def _show_form(self) -> None:
assert user.id is not None
credentials = load_two_factor_credentials(user.id)
credential_id = request.get_ascii_input_mandatory("_edit")
credential = credentials["webauthn_credentials"].get(credential_id)
if credential is None:
raise MKUserError("_edit", _("The credential does not exist"))
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
self._valuespec(credential).render_input(
"profile",
{
"registered_at": credential["registered_at"],
"alias": credential["alias"],
},
)
forms.end()
html.close_div()
html.hidden_field("_edit", credential_id)
html.hidden_fields()
html.end_form()
html.footer()
def page(self):
html.open_div(id_="ldap")
html.open_table()
html.open_tr()
html.open_td()
html.begin_form("connection", method="POST")
html.prevent_password_auto_completion()
vs = self._valuespec()
vs.render_input("connection", self._connection_cfg)
vs.set_focus("connection")
html.hidden_fields()
html.end_form()
html.close_td()
html.open_td(style="padding-left:10px;vertical-align:top")
html.h2(_('Diagnostics'))
if not html.request.var('_test') or not self._connection_id:
html.show_message(
HTML(
'<p>%s</p><p>%s</p>' %
(_('You can verify the single parts of your ldap configuration using this '
'dialog. Simply make your configuration in the form on the left side and '
'hit the "Save & Test" button to execute the tests. After '
'the page reload, you should see the results of the test here.'),
_('If you need help during configuration or experience problems, please refer '
'to the <a target="_blank" '
'href="https://checkmk.com/checkmk_multisite_ldap_integration.html">'
'LDAP Documentation</a>.'))))
else:
connection = userdb.get_connection(self._connection_id)
assert isinstance(connection, LDAPUserConnector)
for address in connection.servers():
html.h3("%s: %s" % (_('Server'), address))
with table_element('test', searchable=False) as table:
for title, test_func in self._tests():
table.row()
try:
state, msg = test_func(connection, address)
except Exception as e:
state = False
msg = _('Exception: %s') % html.render_text("%s" % e)
logger.exception("error testing LDAP %s for %s", title, address)
if state:
img = html.render_icon("success", _('Success'))
else:
img = html.render_icon("failed", _("Failed"))
table.cell(_("Test"), title)
table.cell(_("State"), img)
table.cell(_("Details"), msg)
connection.disconnect()
html.close_td()
html.close_tr()
html.close_table()
html.close_div()
def page(self):
self._folder.show_breadcrump()
# Show search form
html.begin_form("edit_host", method="POST")
html.prevent_password_auto_completion()
basic_attributes = [
("host_search_host", TextAscii(title=_("Hostname",)), ""),
]
html.set_focus("host_search_host")
# Attributes
configure_attributes(
new=False,
hosts={},
for_what="host_search",
parent=None,
varprefix="host_search_",
basic_attributes=basic_attributes,
)
# Button
forms.end()
html.button("_local", _("Search in %s") % self._folder.title(), "submit")
html.hidden_field("host_search", "1")
html.hidden_fields()
html.end_form()
def page(self):
html.begin_form("key", method="POST")
html.prevent_password_auto_completion()
self._vs_key().render_input("key", {})
self._vs_key().set_focus("key")
html.hidden_fields()
html.end_form()
def page(self) -> None:
assert user.id is not None
html.set_render_headfoot(False)
html.add_body_css_class("login")
html.add_body_css_class("two_factor")
html.header(_("Two-factor authentication"), Breadcrumb(), javascripts=[])
html.open_div(id_="login")
html.open_div(id_="login_window")
html.open_a(href="https://checkmk.com")
html.img(
src=theme.detect_icon_path(icon_name="logo", prefix="mk-"),
id_="logo",
class_="custom" if theme.has_custom_logo() else None,
)
html.close_a()
if not is_two_factor_login_enabled(user.id):
raise MKGeneralException(_("Two-factor authentication not enabled"))
html.begin_form(
"two_factor_login", method="POST", add_transid=False, action="user_login_two_factor.py"
)
html.prevent_password_auto_completion()
html.hidden_field(
"_origtarget", origtarget := request.get_url_input("_origtarget", "index.py")
)
if backup_code := request.get_ascii_input("_backup_code"):
if is_two_factor_backup_code_valid(user.id, backup_code):
set_two_factor_completed()
raise HTTPRedirect(origtarget)
def page(self):
# Show search form
html.begin_form("edit_host", method="POST")
html.prevent_password_auto_completion()
basic_attributes = [
(
"host_search_host",
TextInput(
title=_(
"Hostname",
)
),
"",
),
]
html.set_focus("host_search_host")
# Attributes
configure_attributes(
new=False,
hosts={},
for_what="host_search",
parent=None,
varprefix="host_search_",
basic_attributes=basic_attributes,
)
forms.end()
html.hidden_field("host_search", "1")
html.hidden_fields()
html.end_form()
def _show_form(self, profile_changed: bool) -> None:
assert config.user.id is not None
users = userdb.load_users()
if profile_changed:
html.reload_sidebar()
html.show_message(_("Successfully updated user profile."))
# Ensure theme changes are applied without additional user interaction
html.immediate_browser_redirect(0.5, makeuri(global_request, []))
if html.has_user_errors():
html.show_user_errors()
user = users.get(config.user.id)
if user is None:
html.show_warning(_("Sorry, your user account does not exist."))
html.footer()
return
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
forms.header(self._page_title())
forms.section(_("Name"), simple=True)
html.write_text(user.get("alias", config.user.id))
select_language(user)
# Let the user configure how he wants to be notified
rulebased_notifications = rulebased_notifications_enabled()
if (not rulebased_notifications
and config.user.may('general.edit_notifications')
and user.get("notifications_enabled")):
forms.section(_("Notifications"))
html.help(
_("Here you can configure how you want to be notified about host and service problems and "
"other monitoring events."))
watolib.get_vs_flexible_notifications().render_input(
"notification_method", user.get("notification_method"))
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if attr.user_editable():
vs = attr.valuespec()
forms.section(_u(vs.title()))
value = user.get(name, vs.default_value())
if not attr.permission() or config.user.may(
attr.permission()):
vs.render_input("ua_" + name, value)
html.help(_u(vs.help()))
else:
html.write(vs.value_to_text(value))
forms.end()
html.close_div()
html.hidden_fields()
html.end_form()
html.footer()
def page(self):
host_names = get_hostnames_from_checkboxes()
hosts = dict([
(host_name, watolib.Folder.current().host(host_name)) for host_name in host_names
])
current_host_hash = sha256(six.ensure_binary(repr(hosts)))
# When bulk edit has been made with some hosts, then other hosts have been selected
# and then another bulk edit has made, the attributes need to be reset before
# rendering the form. Otherwise the second edit will have the attributes of the
# first set.
host_hash = html.request.var("host_hash")
if not host_hash or host_hash != current_host_hash:
html.request.del_vars(prefix="attr_")
html.request.del_vars(prefix="bulk_change_")
html.p("%s%s %s" %
(_("You have selected <b>%d</b> hosts for bulk edit. You can now change "
"host attributes for all selected hosts at once. ") % len(hosts),
_("If a select is set to <i>don't change</i> then currenty not all selected "
"hosts share the same setting for this attribute. "
"If you leave that selection, all hosts will keep their individual settings."),
_("In case you want to <i>unset</i> attributes on multiple hosts, you need to "
"use the <i>bulk cleanup</i> action instead of bulk edit.")))
html.begin_form("edit_host", method="POST")
html.prevent_password_auto_completion()
html.hidden_field("host_hash", current_host_hash)
configure_attributes(False, hosts, "bulk", parent=watolib.Folder.current())
forms.end()
html.button("_save", _("Save & Finish"))
html.hidden_fields()
html.end_form()
def _show_form(self, profile_changed: bool) -> None:
assert config.user.id is not None
users = userdb.load_users()
change_reason = html.request.get_ascii_input('reason')
if change_reason == 'expired':
html.p(
_('Your password is too old, you need to choose a new password.'
))
elif change_reason == 'enforced':
html.p(
_('You are required to change your password before proceeding.'
))
if profile_changed:
html.show_message(_("Your password has been changed."))
if change_reason:
raise HTTPRedirect(
html.request.get_str_input_mandatory(
'_origtarget', 'index.py'))
if html.has_user_errors():
html.show_user_errors()
user = users.get(config.user.id)
if user is None:
html.show_warning(_("Sorry, your user account does not exist."))
html.footer()
return
locked_attributes = userdb.locked_attributes(user.get('connector'))
if "password" in locked_attributes:
raise MKUserError(
"cur_password",
_("You can not change your password, because it is "
"managed by another system."))
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
forms.header(self._page_title())
forms.section(_("Current Password"))
html.password_input('cur_password', autocomplete="new-password")
forms.section(_("New Password"))
html.password_input('password', autocomplete="new-password")
forms.section(_("New Password Confirmation"))
html.password_input('password2', autocomplete="new-password")
forms.end()
html.close_div()
html.hidden_fields()
html.end_form()
html.footer()
def page(self):
# Currently only "new" is supported
html.begin_form("key", method="POST")
html.prevent_password_auto_completion()
self._vs_key().render_input("key", {})
html.button("create", _("Create"))
self._vs_key().set_focus("key")
html.hidden_fields()
html.end_form()
def _show_form(self, profile_changed: bool) -> None:
assert config.user.id is not None
users = userdb.load_users()
if profile_changed:
flash(_("Successfully updated user profile."))
# Ensure theme changes are applied without additional user interaction
html.reload_whole_page()
if html.has_user_errors():
html.show_user_errors()
user = users.get(config.user.id)
if user is None:
html.show_warning(_("Sorry, your user account does not exist."))
html.footer()
return
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
forms.header(_("Personal settings"))
forms.section(_("Name"), simple=True)
html.write_text(user.get("alias", config.user.id))
select_language(user)
# Let the user configure how he wants to be notified
rulebased_notifications = rulebased_notifications_enabled()
if (not rulebased_notifications
and config.user.may('general.edit_notifications')
and user.get("notifications_enabled")):
forms.section(_("Notifications"))
html.help(
_("Here you can configure how you want to be notified about host and service problems and "
"other monitoring events."))
watolib.get_vs_flexible_notifications().render_input(
"notification_method", user.get("notification_method"))
if config.user.may('general.edit_user_attributes'):
custom_user_attr_topics = get_user_attributes_by_topic()
_show_custom_user_attr(user,
custom_user_attr_topics.get("personal", []))
forms.header(_("User interface settings"))
_show_custom_user_attr(
user, custom_user_attr_topics.get("interface", []))
forms.end()
html.close_div()
html.hidden_fields()
html.end_form()
html.footer()
def page(self):
html.open_div(class_="diag_host")
html.open_table()
html.open_tr()
html.open_td()
html.begin_form('diag_host', method="POST")
html.prevent_password_auto_completion()
forms.header(_('Host Properties'))
forms.section(legend=False)
# The diagnose page shows both snmp variants at the same time
# We need to analyse the preconfigured community and set either the
# snmp_community or the snmp_v3_credentials
vs_dict = {}
for key, value in self._host.attributes().items():
if key == "snmp_community" and isinstance(value, tuple):
vs_dict["snmp_v3_credentials"] = value
continue
vs_dict[key] = value
vs_host = self._vs_host()
vs_host.render_input("vs_host", vs_dict)
html.help(vs_host.help())
forms.end()
html.open_div(style="margin-bottom:10px")
html.close_div()
forms.header(_('Options'))
value = {}
forms.section(legend=False)
vs_rules = self._vs_rules()
vs_rules.render_input("vs_rules", value)
html.help(vs_rules.help())
forms.end()
# When clicking "Save & Test" on the "Edit host" page, this will be set
# to immediately execute the tests using the just saved settings
if request.has_var("_start_on_load"):
html.final_javascript(
"cmk.page_menu.form_submit('diag_host', '_try');")
html.hidden_fields()
html.end_form()
html.close_td()
html.open_td(style="padding-left:10px;")
self._show_diagnose_output()
def page(self):
html.p(
_("To be able to download the key, you need to unlock the key by entering the "
"passphrase. This is only done to verify that you are allowed to download the key. "
"The key will be downloaded in encrypted form."))
html.begin_form("key", method="POST")
html.prevent_password_auto_completion()
self._vs_key().render_input("key", {})
self._vs_key().set_focus("key")
html.hidden_fields()
html.end_form()
def page(self):
html.begin_form("edit", method="POST")
html.prevent_password_auto_completion()
vs = self.valuespec()
vs.render_input("_edit", self._entry)
vs.set_focus("_edit")
forms.end()
html.hidden_fields()
html.end_form()
def page(self):
html.open_div(class_="diag_host")
html.open_table()
html.open_tr()
html.open_td()
html.begin_form('diag_host', method="POST")
html.prevent_password_auto_completion()
forms.header(_('Host Properties'))
forms.section(legend=False)
# The diagnose page shows both snmp variants at the same time
# We need to analyse the preconfigured community and set either the
# snmp_community or the snmp_v3_credentials
vs_dict = {}
for key, value in self._host.attributes().items():
if key == "snmp_community" and isinstance(value, tuple):
vs_dict["snmp_v3_credentials"] = value
continue
vs_dict[key] = value
vs_host = self._vs_host()
vs_host.render_input("vs_host", vs_dict)
html.help(vs_host.help())
forms.end()
html.open_div(style="margin-bottom:10px")
html.button("_save", _("Save & Exit"))
html.close_div()
forms.header(_('Options'))
value = {}
forms.section(legend=False)
vs_rules = self._vs_rules()
vs_rules.render_input("vs_rules", value)
html.help(vs_rules.help())
forms.end()
html.button("_try", _("Test"))
html.hidden_fields()
html.end_form()
html.close_td()
html.open_td(style="padding-left:10px;")
self._show_diagnose_output()
def _show_form(self) -> None:
assert user.id is not None
users = userdb.load_users()
change_reason = request.get_ascii_input("reason")
if change_reason == "expired":
html.p(
_("Your password is too old, you need to choose a new password."
))
elif change_reason == "enforced":
html.p(
_("You are required to change your password before proceeding."
))
user_spec = users.get(user.id)
if user_spec is None:
html.show_warning(_("Sorry, your user account does not exist."))
html.footer()
return
locked_attributes = userdb.locked_attributes(
user_spec.get("connector"))
if "password" in locked_attributes:
raise MKUserError(
"cur_password",
_("You can not change your password, because it is "
"managed by another system."),
)
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
forms.header(self._page_title())
forms.section(_("Current Password"))
html.password_input("cur_password", autocomplete="new-password")
forms.section(_("New Password"))
html.password_input("password", autocomplete="new-password")
forms.section(_("New Password Confirmation"))
html.password_input("password2", autocomplete="new-password")
forms.end()
html.close_div()
html.hidden_fields()
html.end_form()
html.footer()
def _show_form(self) -> None:
assert user.id is not None
users = userdb.load_users()
user_spec: Optional[UserSpec] = users.get(user.id)
if user_spec is None:
html.show_warning(_("Sorry, your user account does not exist."))
html.footer()
return
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
forms.header(_("Personal settings"))
forms.section(_("Name"), simple=True)
html.write_text(user_spec.get("alias", user.id))
select_language(user_spec)
# Let the user configure how he wants to be notified
rulebased_notifications = rulebased_notifications_enabled()
if (
not rulebased_notifications
and user.may("general.edit_notifications")
and user_spec.get("notifications_enabled")
):
forms.section(_("Notifications"))
html.help(
_(
"Here you can configure how you want to be notified about host and service problems and "
"other monitoring events."
)
)
watolib.get_vs_flexible_notifications().render_input(
"notification_method", user_spec.get("notification_method")
)
if user.may("general.edit_user_attributes"):
custom_user_attr_topics = get_user_attributes_by_topic()
_show_custom_user_attr(user_spec, custom_user_attr_topics.get("personal", []))
forms.header(_("User interface settings"))
_show_custom_user_attr(user_spec, custom_user_attr_topics.get("interface", []))
forms.end()
html.close_div()
html.hidden_fields()
html.end_form()
html.footer()
def page(self):
self._folder.show_breadcrump()
# Show search form
html.begin_form("edit_host", method="GET")
html.prevent_password_auto_completion()
forms.header(_("General Properties"))
forms.section(_("Hostname"))
html.text_input("host_search_host")
html.set_focus("host_search_host")
# Attributes
configure_attributes(False, {}, "host_search", parent=None, varprefix="host_search_")
# Button
forms.end()
html.button("_local", _("Search in %s") % self._folder.title(), "submit")
html.hidden_field("host_search", "1")
html.hidden_fields()
html.end_form()
def page(self):
# Show outcome of host validation. Do not validate new hosts
errors = None
if self._mode == "edit":
errors = (watolib.validate_all_hosts([self._host.name()]).get(
self._host.name(), []) + self._host.validation_errors())
if errors:
html.open_div(class_="info")
html.open_table(class_="validationerror",
boder="0",
cellspacing="0",
cellpadding="0")
html.open_tr()
html.open_td(class_="img")
html.icon("validation_error")
html.close_td()
html.open_td()
html.open_p()
html.h3(_("Warning: This host has an invalid configuration!"))
html.open_ul()
for error in errors:
html.li(error)
html.close_ul()
html.close_p()
if html.form_submitted():
html.br()
html.b(_("Your changes have been saved nevertheless."))
html.close_td()
html.close_tr()
html.close_table()
html.close_div()
lock_message = ""
locked_hosts = watolib.Folder.current().locked_hosts()
if locked_hosts:
if locked_hosts is True:
lock_message = _(
"Host attributes locked (You cannot edit this host)")
elif isinstance(locked_hosts, str):
lock_message = locked_hosts
if lock_message:
html.div(lock_message, class_="info")
html.begin_form("edit_host", method="POST")
html.prevent_password_auto_completion()
basic_attributes = [
# attribute name, valuepec, default value
("host", self._vs_host_name(), self._host.name()),
]
if self._is_cluster():
basic_attributes += [
# attribute name, valuepec, default value
(
"nodes",
self._vs_cluster_nodes(),
self._host.cluster_nodes() if self._host else [],
),
]
configure_attributes(
new=self._mode != "edit",
hosts={self._host.name(): self._host}
if self._mode != "new" else {},
for_what="host" if not self._is_cluster() else "cluster",
parent=watolib.Folder.current(),
basic_attributes=basic_attributes,
)
if self._mode != "edit":
html.set_focus("host")
forms.end()
html.hidden_fields()
html.end_form()
def page(self):
# Let exceptions from loading notification scripts happen now
watolib.load_notification_scripts()
html.begin_form("user", method="POST")
html.prevent_password_auto_completion()
forms.header(_("Identity"))
# ID
forms.section(_("Username"), simple=not self._is_new_user)
if self._is_new_user:
vs_user_id = UserID(allow_empty=False)
else:
vs_user_id = FixedValue(self._user_id)
vs_user_id.render_input("user_id", self._user_id)
def lockable_input(name, dflt):
if not self._is_locked(name):
html.text_input(name, self._user.get(name, dflt), size=50)
else:
html.write_text(self._user.get(name, dflt))
html.hidden_field(name, self._user.get(name, dflt))
# Full name
forms.section(_("Full name"))
lockable_input('alias', self._user_id)
html.help(_("Full name or alias of the user"))
# Email address
forms.section(_("Email address"))
email = self._user.get("email", "")
if not self._is_locked("email"):
EmailAddressUnicode().render_input("email", email)
else:
html.write_text(email)
html.hidden_field("email", email)
html.help(
_("The email address is optional and is needed "
"if the user is a monitoring contact and receives notifications "
"via Email."))
forms.section(_("Pager address"))
lockable_input('pager', '')
html.help(_("The pager address is optional "))
if cmk.is_managed_edition():
forms.section(self._vs_customer.title())
self._vs_customer.render_input("customer", managed.get_customer_id(self._user))
html.help(self._vs_customer.help())
vs_sites = self._vs_sites()
forms.section(vs_sites.title())
authorized_sites = self._user.get("authorized_sites", vs_sites.default_value())
if not self._is_locked("authorized_sites"):
vs_sites.render_input("authorized_sites", authorized_sites)
else:
html.write_html(vs_sites.value_to_text(authorized_sites))
html.help(vs_sites.help())
self._show_custom_user_attributes('ident')
forms.header(_("Security"))
forms.section(_("Authentication"))
is_automation = self._user.get("automation_secret", None) is not None
html.radiobutton("authmethod", "password", not is_automation,
_("Normal user login with password"))
html.open_ul()
html.open_table()
html.open_tr()
html.td(_("password:"******"_password_" + self._pw_suffix(), autocomplete="new-password")
html.close_td()
html.close_tr()
html.open_tr()
html.td(_("repeat:"))
html.open_td()
html.password_input("_password2_" + self._pw_suffix(), autocomplete="new-password")
html.write_text(" (%s)" % _("optional"))
html.close_td()
html.close_tr()
html.open_tr()
html.td("%s:" % _("Enforce change"))
html.open_td()
# Only make password enforcement selection possible when user is allowed to change the PW
if self._is_new_user or config.user_may(self._user_id,
'general.edit_profile') and config.user_may(
self._user_id, 'general.change_password'):
html.checkbox("enforce_pw_change",
self._user.get("enforce_pw_change", False),
label=_("Change password at next login or access"))
else:
html.write_text(
_("Not permitted to change the password. Change can not be enforced."))
else:
html.i(_('The password can not be changed (It is locked by the user connector).'))
html.hidden_field('_password', '')
html.hidden_field('_password2', '')
html.close_td()
html.close_tr()
html.close_table()
html.close_ul()
html.radiobutton("authmethod", "secret", is_automation,
_("Automation secret for machine accounts"))
html.open_ul()
html.text_input("_auth_secret",
self._user.get("automation_secret", ""),
size=30,
id_="automation_secret")
html.write_text(" ")
html.open_b(style=["position: relative", "top: 4px;"])
html.write(" ")
html.icon_button("javascript:cmk.wato.randomize_secret('automation_secret', 20);",
_("Create random secret"), "random")
html.close_b()
html.close_ul()
html.help(
_("If you want the user to be able to login "
"then specify a password here. Users without a login make sense "
"if they are monitoring contacts that are just used for "
"notifications. The repetition of the password is optional. "
"<br>For accounts used by automation processes (such as fetching "
"data from views for further procession), set the method to "
"<u>secret</u>. The secret will be stored in a local file. Processes "
"with read access to that file will be able to use Multisite as "
"a webservice without any further configuration."))
# Locking
forms.section(_("Disable password"), simple=True)
if not self._is_locked('locked'):
html.checkbox("locked",
self._user.get("locked", False),
label=_("disable the login to this account"))
else:
html.write_text(
_('Login disabled') if self._user.get("locked", False) else _('Login possible'))
html.hidden_field('locked', '1' if self._user.get("locked", False) else '')
html.help(
_("Disabling the password will prevent a user from logging in while "
"retaining the original password. Notifications are not affected "
"by this setting."))
forms.section(_("Idle timeout"))
idle_timeout = self._user.get("idle_timeout")
if not self._is_locked("idle_timeout"):
watolib.get_vs_user_idle_timeout().render_input("idle_timeout", idle_timeout)
else:
html.write_text(idle_timeout)
html.hidden_field("idle_timeout", idle_timeout)
# Roles
forms.section(_("Roles"))
entries = self._roles.items()
entries.sort(key=lambda x: (x[1]["alias"], x[0]))
is_member_of_at_least_one = False
for role_id, role in entries:
if not self._is_locked("roles"):
html.checkbox("role_" + role_id, role_id in self._user.get("roles", []))
url = watolib.folder_preserving_link([("mode", "edit_role"), ("edit", role_id)])
html.a(role["alias"], href=url)
html.br()
else:
is_member = role_id in self._user.get("roles", [])
if is_member:
is_member_of_at_least_one = True
url = watolib.folder_preserving_link([("mode", "edit_role"), ("edit", role_id)])
html.a(role["alias"], href=url)
html.br()
html.hidden_field("role_" + role_id, '1' if is_member else '')
if self._is_locked('roles') and not is_member_of_at_least_one:
html.i(_('No roles assigned.'))
self._show_custom_user_attributes('security')
# Contact groups
forms.header(_("Contact Groups"), isopen=False)
forms.section()
groups_page_url = watolib.folder_preserving_link([("mode", "contact_groups")])
group_assign_url = watolib.folder_preserving_link([("mode", "rulesets"),
("group", "grouping")])
if not self._contact_groups:
html.write(
_("Please first create some <a href='%s'>contact groups</a>") % groups_page_url)
else:
entries = sorted([(group['alias'] or c, c) for c, group in self._contact_groups.items()
])
is_member_of_at_least_one = False
for alias, gid in entries:
is_member = gid in self._user.get("contactgroups", [])
if not self._is_locked('contactgroups'):
html.checkbox("cg_" + gid, gid in self._user.get("contactgroups", []))
else:
if is_member:
is_member_of_at_least_one = True
html.hidden_field("cg_" + gid, '1' if is_member else '')
if not self._is_locked('contactgroups') or is_member:
url = watolib.folder_preserving_link([("mode", "edit_contact_group"),
("edit", gid)])
html.a(alias, href=url)
html.br()
if self._is_locked('contactgroups') and not is_member_of_at_least_one:
html.i(_('No contact groups assigned.'))
html.help(
_("Contact groups are used to assign monitoring "
"objects to users. If you haven't defined any contact groups yet, "
"then first <a href='%s'>do so</a>. Hosts and services can be "
"assigned to contact groups using <a href='%s'>rules</a>.<br><br>"
"If you do not put the user into any contact group "
"then no monitoring contact will be created for the user.") %
(groups_page_url, group_assign_url))
forms.header(_("Notifications"), isopen=False)
if not self._rbn_enabled():
forms.section(_("Enabling"), simple=True)
html.checkbox("notifications_enabled",
self._user.get("notifications_enabled", False),
label=_("enable notifications"))
html.help(
_("Notifications are sent out "
"when the status of a host or service changes."))
# Notification period
forms.section(_("Notification time period"))
choices = [(id_, "%s" % (tp["alias"])) for (id_, tp) in self._timeperiods.items()]
html.dropdown("notification_period",
choices,
deflt=self._user.get("notification_period"),
ordered=True)
html.help(
_("Only during this time period the "
"user will get notifications about host or service alerts."))
# Notification options
notification_option_names = { # defined here: _() must be executed always!
"host": {
"d": _("Host goes down"),
"u": _("Host gets unreachble"),
"r": _("Host goes up again"),
},
"service": {
"w": _("Service goes into warning state"),
"u": _("Service goes into unknown state"),
"c": _("Service goes into critical state"),
"r": _("Service recovers to OK"),
},
"both": {
"f": _("Start or end of flapping state"),
"s": _("Start or end of a scheduled downtime"),
}
}
forms.section(_("Notification Options"))
for title, what, opts in [(_("Host events"), "host", "durfs"),
(_("Service events"), "service", "wucrfs")]:
html.write_text("%s:" % title)
html.open_ul()
user_opts = self._user.get(what + "_notification_options", opts)
for opt in opts:
opt_name = notification_option_names[what].get(
opt, notification_option_names["both"].get(opt))
html.checkbox(what + "_" + opt, opt in user_opts, label=opt_name)
html.br()
html.close_ul()
html.help(
_("Here you specify which types of alerts "
"will be notified to this contact. Note: these settings will only be saved "
"and used if the user is member of a contact group."))
forms.section(_("Notification Method"))
watolib.get_vs_flexible_notifications().render_input(
"notification_method", self._user.get("notification_method"))
else:
forms.section(_("Fallback notifications"), simple=True)
html.checkbox("fallback_contact",
self._user.get("fallback_contact", False),
label=_("Receive fallback notifications"))
html.help(
_("In case none of your notification rules handles a certain event a notification "
"will be sent to this contact. This makes sure that in that case at least <i>someone</i> "
"gets notified. Furthermore this contact will be used for notifications to any host or service "
"that is not known to the monitoring. This can happen when you forward notifications "
"from the Event Console.<br><br>Notification fallback can also configured in the global "
"setting <a href=\"wato.py?mode=edit_configvar&varname=notification_fallback_email\">"
"Fallback email address for notifications</a>."))
self._show_custom_user_attributes('notify')
forms.header(_("Personal Settings"), isopen=False)
select_language(self._user)
self._show_custom_user_attributes('personal')
# Later we could add custom macros here, which then could be used
# for notifications. On the other hand, if we implement some check_mk
# --notify, we could directly access the data in the account with the need
# to store values in the monitoring core. We'll see what future brings.
forms.end()
html.button("save", _("Save"))
if self._is_new_user:
html.set_focus("user_id")
else:
html.set_focus("alias")
html.hidden_fields()
html.end_form()
def page(self):
# Show outcome of host validation. Do not validate new hosts
errors = None
if self._mode != "edit":
watolib.Folder.current().show_breadcrump()
else:
errors = watolib.validate_all_hosts([self._host.name()]).get(
self._host.name(), []) + self._host.validation_errors()
if errors:
html.open_div(class_="info")
html.open_table(class_="validationerror",
boder=0,
cellspacing=0,
cellpadding=0)
html.open_tr()
html.open_td(class_="img")
html.icon(title=None, icon="validation_error")
html.close_td()
html.open_td()
html.open_p()
html.h3(_("Warning: This host has an invalid configuration!"))
html.open_ul()
for error in errors:
html.li(error)
html.close_ul()
html.close_p()
if html.form_submitted():
html.br()
html.b(_("Your changes have been saved nevertheless."))
html.close_td()
html.close_tr()
html.close_table()
html.close_div()
lock_message = ""
if watolib.Folder.current().locked_hosts():
if watolib.Folder.current().locked_hosts() is True:
lock_message = _(
"Host attributes locked (You cannot edit this host)")
else:
lock_message = watolib.Folder.current().locked_hosts()
if len(lock_message) > 0:
html.div(lock_message, class_="info")
html.begin_form("edit_host", method="POST")
html.prevent_password_auto_completion()
forms.header(_("General Properties"))
self._show_host_name()
# Cluster: nodes
if self._is_cluster():
forms.section(_("Nodes"))
self._vs_cluster_nodes().render_input(
"nodes",
self._host.cluster_nodes() if self._host else [])
html.help(
_('Enter the host names of the cluster nodes. These '
'hosts must be present in WATO. '))
configure_attributes(
new=self._mode != "edit",
hosts={self._host.name(): self._host}
if self._mode != "new" else {},
for_what="host" if not self._is_cluster() else "cluster",
parent=watolib.Folder.current())
forms.end()
if not watolib.Folder.current().locked_hosts():
html.button("services", _("Save & go to Services"), "submit")
html.button("save", _("Save & Finish"), "submit")
if not self._is_cluster():
html.button("diag_host", _("Save & Test"), "submit")
html.hidden_fields()
html.end_form()
def _show_page_user_profile(change_pw):
start_async_replication = False
if not config.user.id:
raise MKUserError(None, _('Not logged in.'))
if not config.user.may('general.edit_profile') and not config.user.may(
'general.change_password'):
raise MKAuthException(
_("You are not allowed to edit your user profile."))
if not config.wato_enabled:
raise MKAuthException(
_('User profiles can not be edited (WATO is disabled).'))
success = None
if html.request.has_var('_save') and html.check_transaction():
users = userdb.load_users(lock=True)
try:
# Profile edit (user options like language etc.)
if config.user.may('general.edit_profile'):
if not change_pw:
set_lang = html.get_checkbox('_set_lang')
language = html.request.var('language')
# Set the users language if requested
if set_lang:
if language == '':
language = None
# Set custom language
users[config.user.id]['language'] = language
config.user.language = language
html.set_language_cookie(language)
else:
# Remove the customized language
if 'language' in users[config.user.id]:
del users[config.user.id]['language']
config.user.reset_language()
# load the new language
cmk.gui.i18n.localize(config.user.language)
user = users.get(config.user.id)
if config.user.may('general.edit_notifications'
) and user.get("notifications_enabled"):
value = forms.get_input(
watolib.get_vs_flexible_notifications(),
"notification_method")
users[config.user.id]["notification_method"] = value
# Custom attributes
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if attr.user_editable():
if not attr.permission() or config.user.may(
attr.permission()):
vs = attr.valuespec()
value = vs.from_html_vars('ua_' + name)
vs.validate_value(value, "ua_" + name)
users[config.user.id][name] = value
# Change the password if requested
password_changed = False
if config.user.may('general.change_password'):
cur_password = html.request.var('cur_password')
password = html.request.var('password')
password2 = html.request.var('password2', '')
if change_pw:
# Force change pw mode
if not cur_password:
raise MKUserError(
"cur_password",
_("You need to provide your current password."))
if not password:
raise MKUserError(
"password", _("You need to change your password."))
if cur_password == password:
raise MKUserError(
"password",
_("The new password must differ from your current one."
))
if cur_password and password:
if userdb.hook_login(config.user.id,
cur_password) is False:
raise MKUserError("cur_password",
_("Your old password is wrong."))
if password2 and password != password2:
raise MKUserError(
"password2",
_("The both new passwords do not match."))
watolib.verify_password_policy(password)
users[config.user.id]['password'] = hash_password(password)
users[config.user.id]['last_pw_change'] = int(time.time())
if change_pw:
# Has been changed, remove enforcement flag
del users[config.user.id]['enforce_pw_change']
# Increase serial to invalidate old cookies
if 'serial' not in users[config.user.id]:
users[config.user.id]['serial'] = 1
else:
users[config.user.id]['serial'] += 1
password_changed = True
# Now, if in distributed environment where users can login to remote sites,
# set the trigger for pushing the new auth information to the slave sites
# asynchronous
if config.user.authorized_login_sites():
start_async_replication = True
userdb.save_users(users)
if password_changed:
# Set the new cookie to prevent logout for the current user
login.set_auth_cookie(config.user.id)
success = True
except MKUserError as e:
html.add_user_error(e.varname, e)
else:
users = userdb.load_users()
watolib.init_wato_datastructures(with_wato_lock=True)
# When in distributed setup, display the replication dialog instead of the normal
# profile edit dialog after changing the password.
if start_async_replication:
user_profile_async_replication_page()
return
if change_pw:
title = _("Change Password")
else:
title = _("Edit User Profile")
html.header(title)
# Rule based notifications: The user currently cannot simply call the according
# WATO module due to WATO permission issues. So we cannot show this button
# right now.
if not change_pw:
rulebased_notifications = watolib.load_configuration_settings().get(
"enable_rulebased_notifications")
if rulebased_notifications and config.user.may(
'general.edit_notifications'):
html.begin_context_buttons()
url = "wato.py?mode=user_notifications_p"
html.context_button(_("Notifications"), url, "notifications")
html.end_context_buttons()
else:
reason = html.request.var('reason')
if reason == 'expired':
html.p(
_('Your password is too old, you need to choose a new password.'
))
else:
html.p(
_('You are required to change your password before proceeding.'
))
if success:
html.reload_sidebar()
if change_pw:
html.show_message(_("Your password has been changed."))
raise HTTPRedirect(html.request.var('_origtarget', 'index.py'))
else:
html.show_message(_("Successfully updated user profile."))
# Ensure theme changes are applied without additional user interaction
html.immediate_browser_redirect(0.5, html.makeuri([]))
if html.has_user_errors():
html.show_user_errors()
user = users.get(config.user.id)
if user is None:
html.show_warning(_("Sorry, your user account does not exist."))
html.footer()
return
# Returns true if an attribute is locked and should be read only. Is only
# checked when modifying an existing user
locked_attributes = userdb.locked_attributes(user.get('connector'))
def is_locked(attr):
return attr in locked_attributes
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
forms.header(_("Personal Settings"))
if not change_pw:
forms.section(_("Name"), simple=True)
html.write_text(user.get("alias", config.user.id))
if config.user.may(
'general.change_password') and not is_locked('password'):
forms.section(_("Current Password"))
html.password_input('cur_password', autocomplete="new-password")
forms.section(_("New Password"))
html.password_input('password', autocomplete="new-password")
forms.section(_("New Password Confirmation"))
html.password_input('password2', autocomplete="new-password")
if not change_pw and config.user.may('general.edit_profile'):
select_language(user)
# Let the user configure how he wants to be notified
if not rulebased_notifications \
and config.user.may('general.edit_notifications') \
and user.get("notifications_enabled"):
forms.section(_("Notifications"))
html.help(
_("Here you can configure how you want to be notified about host and service problems and "
"other monitoring events."))
watolib.get_vs_flexible_notifications().render_input(
"notification_method", user.get("notification_method"))
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if attr.user_editable():
vs = attr.valuespec()
forms.section(_u(vs.title()))
value = user.get(name, vs.default_value())
if not attr.permission() or config.user.may(
attr.permission()):
vs.render_input("ua_" + name, value)
html.help(_u(vs.help()))
else:
html.write(vs.value_to_text(value))
# Save button
forms.end()
html.button("_save", _("Save"))
html.close_div()
html.hidden_fields()
html.end_form()
html.footer()
