def get_user_account(username, **kwargs): """ Load the user account information. Variables: username => Name of the user to get the account info Arguments: load_avatar => If exists, this will load the avatar as well Data Block: None Result example: { "name": "Test user", # Name of the user "is_active": true, # Is the user active? "classification": "", # Max classification for user "uname": "usertest", # Username "is_admin": false, # Is the user admin? "avatar": null, # Avatar of the user "groups": ["TEST"] # Groups the user is member of } """ if username != kwargs['user']['uname'] and not kwargs['user']['is_admin']: return make_api_response( {}, "You are not allow to view other users then yourself.", 403) user = STORAGE.get_user_account(username) if not user: return make_api_response({}, "User %s does not exists" % username, 404) user['2fa_enabled'] = user.pop('otp_sk', None) is not None user['apikeys'] = [x[0] for x in user.get('apikeys', [])] user['has_password'] = user.pop('password', None) is not None user['u2f_enabled'] = len(user.pop('u2f_devices', [])) != 0 if "api_quota" not in user: user['api_quota'] = ACCOUNT_DEFAULT.get('api_quota', 10) if "submission_quota" not in user: user['submission_quota'] = ACCOUNT_DEFAULT.get('submission_quota', 5) if "load_avatar" in request.args: user['avatar'] = STORAGE.get_user_avatar(username) return make_api_response(user)
def login(): if request.environ.get("HTTP_X_REMOTE_CERT_VERIFIED", "FAILURE") == "SUCCESS": dn = ",".join( request.environ.get("HTTP_X_REMOTE_DN").split("/")[::-1][:-1]) else: dn = "" avatar = None username = '' alternate_login = '******' if dn: u_list = STORAGE.advanced_search('user', 'dn:"%s"' % dn, args=[('fl', '_yz_rk') ])['response']['docs'] if len(u_list): username = u_list[0]['_yz_rk'] avatar = STORAGE.get_user_avatar( username) or "/static/images/user_default.png" alternate_login = '******' else: try: username = dn.rsplit('CN=', 1)[1] except IndexError: username = dn avatar = "/static/images/user_default.png" alternate_login = '******' if config.auth.get('encrypted_login', True): public_key = STORAGE.get_blob('id_rsa.pub') if not public_key: public_key, private_key = generate_async_keys( key_size=config.ui.get('rsa_key_size', 2048)) STORAGE.save_blob('id_rsa.pub', public_key) STORAGE.save_blob('id_rsa', private_key) else: public_key = None next_url = angular_safe(request.args.get('next', "/")) return custom_render("login.html", next=next_url, public_key=public_key, avatar=avatar, username=username, alternate_login=alternate_login)
def get_user_avatar(username, **_): """ Loads the user's avatar. Variables: username => Name of the user you want to get the avatar for Arguments: None Data Block: None Result example: "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD..." """ avatar = STORAGE.get_user_avatar(username) return make_api_response(avatar)
def base(*args, **kwargs): # Validate User-Agent user_agent = request.environ.get("HTTP_USER_AGENT", "Unknown browser") if "MSIE 8" in user_agent or "MSIE 9" in user_agent or "MSIE 7" in user_agent or "MSIE 6" in user_agent: return redirect(redirect_helper("/unsupported.html")) # Create Path path = request.path + "?" + request.query_string # Login try: session_id = flsk_session.get("session_id", None) if not session_id: abort(401) session = KV_SESSION.get(session_id) if not session: abort(401) else: session = json.loads(session) cur_time = now() if session.get('expire_at', 0) < cur_time: KV_SESSION.pop(session_id) abort(401) else: session['expire_at'] = cur_time + session.get( 'duration', 3600) if request.headers.get("X-Forward-For", None) != session.get('ip', None) or \ request.headers.get("User-Agent", None) != session.get('user_agent', None): abort(401) KV_SESSION.set(session_id, session) logged_in_uname = session.get("username", None) if not set(self.required_priv).intersection( set(session.get("privileges", []))): abort(401) user = login(logged_in_uname, path) if self.require_admin and not user['is_admin']: raise AccessDeniedException( "Url '%s' requires ADMIN privileges" % request.path) except AccessDeniedException: raise if self.audit: json_blob = request.json if not isinstance(json_blob, dict): json_blob = {} params_list = list(args) + \ ["%s=%s" % (k, v) for k, v in kwargs.iteritems() if k in AUDIT_KW_TARGET] + \ ["%s=%s" % (k, v) for k, v in request.args.iteritems() if k in AUDIT_KW_TARGET] + \ ["%s=%s" % (k, v) for k, v in json_blob.iteritems() if k in AUDIT_KW_TARGET] AUDIT_LOG.info("%s [%s] :: %s(%s)" % (logged_in_uname, user['classification'], func.func_name, ", ".join(params_list))) # Dump Generic KWARGS kwargs['build_master'] = "%s.%s" % (BUILD_MASTER, BUILD_LOWER) kwargs['user'] = user kwargs['user_js'] = json.dumps(user) kwargs['debug'] = str(DEBUG).lower() kwargs['menu'] = create_menu(user, path) kwargs['avatar'] = STORAGE.get_user_avatar(user['uname']) kwargs['is_prod'] = SYSTEM_NAME == "production" options = STORAGE.get_user_options(user['uname']) if not request.path == "/terms.html": if not user.get('agrees_with_tos', False) and config.ui.get( "tos", None) is not None: return redirect(redirect_helper("/terms.html")) if not options and not request.path == "/settings.html": return redirect(redirect_helper("/settings.html?forced")) if self.load_options: kwargs['options'] = json.dumps(options) kwargs["build_no"] = BUILD_NO return func(*args, **kwargs)