Ejemplo n.º 1
0
 def validate(self):
     v = Validate()
     if not v.sha256(self.key):
         raise Exception('Invalid key')
     if not v.sha256(self.secret):
         raise Exception('Invalid secret')
     if self.deleted != 0 and self.deleted != 1:
         raise Exception('deleted must be 1 or 0')
Ejemplo n.º 2
0
    def post(self):
        email = request.form.get("email", None)
        password = request.form.get("password", None)

        if email is None or password is None:
            return abort(400, message="email and password required")

        if not Validate().email(email):
            return abort(400, message="invalid email")

        try:
            account = ModelAccount.get(ModelAccount.email == email,
                                       ModelAccount.status == 'active')
        except peewee.DoesNotExist:
            return abort(401, message="invalid email or password")

        # check password!
        if not account.check_password(password):
            return abort(401, message="invalid email or password")

        # update to bcrypt
        if account.get_password_algo() != "bcrypt":
            account.set_password(password)
            account.save()

        user_agent = request.headers.get('User-Agent')
        generated_cookie = account.generate_cookie_value(account, user_agent)

        data = {"status": "ok", "account": account.to_clean_dict()}
        response = make_response(self.serialize(data))
        response.mimetype = 'application/json'
        response.set_cookie('vegadns', generated_cookie)

        return response
Ejemplo n.º 3
0
 def validate(self):
     if not Validate().sha256(self.token_value):
         raise Exception("Invalid email")
     if not self.date_created:
         raise Exception("date_created is not set")
     if not self.account_id:
         raise Exception("account_id is not set")
Ejemplo n.º 4
0
    def validate(self, default_record=False):
        if not default_record:
            self.validate_domain_id()
        self.validate_record_hostname(default_record)

        ip = str(self.values.get("value"))
        if not Validate().ipv6(ip):
            raise RecordValueException("Invalid IPv6 address: " + ip)
Ejemplo n.º 5
0
    def validate(self):
        if self.prefix_type not in ['ipv4', 'ipv6']:
            raise ValueError("prefix_type must be ipv4 or ipv6")

        if not Validate().ip_prefix(self.prefix, self.prefix_type):
            raise ValueError("prefix must be a valid network prefix")

        if self.location_id is None:
            raise ValueError("location_id is required")
Ejemplo n.º 6
0
 def validate(self):
     if not Validate().email(self.email):
         raise Exception("Invalid email")
     if not self.time:
         raise Exception("time is not set")
     if not self.entry:
         raise Exception("entry is not set")
     if not self.account_id:
         raise Exception("account_id is not set")
Ejemplo n.º 7
0
    def validate(self):
        if not Validate().email(self.email):
            raise Exception("Invalid email: " + self.email)

        if not self.first_name:
            raise Exception("first_name must not be empty")

        if not self.last_name:
            raise Exception("last_name must not be empty")

        if self.account_type not in ["senior_admin", "group_admin", "user"]:
            raise Exception("Invalid account_type: " + self.account_type)

        if self.status not in ["active", "inactive"]:
            raise Exception("Invalid status: " + self.status)
Ejemplo n.º 8
0
    def post(self):
        email = request.form.get("email", None)

        if email is None:
            abort(400, message="email is required")

        if not Validate().email(email):
            abort(400, message="invalid email address")

        try:
            account = ModelAccount.get(ModelAccount.email == email)
        except peewee.DoesNotExist:
            abort(400, message="email does not exist")

        # create token
        now = round(time.time())

        token = ModelToken()
        token.account_id = account.account_id
        token.token_value = token.generateToken()
        token.date_created = now

        token.save()

        # cleanup old tokens
        oldtokens = ModelToken.delete().where(
            ModelToken.date_created < now - ModelToken.EXPIRE_IN
        )
        oldtokens.execute()

        # prep email data
        name = account.first_name + " " + account.last_name
        url = config.get(
            'ui_server', 'ui_url'
        ) + "#passwordReset?token=" + token.token_value
        data = {
            'name': name,
            'url': url,
        }
        body = vegadns.api.email.parseTemplate('password_reset_request', data)
        to = account.email
        subject = "VegaDNS Password Reset Request"

        # send email
        common = vegadns.api.email.common.Common()
        vegadns.api.email.send(to, subject, body)

        return {'status': 'ok'}
Ejemplo n.º 9
0
    def post(self):
        if self.auth.account.account_type != "senior_admin":
            abort(
                403,
                message="Insufficient privileges to create a location prefix"
            )

        location_id = self.get_location_id()

        # make sure the location exists
        try:
            locationdb = Location.get(Location.location_id == location_id)
        except peewee.DoesNotExist:
            abort(400, message="location_id does not exist")

        prefix_type = str(request.form.get('prefix_type', 'ipv4')).lower()
        if prefix_type not in ['ipv4', 'ipv6']:
            abort(400, message='prefix_type must be either ipv4 or ipv6')

        prefix = request.form.get('prefix', None)

        if prefix is None or not Validate().ip_prefix(prefix, prefix_type):
            abort(
                400,
                message='invalid prefix for prefix_type ' + prefix_type
            )

        prefix_description = request.form.get('prefix_description', None)
        new_prefix = LocationPrefix()
        new_prefix.location_id = location_id
        new_prefix.prefix = prefix
        new_prefix.prefix_type = prefix_type
        if prefix_description is not None:
            new_prefix.prefix_description = prefix_description

        try:
            new_prefix.save()
        except peewee.IntegrityError as e:
            abort(
                400,
                message=str(e)
            )

        # notify listeners of dns data change
        self.send_update_notification()

        return {'status': 'ok', 'location_prefix': new_prefix.to_dict()}
Ejemplo n.º 10
0
    def put(self, prefix_id):
        if self.auth.account.account_type != "senior_admin":
            abort(
                403,
                message="Insufficient privileges to update a location prefix"
            )

        try:
            prefixdb = ModelPrefix.get(ModelPrefix.prefix_id == prefix_id)
        except peewee.DoesNotExist:
            abort(404, message="prefix not found")

        prefix_type = str(request.form.get('prefix_type', 'ipv4')).lower()
        if prefix_type not in ['ipv4', 'ipv6']:
            abort(400, message='prefix_type must be either ipv4 or ipv6')

        prefix = request.form.get('prefix', None)
        valid_prefix = Validate().ip_prefix(prefix, prefix_type)

        if not valid_prefix:
            abort(
                400,
                message='invalid prefix for prefix_type ' + prefix_type
            )

        prefix_description = request.form.get('prefix_description', None)

        prefixdb.prefix = prefix
        prefixdb.prefix_type = prefix_type
        if prefix_description is not None:
            prefixdb.prefix_description = prefix_description
        try:
            prefixdb.save()
        except peewee.IntegrityError as e:
            abort(
                400,
                message=str(e)
            )

        # notify listeners of dns data change
        self.send_update_notification()

        return {'status': 'ok', 'location_prefix': prefixdb.to_dict()}
Ejemplo n.º 11
0
    def post(self):
        if self.auth.account.account_type != 'senior_admin':
            abort(403, message="Insufficient privileges to create accounts")
        first_name = request.form.get("first_name", None)
        last_name = request.form.get("last_name", None)

        if first_name is None or last_name is None:
            abort(400, message="first_name and last_name are required")

        email = request.form.get("email", None)
        if not Validate().email(email):
            abort(400, message="invalid email")

        try:
            existing_account = ModelAccount.get(ModelAccount.email == email)
            abort(400, message="Email address already in use")
        except peewee.DoesNotExist:
            # Expected
            pass

        account_type = request.form.get("account_type", None)
        if account_type not in ["senior_admin", "user"]:
            abort(400,
                  message="account_type must be either senior_admin or user")

        phone = request.form.get("phone", "")
        # Configurable password regex?
        password = request.form.get("password", None)

        account = ModelAccount()
        account.first_name = first_name
        account.last_name = last_name
        account.email = email
        account.account_type = account_type
        account.phone = phone
        account.status = 'active'
        account.set_password(password)

        account.save()
        self.dns_log(0, ("created account " + account.first_name + " " +
                         account.last_name + ", " + account.email))

        return {'status': 'ok', 'account': account.to_clean_dict()}, 201
Ejemplo n.º 12
0
    def get(self, format):
        if format != 'tinydns':
            abort(400, message="invalid format: " + format)

        records = self.get_records()

        domains = {}

        for record in records:
            if record.domain_id.domain not in domains:
                domains[record.domain_id.domain] = []

            domains[record.domain_id.domain].append(record)

        organized = []
        for key, val in sorted(domains.items()):
            organized.append({'domain_name': key, 'records': val})

        locations = self.get_locations()
        prefixes = self.get_prefixes()
        locationdata = "# locations\n"

        # need to build this manually since peewee join results are limiting
        for location in locations:
            temp_list = []

            for prefix in prefixes:
                if prefix.location_id != location.location_id:
                    continue
                else:
                    if prefix.prefix_type == "ipv4":
                        temp_list.append(prefix.prefix)
                    else:
                        temp_list.append("s" +
                                         str(prefix.prefix).replace(":", ""))

            if len(temp_list) == 0:
                locationdata += "%" + location.location + "\n"
            else:
                for i in temp_list:
                    locationdata += "%" + location.location + ":" + i + "\n"

        datafile = locationdata + "\n"
        tinydns = ExportTinydnsData()
        datafile += tinydns.export_domains(organized, locations)

        generation_record_host = config.get('monitoring',
                                            'vegadns_generation_txt_record')
        if generation_record_host \
           and Validate().record_hostname(generation_record_host):

            timestamp = self.get_latest_log_timestamp()
            md5 = hashlib.md5(datafile + "\n").hexdigest()

            model = ModelRecord()
            model.type = RecordType().set('TXT')
            model.host = generation_record_host
            model.val = str(timestamp) + "-" + md5
            model.ttl = 3600

            generation_record_line = tinydns.data_line_from_model(model)

            datafile += "\n\n# VegaDNS Generation TXT Record\n"
            datafile += generation_record_line.rstrip("\n")

        response = make_response(datafile)
        response.headers['content-type'] = 'text/plain'

        return response
Ejemplo n.º 13
0
class TestValidate(unittest.TestCase):
    def setUp(self):
        self.validate = Validate()

    def test_ipv4_valid(self):
        self.assertTrue(self.validate.ipv4('127.0.0.1'))
        self.assertTrue(self.validate.ipv4('255.255.255.0'))
        self.assertTrue(self.validate.ipv4('1.2.3.4'))

    def test_ipv4_invalid(self):
        self.assertFalse(self.validate.ipv4('4'))
        self.assertFalse(self.validate.ipv4('4.2.3'))
        self.assertFalse(self.validate.ipv4('294.1.2.0'))
        self.assertFalse(self.validate.ipv4('255.255.255.256'))
        self.assertFalse(self.validate.ipv4('fe80::1610:9fff:fee3:74a9%en0'))
        self.assertFalse(self.validate.ipv4('i like turtles'))

    def test_ipv6_valid(self):
        self.assertTrue(
            self.validate.ipv6('FE80:0000:0000:0000:0202:B3FF:FE1E:8329')
        )
        self.assertTrue(self.validate.ipv6('FE80::0202:B3FF:FE1E:8329'))
        self.assertTrue(self.validate.ipv6('FE80::202:B3FF:FE1E:8329'))
        self.assertTrue(self.validate.ipv6('fe80::1'))

    def test_ipv6_invalid(self):
        self.assertFalse(self.validate.ipv6('4'))
        self.assertFalse(self.validate.ipv6('4.2.3'))
        self.assertFalse(self.validate.ipv6('294.1.2.0'))
        self.assertFalse(self.validate.ipv6('255.255.255.256'))
        self.assertFalse(self.validate.ipv6('i like turtles'))

    def test_record_name_valid(self):
        self.assertTrue(self.validate.record_hostname('vegadns.org'))
        self.assertTrue(self.validate.record_hostname('www.vegadns.org'))
        self.assertTrue(self.validate.record_hostname('foo.www.vegadns.org'))
        self.assertTrue(self.validate.record_hostname('b.foo.www.vegadns.org'))

        self.assertTrue(
            self.validate.record_hostname('foo-bar.foo.www.vegadns.org')
        )

    def test_record_name_invalid(self):
        self.assertFalse(self.validate.record_hostname('foo'))
        self.assertFalse(self.validate.record_hostname('..vegadns.org'))

    def test_is_sha256_valid(self):
        s = 'c69c30d355dd7c8ab3ecae9c005701a51d30e7c3af1855f1f1be3c7919b2b2c1'
        self.assertTrue(self.validate.sha256(s))

    def test_is_sha256_invalid(self):
        self.assertFalse(self.validate.sha256('foo'))

        s = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
        self.assertFalse(self.validate.sha256(s))

        s = 'e7c3af1855f1f1be3c7919b2b2c1'
        self.assertFalse(self.validate.sha256(s))

    def test_is_uuid_valid(self):
        s = '465aba85-7c4b-4631-86c4-ef3404a463f6'
        self.assertTrue(self.validate.uuid(s))

    def test_is_uuid_invalid(self):
        self.assertFalse(self.validate.uuid('foo'))

    def test_ipv4_prefix_valid(self):
        self.assertTrue(self.validate.ip_prefix('127.0.0', 'ipv4'))
        self.assertTrue(self.validate.ip_prefix('255.255.255', 'ipv4'))
        self.assertTrue(self.validate.ip_prefix('1.2', 'ipv4'))
        self.assertTrue(self.validate.ip_prefix('1', 'ipv4'))

    def test_ipv4_prefix_invalid(self):
        self.assertFalse(self.validate.ip_prefix(None, 'ipv4'))
        self.assertFalse(self.validate.ip_prefix('256.0.0', 'ipv4'))
        self.assertFalse(self.validate.ip_prefix('255.255.255.', 'ipv4'))
        self.assertFalse(self.validate.ip_prefix('-25.240.10', 'ipv4'))
        self.assertFalse(self.validate.ip_prefix('', 'ipv4'))

    def test_ipv6_prefix_valid(self):
        self.assertTrue(
            self.validate.ip_prefix('FE80:0000:0000:0000:0202:B3FF', 'ipv6')
        )
        self.assertTrue(
            self.validate.ip_prefix('FE80:0202:B3FF:FE1E:8329', 'ipv6')
        )
        self.assertTrue(self.validate.ip_prefix('FE80', 'ipv6'))

    def test_ipv6_prefix_invalid(self):
        self.assertFalse(self.validate.ip_prefix(None, 'ipv6'))
        self.assertFalse(
            self.validate.ip_prefix('FE80:0000:0000:0000:0202:B3FG', 'ipv6')
        )
        self.assertFalse(
            self.validate.ip_prefix('FE80:202:B3FF:FE1E:8329', 'ipv6')
        )
        self.assertFalse(self.validate.ip_prefix(
            'FE80:0000:0000:0000:0202:B3FF:0000:0000:0000:0000', 'ipv6')
        )
Ejemplo n.º 14
0
 def setUp(self):
     self.validate = Validate()
Ejemplo n.º 15
0
    def put(self, account_id):
        if self.auth.account.account_type != 'senior_admin':
            if self.auth.account.account_id != account_id:
                abort(
                    403,
                    message="Insufficient privileges to edit this account"
                )

        first_name = request.form.get("first_name", None)
        last_name = request.form.get("last_name", None)

        if first_name is None or last_name is None:
            abort(400, message="first_name and last_name are required")

        email = request.form.get("email", None)
        if not Validate().email(email):
            abort(400, message="invalid email")

        try:
            existing_account = ModelAccount.get(
                ModelAccount.email == email,
                ModelAccount.account_id != account_id
            )
            abort(400, message="Email address already in use")
        except peewee.DoesNotExist:
            # Expected
            pass

        account_type = request.form.get("account_type", None)
        if account_type not in ["senior_admin", "user"]:
            abort(
                400,
                message="account_type must be either system_admin or user"
            )

        status = request.form.get("status", None)
        if status not in ["active", "inactive"]:
            abort(400, message="status must be 'active' or 'inactive'")

        phone = request.form.get("phone", None)
        # Configurable password regex?
        password = request.form.get("password", None)

        try:
            account = ModelAccount.get(ModelAccount.account_id == account_id)
        except peewee.DoesNotExist:
            abort(404, message="Account does not exist")

        account.first_name = first_name
        account.last_name = last_name
        account.email = email
        account.account_type = account_type
        account.phone = phone
        account.status = status
        # only set password if it was provided
        if password is not None:
            account.set_password(password)

        account.save()

        data = {
            "status": "ok",
            "account": account.to_clean_dict()
        }
        response = make_response(self.serialize(data))
        response.mimetype = 'application/json'

        if (password is not None and
           account.account_id == self.auth.account.account_id):

            user_agent = request.headers.get('User-Agent')
            generated_cookie = account.generate_cookie_value(
                account,
                user_agent
            )
            response.set_cookie('vegadns', generated_cookie)

        return response
Ejemplo n.º 16
0
 def validate(self):
     v = Validate()
     if not v.uuid(self.access_token):
         raise Exception('Invalid access_token')
Ejemplo n.º 17
0
 def validate(self):
     v = Validate()
     if not v.uuid(self.access_token):
         raise Exception('Invalid access_token')
Ejemplo n.º 18
0
 def setUp(self):
     self.validate = Validate()
Ejemplo n.º 19
0
class TestValidate(unittest.TestCase):
    def setUp(self):
        self.validate = Validate()

    def test_ipv4_valid(self):
        self.assertTrue(self.validate.ipv4('127.0.0.1'))
        self.assertTrue(self.validate.ipv4('255.255.255.0'))
        self.assertTrue(self.validate.ipv4('1.2.3.4'))

    def test_ipv4_invalid(self):
        self.assertFalse(self.validate.ipv4('4'))
        self.assertFalse(self.validate.ipv4('4.2.3'))
        self.assertFalse(self.validate.ipv4('294.1.2.0'))
        self.assertFalse(self.validate.ipv4('255.255.255.256'))
        self.assertFalse(self.validate.ipv4('fe80::1610:9fff:fee3:74a9%en0'))
        self.assertFalse(self.validate.ipv4('i like turtles'))

    def test_ipv6_valid(self):
        self.assertTrue(
            self.validate.ipv6('FE80:0000:0000:0000:0202:B3FF:FE1E:8329'))
        self.assertTrue(self.validate.ipv6('FE80::0202:B3FF:FE1E:8329'))
        self.assertTrue(self.validate.ipv6('FE80::202:B3FF:FE1E:8329'))
        self.assertTrue(self.validate.ipv6('fe80::1'))

    def test_ipv6_invalid(self):
        self.assertFalse(self.validate.ipv6('4'))
        self.assertFalse(self.validate.ipv6('4.2.3'))
        self.assertFalse(self.validate.ipv6('294.1.2.0'))
        self.assertFalse(self.validate.ipv6('255.255.255.256'))
        self.assertFalse(self.validate.ipv6('i like turtles'))

    def test_record_name_valid(self):
        self.assertTrue(self.validate.record_hostname('vegadns.org'))
        self.assertTrue(self.validate.record_hostname('www.vegadns.org'))
        self.assertTrue(self.validate.record_hostname('foo.www.vegadns.org'))
        self.assertTrue(self.validate.record_hostname('b.foo.www.vegadns.org'))

        self.assertTrue(
            self.validate.record_hostname('foo-bar.foo.www.vegadns.org'))

    def test_record_name_invalid(self):
        self.assertFalse(self.validate.record_hostname('foo'))
        self.assertFalse(self.validate.record_hostname('..vegadns.org'))

    def test_is_sha256_valid(self):
        s = 'c69c30d355dd7c8ab3ecae9c005701a51d30e7c3af1855f1f1be3c7919b2b2c1'
        self.assertTrue(self.validate.sha256(s))

    def test_is_sha256_invalid(self):
        self.assertFalse(self.validate.sha256('foo'))

        s = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
        self.assertFalse(self.validate.sha256(s))

        s = 'e7c3af1855f1f1be3c7919b2b2c1'
        self.assertFalse(self.validate.sha256(s))

    def test_is_uuid_valid(self):
        s = '465aba85-7c4b-4631-86c4-ef3404a463f6'
        self.assertTrue(self.validate.uuid(s))

    def test_is_uuid_invalid(self):
        self.assertFalse(self.validate.uuid('foo'))

    def test_ipv4_prefix_valid(self):
        self.assertTrue(self.validate.ip_prefix('127.0.0', 'ipv4'))
        self.assertTrue(self.validate.ip_prefix('255.255.255', 'ipv4'))
        self.assertTrue(self.validate.ip_prefix('1.2', 'ipv4'))
        self.assertTrue(self.validate.ip_prefix('1', 'ipv4'))

    def test_ipv4_prefix_invalid(self):
        self.assertFalse(self.validate.ip_prefix(None, 'ipv4'))
        self.assertFalse(self.validate.ip_prefix('256.0.0', 'ipv4'))
        self.assertFalse(self.validate.ip_prefix('255.255.255.', 'ipv4'))
        self.assertFalse(self.validate.ip_prefix('-25.240.10', 'ipv4'))
        self.assertFalse(self.validate.ip_prefix('', 'ipv4'))

    def test_ipv6_prefix_valid(self):
        self.assertTrue(
            self.validate.ip_prefix('FE80:0000:0000:0000:0202:B3FF', 'ipv6'))
        self.assertTrue(
            self.validate.ip_prefix('FE80:0202:B3FF:FE1E:8329', 'ipv6'))
        self.assertTrue(self.validate.ip_prefix('FE80', 'ipv6'))

    def test_ipv6_prefix_invalid(self):
        self.assertFalse(self.validate.ip_prefix(None, 'ipv6'))
        self.assertFalse(
            self.validate.ip_prefix('FE80:0000:0000:0000:0202:B3FG', 'ipv6'))
        self.assertFalse(
            self.validate.ip_prefix('FE80:202:B3FF:FE1E:8329', 'ipv6'))
        self.assertFalse(
            self.validate.ip_prefix(
                'FE80:0000:0000:0000:0202:B3FF:0000:0000:0000:0000', 'ipv6'))