def index(self, app, **params):
# request param cast/defaults
offset = int(params.get('offset', 0))
count = int(params.get('count', 25))
alerts_app = getArgValue('eai:acl.app', params, app)
alerts_user = urllib.unquote_plus(getArgValue('eai:acl.owner', params, '-'))
# fired alerts search filters
search_params = ['severity', 'search']
search_string = []
for key in search_params:
value = params.get(key)
if value and value != '*':
if key=='search':
search_string.append('%s' % value)
else:
search_string.append('%s="%s"' % (key, urllib.unquote_plus(value)))
# fired alerts query
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
# augment query with app or user filters
fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(alerts_user)
fired_alerts._count_per_req = count
if 'sort_by' in params or 'sort_dir' in params:
fired_alerts = fired_alerts.order_by(params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc'))
# fired alert summary information
fired_alert_summary = FiredAlertSummary.all().filter_by_app(alerts_app).filter_by_user(alerts_user)
fired_alert_summary._count_per_req = count
# apps listings
apps = App.all().filter(is_disabled=False)
# users listings
users = User.all()
max_users = 250
users._count_per_req = max_users
users = users[:max_users]
# paginator
pager = paginator.Google(fired_alerts.get_total(), max_items_page=count, item_offset=offset)
app_label=splunk.bundle.getConf('app', namespace=app)['ui'].get('label')
# view variables
template_args = dict(app=alerts_app, apps=apps, users=users, count=count,
fired_alerts=fired_alerts,
fired_alert_summary=fired_alert_summary,
offset=offset, pager=pager, app_label=app_label)
return self.render_template('alerts/index.html', template_args)
def passwordchange(self, newpassword=None, confirmpassword=None, return_to=None, **kw):
'''
Suggest admin to change the password on first time run
'''
# We set must_login to False in the expose_page decoator so we can perform the checks here instead
# and give the user a more useful message if the session has expired leaving the password unchanged
if not cherrypy.session.get('sessionKey', None) or not util.isValidFormKey(kw['splunk_form_key']):
# The user intended to change the password; reset the flag so this page will be shown again
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
err = None
templateArgs = {
'err' : err,
'return_to' : return_to,
'cpSessionKey' : cherrypy.session.id
}
if newpassword != confirmpassword:
templateArgs['err'] = _("Passwords didn't match, please try again.")
return self.render_template('account/passwordchange.html', templateArgs)
if newpassword == 'changeme':
templateArgs['err'] = _("For security reasons, the new password must be different from the default one.")
return self.render_template('account/passwordchange.html', templateArgs)
try:
user = User.get('admin')
user.password = newpassword
if not user.save():
logger.error('Unable to save new admin password.')
except splunk.AuthenticationFailed:
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
except splunk.RESTException, e:
err = e.get_message_text()
if ':' in err:
err = err[err.find(':')+2:]
logger.error("Failed to change the password: %s." % err)
templateArgs['err'] = err
return self.render_template('account/passwordchange.html', templateArgs)
def getPwnrs():
pwnrList = User.all().search("roles=*")
pwnrOptionList = [ {'label': "%s (%s)" % (x.name, x.realname), 'value': x.name} for x in pwnrList ]
pwnrOptionList.append({'label': _("No owner"), 'value': 'nobody'})
return pwnrOptionList
def passwordchange(self, newpassword=None, confirmpassword=None, return_to=None, cval=None, **kw):
'''
Suggest admin to change the password on first time run
And force flagged users to change their passwords before they continue
'''
# We set must_login to False in the expose_page decoator so we can perform the checks here instead
# and give the user a more useful message if the session has expired leaving the password unchanged
# but first we check if the passwords pass
err = None
templateArgs = {
'err' : err,
'return_to' : return_to,
'cpSessionKey' : cherrypy.session.id
}
if 'fpc' in cherrypy.session:
templateArgs['fpc'] = True
if not newpassword or len(newpassword) == 0:
templateArgs['err'] = _("Empty passwords are not allowed.")
return self.render_template('account/passwordchange.html', templateArgs)
if newpassword != confirmpassword:
templateArgs['err'] = _("Passwords didn't match, please try again.")
return self.render_template('account/passwordchange.html', templateArgs)
if newpassword == 'changeme':
templateArgs['err'] = _("For security reasons, the new password must be different from the default one.")
return self.render_template('account/passwordchange.html', templateArgs)
# Forced Password Change workflow is checked before the session check b/c user isn't authenticated yet
if 'fpc' in cherrypy.session:
try:
# Fetch the user's verified cached credentials from when they originally attempted to login
with AccountController.credential_lock:
# Will raise a KeyError if the credentials have expired from the LRU or CP was restarted
credentials = AccountController.credential_cache[cherrypy.session.id]
if newpassword == credentials['password']:
templateArgs['err'] = _("For security reasons, the new password must be different from the previous one.")
return self.render_template('account/passwordchange.html', templateArgs)
# Will be resetup, if required, by self.login()
del cherrypy.session['fpc']
with AccountController.credential_lock:
try:
del AccountController.credential_cache[cherrypy.session.id]
except KeyError:
pass
# Fake a login form submission; this call must return as soon as the call to login() completes!
return self.login(username=credentials['username'], password=credentials['password'],
newpassword=newpassword, return_to=return_to, cval=cherrypy.session['cval'])
except (splunk.AuthenticationFailed, KeyError):
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
if not cherrypy.session.get('sessionKey', None) or not util.isValidFormKey(kw['splunk_form_key']):
# The user intended to change the password; reset the flag so this page will be shown again
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
try:
user = User.get(cherrypy.session['user']['name'])
user.password = newpassword
if not user.save():
logger.error('Unable to save new admin password.')
except splunk.AuthenticationFailed:
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
except splunk.RESTException, e:
err = e.get_message_text()
if ':' in err:
err = err[err.find(':')+2:]
logger.error("Failed to change the password: %s." % err)
templateArgs['err'] = err
return self.render_template('account/passwordchange.html', templateArgs)
class AlertsController(BaseController):
@route('/:app')
@expose_page(must_login=True, methods='GET')
def index(self, app, **params):
# request param cast/defaults
offset = int(params.get('offset', 0))
count = int(params.get('count', 25))
alerts_app = getArgValue('eai:acl.app', params, app)
alerts_user = urllib.unquote_plus(
getArgValue('eai:acl.owner', params, '-'))
# fired alerts search filters
search_params = ['severity', 'search']
search_string = []
for key in search_params:
value = params.get(key)
if value and value != '*':
if key == 'search':
search_string.append('%s' % value)
else:
search_string.append('%s="%s"' %
(key, urllib.unquote_plus(value)))
# fired alerts query
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(
urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
# augment query with app or user filters
fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(
alerts_user)
fired_alerts._count_per_req = count
if 'sort_by' in params or 'sort_dir' in params:
fired_alerts = fired_alerts.order_by(
params.get('sort_by', 'trigger_time'),
sort_dir=params.get('sort_dir', 'desc'))
# fired alert summary information
fired_alert_summary = FiredAlertSummary.all().filter_by_app(
alerts_app).filter_by_user(alerts_user)
fired_alert_summary._count_per_req = count
try:
fired_alert_summary[0]
except Exception, e:
if e.statusCode == 402:
return self.render_template('admin/402.html',
{'feature': _('Alerting')})
# apps listings
apps = App.all().filter(is_disabled=False)
# users listings
users = User.all()
max_users = 250
users._count_per_req = max_users
users = users[:max_users]
# paginator
pager = paginator.Google(fired_alerts.get_total(),
max_items_page=count,
item_offset=offset)
app_label = splunk.bundle.getConf('app',
namespace=app)['ui'].get('label')
# view variables
template_args = dict(
app=alerts_app,
apps=apps,
users=users,
count=count,
current_user=splunk.auth.getCurrentUser().get('name'),
fired_alerts=fired_alerts,
fired_alert_summary=fired_alert_summary,
offset=offset,
pager=pager,
app_label=app_label)
return self.render_template('alerts/index.html', template_args)
def passwordchange(self,
newpassword=None,
confirmpassword=None,
return_to=None,
**kw):
'''
Suggest admin to change the password on first time run
'''
# We set must_login to False in the expose_page decoator so we can perform the checks here instead
# and give the user a more useful message if the session has expired leaving the password unchanged
if not cherrypy.session.get('sessionKey',
None) or not util.isValidFormKey(
kw['splunk_form_key']):
# The user intended to change the password; reset the flag so this page will be shown again
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(
return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
err = None
templateArgs = {
'err': err,
'return_to': return_to,
'cpSessionKey': cherrypy.session.id
}
if newpassword != confirmpassword:
templateArgs['err'] = _(
"Passwords didn't match, please try again.")
return self.render_template('account/passwordchange.html',
templateArgs)
if newpassword == 'changeme':
templateArgs['err'] = _(
"For security reasons, the new password must be different from the default one."
)
return self.render_template('account/passwordchange.html',
templateArgs)
try:
user = User.get('admin')
user.password = newpassword
if not user.save():
logger.error('Unable to save new admin password.')
except splunk.AuthenticationFailed:
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(
return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
except splunk.RESTException, e:
err = e.get_message_text()
if ':' in err:
err = err[err.find(':') + 2:]
logger.error("Failed to change the password: %s." % err)
templateArgs['err'] = err
return self.render_template('account/passwordchange.html',
templateArgs)
def passwordchange(self,
newpassword=None,
confirmpassword=None,
return_to=None,
cval=None,
**kw):
'''
Suggest admin to change the password on first time run
And force flagged users to change their passwords before they continue
'''
# We set must_login to False in the expose_page decoator so we can perform the checks here instead
# and give the user a more useful message if the session has expired leaving the password unchanged
# but first we check if the passwords pass
err = None
templateArgs = {
'err': err,
'return_to': return_to,
'cpSessionKey': cherrypy.session.id
}
if 'fpc' in cherrypy.session:
templateArgs['fpc'] = True
if not newpassword or len(newpassword) == 0:
templateArgs['err'] = _("Empty passwords are not allowed.")
return self.render_template('account/passwordchange.html',
templateArgs)
if newpassword != confirmpassword:
templateArgs['err'] = _(
"Passwords didn't match, please try again.")
return self.render_template('account/passwordchange.html',
templateArgs)
if newpassword == 'changeme':
templateArgs['err'] = _(
"For security reasons, the new password must be different from the default one."
)
return self.render_template('account/passwordchange.html',
templateArgs)
# Forced Password Change workflow is checked before the session check b/c user isn't authenticated yet
if 'fpc' in cherrypy.session:
try:
# Fetch the user's verified cached credentials from when they originally attempted to login
with AccountController.credential_lock:
# Will raise a KeyError if the credentials have expired from the LRU or CP was restarted
credentials = AccountController.credential_cache[
cherrypy.session.id]
if newpassword == credentials['password']:
templateArgs['err'] = _(
"For security reasons, the new password must be different from the previous one."
)
return self.render_template('account/passwordchange.html',
templateArgs)
# Will be resetup, if required, by self.login()
del cherrypy.session['fpc']
with AccountController.credential_lock:
try:
del AccountController.credential_cache[
cherrypy.session.id]
except KeyError:
pass
# Fake a login form submission; this call must return as soon as the call to login() completes!
return self.login(username=credentials['username'],
password=credentials['password'],
newpassword=newpassword,
return_to=return_to,
cval=cherrypy.session['cval'])
except (splunk.AuthenticationFailed, KeyError):
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(
return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
if not cherrypy.session.get('sessionKey',
None) or not util.isValidFormKey(
kw['splunk_form_key']):
# The user intended to change the password; reset the flag so this page will be shown again
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(
return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
try:
user = User.get(cherrypy.session['user']['name'])
user.password = newpassword
if not user.save():
logger.error('Unable to save new admin password.')
except splunk.AuthenticationFailed:
cherrypy.session.delete()
self.setLoginFlag(False)
templateArgs = self.getLoginTemplateArgs(
return_to=return_to, session_expired_pw_change=True)
return self.render_template('account/login.html', templateArgs)
except splunk.RESTException, e:
err = e.get_message_text()
if ':' in err:
err = err[err.find(':') + 2:]
logger.error("Failed to change the password: %s." % err)
templateArgs['err'] = err
return self.render_template('account/passwordchange.html',
templateArgs)
