async def settings_edit(request):
"""Shows the settings for the current user. Renders the same template as the normal user edit, but with parameter own_settings=True."""
try:
users.read_users()
except:
return PlainTextResponse(
'Configuration is being updated. Try again in a minute.')
own_name = request.user.display_name
template = "users_edit.html"
context = {
"request":
request,
"mercure_version":
mercure_defs.VERSION,
"page":
"settings",
"edituser":
own_name,
"edituser_info":
users.users_list[own_name],
"own_settings":
"True",
"change_password":
users.users_list[own_name].get("change_password", "False")
}
context.update(get_user_information(request))
return templates.TemplateResponse(template, context)
async def add_new_user(request):
"""Creates a new user and redirects to the user-edit page."""
try:
users.read_users()
except:
return PlainTextResponse(
'Configuration is being updated. Try again in a minute.')
form = dict(await request.form())
newuser = form.get("name", "")
if newuser in users.users_list:
return PlainTextResponse('User already exists.')
newpassword = users.hash_password(
form.get("password", "here_should_be_a_password"))
users.users_list[newuser] = {
"password": newpassword,
"is_admin": "False",
"change_password": "******"
}
try:
users.save_users()
except:
return PlainTextResponse(
'ERROR: Unable to write user list. Try again.')
logger.info(f'Created user {newuser}')
monitor.send_webgui_event(monitor.w_events.USER_CREATE,
request.user.display_name, newuser)
return RedirectResponse(url='/users/edit/' + newuser, status_code=303)
async def login_post(request):
"""Evaluate the submitted login information. Redirects to index page if login information valid, otherwise back to login.
On the first login, the user will be directed to the settings page and asked to change the password."""
try:
users.read_users()
except:
return PlainTextResponse("Configuration is being updated. Try again in a minute.")
form = dict(await request.form())
if users.evaluate_password(form.get("username", ""), form.get("password", "")):
request.session.update({"user": form["username"]})
if users.is_admin(form["username"]) == True:
request.session.update({"is_admin": "Jawohl"})
monitor.send_webgui_event(monitor.w_events.LOGIN, form["username"], "{admin}".format(admin="ADMIN" if users.is_admin(form["username"]) else ""))
if users.needs_change_password(form["username"]):
return RedirectResponse(url="/settings", status_code=303)
else:
return RedirectResponse(url="/", status_code=303)
else:
if request.client.host is None:
source_ip = "UNKOWN IP"
else:
source_ip = request.client.host
monitor.send_webgui_event(monitor.w_events.LOGIN_FAIL, form["username"], source_ip)
template = "login.html"
context = {"request": request, "invalid_password": 1, "mercure_version": mercure_defs.VERSION, "appliance_name": config.mercure.get("appliance_name", "mercure Router")}
return templates.TemplateResponse(template, context)
async def show_users(request):
"""Shows all available users."""
try:
users.read_users()
except:
return PlainTextResponse("Configuration is being updated. Try again in a minute.")
template = "users.html"
context = {"request": request, "mercure_version": mercure_defs.VERSION, "page": "users", "users": users.users_list}
context.update(get_user_information(request))
return templates.TemplateResponse(template, context)
async def users_edit(request):
"""Shows the settings for a given user."""
try:
users.read_users()
except:
return PlainTextResponse("Configuration is being updated. Try again in a minute.")
edituser = request.path_params["user"]
if not edituser in users.users_list:
return RedirectResponse(url="/users", status_code=303)
template = "users_edit.html"
context = {"request": request, "mercure_version": mercure_defs.VERSION, "page": "users", "edituser": edituser, "edituser_info": users.users_list[edituser]}
context.update(get_user_information(request))
return templates.TemplateResponse(template, context)
async def users_edit_post(request):
"""Updates the given user with settings passed as form parameters."""
try:
users.read_users()
except:
return PlainTextResponse(
'Configuration is being updated. Try again in a minute.')
edituser = request.path_params["user"]
form = dict(await request.form())
if not edituser in users.users_list:
return PlainTextResponse('User does not exist anymore.')
users.users_list[edituser]["email"] = form["email"]
if form["password"]:
users.users_list[edituser]["password"] = users.hash_password(
form["password"])
users.users_list[edituser]["change_password"] = "******"
# Only admins are allowed to change the admin status, and the current user
# cannot change the status for himself (which includes the settings page)
if (request.user.is_admin) and (request.user.display_name != edituser):
users.users_list[edituser]["is_admin"] = form["is_admin"]
if (request.user.is_admin):
users.users_list[edituser]["permissions"] = form["permissions"]
try:
users.save_users()
except:
return PlainTextResponse(
'ERROR: Unable to write user list. Try again.')
logger.info(f'Edited user {edituser}')
monitor.send_webgui_event(monitor.w_events.USER_EDIT,
request.user.display_name, edituser)
if "own_settings" in form:
return RedirectResponse(url='/', status_code=303)
else:
return RedirectResponse(url='/users', status_code=303)
Route('/{whatever:path}',
endpoint=emergency_response,
methods=['GET', 'POST']),
])
uvicorn.run(emergency_app, host=WEBGUI_HOST, port=WEBGUI_PORT)
###################################################################################
## Entry function
###################################################################################
if __name__ == "__main__":
try:
services.read_services()
config.read_config()
users.read_users()
if (str(SECRET_KEY) == 'PutSomethingRandomHere'):
logger.error(
"You need to change the SECRET_KEY in configuration/webgui.env"
)
raise Exception("Invalid or missing SECRET_KEY in webgui.env")
except Exception as e:
logger.error(e)
logger.error("Cannot start service. Showing emergency message.")
launch_emergency_app()
logger.info("Going down.")
sys.exit(1)
monitor.configure('webgui', 'main', config.mercure['bookkeeper'])
monitor.send_event(monitor.h_events.BOOT, monitor.severity.INFO,
f'PID = {os.getpid()}')
