def admin_delete(admin_id):
if settings.app.demo_mode:
return utils.demo_blocked()
if not flask.g.administrator.super_user:
return utils.jsonify(
{
'error': REQUIRES_SUPER_USER,
'error_msg': REQUIRES_SUPER_USER_MSG,
}, 400)
admin = auth.get_by_id(admin_id)
remote_addr = utils.get_remote_addr()
if admin.super_user and auth.super_user_count() < 2:
return utils.jsonify({
'error': NO_ADMINS,
'error_msg': NO_ADMINS_MSG,
}, 400)
journal.entry(
journal.ADMIN_DELETE,
admin.journal_data,
event_long='Administrator deleted',
remote_addr=remote_addr,
)
admin.remove()
event.Event(type=ADMINS_UPDATED)
return utils.jsonify({})
def admin_delete(admin_id):
if settings.app.demo_mode:
return utils.demo_blocked()
if not flask.g.administrator.super_user:
return utils.jsonify({
'error': REQUIRES_SUPER_USER,
'error_msg': REQUIRES_SUPER_USER_MSG,
}, 400)
admin = auth.get_by_id(admin_id)
remote_addr = utils.get_remote_addr()
if admin.super_user and auth.super_user_count() < 2:
return utils.jsonify({
'error': NO_ADMINS,
'error_msg': NO_ADMINS_MSG,
}, 400)
journal.entry(
journal.ADMIN_DELETE,
admin.journal_data,
event_long='Administrator deleted',
remote_addr=remote_addr,
)
admin.remove()
event.Event(type=ADMINS_UPDATED)
return utils.jsonify({})
def admin_delete(admin_id):
if settings.app.demo_mode:
return utils.demo_blocked()
if not flask.g.administrator.super_user:
return utils.jsonify({"error": REQUIRES_SUPER_USER, "error_msg": REQUIRES_SUPER_USER_MSG}, 400)
admin = auth.get_by_id(admin_id)
if admin.super_user and auth.super_user_count() < 2:
return utils.jsonify({"error": NO_ADMINS, "error_msg": NO_ADMINS_MSG}, 400)
admin.remove()
event.Event(type=ADMINS_UPDATED)
return utils.jsonify({})
def admin_delete(admin_id):
if settings.app.demo_mode:
return utils.demo_blocked()
if not flask.g.administrator.super_user:
return utils.jsonify(
{
'error': REQUIRES_SUPER_USER,
'error_msg': REQUIRES_SUPER_USER_MSG,
}, 400)
admin = auth.get_by_id(admin_id)
if admin.super_user and auth.super_user_count() < 2:
return utils.jsonify({
'error': NO_ADMINS,
'error_msg': NO_ADMINS_MSG,
}, 400)
admin.remove()
event.Event(type=ADMINS_UPDATED)
return utils.jsonify({})
def admin_put(admin_id):
if settings.app.demo_mode:
return utils.demo_blocked()
if not flask.g.administrator.super_user:
return utils.jsonify({
'error': REQUIRES_SUPER_USER,
'error_msg': REQUIRES_SUPER_USER_MSG,
}, 400)
admin = auth.get_by_id(admin_id)
if 'username' in flask.request.json:
username = utils.filter_str(flask.request.json['username']) or \
'undefined'
if username:
username = username.lower()
if username != admin.username:
admin.audit_event('admin_updated',
'Administrator username changed',
remote_addr=utils.get_remote_addr(),
)
admin.username = username
if 'password' in flask.request.json and flask.request.json['password']:
password = flask.request.json['password']
if password != admin.password:
admin.audit_event('admin_updated',
'Administrator password changed',
remote_addr=utils.get_remote_addr(),
)
admin.password = password
super_user = flask.request.json.get('super_user')
if super_user is not None:
if super_user != admin.super_user:
if not super_user and auth.super_user_count() < 2:
return utils.jsonify({
'error': NO_SUPER_USERS,
'error_msg': NO_SUPER_USERS_MSG,
}, 400)
admin.audit_event('admin_updated',
'Administrator super user %s' % (
'disabled' if super_user else 'enabled'),
remote_addr=utils.get_remote_addr(),
)
admin.super_user = super_user
auth_api = flask.request.json.get('auth_api')
if auth_api is not None:
if auth_api != admin.auth_api:
if not auth_api:
admin.token = None
admin.secret = None
elif not admin.token or not admin.secret:
admin.generate_token()
admin.generate_secret()
admin.audit_event('admin_updated',
'Administrator token authentication %s' % (
'disabled' if auth_api else 'enabled'),
remote_addr=utils.get_remote_addr(),
)
admin.auth_api = auth_api
if 'token' in flask.request.json and flask.request.json['token']:
admin.generate_token()
admin.audit_event('admin_updated',
'Administrator api token changed',
remote_addr=utils.get_remote_addr(),
)
if 'secret' in flask.request.json and flask.request.json['secret']:
admin.generate_secret()
admin.audit_event('admin_updated',
'Administrator api secret changed',
remote_addr=utils.get_remote_addr(),
)
disabled = flask.request.json.get('disabled')
if disabled is not None:
if disabled != admin.disabled:
if disabled and admin.super_user and auth.super_user_count() < 2:
return utils.jsonify({
'error': NO_ADMINS_ENABLED,
'error_msg': NO_ADMINS_ENABLED_MSG,
}, 400)
admin.audit_event('admin_updated',
'Administrator %s' % ('disabled' if disabled else 'enabled'),
remote_addr=utils.get_remote_addr(),
)
admin.disabled = disabled
otp_auth = flask.request.json.get('otp_auth')
if otp_auth is not None:
if otp_auth != admin.otp_auth:
if not otp_auth:
admin.otp_secret = None
elif not admin.otp_secret:
admin.generate_otp_secret()
admin.audit_event('admin_updated',
'Administrator two-step authentication %s' % (
'disabled' if otp_auth else 'enabled'),
remote_addr=utils.get_remote_addr(),
)
admin.otp_auth = otp_auth
otp_secret = flask.request.json.get('otp_secret')
if otp_secret == True:
admin.audit_event('admin_updated',
'Administrator two-factor authentication secret reset',
remote_addr=utils.get_remote_addr(),
)
admin.generate_otp_secret()
try:
admin.commit()
except pymongo.errors.DuplicateKeyError:
return utils.jsonify({
'error': ADMIN_USERNAME_EXISTS,
'error_msg': ADMIN_USERNAME_EXISTS_MSG,
}, 400)
event.Event(type=ADMINS_UPDATED)
return utils.jsonify(admin.dict())
def admin_put(admin_id):
if settings.app.demo_mode:
return utils.demo_blocked()
if not flask.g.administrator.super_user:
return utils.jsonify(
{
'error': REQUIRES_SUPER_USER,
'error_msg': REQUIRES_SUPER_USER_MSG,
}, 400)
admin = auth.get_by_id(admin_id)
if 'username' in flask.request.json:
username = utils.filter_str(flask.request.json['username']) or \
'undefined'
if username:
username = username.lower()
if username != admin.username:
admin.audit_event(
'admin_updated',
'Administrator username changed',
remote_addr=utils.get_remote_addr(),
)
admin.username = username
if 'password' in flask.request.json and flask.request.json['password']:
password = flask.request.json['password']
if password != admin.password:
admin.audit_event(
'admin_updated',
'Administrator password changed',
remote_addr=utils.get_remote_addr(),
)
admin.password = password
if 'yubikey_id' in flask.request.json:
yubikey_id = flask.request.json['yubikey_id'] or None
if yubikey_id != admin.yubikey_id:
admin.audit_event(
'admin_updated',
'Administrator YubiKey ID changed',
remote_addr=utils.get_remote_addr(),
)
admin.yubikey_id = yubikey_id[:12] if yubikey_id else None
super_user = flask.request.json.get('super_user')
if super_user is not None:
if super_user != admin.super_user:
if not super_user and auth.super_user_count() < 2:
return utils.jsonify(
{
'error': NO_SUPER_USERS,
'error_msg': NO_SUPER_USERS_MSG,
}, 400)
admin.audit_event(
'admin_updated',
'Administrator super user %s' %
('disabled' if super_user else 'enabled'),
remote_addr=utils.get_remote_addr(),
)
admin.super_user = super_user
auth_api = flask.request.json.get('auth_api')
if auth_api is not None:
if auth_api != admin.auth_api:
if not auth_api:
admin.token = None
admin.secret = None
elif not admin.token or not admin.secret:
admin.generate_token()
admin.generate_secret()
admin.audit_event(
'admin_updated',
'Administrator token authentication %s' %
('disabled' if auth_api else 'enabled'),
remote_addr=utils.get_remote_addr(),
)
admin.auth_api = auth_api
if 'token' in flask.request.json and flask.request.json['token']:
admin.generate_token()
admin.audit_event(
'admin_updated',
'Administrator api token changed',
remote_addr=utils.get_remote_addr(),
)
if 'secret' in flask.request.json and flask.request.json['secret']:
admin.generate_secret()
admin.audit_event(
'admin_updated',
'Administrator api secret changed',
remote_addr=utils.get_remote_addr(),
)
disabled = flask.request.json.get('disabled')
if disabled is not None:
if disabled != admin.disabled:
if disabled and admin.super_user and auth.super_user_count() < 2:
return utils.jsonify(
{
'error': NO_ADMINS_ENABLED,
'error_msg': NO_ADMINS_ENABLED_MSG,
}, 400)
admin.audit_event(
'admin_updated',
'Administrator %s' % ('disabled' if disabled else 'enabled'),
remote_addr=utils.get_remote_addr(),
)
admin.disabled = disabled
otp_auth = flask.request.json.get('otp_auth')
if otp_auth is not None:
if otp_auth != admin.otp_auth:
if not otp_auth:
admin.otp_secret = None
elif not admin.otp_secret:
admin.generate_otp_secret()
admin.audit_event(
'admin_updated',
'Administrator two-step authentication %s' %
('disabled' if otp_auth else 'enabled'),
remote_addr=utils.get_remote_addr(),
)
admin.otp_auth = otp_auth
otp_secret = flask.request.json.get('otp_secret')
if otp_secret == True:
admin.audit_event(
'admin_updated',
'Administrator two-factor authentication secret reset',
remote_addr=utils.get_remote_addr(),
)
admin.generate_otp_secret()
try:
admin.commit()
except pymongo.errors.DuplicateKeyError:
return utils.jsonify(
{
'error': ADMIN_USERNAME_EXISTS,
'error_msg': ADMIN_USERNAME_EXISTS_MSG,
}, 400)
event.Event(type=ADMINS_UPDATED)
return utils.jsonify(admin.dict())
def admin_put(admin_id):
if settings.app.demo_mode:
return utils.demo_blocked()
if not flask.g.administrator.super_user:
return utils.jsonify({"error": REQUIRES_SUPER_USER, "error_msg": REQUIRES_SUPER_USER_MSG}, 400)
admin = auth.get_by_id(admin_id)
if "username" in flask.request.json:
username = utils.filter_str(flask.request.json["username"]) or None
if username != admin.username:
admin.audit_event("admin_updated", "Administrator username changed", remote_addr=utils.get_remote_addr())
admin.username = username
if "password" in flask.request.json and flask.request.json["password"]:
password = flask.request.json["password"]
if password != admin.password:
admin.audit_event("admin_updated", "Administrator password changed", remote_addr=utils.get_remote_addr())
admin.password = password
super_user = flask.request.json.get("super_user")
if super_user is not None:
if super_user != admin.super_user:
if not super_user and auth.super_user_count() < 2:
return utils.jsonify({"error": NO_SUPER_USERS, "error_msg": NO_SUPER_USERS_MSG}, 400)
admin.audit_event(
"admin_updated",
"Administrator super user %s" % ("disabled" if super_user else "enabled"),
remote_addr=utils.get_remote_addr(),
)
admin.super_user = super_user
auth_api = flask.request.json.get("auth_api")
if auth_api is not None:
if auth_api != admin.auth_api:
if not auth_api:
admin.token = None
admin.secret = None
elif not admin.token or not admin.secret:
admin.generate_token()
admin.generate_secret()
admin.audit_event(
"admin_updated",
"Administrator token authentication %s" % ("disabled" if auth_api else "enabled"),
remote_addr=utils.get_remote_addr(),
)
admin.auth_api = auth_api
if "token" in flask.request.json and flask.request.json["token"]:
admin.generate_token()
admin.audit_event("admin_updated", "Administrator api token changed", remote_addr=utils.get_remote_addr())
if "secret" in flask.request.json and flask.request.json["secret"]:
admin.generate_secret()
admin.audit_event("admin_updated", "Administrator api secret changed", remote_addr=utils.get_remote_addr())
disabled = flask.request.json.get("disabled")
if disabled is not None:
if disabled != admin.disabled:
if disabled and admin.super_user and auth.super_user_count() < 2:
return utils.jsonify({"error": NO_ADMINS_ENABLED, "error_msg": NO_ADMINS_ENABLED_MSG}, 400)
admin.audit_event(
"admin_updated",
"Administrator %s" % ("disabled" if disabled else "enabled"),
remote_addr=utils.get_remote_addr(),
)
admin.disabled = disabled
otp_auth = flask.request.json.get("otp_auth")
if otp_auth is not None:
if otp_auth != admin.otp_auth:
if not otp_auth:
admin.otp_secret = None
elif not admin.otp_secret:
admin.generate_otp_secret()
admin.audit_event(
"admin_updated",
"Administrator two-step authentication %s" % ("disabled" if otp_auth else "enabled"),
remote_addr=utils.get_remote_addr(),
)
admin.otp_auth = otp_auth
otp_secret = flask.request.json.get("otp_secret")
if otp_secret == True:
admin.audit_event(
"admin_updated", "Administrator two-factor authentication secret reset", remote_addr=utils.get_remote_addr()
)
admin.generate_otp_secret()
try:
admin.commit()
except pymongo.errors.DuplicateKeyError:
return utils.jsonify({"error": ADMIN_USERNAME_EXISTS, "error_msg": ADMIN_USERNAME_EXISTS_MSG}, 400)
event.Event(type=ADMINS_UPDATED)
return utils.jsonify(admin.dict())