Ejemplo n.º 1
0
def update_defaultview(request, map_id, is_global_defaultview=False):
    """ Save/update a default view for a user.
    :param request: request
    :param map_id: NetmapView id
    :return: 200 HttpResponse with view_id or related http status code.
    """
    session_user = get_account(request)

    if not session_user.is_admin():
        return HttpResponseForbidden()

    view = get_object_or_404(NetmapView, pk=map_id)

    if is_global_defaultview:
        if session_user.is_admin():
            NetmapViewDefaultView.objects.filter(
                owner=Account(pk=Account.DEFAULT_ACCOUNT)).delete()
            default_view = NetmapViewDefaultView()
            default_view.view = view
            default_view.owner = Account(pk=Account.DEFAULT_ACCOUNT)
            default_view.save()
            return HttpResponse(default_view.view.viewid)
        else:
            return HttpResponseForbidden()
    else:
        if view.is_public or (session_user == view.owner):
            NetmapViewDefaultView.objects.filter(owner=session_user).delete()
            default_view = NetmapViewDefaultView()
            default_view.view = view
            default_view.owner = session_user
            default_view.save()
            return HttpResponse(default_view.view.viewid)
        else:
            return HttpResponseForbidden()
Ejemplo n.º 2
0
def authenticate(username, password):
    '''Authenticate username and password against database.
    Returns account object if user was authenticated, else None.
    '''
    # FIXME Log stuff?
    auth = False
    account = None

    # Try to find the account in the database. If it's not found we can try
    # LDAP.
    try:
        account = Account.objects.get(login__iexact=username)
    except Account.DoesNotExist:
        if ldapauth.available:
            user = ldapauth.authenticate(username, password)
            # If we authenticated, store the user in database.
            if user:
                account = Account(
                    login=user.username,
                    name=user.get_real_name(),
                    ext_sync='ldap'
                )
                account.set_password(password)
                account.save()
                # We're authenticated now
                auth = True

    if (account and account.ext_sync == 'ldap' and
        ldapauth.available and not auth):
        try:
            auth = ldapauth.authenticate(username, password)
        except ldapauth.NoAnswerError:
            # Fallback to stored password if ldap is unavailable
            auth = False
        else:
            if auth:
                account.set_password(password)
                account.save()
            else:
                return

    if account and not auth:
        auth = account.check_password(password)

    if auth and account:
        return account
    else:
        return None
Ejemplo n.º 3
0
def _get_global_defaultview_as_json(request):
    """Helper for fetching global default view"""
    session_user = get_account(request)
    try:
        view = NetmapViewDefaultView.objects.get(owner=session_user)
    except ObjectDoesNotExist:
        try:
            view = NetmapViewDefaultView.objects.get(
                owner=Account(pk=Account.DEFAULT_ACCOUNT))
        except ObjectDoesNotExist:
            view = None

    return simplejson.dumps(view.to_json_dict()) if view else 'null'
Ejemplo n.º 4
0
def resolve_account_admin_and_owner(request):
    """Primarily used before saving filters and filter groups.
    Gets account, checks if user is admin, and sets owner to a appropriate
    value.
    """
    account = get_account(request)
    admin = is_admin(account)

    owner = Account()
    if request.POST.get('owner') or not admin:
        owner = account

    return (account, admin, owner)
Ejemplo n.º 5
0
Archivo: auth.py Proyecto: plan1230/nav
def authenticate_remote_user(request):
    """Authenticate username from http header REMOTE_USER

    Returns:

    :return: If the user was authenticated, an account.
             If the user was blocked from logging in, False.
             Otherwise, None.
    :rtype: Account, False, None
    """
    username = get_remote_username(request)
    if not username:
        return None

    # We now have a username-ish

    try:
        account = Account.objects.get(login=username)
    except Account.DoesNotExist:
        # Store the remote user in the database and return the new account
        account = Account(login=username,
                          name=username,
                          ext_sync='REMOTE_USER')
        account.set_password(fake_password(32))
        account.save()
        _logger.info("Created user %s from header REMOTE_USER", account.login)
        template = 'Account "{actor}" created due to REMOTE_USER HTTP header'
        LogEntry.add_log_entry(account,
                               'create-account',
                               template=template,
                               subsystem='auth')
        return account

    # Bail out! Potentially evil user
    if account.locked:
        _logger.info("Locked user %s tried to log in", account.login)
        template = 'Account "{actor}" was prevented from logging in: blocked'
        LogEntry.add_log_entry(account,
                               'login-prevent',
                               template=template,
                               subsystem='auth')
        return False

    return account
Ejemplo n.º 6
0
def authenticate(username, password):
    '''Authenticate username and password against database.
    Returns account object if user was authenticated, else None.
    '''
    # FIXME Log stuff?
    auth = False
    account = None

    # Try to find the account in the database. If it's not found we can try
    # LDAP.
    try:
        account = Account.objects.get(login__iexact=username)
    except Account.DoesNotExist:
        if ldapauth.available:
            user = ldapauth.authenticate(username, password)
            # If we authenticated, store the user in database.
            if user:
                account = Account(
                    login=user.username,
                    name=user.get_real_name(),
                    ext_sync='ldap'
                )
                account.set_password(password)
                account.save()
                _handle_ldap_admin_status(user, account)
                # We're authenticated now
                auth = True

    if account and account.locked:
        _logger.info("Locked user %s tried to log in", account.login)

    if (account and
            account.ext_sync == 'ldap' and
            ldapauth.available and
            not auth and
            not account.locked):
        try:
            auth = ldapauth.authenticate(username, password)
        except ldapauth.NoAnswerError:
            # Fallback to stored password if ldap is unavailable
            auth = False
        else:
            if auth:
                account.set_password(password)
                account.save()
                _handle_ldap_admin_status(auth, account)
            else:
                return

    if account and not auth:
        auth = account.check_password(password)

    if auth and account:
        return account
    else:
        return None