
			`source.get_source_name())`

Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`status, msg = source.authenticate(self.form)`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`if status:`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`self.set_current_source(source.get_source_name())`
			`if msg is not None and 'username' in msg:`
			`self.form._fields['email'].data = msg['username']`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`return status, msg`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`return status, msg`

			`def login(self):`
			`status, msg = self.source.login(self.form)`
			`if status:`
			`self.set_source_friendly_name(self.source.get_friendly_name())`
1) Added support for Kerberos authentication, using SPNEGO to forward the Kerberos tickets through a browser. Fixes #5457 2) Fixed incorrect log information for AUTHENTICATION_SOURCES. Fixes #5829 2021-01-18 05:02:10 -06:00			`current_app.logger.debug(`
			`"Authentication and Login successfully done via source : %s" %`
			`self.source.get_source_name())`
Added support for OAuth 2 authentication. Fixes #5940 Initial patch sent by: Florian Sabonchi 2021-07-06 02:52:58 -05:00
			`# Set the login, logout view as per source if available`
			`current_app.login_manager.login_view = getattr(`
			`self.source, 'LOGIN_VIEW', 'security.login')`
			`current_app.login_manager.logout_view = getattr(`
			`self.source, 'LOGOUT_VIEW', 'security.logout')`

Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00			`return status, msg`


			`def get_auth_sources(type):`
			`"""Get the authenticated source object from the registry"""`

			`auth_sources = getattr(current_app, '_pgadmin_auth_sources', None)`

			`if auth_sources is None or not isinstance(auth_sources, dict):`
			`auth_sources = dict()`

			`if type in auth_sources:`
			`return auth_sources[type]`

Refactor the registry class logic and remove duplicate code for the same functionality. 2021-06-24 01:00:11 -05:00			`auth_source = AuthSourceRegistry.get(type)`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00
			`if auth_source is not None:`
			`auth_sources[type] = auth_source`
			`setattr(current_app, '_pgadmin_auth_sources', auth_sources)`

			`return auth_source`


			`def init_app(app):`
			`auth_sources = dict()`

			`setattr(app, '_pgadmin_auth_sources', auth_sources)`
Refactor the registry class logic and remove duplicate code for the same functionality. 2021-06-24 01:00:11 -05:00			`AuthSourceRegistry.load_modules(app)`
Added LDAP authentication support. Fixes #2186 2020-04-06 05:27:05 -05:00
			`return auth_sources`