def save(self, name): group = usergroup.Group(name) list(hookmanager.trigger("HOOK_GROUPMANAGEMENT_GROUP_MODIFY", group)) old_permissions = env.auth.get_group_permissions(group) permissions = self._make_permissions_from_parameters(old_permissions) self.log_property_list_change("permissions", group, old_permissions, permissions) env.auth.set_group_permissions(group, permissions) if env.auth.is_member_of(group, env.request.user): env.request.user.permissions = env.auth.get_user_permissions( env.request.user) # Group memberships if env.auth.can_manage_group_members(): users = set( usergroup.User(i) for i in env.request.parameters.getlist("member_object")) self.log_property_list_change("users", group, env.auth.get_group_members(group), users) env.auth.set_group_members(group, users) return response.PrewikkaResponse({ "type": "reload", "target": ".commonlisting" })
def _make_job(self, res): id, name, userid, schedule, ext_type, ext_id, base, runcnt, enabled, error_s = res func = self._plugin_callback.get(ext_type) if not func: err = error.PrewikkaUserError( N_("Invalid job extension"), N_("Scheduled job with invalid extension type '%s'", ext_type)) elif error_s: err = utils.json.loads(error_s) else: err = None if ext_id: ext_id = int(ext_id) if base: base = env.db.parse_datetime(base) user = None if userid: user = usergroup.User(userid=userid) return CronJob(int(id), name, schedule, func, base, int(runcnt), ext_type=ext_type, ext_id=ext_id, user=user, error=err, enabled=bool(int(enabled)))
def get_user(self, request): info = self.get_user_info(request) if not (info) or not (info.login) or self.autologin: try: login = self.__check_session(request) except (SessionInvalid, SessionExpired): if not self.autologin: raise else: if not info or not info.login or login == info.login: return usergroup.User(login) else: self.__delete_session(request) user = self.authenticate(request, info) self.__create_session(request, user) list(hookmanager.trigger("HOOK_SESSION_CREATE", user)) is_admin = set(user.permissions) == usergroup.ALL_PERMISSIONS env.log.info("User login with profile '%s'" % ("admin" if is_admin else "default")) if "login_prevent_redirect" in env.request.web.arguments: return user raise RedirectionError(env.request.web.get_raw_uri(True), 303)
def modify(self): self._object = user = usergroup.User(env.request.parameters.get("name", env.request.user.name)) if not env.request.parameters["language"] in localization.getLanguagesIdentifiers(): raise error.PrewikkaUserError(N_("Invalid Language"), N_("Specified language does not exist"), log_priority=log.WARNING) list(hookmanager.trigger("HOOK_USERMANAGEMENT_USER_MODIFY", user)) if not env.request.parameters["timezone"] in localization.get_timezones(): raise error.PrewikkaUserError(N_("Invalid Timezone"), N_("Specified timezone does not exist"), log_priority=log.WARNING) need_reload = False user.begin_properties_change() for param, reload in (("fullname", False), ("email", False), ("theme", True), ("language", True), ("timezone", False)): if user == env.request.user and reload and env.request.parameters.get(param) != user.get_property(param): need_reload = True user.set_property(param, env.request.parameters.get(param)) if user == env.request.user: user.set_locale() user.commit_properties_change() # Make sure nothing is returned (reset the default dataset) env.request.dataset = None if need_reload: return response.PrewikkaDirectResponse({"type": "reload"}) return response.PrewikkaRedirectResponse(url_for(".display"), 303)
def initialization_fixtures(request): """ Main fixture for all tests: load Prewikka out of browser by setup configuration. Configuration and databases information are loaded through default testing file or specific configuration file. @pytest.fixture: scope=session caching lifecycle of fixture, available during all tests of the run autouse=True activated for all tests that can see it """ # init IDMEF database init_idmef_database(config.Config(TEST_CONFIG_FILE)) # init prewikka core with config file core = main.Core.from_config(TEST_CONFIG_FILE, autoupdate=True) # setup "env.request" initial_request = FakeInitialRequest('/') # load prewikka to setup all settings core.process(initial_request) # setup "env.request.web.input_cookie" cookie = cookies.SimpleCookie() cookie[str( 'sessionid' )] = TEST_SESSION_ID # force str() type to avoid TypeError, works with both py2 and py3 env.request.web.input_cookie = dict(cookie.items()) # setup "env.request.dataset" and "env.request.parameters" # used only when just a specific test is launched to prevent fails env.request.dataset = {} env.request.menu_parameters = { 'timeline_value': 0, 'timeline_unit': 'day', 'timeline_absolute': None, 'auto_apply_value': None } # setup "env.request.user" env.request.user = usergroup.User('anonymous') def tear_down(): """ TearDown - clean IDMEF database - clean Prewikka database - clean "downloads" directory """ clean_database(env.config.idmef_database) clean_database(env.config.database) clean_directory(TEST_DOWNLOAD_DIR) request.addfinalizer(tear_down)
def delete(self): if not env.request.user.has("USER_MANAGEMENT"): raise error.PrewikkaUserError( N_("Permission Denied"), N_("Access denied to users modification"), log_priority=log.WARNING) for obj in env.request.parameters.getlist("id"): usergroup.User(userid=obj).delete()
def logout(self, request): login = self.__check_session(request) self.__delete_session(request) list(hookmanager.trigger("HOOK_SESSION_DELETE", usergroup.User(login))) env.log.info("Logged out") raise SessionInvalid(message=N_("Logged out"), login=login, log_priority=log.INFO, template=self.template)
def edit(self, name=None, widget=True): user = None user_permissions = [] group_permissions = [] if not name: target = url_for(".create") else: user = usergroup.User(name) if not env.auth.has_user(user): raise error.PrewikkaUserError( _("Invalid User"), N_("Requested user '%s' does not exist", user)) if user != env.request.user and not env.request.user.has( "USER_MANAGEMENT"): raise error.PrewikkaUserError( _("Permission Denied"), N_("Access denied to other users settings"), log_priority=log.WARNING) target = url_for(".save", name=name) dset = self._setup_dataset(target, user) if user: dset["fullname"] = user.get_property("fullname") dset["email"] = user.get_property("email") dset["timezone"] = user.get_property( "timezone", default=env.config.general.default_timezone) dset["language"] = user.get_property( "language", default=env.config.general.default_locale) dset["user_theme"] = user.get_property( "theme", default=env.config.general.default_theme) user_permissions = env.auth.get_user_permissions(user, ignore_group=True) group_permissions = env.auth.get_user_permissions_from_groups(user) dset["widget"] = widget dset["ask_current_password"] = (user == env.request.user) dset["permissions"] = [] for perm in sorted(usergroup.ACTIVE_PERMISSIONS): dset["permissions"].append((perm, perm in user_permissions, perm in group_permissions)) dset["extra_content"] = filter( None, hookmanager.trigger("HOOK_USERMANAGEMENT_EXTRA_CONTENT", user, "user")) return dset.render()
def get_user(self, request): info = self.get_user_info(request) if not(info) or not(info.login) or self.autologin: try: login = self.__check_session(request) return usergroup.User(login) except (SessionInvalid, SessionExpired): if not self.autologin: raise user = self.authenticate(request, info) self.__create_session(request, user) is_admin = set(user.permissions) == usergroup.ALL_PERMISSIONS env.log.info("User login with profile '%s'" % ("admin" if is_admin else "default")) raise RedirectionError(env.request.web.get_raw_uri(True), 303)
def __check_session(self, request): sessionid = request.input_cookie.get("sessionid") if not sessionid: # No session cookie sent by the browser if request.is_xhr: # In case of an AJAX request, we consider that # the session cookie expired and was not sent. raise SessionExpired(login=None, template=self.template) else: # Otherwise, we consider that the session cookie did not exist, # and we don't display any message on the login page. raise SessionInvalid(message="", template=self.template, log_priority=log.INFO) sessionid = sessionid.value try: login, t = self._db.get_session(sessionid) except: request.delete_cookie("sessionid") raise SessionInvalid(template=self.template) # Check that the session is still alive... now = int(time.time()) if now - t > self._expiration: self.__delete_session(request) raise SessionExpired(login, template=self.template) # And that the user it carry still exist in the current authentication # backend (which might have changed) user = usergroup.User(login) if not env.auth.has_user(user): self.__delete_session(request) raise SessionInvalid(login, template=self.template) if (now - t) / 60 >= 5: self._db.update_session(sessionid, now) list(hookmanager.trigger("HOOK_SESSION_UPDATE", user)) self.__set_session(request, sessionid) return login
def init(self, config): adminuser = usergroup.User(config.get("initial_admin_user", usergroup.ADMIN_LOGIN)) adminpass = config.get("initial_admin_pass", usergroup.ADMIN_LOGIN) deprecated_schemes = config.get("deprecated_password_schemes", "").split() schemes = config.get("password_schemes", "sha256_crypt").split() + deprecated_schemes try: self._context = CryptContext(schemes=schemes, deprecated=deprecated_schemes) except (KeyError, ValueError) as e: raise error.PrewikkaUserError(N_("DBAuth initialization error"), e) # If there are no accessible users other than ADMIN_LOGIN # with administrative rights, we grant all permissions to ADMIN_LOGIN. has_user_manager = any("USER_MANAGEMENT" in user.permissions and user != adminuser for user in self.get_user_list()) if not has_user_manager: if not self.has_user(adminuser): adminuser.create() if not adminuser.has_property("password"): self.set_password(adminuser, adminpass) self.set_user_permissions(adminuser, usergroup.ALL_PERMISSIONS)
def create(self): login = env.request.parameters.get("name") if not login: raise error.PrewikkaUserError(N_("Could not create user"), N_("Username required")) if login.startswith("/"): raise error.PrewikkaUserError( N_("Could not create user"), N_("Username cannot start with a slash")) user = usergroup.User(login) if env.auth.has_user(user): raise error.PrewikkaUserError(N_("Could not create user"), N_("User %s already exists", login)) user.create() self.save(login) return response.PrewikkaResponse({ "type": "reload", "target": ".commonlisting" })
def authenticate(self, login, password="", no_password_check=False): if login is None: raise auth.AuthError(env.session, _("No login name provided")) user = usergroup.User(login) if not self.has_user(user): raise auth.AuthError(env.session, log_user=login) if not no_password_check: try: real_password = user.get_property_fail("password") except: raise auth.AuthError(env.session, log_user=user) valid, new_hash = self._verify(password, real_password) if not valid: raise auth.AuthError(env.session, log_user=user) if new_hash: # Make sure the password uses the proper hashing algorithm user.set_property("password", new_hash) user.sync_properties() return user
def get_user_list(self, search=None): query = "SELECT name, userid FROM Prewikka_User" if search: query += " WHERE name LIKE %s" % self.escape("%%%s%%" % search) return [usergroup.User(*r) for r in self.query(query)]
def get_group_members(self, group): return [usergroup.User(*r) for r in self.query("SELECT PU.name, PUG.userid FROM Prewikka_User_Group PUG " "JOIN Prewikka_User PU USING (userid) WHERE groupid = %s", group.id)]
def get_user_list(self, search=None): return [usergroup.User("anonymous")]
def getUserByID(self, id_): return usergroup.User("anonymous")
def save(self, name): user = usergroup.User(name) modify_self = env.request.user == user if not env.auth.has_user(user): raise error.PrewikkaUserError(N_("Invalid user"), N_("Specified user does not exist"), log_priority=log.WARNING) if name != env.request.user.name and not env.request.user.has( "USER_MANAGEMENT"): raise error.PrewikkaUserError( N_("Permission Denied"), N_("Cannot modify other users settings"), log_priority=log.WARNING) if not env.request.parameters[ "language"] in localization.get_languages(): raise error.PrewikkaUserError( N_("Invalid Language"), N_("Specified language does not exist"), log_priority=log.WARNING) if not env.request.parameters[ "timezone"] in localization.get_timezones(): raise error.PrewikkaUserError( N_("Invalid Timezone"), N_("Specified timezone does not exist"), log_priority=log.WARNING) if "password_new" in env.request.parameters and env.request.parameters[ "password_new"] != env.request.parameters.get( "password_new_confirmation"): raise error.PrewikkaUserError(N_("Password error"), N_("Password mismatch")) reload_type = 0 for param, reload in (("fullname", "none"), ("email", "none"), ("timezone", "view"), ("theme", "window"), ("language", "window")): value = env.request.parameters.get(param) if value != user.get_property(param): if value: user.set_property(param, value) else: user.del_property(param) if modify_self: reload_type = max(reload_type, ReloadEnum[reload]) list(hookmanager.trigger("HOOK_USERMANAGEMENT_USER_MODIFY", user)) if env.request.user.has( "USER_MANAGEMENT") and env.auth.can_manage_permissions(): permissions = self._make_permissions_from_parameters( user.permissions) if permissions != set(user.permissions): old_perms = set( env.auth.get_user_permissions( user, ignore_group=True)).difference( env.auth.get_user_permissions_from_groups(user)) user.permissions = permissions self.log_property_list_change("permissions", user, old_perms, permissions) reload_type = max( ReloadEnum["window"] if modify_self else ReloadEnum[".commonlisting"], reload_type) # Group memberships if env.auth.can_manage_group_members(): groups = set( usergroup.Group(i) for i in env.request.parameters.getlist("member_object")) if groups != set(env.auth.get_member_of(user)): self.log_property_list_change("groups", user, env.auth.get_member_of(user), groups) env.auth.set_member_of(user, groups) reload_type = max( ReloadEnum["window"] if modify_self else ReloadEnum[".commonlisting"], reload_type) if "password_new" in env.request.parameters: if modify_self: try: env.auth.authenticate( name, env.request.parameters.get("password_current", "")) except auth.AuthError: raise error.PrewikkaUserError( N_("Password error"), N_("Invalid password specified")) env.auth.set_password(user, env.request.parameters["password_new"]) user.sync_properties() if reload_type > ReloadEnum["none"]: return response.PrewikkaResponse({ "type": "reload", "target": reload_type.name })
def authenticate(self, login, password="", no_password_check=False): return usergroup.User("anonymous")
def has_user(self, other): return usergroup.User("anonymous")
def get_user_by_id(self, id_): return usergroup.User("anonymous")
def get_user_by_id(self, id_): ret = self.query( "SELECT name, userid FROM Prewikka_User WHERE userid = %s", id_) return usergroup.User(*ret[0]) if ret else None
def init(self, config): user = usergroup.User("anonymous") if not auth.Auth.get_user_by_id(self, user.id): self.create_user(user)