def POST(self, filepath):
web.header('Content-Type', 'text/plain; charset=UTF-8')
filepath = str(filepath)
if filepath == '/':
granted_locks = {}
for filepath in web.data().split('\n'):
if not filepath:
continue
try:
granted_locks[filepath] = _grant_new_lock(filepath)
except Exception as e:
logging.exception(e)
for filepath in granted_locks: #revoke all reviously allocated locks
_revoke_lock(filepath)
raise web.unauthorized()
return '\n'.join('%s=%d' % (filepath, lock_id,) #list file name, lock id
for filepath, lock_id in granted_locks.items())
try:
return _grant_new_lock(filepath)
except Exception as e:
logging.exception(e)
raise web.unauthorized()
def myProcessor(handler):
web.ctx.veerezoDB = model.getDBConnection()
try:
username = checkUserAuth()
web.ctx.username = username
except ValueError:
web.header('WWW-Authenticate', 'Basic realm="Veerezo"')
web.unauthorized()
return 'Access denied'
web.ctx.beanstalk = pybsc.BeanstalkClient()
def postBackendJob(method, *args, **kwargs):
d = {}
d['method'] = method
d['args'] = args
d['kwargs'] = kwargs
jobID = web.ctx.beanstalk.put(json.dumps(d),
ttr=60,
tube='veerezo-backend')
model.addJob(web.ctx.veerezoDB, jobID)
return jobID
web.ctx.postBackendJob = postBackendJob
result = handler()
return result
def POST(self, filepath):
web.header('Content-Type', 'text/plain; charset=UTF-8')
filepath = str(filepath)
if filepath == '/':
granted_locks = {}
for filepath in web.data().split('\n'):
if not filepath:
# to allow an empty line at the end of the request data
continue
try:
lock_id = random.randrange(0, 32768)
logging.info('Granting lock (%d) on %s.', lock_id,
filepath)
t = datetime.datetime.now()
lock[filepath] = lock(lock_id, t, t)
return lock_id
except Exception as e:
logging.exception(e)
raise web.unauthorized()
# list of filename=lock_id
return '\n'.join('%s=%d' % (filepath, lock_id,) \
for filepath, lock_id in granted_locks.items())
raise web.unauthorized()
def processor(handler):
api_name = web.ctx.path.split("/")[-1]
if web.ctx.path not in anonymous_urls:
if api_name != 'login' and api_name != 'logout' and not session.get('logged_in', False):
if Ezs3CephConfig().get_cluster_name():
raise web.unauthorized()
else:
# customize message to hint user login with root account
raise web.unauthorized('need root')
if api_name != 'login':
# make login_id and login_type accessible by handlers
web.ctx.login_id = session.get('login_id')
web.ctx.login_type = session.get('login_type')
if not check_url_permission():
raise web.unauthorized()
if api_name in binary_api:
web.header('Content-type', 'application/octet-stream')
return handler()
else:
result = handler()
if isinstance(result, int):
resp = response(api_name, result)
elif isinstance(result, tuple):
if len(result) == 2:
resp = extra_response(api_name, result[0], result[1])
else:
logger.error("Invalid API response: {}".format(result))
resp = response(api_name, errors.GENERAL.GENERAL_ERROR)
else:
logger.error("Invalid API response: {}".format(result))
resp = response(api_name, errors.GENERAL.GENERAL_ERROR)
return resp
def wrapper(self, *args, **kwargs):
if web.ctx.env.has_key("HTTP_AUTHORIZATION"):
(user, email) = login()
if user:
self.me = user
# Logout
fname = "%s%s" % (LOGOUT_FILE_PREFIX, self.me.email)
if os.access(fname, os.F_OK):
os.unlink(fname)
return web.unauthorized()
# Login: Success
if user.languages in self.languages:
x = self.languages.index(user.languages)
self.languages.pop(x)
self.languages.insert(0, user.languages)
self.logger.info(
"user_id=%s,lang=%s : Method=%s - Basic Authentication=Success"
% (self.me.id, ",".join(self.languages), self.__method__)
)
# __init__#self._ update!!
self._ = mako_translation(languages=self.languages)
return func(self, *args, **kwargs)
else:
# Login: Failure
self.logger.info("user=%s : Method=%s - Basic Authentication=Failure" % (email, self.__method__))
return web.unauthorized()
else:
# Login: Anonymous
self.logger.info("user=anonymous : Method=%s - Basic Authentication=Anonymous" % (self.__method__))
return web.unauthorized()
def validate_basic_auth():
"""
Authenticates against the database user accounts using HTTP Basic authentication
"""
log.loggit('validate_basic_auth()')
auth_header = web.ctx.env.get('HTTP_AUTHORIZATION')
username = ""
password = ""
if auth_header is None:
raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS)
elif not auth_header.startswith('Basic '):
raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS)
else:
auth = re.sub('^Basic ', '', auth_header)
username, password = base64.decodestring(auth).split(':')
adb = accountdb.AccountDB()
account = adb.login(username, password, False)
if account is None:
raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS)
return True
def _auth_check():
""" checks if user is authenticated and throws exception if he isn't """
try:
if not _is_authenticated():
raise web.unauthorized()
except:
raise web.unauthorized()
def validate_basic_auth():
"""
Authenticates against the database user accounts using HTTP Basic authentication
"""
log.loggit( 'validate_basic_auth()' )
auth_header = web.ctx.env.get('HTTP_AUTHORIZATION')
username = ""
password = ""
if auth_header is None:
raise web.unauthorized( UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS )
elif not auth_header.startswith('Basic '):
raise web.unauthorized( UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS )
else:
auth = re.sub('^Basic ','',auth_header)
username, password = base64.decodestring( auth ).split(':')
adb = accountdb.AccountDB()
account = adb.login( username, password, False )
if account is None:
raise web.unauthorized( UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS )
return True
def myProcessor(handler):
web.ctx.veerezoDB = model.getDBConnection()
try:
username = checkUserAuth()
web.ctx.username = username
except ValueError:
web.header('WWW-Authenticate', 'Basic realm="Veerezo"')
web.unauthorized()
return 'Access denied'
web.ctx.beanstalk = pybsc.BeanstalkClient()
def postBackendJob(method, *args, **kwargs):
d = {}
d['method'] = method
d['args'] = args
d['kwargs'] = kwargs
jobID = web.ctx.beanstalk.put(json.dumps(d), ttr=60, tube='veerezo-backend')
model.addJob(web.ctx.veerezoDB, jobID)
return jobID
web.ctx.postBackendJob = postBackendJob
result = handler()
return result
def _setReturnCode(self, code):
"""Set the return code
:param: code
:type code: integer or string
returns success: [True|False]
"""
success = False
if code in (200, "200", "ok"):
web.ok()
success = True
elif code in (201, "201", "created"):
web.created()
success = True
elif code in (400, "400", "badrequest"):
web.badrequest()
elif code in (401, "401", "unauthorized"):
web.unauthorized()
elif code in (404, "404", "notfound"):
web.notfound()
elif code in (409, "409", "conflict"):
web.conflict()
elif code in (500, "500", "internalerror"):
web.internalerror()
if success:
logging.debug("[LayMan][_setReturnCode] Code: '%s'" % code)
else:
logging.error("[LayMan][_setReturnCode] Code: '%s'" % code)
return success
def _getParamsOrError(self):
params = {}
try:
body = xml.dom.minidom.parseString(web.data())
request = body.getElementsByTagName("Request")[0]
for param in request.childNodes:
if (param.nodeType == param.ELEMENT_NODE):
params[param.tagName] = param.childNodes[0].data
except:
raise web.badrequest()
if (not web.ctx.environ.has_key('HTTP_X_FINKIN_AUTH')):
raise web.unauthorized()
if (web.ctx.environ.has_key('HTTP_X_FINKIN_DEBUG')):
params['debug'] = True
fda = finkin.FinkinDA(False)
userID = fda.Auth(web.ctx.environ['HTTP_X_FINKIN_AUTH'])
if (userID == 0):
raise web.unauthorized()
params['log-user'] = userID
return params
def POST(self, path):
web.header('Content-Type', 'text; char=UTF-8')
path = str(path)
if path == '/':
lock_given = {}
for path in web.data().split('\n'):
if not path:
continue
try:
lock_given[path] = _check_new_lock(path)
except Exception as e:
logging.exception(e)
for path in lock_given:
lock_given(path)
raise web.unauthorized()
return '\n'.join('%s=%d' % (path, lock_id,)\
for path, lock_id in lock_given.items())
try:
return _check_new_lock(path)
except Exception as e:
logging.exception(e)
raise web.unauthorized()
def GET(self):
qdict = web.input()
try:
if not qdict.has_key('o25') and qdict['pw'] != base64.b64decode(
gv.sd['pwd']):
raise web.unauthorized()
return
elif qdict.has_key('o25') and gv.sd['ipas'] == 0 and qdict[
'pw'] != base64.b64decode(gv.sd['pwd']):
raise web.unauthorized()
return
elif qdict.has_key('o25') and gv.sd['ipas'] == 0 and qdict[
'pw'] == base64.b64decode(gv.sd['pwd']):
gv.sd['ipas'] = 1
except KeyError:
pass
try:
if qdict['cpw'] != '' and qdict['cpw'] == qdict['npw']:
gv.sd['pwd'] = base64.b64encode(qdict['npw'])
except KeyError:
pass
vstr = data('options')
ops = vstr.index('[') + 1
ope = vstr.index(']')
optstr = vstr[ops:ope]
optlst = optstr.split(',')
onumlst = []
i = 3
while i < len(optlst):
onumlst.append(optlst[i].replace(' ', ''))
if optlst[i - 2] == '1': #clear check box items
optlst[i - 1] = '0'
try:
sdref[optlst[i]]
gv.sd[sdref[optlst[i]]] = 0
except KeyError:
pass
i += 4
for key in qdict.keys():
if key[:1] == 'o':
oidx = onumlst.index(key[1:])
if qdict[key] == 'on' or '':
qdict[key] = '1'
optlst[(oidx * 4) + 2] = qdict[key]
optstr = ','.join(optlst)
optstr = optstr.replace(', ', ',')
vstr = vstr.replace(vstr[ops:ope], optstr)
save('options', vstr)
if int(qdict['o15']) + 1 != gv.sd['nbrd']: self.update_scount(qdict)
if int(qdict['o18']) != gv.sd['mas']:
clear_mm()
self.update_sd(qdict)
raise web.seeother('/')
#alert = '<script>alert("Options values saved.");window.location="/";</script>'
return #alert # -- Alerts are not considered good interface progrmming. Use sparingly!
def __init__(self):
# Authenticate a request and save the associated product and component ID
logger.debug('Authenticating a new request')
self.product_id = SprinklerDB.authorize_product()
if not self.product_id:
logger.warn('Not Authenticated: Unknown API KEY')
raise web.unauthorized('Unknown API KEY')
self.valve_id = SprinklerDB.get_component_id(self.product_id, config['VALVE_COMP_TYPE'])
if not self.valve_id:
logger.warn('Not Authenticated: Not authorized for component')
raise web.unauthorized('Not authorized for component')
logger.info('Request authenticated: Product ID:%d, Valve ID:%d', self.product_id, self.valve_id)
def GET(self):
qdict = web.input()
try:
if not qdict.has_key('o25') and qdict['pw'] != base64.b64decode(gv.sd['pwd']):
raise web.unauthorized()
return
elif qdict.has_key('o25') and gv.sd['ipas'] == 0 and qdict['pw'] != base64.b64decode(gv.sd['pwd']):
raise web.unauthorized()
return
elif qdict.has_key('o25') and gv.sd['ipas'] == 0 and qdict['pw'] == base64.b64decode(gv.sd['pwd']):
gv.sd['ipas'] = 1
except KeyError:
pass
try:
if qdict['cpw'] !='' and qdict['cpw'] == qdict['npw']:
gv.sd['pwd'] = base64.b64encode(qdict['npw'])
except KeyError:
pass
vstr = data('options')
ops = vstr.index('[')+1
ope = vstr.index(']')
optstr = vstr[ops:ope]
optlst = optstr.split(',')
onumlst = []
i=3
while i < len(optlst):
onumlst.append(optlst[i].replace(' ', ''))
if optlst[i-2] == '1': #clear check box items
optlst[i-1]= '0'
try:
sdref[optlst[i]];
gv.sd[sdref[optlst[i]]]=0
except KeyError:
pass
i+=4
for key in qdict.keys():
if key[:1] == 'o':
oidx = onumlst.index(key[1:])
if qdict[key] == 'on' or '':
qdict[key] = '1'
optlst[(oidx*4)+2] = qdict[key]
optstr = ','.join(optlst)
optstr = optstr.replace(', ', ',')
vstr = vstr.replace(vstr[ops:ope], optstr)
save('options', vstr)
if int(qdict['o15'])+1 != gv.sd['nbrd']: self.update_scount(qdict)
if int(qdict['o18']) != gv.sd['mas']:
clear_mm()
self.update_sd(qdict)
raise web.seeother('/')
#alert = '<script>alert("Options values saved.");window.location="/";</script>'
return #alert # ---- Alerts are not considered good interface progrmming. Use sparingly!
def wrapper(self, *args, **kwargs):
if web.ctx.path[0:6] == '/data/':
languages = unicode(karesansui.config['application.default.locale'])
if web.ctx.env.has_key('HTTP_AUTHORIZATION'):
_http_auth = web.ctx.env['HTTP_AUTHORIZATION'].strip()
if _http_auth[:5] == 'Basic':
email, password = b64decode(_http_auth[6:].strip()).split(':')
session = web.ctx.orm
user = findby1email(session, email)
languages = user.languages
self._ = mako_translation(languages=[ unicode(languages), ])
return func(self, *args, **kwargs)
if karesansui_database_exists() is False:
return web.tempredirect(web.ctx.path + "init", absolute=False)
if web.ctx.env.has_key('HTTP_AUTHORIZATION'):
(user, email) = login()
if user:
self.me = user
# Logout
fname = '%s%s' % (LOGOUT_FILE_PREFIX, self.me.email,)
if os.access(fname, os.F_OK):
os.unlink(fname)
return web.unauthorized()
# Login: Success
if user.languages in self.languages:
x = self.languages.index(user.languages)
self.languages.pop(x)
self.languages.insert(0, user.languages)
self.logger.info('user_id=%s,lang=%s : Method=%s - Basic Authentication=Success' %
(self.me.id, ','.join(self.languages), self.__method__))
# __init__#self._ update!!
self._ = mako_translation(languages=self.languages)
return func(self, *args, **kwargs)
else:
# Login: Failure
self.logger.info('user=%s : Method=%s - Basic Authentication=Failure' %
(email, self.__method__))
return web.unauthorized()
else:
# Login: Anonymous
self.logger.info('user=anonymous : Method=%s - Basic Authentication=Anonymous' %
(self.__method__))
return web.unauthorized()
def POST(self, filepath):
"""If filepath == / (useless for now, but allow easy addition
of transactions: try to get a lock for all filepaths in the
request data (each one is separated from the next one
by a newline). If it's possible return a list of
filepath/lock_id like this:
/data/sample.in=12345
/src/linux/kernel.h=42
If at least one file can't be locked, then no lock is granted
and a '401 Unauthorized' response is send.
Else, if there's no lock on filepath, or an old lock,
grant a new one (and revoke the older one if needed).
Return a 200 OK, with the lock id.
If a client want mutliples locks it should request them in one
query (/) because if it ask in one request for each lock, it may
create dead locks.
"""
web.header('Content-Type', 'text/plain; charset=UTF-8')
filepath = str(filepath)
if filepath == '/':
granted_locks = {}
for filepath in web.data().split('\n'):
if not filepath:
# to allow an empty line at the end of the request data
continue
try:
granted_locks[filepath] = _grant_new_lock(filepath)
except Exception as e:
logging.exception(e)
# revoking all previoulsy allocated locks
for filepath in granted_locks:
_revoke_lock(filepath)
raise web.unauthorized()
# list of filename=lock_id
return '\n'.join('%s=%d' % (filepath, lock_id,)\
for filepath, lock_id in granted_locks.items())
try:
return _grant_new_lock(filepath)
except Exception as e:
logging.exception(e)
raise web.unauthorized()
def POST(self, filepath):
"""If filepath == / (useless for now, but allow easy addition
of transactions: try to get a lock for all filepaths in the
request data (each one is separated from the next one
by a newline). If it's possible return a list of
filepath/lock_id like this:
/data/sample.in=12345
/src/linux/kernel.h=42
If at least one file can't be locked, then no lock is granted
and a '401 Unauthorized' response is send.
Else, if there's no lock on filepath, or an old lock,
grant a new one (and revoke the older one if needed).
Return a 200 OK, with the lock id.
If a client want mutliples locks it should request them in one
query (/) because if it ask in one request for each lock, it may
create dead locks.
"""
web.header('Content-Type', 'text/plain; charset=UTF-8')
filepath = str(filepath)
if filepath == '/':
granted_locks = {}
for filepath in web.data().split('\n'):
if not filepath:
# to allow an empty line at the end of the request data
continue
try:
granted_locks[filepath] = _grant_new_lock(filepath)
except Exception as e:
logging.exception(e)
# revoking all previoulsy allocated locks
for filepath in granted_locks:
_revoke_lock(filepath)
raise web.unauthorized()
# list of filename=lock_id
return '\n'.join('%s=%d' % (filepath, lock_id,)\
for filepath, lock_id in granted_locks.items())
try:
return _grant_new_lock(filepath)
except Exception as e:
logging.exception(e)
raise web.unauthorized()
def GET(self):
#check if the user is Admin
if web.ctx.session.is_admin():
render = get_render('admin')
return render.add_user()
else:
return web.unauthorized()
def GET(self):
qdict = web.input()
try:
ddict = json.loads(qdict['data'])
except:
raise web.unauthorized()
validate_remote(ddict) # may raise unauthorized
subj = ''
body = ''
try:
subj = ddict['subject']
body = ddict['body']
if gv.sd['master']:
email(subj, body)
ret_str = json.dumps({'status':0})
else:
gv.logger.error('mail not sent by slave body: ' + body)
ret_str = json.dumps({'status':1})
except:
gv.logger.exception('could not send email. subject: ' + subj + ' body: ' + body)
ret_str = json.dumps({'status':2})
web.header('Content-Type', 'application/json')
return ret_str
def check_login(redirect=False):
from ospy import server
import web
from ospy.options import options
qdict = web.input()
try:
if options.no_password:
return True
if server.session.validated:
return True
except KeyError:
pass
if 'pw' in qdict:
if test_password(qdict['pw']):
return True
if redirect:
raise web.unauthorized()
return False
if redirect:
raise web.seeother('/login', True)
return False
def GET(self, resource_type=None, resource=None):
"""
Credentials here are not actually used for authorization, but instead
are used to identify:
consumer ID in the username field
repository ID in the password field
This is to work around the fact that the "puppet module install"
command has hard-coded absolute paths, so we cannot put consumer or
repository IDs in the URL's path.
"""
if resource_type is not None:
if resource_type == self.REPO_RESOURCE:
credentials = ('.', resource)
elif resource_type == self.CONSUMER_RESOURCE:
credentials = (resource, '.')
else:
return web.notfound()
else:
credentials = self._get_credentials()
if not credentials:
return web.unauthorized()
module_name = self._get_module_name()
if not module_name:
# apparently our version of web.py, 0.36, doesn't take a message
# parameter for error handlers like this one. Ugh.
return web.badrequest()
version = web.input().get('version')
data = self.get_releases(*credentials, module_name=module_name, version=version)
return self.format_results(data)
def GET(self):
"""
Credentials here are not actually used for authorization, but instead
are used to identify:
consumer ID in the username field
repository ID in the password field
This is to work around the fact that the "puppet module install"
command has hard-coded absolute paths, so we cannot put consumer or
repository IDs in the URL's path.
"""
credentials = self._get_credentials()
if not credentials:
return web.unauthorized()
module_name = self._get_module_name()
if not module_name:
# apparently our version of web.py, 0.36, doesn't take a message
# parameter for error handlers like this one. Ugh.
return web.badrequest()
version = web.input().get('version')
web.header('Content-Type', 'application/json')
data = releases.view(*credentials, module_name=module_name, version=version)
return json.dumps(data)
def GET(self):
qdict = web.input()
#ensure request is from localhost and we trust it
remote = web.ctx.env['REMOTE_ADDR']
if remote != '127.0.0.1':
gv.logger.info('receive_remote_sensor_data invalid remote: ' + remote)
raise web.unauthorized()
remote_sensor_name = ''
try:
remote_sensor_name = qdict['name']
del qdict['name']
if remote_sensor_name in gv.remote_sensors:
sensor_data = gv.remote_sensors[remote_sensor_name]
else:
sensor_data = {}
for key in qdict:
sensor_data[key] = int(qdict[key], 0)
sensor_data['time'] = gv.now
gv.remote_sensors[remote_sensor_name] = sensor_data
except:
gv.logger.exception('receive_remote_sensor_data name: ' + remote_sensor_name + ' qdict: ' + str(qdict))
zone_list = []
for z in gv.remote_zones:
zone_list.append(z)
web.header('Content-Type', 'application/json')
return json.dumps(zone_list)
def GET(self):
qdict = web.input()
try:
if gv.sd["ipas"] != 1 and qdict["pw"] != base64.b64decode(gv.sd["pwd"]):
raise web.unauthorized()
return
except KeyError:
pass
pnum = int(qdict["pid"]) + 1 # program number
cp = json.loads(qdict["v"])
if cp[0] == 0 and pnum == gv.pon: # if disabled and program is running
for i in range(len(gv.ps)):
if gv.ps[i][0] == pnum:
gv.ps[i] = [0, 0]
if gv.srvals[i]:
gv.srvals[i] = 0
for i in range(len(gv.rs)):
if gv.rs[i][3] == pnum:
gv.rs[i] = [0, 0, 0, 0]
if cp[1] >= 128 and cp[2] > 1:
dse = int((time.time() - time.timezone) / 86400)
ref = dse + cp[1] - 128
cp[1] = (ref % cp[2]) + 128
if int(qdict["pid"]) > gv.sd["mnp"]:
alert = '<script>alert("Maximum number of programs\n has been reached.");window.location="/";</script>'
return alert
elif qdict["pid"] == "-1": # add new program
gv.pd.append(cp)
else:
gv.pd[int(qdict["pid"])] = cp # replace program
jsave(gv.pd, "programs")
gv.sd["nprogs"] = len(gv.pd)
raise web.seeother("/vp")
return
def GET(self):
#Check if Admin
if web.ctx. session.is_admin():
render = get_render('admin')
return render.user()
else:
return web.unauthorized()
def GET(self):
qdict = web.input()
try:
if gv.sd['ipas'] != 1 and qdict['pw'] != base64.b64decode(gv.sd['pwd']):
raise web.unauthorized()
return
except KeyError:
pass
if not gv.sd['en']: return # check operation status
gv.rovals = json.loads(qdict['t'])
gv.rovals.pop()
gv.ps = []
for i in range(gv.sd['nst']):
gv.ps.append([0,0])
gv.rs = [] #run schedule
for i in range(gv.sd['nst']): # clear run schedule
gv.rs.append([0,0,0,0])
ro_now = time.time()
for i, v in enumerate(gv.rovals):
if v: # if this element has a value
gv.rs[i][0] = ro_now
gv.rs[i][2] = v
gv.rs[i][3] = 98
gv.ps[i][0] = 98
gv.ps[i][1] = v
schedule_stations(ro_now)
raise web.seeother('/')
def check_login(redirect=False):
"""
Check login.
"""
qdict = web.input()
try:
if gv.sd['ipas'] == 1:
return True
if web.config._session.user == 'admin':
return True
except KeyError:
pass
if 'pw' in qdict:
if gv.sd['password'] == password_hash(qdict['pw'], gv.sd['salt']):
return True
if redirect:
raise web.unauthorized()
return False
if redirect:
raise web.seeother('/login')
return False
def _raise_if_locked(filepath): #Exception 401 if file is locked and lockid doesn't match as per the request
i = web.input()
host, port = utils.get_host_port(_config['lockserver'])
if utils.is_locked(filepath, host, port, i.get('lock_id', None)):
raise web.unauthorized()
def GET(self):
"""
Credentials here are not actually used for authorization, but instead
are used to identify:
consumer ID in the username field
repository ID in the password field
This is to work around the fact that the "puppet module install"
command has hard-coded absolute paths, so we cannot put consumer or
repository IDs in the URL's path.
"""
credentials = self._get_credentials()
if not credentials:
return web.unauthorized()
module_name = self._get_module_name()
if not module_name:
# apparently our version of web.py, 0.36, doesn't take a message
# parameter for error handlers like this one. Ugh.
return web.badrequest()
version = web.input().get('version')
web.header('Content-Type', 'application/json')
data = releases.view(*credentials,
module_name=module_name,
version=version)
return json.dumps(data)
def check_login(redirect=False):
"""
Check login.
"""
qdict = web.input()
try:
if gv.sd['ipas'] == 1:
return True
if web.config._session.user == 'admin':
return True
except KeyError:
pass
if 'pw' in qdict:
if gv.sd['password'] == password_hash(qdict['pw'], gv.sd['salt']):
return True
if redirect:
raise web.unauthorized()
return False
if redirect:
raise web.seeother('/login')
return False
def GET(self):
qdict = web.input()
try:
if gv.sd['ipas'] != 1 and qdict['pw'] != base64.b64decode(
gv.sd['pwd']):
raise web.unauthorized()
return
except KeyError:
pass
pnum = int(qdict['pid']) + 1 # program number
cp = json.loads(qdict['v'])
if cp[0] == 0 and pnum == gv.pon: # if disabled and program is running
for i in range(len(gv.ps)):
if gv.ps[i][0] == pnum:
gv.ps[i] = [0, 0]
if gv.srvals[i]:
gv.srvals[i] = 0
for i in range(len(gv.rs)):
if gv.rs[i][3] == pnum:
gv.rs[i] = [0, 0, 0, 0]
if cp[1] >= 128 and cp[2] > 1:
dse = int((time.time() - time.timezone) / 86400)
ref = dse + cp[1] - 128
cp[1] = (ref % cp[2]) + 128
if int(qdict['pid']) > gv.sd['mnp']:
alert = '<script>alert("Maximum number of programs\n has been reached.");window.location="/";</script>'
return alert
elif qdict['pid'] == '-1': #add new program
gv.pd.append(cp)
else:
gv.pd[int(qdict['pid'])] = cp #replace program
jsave(gv.pd, 'programs')
gv.sd['nprogs'] = len(gv.pd)
raise web.seeother('/vp')
return
def GET(self):
qdict = web.input()
global rovals, sd
try:
if sd['ipas'] != 1 and qdict['pw'] != base64.b64decode(sd['pwd']):
raise web.unauthorized()
return
except KeyError:
pass
if not sd['en']: return # check operation status
sd['rsn'] = 0
sd['bsy'] = 1
rovals = json.loads(qdict['t'])
rovals.pop()
gv.ps = []
for i in range(sd['nst']):
gv.ps.append([0,0])
for i, t in enumerate(rovals):
if t != 0:
gv.ps[i][0] = 98
gv.ps[i][1] = t
gv.rs[i][1] = time.time() + t
thread.start_new_thread(self.run, ())
raise web.seeother('/')
return
def check_login(redirect=False):
from ospy import server
import web
from ospy.options import options
qdict = web.input()
try:
if options.no_password:
return True
if server.session.validated:
return True
except KeyError:
pass
if 'pw' in qdict:
if test_password(qdict['pw']):
return True
if redirect:
raise web.unauthorized()
return False
if redirect:
raise web.seeother('/login', True)
return False
def GET(self):
qdict = web.input()
#ensure request is from localhost and we trust it
remote = web.ctx.env['REMOTE_ADDR']
if remote != '127.0.0.1':
gv.logger.info('receive_remote_sensor_data invalid remote: ' + remote)
raise web.unauthorized()
remote_sensor_name = ''
try:
remote_sensor_name = qdict['name']
del qdict['name']
if remote_sensor_name in gv.remote_sensors:
sensor_data = gv.remote_sensors[remote_sensor_name]
else:
sensor_data = {}
for key in qdict:
sensor_data[key] = int(qdict[key], 0)
sensor_data['time'] = gv.now
gv.remote_sensors[remote_sensor_name] = sensor_data
except:
gv.logger.exception('receive_remote_sensor_data name: ' + remote_sensor_name + ' qdict: ' + str(qdict))
zone_list = []
for z in gv.remote_zones:
zone_list.append(z)
web.header('Content-Type', 'application/json')
return json.dumps(zone_list)
def GET(self):
qdict = web.input()
try:
if gv.sd['ipas'] != 1 and qdict['pw'] != base64.b64decode(
gv.sd['pwd']):
raise web.unauthorized()
return
except KeyError:
pass
if not gv.sd['en']: return # check operation status
gv.rovals = json.loads(qdict['t'])
gv.rovals.pop()
gv.ps = []
for i in range(gv.sd['nst']):
gv.ps.append([0, 0])
gv.rs = [] #run schedule
for i in range(gv.sd['nst']): # clear run schedule
gv.rs.append([0, 0, 0, 0])
ro_now = time.time()
for i, v in enumerate(gv.rovals):
if v: # if this element has a value
gv.rs[i][0] = ro_now
gv.rs[i][2] = v
gv.rs[i][3] = 98
gv.ps[i][0] = 98
gv.ps[i][1] = v
schedule_stations(ro_now)
raise web.seeother('/')
def check_login(redirect=False):
"""
Check login.
"""
qdict = web.input()
try:
# if gv.sd['ipas'] == 1:
# return True
if web.config._session['user'] == 'admin':
return True
except KeyError:
pass
if ('password' in qdict) and ('username' in qdict):
if validate_login(qdict['username'], qdict['password']):
return True
if redirect:
raise web.unauthorized()
return False
# if 'pw' in qdict:
# if gv.sd['password'] == password_hash(qdict['pw'], gv.sd['salt']):
# return True
# if redirect:
# raise web.unauthorized()
# return False
if redirect:
raise web.seeother('/login')
return False
def approve_pwd(qdict):
"""Password checking"""
try:
if not gv.sd['ipas'] and not qdict['pw'] == base64.b64decode(gv.sd['pwd']):
raise web.unauthorized()
except KeyError:
pass
def approve_pwd(qdict):
"""Password checking"""
try:
if not gv.sd['ipas'] and not qdict['pw'] == base64.b64decode(gv.sd['pwd']):
raise web.unauthorized()
except KeyError:
pass
def GET(self, tenant_id):
auth_token = web.ctx.get("environ").get("HTTP_X_AUTH_TOKEN", None)
auth_tenant_id = web.ctx.get("environ").get("HTTP_X_AUTH_TENANT_ID", None)
keystone = identity.auth(
token_id=auth_token,
tenant_id=auth_tenant_id,
url=_endpoint,
api="NATIVE",
admin=True,
admin_url="http://10.100.32.36:35357/v2.0",
)
keystone.management_url = _admin_endpoint
if len(tenant_id) <= 0:
tenant = identity.list_tenants(keystone, "NATIVE")
else:
tenant = identity.get_tenant(keystone, tenant_id, "NATIVE")
if tenant is None:
return web.unauthorized()
body = json.dumps(tenant, indent=4)
web.header("Content-Type", "application/json")
return body
def GET(self):
qdict = web.input()
global rovals, srvals, ps, sd
try:
if sd['ipas'] != 1 and qdict['pw'] != base64.b64decode(sd['pwd']):
raise web.unauthorized()
return
except KeyError:
pass
if not sd['en']: return # check operation status
sd['rsn'] = 0
sd['bsy'] = 1
rovals = json.loads(qdict['t'])
rovals.pop()
ps = []
for i in range(sd['nst']):
ps.append([0, 0])
for i, t in enumerate(rovals):
if t != 0:
ps[i][0] = 98
ps[i][1] = t
rs[i][1] = time.time() + t
thread.start_new_thread(self.run, ())
raise web.seeother('/')
return
def POST(self):
i = web.input()
usr = da.user.login(i.email, i.password)
if not usr:
raise web.unauthorized()
usr = {id: usr.id, secretkey: usr.secretkey}
web.header('Content-Type', 'application/json')
return json.dumps(usr)
def GET(self, image_id):
"""GET
"""
if not Logged().logged():
return web.unauthorized()
ImageDB().delete_image(image_id)
# raise web.seeother('/' + str(image_id) + '/')
raise web.seeother('/')
def POST(self):
signature = getSignature()
if verifySignature(SECRET, signature, web.data()):
repository = getRepoName(web.data())
update_gitlab_mirror = "cd $s && ./update_mirror.sh %s" %(WORK_DIR, repository)
out = commands.getoutput(update_gitlab_mirror)
return out
return web.unauthorized()
def GET(self, image_id):
"""GET
"""
if not Logged().logged():
return web.unauthorized()
ImageDB().delete_image(image_id)
# raise web.seeother('/' + str(image_id) + '/')
raise web.seeother('/')
def DELETE(instance_name, version):
auth = web.ctx.env.get('HTTP_AUTHORIZATION')
username = '' # We need to initialise these to empty values in the case that auth is disabled
password = ''
if auth is not None:
try:
auth = re.sub('^Basic ', '', auth)
username, password = base64.decodestring(auth).split(':')
except ValueError:
return web.unauthorized()
if not check_auth(username, password):
return web.unauthorized()
try:
pleasance.delete_historic_version(instance_name, version)
return 'Configuration ' + version + ' for ' + instance_name + ' deleted'
except pleasance.EnvironmentNotFoundError:
return web.notfound()
def POST(self):
i = web.input()
usr = da.user.login(i.email,i.password)
if not usr:
raise web.unauthorized()
usr = {id:usr.id, secretkey:usr.secretkey}
web.header('Content-Type', 'application/json')
return json.dumps(usr)
def GET(self):
web.header('Access-Control-Allow-Origin', '*')
params = web.input()
if 'user' not in params or 'pass' not in params:
return web.badrequest()
if random.choice([True, False]):
return web.ok()
else:
return web.unauthorized()
def POST(self):
variables = web.input()
if (variables.get('username') == configuration.web_user()) & (variables.get('password') == configuration.web_pwd()):
user_session.login = 1
print 'Logged in.'
return web.ok()
else:
user_session.login = 0
return web.unauthorized()
def GET(self):
qdict = web.input()
remote = web.ctx.env['REMOTE_ADDR']
# print 'slave iface remote: ' + remote + ' qdict: ' + str(qdict)
if remote != '127.0.0.1':
gv.logger.info('slave_iface invalid remote: ' + remote)
raise web.unauthorized()
gv.radio_iface = qdict['radio']
gv.vpn_iface = qdict['vpn']
def _raise_if_locked(filepath):
"""Raise a 401 unauthorized it the filepath is locked, and the
appropriate locked wasn't given in the request.
"""
i = web.input()
host, port = utils.get_host_port(_config['lockserver'])
if utils.is_locked(filepath, host, port, i.get('lock_id', None)):
raise web.unauthorized()
def _raise_if_locked(filepath):
"""Raise a 401 unauthorized it the filepath is locked, and the
appropriate locked wasn't given in the request.
"""
i = web.input()
host, port = utils.get_host_port(_config['lockserver'])
if utils.is_locked(filepath, host, port, i.get('lock_id', None)):
raise web.unauthorized()
def GET(self):
qdict = web.input()
remote = web.ctx.env['REMOTE_ADDR']
# print 'slave iface remote: ' + remote + ' qdict: ' + str(qdict)
if remote != '127.0.0.1':
gv.logger.info('slave_iface invalid remote: ' + remote)
raise web.unauthorized()
gv.radio_iface = qdict['radio']
gv.vpn_iface = qdict['vpn']
def verifyLogin():
qdict = web.input()
if gv.sd['ipas'] == 1:
return True
if web.config._session.user == 'admin':
return True
if qdict.has_key('pw') and gv.sd['password'] == sha1(qdict['pw'] + gv.sd['salt']).hexdigest():
return True
raise web.unauthorized()
def verifyLogin():
qdict = web.input()
if gv.sd['ipas'] == 1:
return True
if web.config._session.user == 'admin':
return True
if qdict.has_key('pw') and gv.sd['password'] == sha1(qdict['pw'] + gv.sd['salt']).hexdigest():
return True
raise web.unauthorized()
def validate_two_leg_oauth():
"""
Verify 2-legged oauth request using values in "Authorization" header.
"""
log.loggit('validate_two_leg_oauth()')
parameters = web.input()
if web.ctx.env.has_key('HTTP_AUTHORIZATION') and web.ctx.env[
'HTTP_AUTHORIZATION'].startswith('OAuth '):
parameters = split_header(web.ctx.env['HTTP_AUTHORIZATION'])
# We have to reconstruct the original full URL used when signing
# so if there are ever 401 errors verifying a request, look here first.
req = oauth2.Request(web.ctx.env['REQUEST_METHOD'],
web.ctx['homedomain'] + web.ctx.env['REQUEST_URI'],
parameters=parameters)
if not req.has_key('oauth_consumer_key'):
raise web.unauthorized()
# Verify the account referenced in the request is valid
adb = accountdb.AccountDB()
account = adb.review_account_using_info('consumer_key',
req['oauth_consumer_key'])
if not account:
raise web.unauthorized(UNAUTHORIZED_MESSAGE)
# Create an oauth2 Consumer with an account's consumer_key and consumer_secret
# to be used to verify the request
consumer = oauth2.Consumer(account['consumer_key'],
account['consumer_secret'])
# Create our oauth2 Server and add hmac-sha1 signature method
server = oauth2.Server()
server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1())
# Attempt to verify the authorization request via oauth2
try:
server.verify_request(req, consumer, None)
except oauth2.Error, e:
log.loggit('validate_two_leg_oauth() - %s %s' % (repr(e), str(e)))
raise web.unauthorized(e)
def PUT(installer_name, target_os):
auth = web.ctx.env.get('HTTP_AUTHORIZATION')
username = '' # We need to initialise these to empty values in the case that auth is disabled
password = ''
try:
if auth is not None:
auth = re.sub('^Basic ', '', auth)
username, password = base64.decodestring(auth).split(':')
except ValueError:
return web.unauthorized()
if not check_auth(username, password):
return web.unauthorized()
content_type = ''
if web.ctx.env.get('CONTENT_TYPE'):
content_type = web.ctx.env.get('CONTENT_TYPE')
try:
if pleasance.update_installer_specific(installer_name, target_os,
content_type, web.data()):
return "Created Installer for " + installer_name + " on platform: " + target_os
except pleasance.InstallerNotFoundError:
return web.notfound()
def PATCH(self):
web.header('Access-Control-Allow-Origin', '*')
web.header('Access-Control-Allow-Credentials', 'true')
web.header('Content-Type', 'application/json')
input = json.loads(web.data())
res = patch_graph(input["user"], input["graph"], input["data"])
if res == 200:
return json.dumps({"ok": True}, default=_jsonforammter)
elif res == 401:
raise web.unauthorized()
else:
raise web.internalerror()
