def _handle_not_authenticated() -> Response: if fail_silently(): # While api call don't show the login dialog raise MKUnauthenticatedException(_("You are not authenticated.")) # Redirect to the login-dialog with the current url as original target # Never render the login form directly when accessing urls like "index.py" # or "dashboard.py". This results in strange problems. requested_file = requested_file_name(request) if requested_file != "login": post_login_url = makeuri(request, []) if requested_file != "index": # Ensure that users start with a navigation after they have logged in post_login_url = makeuri_contextless( request, [("start_url", post_login_url)], filename="index.py" ) raise HTTPRedirect( "%scheck_mk/login.py?_origtarget=%s" % (url_prefix(), urlencode(post_login_url)) ) # This either displays the login page or validates the information submitted # to the login form. After successful login a http redirect to the originally # requested page is performed. login_page = login.LoginPage() login_page.set_no_html_output(plain_error()) login_page.handle_page() return response
def site_cookie_suffix() -> str: prefix = url_prefix() # Strip of eventual present "http://<host>". DIRTY! if prefix.startswith("http:"): prefix = prefix[prefix[7:].find("/") + 7:] return os.path.dirname(prefix).replace("/", "_")
def page(self) -> None: assert user.id is not None _invalidate_auth_session() session_id = _get_session_id_from_cookie(user.id, revalidate_cookie=True) userdb.on_logout(user.id, session_id) if auth_type == "cookie": # type: ignore[has-type] raise HTTPRedirect(url_prefix() + "check_mk/login.py") # Implement HTTP logout with cookie hack if not request.has_cookie("logout"): response.headers["WWW-Authenticate"] = ( 'Basic realm="OMD Monitoring Site %s"' % omd_site()) response.set_http_cookie("logout", "1", secure=request.is_secure) raise FinalizeRequest(http.client.UNAUTHORIZED) response.delete_cookie("logout") raise HTTPRedirect(url_prefix() + "check_mk/")
def render_link(text: Union[str, HTML], url: str, target: str = "main", onclick: Optional[str] = None) -> HTML: # Convert relative links into absolute links. We have three kinds # of possible links and we change only [3] # [1] protocol://hostname/url/link.py # [2] /absolute/link.py # [3] relative.py if not (":" in url[:10]) and not url.startswith("javascript") and url[0] != '/': url = url_prefix() + "check_mk/" + url return html.render_a(text, href=url, class_="link", target=target or '', onfocus="if (this.blur) this.blur();", onclick=onclick or None)
def default_single_site_configuration() -> SiteConfigurations: return { omd_site(): { "alias": _("Local site %s") % omd_site(), "socket": ("local", None), "disable_wato": True, "disabled": False, "insecure": False, "url_prefix": url_prefix(), "multisiteurl": "", "persist": False, "replicate_ec": False, "replication": None, "timeout": 5, "user_login": True, "proxy": None, } }
def default_single_site_configuration() -> SiteConfigurations: return { omd_site(): { 'alias': _("Local site %s") % omd_site(), 'socket': ("local", None), 'disable_wato': True, 'disabled': False, 'insecure': False, 'url_prefix': url_prefix(), 'multisiteurl': '', 'persist': False, 'replicate_ec': False, 'replication': None, 'timeout': 5, 'user_login': True, 'proxy': None, } }
def _do_login(self) -> None: """handle the sent login form""" if not request.var("_login"): return try: if not config.user_login: raise MKUserError(None, _("Login is not allowed on this site.")) username_var = request.get_unicode_input("_username", "") assert username_var is not None username = UserId(username_var.rstrip()) if not username: raise MKUserError("_username", _("Missing username")) password = request.var("_password", "") if not password: raise MKUserError("_password", _("Missing password")) default_origtarget = url_prefix() + "check_mk/" origtarget = request.get_url_input("_origtarget", default_origtarget) # Disallow redirections to: # - logout.py: Happens after login # - side.py: Happens when invalid login is detected during sidebar refresh if "logout.py" in origtarget or "side.py" in origtarget: origtarget = default_origtarget result = userdb.check_credentials(username, password) if result: # use the username provided by the successful login function, this function # might have transformed the username provided by the user. e.g. switched # from mixed case to lower case. username = result session_id = userdb.on_succeeded_login(username) # The login succeeded! Now: # a) Set the auth cookie # b) Unset the login vars in further processing # c) Redirect to really requested page _create_auth_session(username, session_id) # Never use inplace redirect handling anymore as used in the past. This results # in some unexpected situations. We simpy use 302 redirects now. So we have a # clear situation. # userdb.need_to_change_pw returns either False or the reason description why the # password needs to be changed change_pw_result = userdb.need_to_change_pw(username) if change_pw_result: raise HTTPRedirect( "user_change_pw.py?_origtarget=%s&reason=%s" % (urlencode(origtarget), change_pw_result)) raise HTTPRedirect(origtarget) userdb.on_failed_login(username) raise MKUserError(None, _("Invalid login")) except MKUserError as e: user_errors.add(e)