def get(self):
# deferred.defer(add_permissions_schema_update.AddPermissionsSchemaUpdate)
# self.response.out.write('Schema migration successfully initiated.')
login_success = 0
login_failures = 0
orgs = organization.Organization.all()
for org in orgs:
del org._password_hash_list[:]
if generate_hash.recursive_hash(
org.password) not in org._password_hash_list:
org._password_hash_list.append(
generate_hash.recursive_hash(org.password))
organization.PutAndCache(org)
# log. Save old?
for org in orgs:
if generate_hash.recursive_hash(
org.password) in org._password_hash_list:
login_success += 1
else:
login_failures += 1
self.response.out.write('Passwords updated<br>')
self.response.out.write("Login successes: %s<br>" % login_success)
self.response.out.write("Login failures: %s<br>" % login_failures)
def PutAndCache(organization, cache_time=600):
if organization.password:
if not generate_hash.recursive_hash(
organization.password) in organization._password_hash_list:
organization._password_hash_list.append(
generate_hash.recursive_hash(organization.password))
organization.put()
return memcache.set(cache_prefix + str(organization.key().id()),
(organization, OrgToDict(organization)),
time=cache_time)
def AuthenticatedPost(self, org, event):
name = self.request.get("name")
event_name = self.request.get("event")
password = self.request.get("password")
event = event_db.Event.all().filter("name =", event_name).get()
org = organization.Organization.all().filter("name =", name).filter("incidents =", event.key()).get()
password_hash = generate_hash.recursive_hash(password)
if password_hash in org._password_hash_list:
org._password_hash_list.remove(password_hash)
org._password_hash_list = list(set(org._password_hash_list))
organization.PutAndCache(org)
self.redirect("/admin?message=Password deleted.")
else:
self.redirect("/admin-delete-password?message=That password doesn't exist for this org. Select an incident to try again.")
def AuthenticatedPost(self, org, event):
name = self.request.get("name")
form = GetOrganizationForm(self.request.POST)
event_name = None
if form.event.data:
event_name = form.event.data
if event_name == "None" or event_name == None:
event_name = self.request.get("event_name")
logging.info("new password")
logging.info(name)
logging.info(event_name)
password = self.request.get("password")
# raise Exception(event_name)
if self.request.get("accept") == "true":
event_name = self.request.get("event_name")
this_event = event_db.Event.all().filter("name =",
event_name).get()
org = organization.Organization.all().filter(
"name =", name).filter("incidents =", this_event.key()).get()
password_hash = generate_hash.recursive_hash(password)
if org:
if password_hash in org._password_hash_list:
self.rediect(
"/admin?message=That password already exists for that organization"
)
return
org._password_hash_list.append(password_hash)
org._password_hash_list = list(set(org._password_hash_list))
organization.PutAndCache(org)
audit = audit_db.new_password(org, password_hash)
url = "/admin?message=New password added to " + name + " working on " + event_name
self.redirect(url)
return
else:
url = "/admin-generate-new-password?error_message=Could not find " + name + "for: " + event_name
self.redirect(url)
return
password = random_password.generate_password()
template_params = page_db.get_page_block_dict()
template_params.update({
"password": password,
"name": name,
"event_name": event_name
})
self.response.out.write(post_template.render(template_params))
def AuthenticatedPost(self, org, event):
name = self.request.get("name")
event_name = self.request.get("event")
password = self.request.get("password")
event = event_db.Event.all().filter("name =", event_name).get()
org = organization.Organization.all().filter("name =", name).filter(
"incidents =", event.key()).get()
password_hash = generate_hash.recursive_hash(password)
if password_hash in org._password_hash_list:
org._password_hash_list.remove(password_hash)
org._password_hash_list = list(set(org._password_hash_list))
organization.PutAndCache(org)
self.redirect("/admin?message=Password deleted.")
else:
self.redirect(
"/admin-delete-password?message=That password doesn't exist for this org. Select an incident to try again."
)
def post(self):
# raise Exception(self.request)
now = datetime.datetime.now()
form = GetOrganizationForm(self.request.POST)
if not form.validate():
self.redirect('/authentication')
event = None
for e in event_db.Event.gql(
"WHERE name = :name LIMIT 1", name = form.event.data):
event = e
# check org and incident match
org = None
selected_org_name = self.request.get("name")
if selected_org_name == "Other":
selected_org_name = self.request.get("existing-organization")
if selected_org_name == "Admin":
# admin user
for x in organization.Organization.gql(
"WHERE name = :name LIMIT 1", name=selected_org_name
):
org = x
else:
# regular user
for x in organization.Organization.gql(
"WHERE name = :name AND incidents = :incident LIMIT 1",
name=selected_org_name,
incident=event.key()
):
org = x
if org is None:
# try legacy incident field
for x in organization.Organization.gql(
"WHERE name = :name and incident = :incident LIMIT 1",
name=selected_org_name,
incident=event.key()
):
org = x
# handle verified+active existing org joining new incident
if not org and selected_org_name == 'Other':
existing_org_name = self.request.get("existing-organization")
for x in organization.Organization.gql(
"WHERE name = :name LIMIT 1", name=existing_org_name):
org = x
# hash here, test if event and org and password_hash(form.password.data) in org.password_hash_list
if event and org and generate_hash.recursive_hash(form.password.data) in org._password_hash_list and audit_db.login(org_name = org.name, ip=self.request.remote_addr, org = org, password_hash = generate_hash.recursive_hash(form.password.data), event_name = event.name, email=self.request.get("email")):
# if event and org and org.password == form.password.data:
# login was successful
# (temp) force migration of org.incident -> org.incidents
unicode(org.incidents)
# add org to incident if not already allowed
if not org.may_access(event):
org.join(event)
logging.info(
u"authentication_handler: "
u"Existing organization %s has joined incident %s." % (
org.name, event.name
)
)
# email administrators
review_url = "%s://%s/admin-single-organization?organization=%s" % (
urlparse(self.request.url).scheme,
urlparse(self.request.url).netloc,
org.key().id()
)
organization_form = organization.OrganizationForm(None, org)
email_administrators_using_templates(
event=event,
subject_template_name='organization_joins_incident.to_admins.subject.txt',
body_template_name='organization_joins_incident.to_admins.body.txt',
organization=org,
review_url=review_url,
organization_form=organization_form,
)
org.save()
# timestamp login
now = datetime.datetime.utcnow()
org.timestamp_login = now
org.save()
event.timestamp_last_login = now
event.save()
# create login key
keys = key.Key.all()
keys.order("date")
selected_key = None
for k in keys:
age = now - k.date
# Only use keys created in about the last day,
# and garbage collect keys older than 2 days.
if age.days > 14:
k.delete()
elif age.days <= 1:
selected_key = k
if not selected_key:
selected_key = key.Key(
secret_key = ''.join(random.choice(
string.ascii_uppercase + string.digits)
for x in range(20)))
selected_key.put()
# set cookie of org and event
self.response.headers.add_header("Set-Cookie",
selected_key.getCookie(org, event))
self.redirect(urllib.unquote(self.request.get('destination', default_value='/').encode('ascii')))
else:
audit_db.bad_login(ip=self.request.remote_addr)
self.redirect(self.request.url + "?error_message=Incorrect Organization and Passcode Combination")
def post(self):
# raise Exception(self.request)
now = datetime.datetime.now()
form = GetOrganizationForm(self.request.POST)
if not form.validate():
self.redirect('/authentication')
event = None
for e in event_db.Event.gql("WHERE name = :name LIMIT 1",
name=form.event.data):
event = e
# check org and incident match
org = None
selected_org_name = self.request.get("name")
if selected_org_name == "Other":
selected_org_name = self.request.get("existing-organization")
if selected_org_name == "Admin":
# admin user
for x in organization.Organization.gql(
"WHERE name = :name LIMIT 1", name=selected_org_name):
org = x
else:
# regular user
for x in organization.Organization.gql(
"WHERE name = :name AND incidents = :incident LIMIT 1",
name=selected_org_name,
incident=event.key()):
org = x
if org is None:
# try legacy incident field
for x in organization.Organization.gql(
"WHERE name = :name and incident = :incident LIMIT 1",
name=selected_org_name,
incident=event.key()):
org = x
# handle verified+active existing org joining new incident
if not org and selected_org_name == 'Other':
existing_org_name = self.request.get("existing-organization")
for x in organization.Organization.gql(
"WHERE name = :name LIMIT 1", name=existing_org_name):
org = x
# hash here, test if event and org and password_hash(form.password.data) in org.password_hash_list
if event and org and generate_hash.recursive_hash(
form.password.data
) in org._password_hash_list and audit_db.login(
org_name=org.name,
ip=self.request.remote_addr,
org=org,
password_hash=generate_hash.recursive_hash(form.password.data),
event_name=event.name,
email=self.request.get("email")):
# if event and org and org.password == form.password.data:
# login was successful
# (temp) force migration of org.incident -> org.incidents
unicode(org.incidents)
# add org to incident if not already allowed
if not org.may_access(event):
org.join(event)
logging.info(
u"authentication_handler: "
u"Existing organization %s has joined incident %s." %
(org.name, event.name))
# email administrators
review_url = "%s://%s/admin-single-organization?organization=%s" % (
urlparse(self.request.url).scheme,
urlparse(self.request.url).netloc, org.key().id())
organization_form = organization.OrganizationForm(None, org)
email_administrators_using_templates(
event=event,
subject_template_name=
'organization_joins_incident.to_admins.subject.txt',
body_template_name=
'organization_joins_incident.to_admins.body.txt',
organization=org,
review_url=review_url,
organization_form=organization_form,
)
org.save()
# timestamp login
now = datetime.datetime.utcnow()
org.timestamp_login = now
org.save()
event.timestamp_last_login = now
event.save()
# create login key
keys = key.Key.all()
keys.order("date")
selected_key = None
for k in keys:
age = now - k.date
# Only use keys created in about the last day,
# and garbage collect keys older than 2 days.
if age.days > 14:
k.delete()
elif age.days <= 1:
selected_key = k
if not selected_key:
selected_key = key.Key(secret_key=''.join(
random.choice(string.ascii_uppercase + string.digits)
for x in range(20)))
selected_key.put()
# set cookie of org and event
self.response.headers.add_header(
"Set-Cookie", selected_key.getCookie(org, event))
self.redirect(
urllib.unquote(
self.request.get('destination',
default_value='/').encode('ascii')))
else:
audit_db.bad_login(ip=self.request.remote_addr)
self.redirect(
self.request.url +
"?error_message=Incorrect Organization and Passcode Combination"
)