def _action_download_config(self):
"""Handle POST requesting download of the openvpn client config
:return: response with token with appropriate HTTP headers
"""
form = self.get_address_form(bottle.request.POST)
res = current_state.backend.perform(
"openvpn", "get_client_config", {
"id":
self.data['download-config'],
"hostname":
form.data["server-address"]
if form.data["server-address"] else "",
})
if res["status"] != "valid":
messages.error(_("Unable to get OpenVPN client config."))
bottle.redirect(reverse("config_page", page_name="openvpn"))
bottle.response.set_header("Content-Type", "text/plain")
# TODO .ovpn for windows
bottle.response.set_header("Content-Disposition",
'attachment; filename="turris.conf"')
bottle.response.set_header("Content-Length", len(res["config"]))
return res["config"]
def form_callback(data):
current_state.backend.perform("openvpn", "generate_client",
{"name": self.data['client_name']})
messages.success(
_("Started to generate client '%(name)s' for the OpenVPN server."
) % dict(name=data['client_name']))
return bottle.redirect(reverse("config_page", page_name="openvpn"))
def _action_generate_ca(self):
"""Call RPC to generate CA for openvpn server
:return: redirect to plugin's main page
"""
current_state.backend.perform("openvpn", "generate_ca")
messages.success(_("Started to generate CA for the OpenVPN server."))
return bottle.redirect(reverse("config_page", page_name="openvpn"))
def call_action(self, action):
if bottle.request.method != 'POST':
messages.error("Wrong HTTP method.")
bottle.redirect(reverse("config_page", page_name="netmetr"))
if action == "redownload":
self._action_download_data()
elif action == "start":
self._action_measure_and_download_data()
raise bottle.HTTPError(404, "Unknown action.")
def _action_delete_ca(self):
"""Call RPC to delete the CA of the openvpn server
:return: redirect to plugin's main page
"""
res = current_state.backend.perform("openvpn", "delete_ca")
if res["result"]:
messages.success(_("The OpenVPN CA was successfully deleted."))
else:
messages.success(_("Failed to delete the OpenVPN CA."))
return bottle.redirect(reverse("config_page", page_name="openvpn"))
def make_token_response(client_name):
token = get_token(client_name)
if not token:
messages.error(
_("Unable to get token for user \"%s\".") % client_name)
bottle.redirect(reverse("config_page", page_name="tls"))
bottle.response.set_header("Content-Type", "application/x-pem-file")
bottle.response.set_header(
"Content-Disposition",
'attachment; filename="%s.pem' % client_name)
bottle.response.set_header("Content-Length", len(token))
return token
def call_action(self, action):
if bottle.request.method != 'POST':
# all actions here require POST
messages.error("Wrong HTTP method.")
bottle.redirect(reverse("config_page", page_name="tls"))
if action == "get-token":
if bottle.request.POST.get("qrcode"):
# Button for QR token generation has been clicked
return self._action_generate_token_qrcode_data()
return self._action_get_token()
elif action == "reset-ca":
return self._action_reset_ca()
raise bottle.HTTPError(404, "Unknown action.")
def _action_reset_ca(self):
"""Call RPC for resetting the CA and redirect back.
:return: redirect to plugin's main page
"""
if reset_ca():
messages.success(
_("Reset of the certification authority was successfully submitted."
))
else:
messages.error(_("An error occurred when trying to reset the CA."))
bottle.redirect(reverse("config_page", page_name="tls"))
def _action_revoke(self):
"""Handle POST requesting revoking client certificate config
:return: response with token with appropriate HTTP headers
"""
res = current_state.backend.perform("openvpn", "revoke",
{"id": self.data['revoke-client']})
if res["result"]:
messages.success(
_("The client certificate was successfully revoked."))
else:
messages.error(_("Failed to revoke the client certificate."))
return bottle.redirect(reverse("config_page", page_name="openvpn"))
def call_action(self, action):
if bottle.request.method != 'POST':
# all actions here require POST
messages.error("Wrong HTTP method.")
bottle.redirect(reverse("config_page", page_name="openvpn"))
if action == "download-config":
return self._action_download_config_or_revoke()
elif action == "generate-ca":
return self._action_generate_ca()
elif action == "generate-client":
return self._action_generate_client()
elif action == "delete-ca":
return self._action_delete_ca()
raise bottle.HTTPError(404, "Unknown action.")
def _action_generate_client(self):
"""Call RPC to generate a client for openvpn server
:return: redirect to plugin's main page
"""
form = self.get_client_form(bottle.request.POST)
if form.save():
messages.success(
_("Started to generate client certificate for the OpenVPN server."
))
return bottle.redirect(reverse("config_page", page_name="openvpn"))
else:
kwargs = {}
self._prepare_render_args(kwargs, client_form=form)
return super(OpenvpnConfigPage, self).render(**kwargs)
def _action_generate_token_qrcode_data(cls):
client_name = bottle.request.POST.get("qrcode")
token_code = os.urandom(20).encode("hex")
# Expiration time - use uptime as reference, as it's harder to tamper with
expire_time = int(
get_system_uptime()) + TLSConfigPage.TOKEN_EXPIRATION_TIME
# Add token to the dict of tokens
cls.token_codes[token_code] = {
'expires_at': expire_time,
'client_name': client_name,
}
stats = get_stats_dict()
# Return info about token as JSON
request_urlparts = bottle.request.urlparts
return {
'expiration_time': TLSConfigPage.TOKEN_EXPIRATION_TIME,
'host': request_urlparts.netloc,
'scheme': request_urlparts.scheme,
'path': reverse("get-token", token_code=token_code),
'board_name': stats['board-name'].lower(),
'hostname': stats['hostname'],
}
def _action_measure_and_download_data(self):
current_state.backend.perform("netmetr", "measure_and_download_data")
bottle.redirect(reverse("config_page", page_name="netmetr"))
