def authenticated(request, groups):
""" helper function to check if user is authenticated and in a given group.
"""
if not request.META.get("verified") == "SUCCESS" or (
groups and todn(request.META.get("dn")).get("O") not in settings.TLS_ADMINGROUPS
):
return HttpResponse("Forbidden", status=403)
def authorized(env, users=None):
email=todn(env.get('dn')).get('emailAddress')
if env.get('verified') == 'SUCCESS':
#print self.users
if users and email not in users:
return False
return email
return False
def authorized(env, users=None):
email = todn(env.get('dn')).get('emailAddress')
if env.get('verified') == 'SUCCESS':
#print self.users
if users and email not in users:
return False
return email
return False
def showcsrs(self):
email=authorized(self.environ, CONFIG['admins'])
if not email:
return _404(self.environ, self.resp)
return send_template(self.resp,
'csrs.html',
isadmin=authorized(self.environ, CONFIG['admins']),
certs=[(todn(cert.get_subject()),
datetime.datetime.fromtimestamp(os.stat(path).st_mtime),
os.path.basename(path))
for cert, path
in self.ca.incoming()])
def wrapped():
try:
err=authenticated(groups)
if err: return err
return render_template('csrs.html',
certs=[(todn(cert.get_subject()),
datetime.datetime.fromtimestamp(os.stat(path).st_mtime),
os.path.basename(path))
for cert, path
in ca.incoming()])
except:
import traceback
print traceback.format_exc()
def wrapped():
try:
err = authenticated(groups)
if err: return err
return render_template('csrs.html',
certs=[(todn(cert.get_subject()),
datetime.datetime.fromtimestamp(
os.stat(path).st_mtime),
os.path.basename(path))
for cert, path in ca.incoming()])
except:
import traceback
print traceback.format_exc()
def showcsrs(self):
email = authorized(self.environ, CONFIG['admins'])
if not email:
return _404(self.environ, self.resp)
return send_template(self.resp,
'csrs.html',
isadmin=authorized(self.environ,
CONFIG['admins']),
certs=[(todn(cert.get_subject()),
datetime.datetime.fromtimestamp(
os.stat(path).st_mtime),
os.path.basename(path))
for cert, path in self.ca.incoming()])
def showcsrs(request):
""" authenticated view list of submitted CSRs
"""
err = authenticated(request, settings.TLS_ADMINGROUPS)
if err:
return err
return render_to_response(
"csrs.html",
{
"certs": [
(
todn(cert.get_subject()),
datetime.datetime.fromtimestamp(os.stat(path).st_mtime),
os.path.basename(path),
)
for cert, path in settings.TLS_CA.incoming()
]
},
)
def wrapped(*args,**kwargs):
if request.environ['verified']=="SUCCESS" and (not groups or todn(request.environ['dn']).get('O') in groups):
return func(*args,**kwargs)
return unauth(*args,**kwargs)
def authenticated(groups):
""" (FLASK) helper function to check if user is authenticated and in a given group.
"""
if not request.environ['verified']=="SUCCESS" or (groups and todn(request.environ['dn']).get('O') not in groups):
return Response("Forbidden",403)
def wrapped(*args, **kwargs):
if request.environ['verified'] == "SUCCESS" and (
not groups
or todn(request.environ['dn']).get('O') in groups):
return func(*args, **kwargs)
return unauth(*args, **kwargs)
def authenticated(groups):
""" (FLASK) helper function to check if user is authenticated and in a given group.
"""
if not request.environ['verified'] == "SUCCESS" or (groups and todn(
request.environ['dn']).get('O') not in groups):
return Response("Forbidden", 403)
def wrapped(request, *args, **kwargs):
if request.META.get("verified") == "SUCCESS" and (
not groups or todn(request.META.get("dn")).get("O") in groups
):
return func(request, *args, **kwargs)
return unauth(request, *args, **kwargs)
def filterfile(self, line):
""" parsing and handling the mime part of a POST file upload
param.
param line: is the first line of the mime part.
"""
name=line[len(startfile):-1]
line=self.fd.readline().strip()
if not line.startswith(contenttxt):
raise Exception("y u no content_type?!?")
content_type=line[len(contenttxt):]
line=self.fd.readline() # drop separating empty line
dropDir = CONFIG['root'] + '/drop/'+ self.dropper.stashid
fd, fname = mkstemp(dir=dropDir + '/')
if self.crypto:
os.close(fd)
self.gpg.encrypt_file(self,
self.dropper.recipients,
output=fname,
always_trust=True)
else:
fd=os.fdopen(fd, 'w')
while True:
buf=self.read(1024)
if buf=='': break
fd.write(buf)
meta="%s\n%s\n%s\n%s" % (
name,
content_type,
self.dropper.environ.get('dn'),
self.hash.hexdigest())
if self.crypto:
meta=self.gpg.encrypt(meta,
self.dropper.recipients,
always_trust=True,
armor=False).data
with open(fname+'.meta','w') as fd:
fd.write(meta)
url=urlunparse((self.dropper.environ.get('wsgi.url_scheme'),
self.dropper.environ.get('HTTP_HOST') + \
(':'+self.dropper.environ.get('HTTP_HOST')
if (self.dropper.environ['wsgi.url_scheme']=='https' and
self.dropper.environ['SERVER_PORT'] != '443') or
(self.dropper.environ['wsgi.url_scheme']=='http' and
self.dropper.environ['SERVER_PORT'] != '80')
else ''),
"/%s/%s" % (self.dropper.stashid, fname.split('/')[-1]),
'',
'',
''))
if CONFIG.get('notify'):
sender=(todn(self.dropper.environ.get('dn',''))['emailAddress']
if todn(self.dropper.environ.get('dn','')).get('emailAddress')
else "anon@localhost")
txt = render_template('notification.txt',
path=fname,
name=name,
type=content_type,
url=url,
size=sizeof_fmt(self.size),
sender=sender,
hash=self.hash.hexdigest())
txt=self.gpg.encrypt(txt,
self.dropper.recipients,
always_trust=True).data
res=mail(txt,
[x['uids'][0]
for x in self.gpg.list_keys()
if x['keyid'] in self.dropper.recipients])
def filterfile(self, line):
""" parsing and handling the mime part of a POST file upload
param.
param line: is the first line of the mime part.
"""
name = line[len(startfile):-1]
line = self.fd.readline().strip()
if not line.startswith(contenttxt):
raise Exception("y u no content_type?!?")
content_type = line[len(contenttxt):]
line = self.fd.readline() # drop separating empty line
dropDir = CONFIG['root'] + '/drop/' + self.dropper.stashid
fd, fname = mkstemp(dir=dropDir + '/')
if self.crypto:
os.close(fd)
self.gpg.encrypt_file(self,
self.dropper.recipients,
output=fname,
always_trust=True)
else:
fd = os.fdopen(fd, 'w')
while True:
buf = self.read(1024)
if buf == '': break
fd.write(buf)
meta = "%s\n%s\n%s\n%s" % (name, content_type,
self.dropper.environ.get('dn'),
self.hash.hexdigest())
if self.crypto:
meta = self.gpg.encrypt(meta,
self.dropper.recipients,
always_trust=True,
armor=False).data
with open(fname + '.meta', 'w') as fd:
fd.write(meta)
url=urlunparse((self.dropper.environ.get('wsgi.url_scheme'),
self.dropper.environ.get('HTTP_HOST') + \
(':'+self.dropper.environ.get('HTTP_HOST')
if (self.dropper.environ['wsgi.url_scheme']=='https' and
self.dropper.environ['SERVER_PORT'] != '443') or
(self.dropper.environ['wsgi.url_scheme']=='http' and
self.dropper.environ['SERVER_PORT'] != '80')
else ''),
"/%s/%s" % (self.dropper.stashid, fname.split('/')[-1]),
'',
'',
''))
if CONFIG.get('notify'):
sender = (todn(self.dropper.environ.get('dn', ''))['emailAddress']
if todn(self.dropper.environ.get(
'dn', '')).get('emailAddress') else "anon@localhost")
txt = render_template('notification.txt',
path=fname,
name=name,
type=content_type,
url=url,
size=sizeof_fmt(self.size),
sender=sender,
hash=self.hash.hexdigest())
txt = self.gpg.encrypt(txt,
self.dropper.recipients,
always_trust=True).data
res = mail(txt, [
x['uids'][0] for x in self.gpg.list_keys()
if x['keyid'] in self.dropper.recipients
])
