def verify_user(user_id, token_info):
if user_id and token_info and user_id == token_info.get('sub'):
set_user_by_id(user_id)
set_auth_type("automation")
yield
clear_user_login()
else:
raise MKAuthException("Unauthorized by verify_user")
def set_user_context(user_id: UserId, token_info: RFC7662):
if user_id and token_info and user_id == token_info.get('sub'):
set_user_by_id(user_id)
set_auth_type(token_info['scope'])
yield
clear_user_login()
else:
raise MKAuthException("Unauthorized by verify_user")
def UserContext(user_id: UserId) -> Iterator[None]:
"""Managing authenticated user context
After the user has been authenticated, initialize the global user object.
Also cleanup when leaving"""
try:
config.set_user_by_id(user_id)
yield
finally:
html.transaction_manager.store_new()
userdb.on_end_of_request(user_id)
config.clear_user_login()
def login(user_id: UserId) -> None:
"""After the user has been authenticated, tell the different components
of the GUI which user is authenticated."""
config.set_user_by_id(user_id)
def login(user_id):
if not isinstance(user_id, unicode):
raise MKInternalError("Invalid user id type")
config.set_user_by_id(user_id)
html.set_user_id(user_id)
def execute_network_scan_job() -> None:
init_wato_datastructures(with_wato_lock=True)
if watolib.is_wato_slave_site():
return # Don't execute this job on slaves.
folder = find_folder_to_scan()
if not folder:
return # Nothing to do.
# We need to have the context of the user. The jobs are executed when
# config.set_user_by_id() has not been executed yet. So there is no user context
# available. Use the run_as attribute from the job config and revert
# the previous state after completion.
old_user = config.user.id
run_as = folder.attribute("network_scan")["run_as"]
if not userdb.user_exists(run_as):
raise MKGeneralException(
_("The user %s used by the network "
"scan of the folder %s does not exist.") % (run_as, folder.title()))
config.set_user_by_id(folder.attribute("network_scan")["run_as"])
result: NetworkScanResult = {
"start": time.time(),
"end": True, # means currently running
"state": None,
"output": "The scan is currently running.",
}
# Mark the scan in progress: Is important in case the request takes longer than
# the interval of the cron job (1 minute). Otherwise the scan might be started
# a second time before the first one finished.
save_network_scan_result(folder, result)
try:
if config.site_is_local(folder.site_id()):
found = cmk.gui.watolib.network_scan.do_network_scan(folder)
else:
found = watolib.do_remote_automation(config.site(folder.site_id()), "network-scan",
[("folder", folder.path())])
if not isinstance(found, list):
raise MKGeneralException(_("Received an invalid network scan result: %r") % found)
add_scanned_hosts_to_folder(folder, found)
result.update({
"state": True,
"output": _("The network scan found %d new hosts.") % len(found),
})
except Exception as e:
result.update({
"state": False,
"output": _("An exception occured: %s") % e,
})
logger.error("Exception in network scan:\n%s", traceback.format_exc())
result["end"] = time.time()
save_network_scan_result(folder, result)
if old_user:
config.set_user_by_id(old_user)
def login(user_id):
if not isinstance(user_id, six.text_type):
raise MKInternalError("Invalid user id type")
config.set_user_by_id(user_id)
