def login()

in Allura/allura/lib/plugin.py [0:0]

• 55 lines of code
• 17 McCabe index (conditional complexity)

    def login(self, user: M.User = None, multifactor_success: bool = False) -> M.User | None:
        from allura import model as M
        if user is None:
            try:
                user = self._login()  # raises exception if auth fails
            except exc.HTTPUnauthorized:
                h.auditlog_user('Failed login', user=M.User.by_username(self.request.params['username']))
                raise

        if user.get_pref('multifactor') and not multifactor_success:
            self.session['multifactor-username'] = user.username
            h.auditlog_user('Multifactor login - password ok, code not entered yet', user=user)
            self.session.save()
            return None
        else:
            self.session.pop('multifactor-username', None)

        login_details = self.get_login_detail(self.request, user)

        # check if the user doesn't have mfa enabled but is logging in from an unknown location
        # they'll get an authentication code via email
        skip_after_login = False
        if asbool(config.get('auth.email_auth_code.enabled', False)) and not user.get_pref('multifactor') and not self.trusted_login_source(user, login_details) and not multifactor_success:
            h.auditlog_user('User without MFA attempted to login from untrusted location', user=user)
            self.session['multifactor-username'] = user.username
            self.session['mode'] = 'email_code'
            self.session.save()
            user.send_email_auth_code()
            return None
        else:
            # Validate if we used an auth code to skip the `after_login` which sends a foreign login email
            skip_after_login = self.session.get('mode') == 'email_code'
            self.session.pop('multifactor-username', None)
            self.session.pop('mode', None)

        expire_reason = None
        if self.is_password_expired(user):
            h.auditlog_user('Successful login; Password expired', user=user)
            expire_reason = 'via expiration process'
        if not expire_reason:
            expire_reason = self.login_check_password_change_needed(user, self.request.params.get('password'),
                                                                    login_details)
        if expire_reason:
            self.session['pwd-expired'] = True
            self.session['expired-username'] = user.username
            self.session['expired-reason'] = expire_reason
        else:
            self.session['username'] = user.username
            h.auditlog_user('Successful login', user=user)

        if not skip_after_login:
            self.after_login(user, self.request)

        if 'rememberme' in self.request.params:
            remember_for = int(config.get('auth.remember_for', 365))
            self.session['login_expires'] = datetime.utcnow() + timedelta(remember_for)
        else:
            self.session['login_expires'] = True
        self.session.save()
        g.statsUpdater.addUserLogin(user)
        user.add_login_detail(login_details)
        user.track_login(self.request)
        user.track_session(self.session.id)
        return user