def home():
"""
home page function
"""
listx = lxc.listx()
containers_all = []
for status in ('RUNNING', 'FROZEN', 'STOPPED'):
containers_by_status = []
for container in listx[status]:
container_info = {
'name': container,
'settings': lwp.get_container_settings(container, status),
'memusg': 0,
'bucket': get_bucket_token(container)
}
containers_by_status.append(container_info)
containers_all.append({
'status': status.lower(),
'containers': containers_by_status
})
return render_template('index.html',
containers=lxc.ls(),
containers_all=containers_all,
dist=lwp.check_ubuntu(),
host=socket.gethostname(),
templates=lwp.get_templates_list(),
storage_repos=storage_repos,
auth=AUTH)
def home():
"""
home page function
"""
listx = lxc.listx()
containers_all = []
for status in ('RUNNING', 'FROZEN', 'STOPPED'):
containers_by_status = []
for container in listx[status]:
container_info = {
'name': container,
'settings': lwp.get_container_settings(container, status),
'memusg': 0,
'bucket': get_bucket_token(container)
}
containers_by_status.append(container_info)
containers_all.append({
'status': status.lower(),
'containers': containers_by_status
})
return render_template('index.html', containers=lxc.ls(), containers_all=containers_all, dist=lwp.name_distro(),
host=socket.gethostname(), templates=lwp.get_templates_list(), storage_repos=storage_repos,
auth=AUTH)
def about():
"""
about page
"""
return render_template('about.html',
containers=lxc.ls(),
version=lwp.check_version())
def lwp_tokens():
"""
returns api tokens info and get posts request: can show/delete or add token in page.
this function uses sqlite3, require admin privilege
"""
if session['su'] != 'Yes':
return abort(403)
if request.method == 'POST':
if request.form['action'] == 'add':
# we want to add a new token
token = request.form['token']
description = request.form['description']
username = session[
'username'] # we should save the username due to ldap option
g.db.execute(
"INSERT INTO api_tokens (username, token, description) VALUES(?, ?, ?)",
[username, token, description])
g.db.commit()
flash(u'Token %s successfully added!' % token, 'success')
if request.args.get('action') == 'del':
token = request.args['token']
g.db.execute("DELETE FROM api_tokens WHERE token=?", [token])
g.db.commit()
flash(u'Token %s successfully deleted!' % token, 'success')
tokens = query_db(
"SELECT description, token, username FROM api_tokens ORDER BY token DESC"
)
return render_template('tokens.html', containers=lxc.ls(), tokens=tokens)
def home():
"""
home page function
"""
listx = lxc.listx()
containers_all = []
for status in ("RUNNING", "FROZEN", "STOPPED"):
containers_by_status = []
for container in listx[status]:
container_info = {
"name": container,
"settings": lwp.get_container_settings(container, status),
"memusg": 0,
"bucket": get_bucket_token(container),
}
containers_by_status.append(container_info)
containers_all.append({"status": status.lower(), "containers": containers_by_status})
clonable_containers = listx["STOPPED"]
return render_template(
"index.html",
containers=lxc.ls(),
containers_all=containers_all,
dist=lwp.name_distro(),
host=socket.gethostname(),
templates=lwp.get_templates_list(),
storage_repos=storage_repos,
auth=AUTH,
clonable_containers=clonable_containers,
)
def lwp_tokens():
"""
returns api tokens info and get posts request: can show/delete or add token in page.
this function uses sqlite3, require admin privilege
"""
if session["su"] != "Yes":
return abort(403)
if request.method == "POST":
if request.form["action"] == "add":
# we want to add a new token
token = request.form["token"]
description = request.form["description"]
username = session["username"] # we should save the username due to ldap option
g.db.execute(
"INSERT INTO api_tokens (username, token, description) VALUES(?, ?, ?)", [username, token, description]
)
g.db.commit()
flash(u"Token %s successfully added!" % token, "success")
if request.args.get("action") == "del":
token = request.args["token"]
g.db.execute("DELETE FROM api_tokens WHERE token=?", [token])
g.db.commit()
flash(u"Token %s successfully deleted!" % token, "success")
tokens = query_db("SELECT description, token, username FROM api_tokens ORDER BY token DESC")
return render_template("tokens.html", containers=lxc.ls(), tokens=tokens)
def lwp_tokens():
"""
returns api tokens info and get posts request: can show/delete or add token in page.
this function uses sqlite3, require admin privilege
"""
if session['su'] != 'Yes':
return abort(403)
if request.method == 'POST':
if request.form['action'] == 'add':
# we want to add a new token
token = request.form['token']
description = request.form['description']
username = session['username'] # we should save the username due to ldap option
g.db.execute("INSERT INTO api_tokens (username, token, description) VALUES(?, ?, ?)", [username, token,
description])
g.db.commit()
flash(u'Token %s successfully added!' % token, 'success')
if request.args.get('action') == 'del':
token = request.args['token']
g.db.execute("DELETE FROM api_tokens WHERE token=?", [token])
g.db.commit()
flash(u'Token %s successfully deleted!' % token, 'success')
tokens = query_db("SELECT description, token, username FROM api_tokens ORDER BY token DESC")
return render_template('tokens.html', containers=lxc.ls(), tokens=tokens)
def checkconfig():
"""
returns the display of lxc-checkconfig command
"""
if session["su"] != "Yes":
return abort(403)
return render_template("checkconfig.html", containers=lxc.ls(), cfg=lxc.checkconfig())
def checkconfig():
"""
returns the display of lxc-checkconfig command
"""
if session['su'] != 'Yes':
return abort(403)
return render_template('checkconfig.html', containers=lxc.ls(), cfg=lxc.checkconfig())
def edit(container=None):
"""
edit containers page and actions if form post request
"""
host_memory = lwp.host_memory_usage()
cfg = lwp.get_container_settings(container)
if request.method == 'POST':
form = request.form.copy()
if form['bucket'] != get_bucket_token(container):
g.db.execute(
"INSERT INTO machine(machine_name, bucket_token) VALUES (?, ?)",
[container, form['bucket']])
g.db.commit()
flash(u'Bucket config for %s saved' % container, 'success')
# convert boolean in correct value for lxc, if checkbox is inset value is not submitted inside POST
form['flags'] = 'up' if 'flags' in form else 'down'
form['start_auto'] = '1' if 'start_auto' in form else '0'
# if memlimits/memswlimit is at max values unset form values
if int(form['memlimit']) == host_memory['total']:
form['memlimit'] = ''
if int(form['swlimit']) == host_memory['total'] * 2:
form['swlimit'] = ''
for option in form.keys():
# if the key is supported AND is different
if option in cfg.keys() and form[option] != cfg[option]:
# validate value with regex
if re.match(cgroup_ext[option][1], form[option]):
lwp.push_config_value(cgroup_ext[option][0],
form[option],
container=container)
flash(cgroup_ext[option][2], 'success')
else:
flash(
'Cannot validate value for option {}. Unsaved!'.format(
option), 'error')
# we should re-read container configuration now to be coherent with the newly saved values
cfg = lwp.get_container_settings(container)
info = lxc.info(container)
infos = {
'status': info['state'],
'pid': info['pid'],
'memusg': lwp.memory_usage(container)
}
return render_template('edit.html',
containers=lxc.ls(),
container=container,
infos=infos,
settings=cfg,
host_memory=host_memory,
storage_repos=storage_repos)
def lxc_net():
"""
lxc-net (/etc/default/lxc) settings page and actions if form post request
"""
if session["su"] != "Yes":
return abort(403)
if request.method == "POST":
if lxc.running() == []:
cfg = lwp.get_net_settings()
ip_regex = "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
form = {}
for key in ["bridge", "address", "netmask", "network", "range", "max"]:
form[key] = request.form.get(key, None)
form["use"] = request.form.get("use", None)
if form["use"] != cfg["use"]:
lwp.push_net_value("USE_LXC_BRIDGE", "true" if form["use"] else "false")
if form["bridge"] and form["bridge"] != cfg["bridge"] and re.match("^[a-zA-Z0-9_-]+$", form["bridge"]):
lwp.push_net_value("LXC_BRIDGE", form["bridge"])
if form["address"] and form["address"] != cfg["address"] and re.match("^%s$" % ip_regex, form["address"]):
lwp.push_net_value("LXC_ADDR", form["address"])
if form["netmask"] and form["netmask"] != cfg["netmask"] and re.match("^%s$" % ip_regex, form["netmask"]):
lwp.push_net_value("LXC_NETMASK", form["netmask"])
if (
form["network"]
and form["network"] != cfg["network"]
and re.match("^%s(?:/\d{1,2}|)$" % ip_regex, form["network"])
):
lwp.push_net_value("LXC_NETWORK", form["network"])
if (
form["range"]
and form["range"] != cfg["range"]
and re.match("^%s,%s$" % (ip_regex, ip_regex), form["range"])
):
lwp.push_net_value("LXC_DHCP_RANGE", form["range"])
if (
form["max"]
and form["max"] != cfg["max"]
and re.match("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", form["max"])
):
lwp.push_net_value("LXC_DHCP_MAX", form["max"])
if lwp.net_restart() == 0:
flash(u"LXC Network settings applied successfully!", "success")
else:
flash(u"Failed to restart LXC networking.", "error")
else:
flash(u"Stop all containers before restart lxc-net.", "warning")
return render_template("lxc-net.html", containers=lxc.ls(), cfg=lwp.get_net_settings(), running=lxc.running())
def lxc_net():
"""
lxc-net (/etc/default/lxc) settings page and actions if form post request
"""
if session['su'] != 'Yes':
return abort(403)
if request.method == 'POST':
if lxc.running() == []:
cfg = lwp.get_net_settings()
ip_regex = '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
form = {}
for key in [
'bridge', 'address', 'netmask', 'network', 'range', 'max'
]:
form[key] = request.form.get(key, None)
form['use'] = request.form.get('use', None)
if form['use'] != cfg['use']:
lwp.push_net_value('USE_LXC_BRIDGE',
'true' if form['use'] else 'false')
if form['bridge'] and form['bridge'] != cfg['bridge'] and \
re.match('^[a-zA-Z0-9_-]+$', form['bridge']):
lwp.push_net_value('LXC_BRIDGE', form['bridge'])
if form['address'] and form['address'] != cfg['address'] and \
re.match('^%s$' % ip_regex, form['address']):
lwp.push_net_value('LXC_ADDR', form['address'])
if form['netmask'] and form['netmask'] != cfg['netmask'] and \
re.match('^%s$' % ip_regex, form['netmask']):
lwp.push_net_value('LXC_NETMASK', form['netmask'])
if form['network'] and form['network'] != cfg['network'] and \
re.match('^%s(?:/\d{1,2}|)$' % ip_regex, form['network']):
lwp.push_net_value('LXC_NETWORK', form['network'])
if form['range'] and form['range'] != cfg['range'] and \
re.match('^%s,%s$' % (ip_regex, ip_regex), form['range']):
lwp.push_net_value('LXC_DHCP_RANGE', form['range'])
if form['max'] and form['max'] != cfg['max'] and \
re.match('^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$', form['max']):
lwp.push_net_value('LXC_DHCP_MAX', form['max'])
if lwp.net_restart() == 0:
flash(u'LXC Network settings applied successfully!', 'success')
else:
flash(u'Failed to restart LXC networking.', 'error')
else:
flash(u'Stop all containers before restart lxc-net.', 'warning')
return render_template('lxc-net.html',
containers=lxc.ls(),
cfg=lwp.get_net_settings(),
running=lxc.running())
def edit(container=None):
"""
edit containers page and actions if form post request
"""
host_memory = lwp.host_memory_usage()
cfg = lwp.get_container_settings(container)
if request.method == "POST":
form = request.form.copy()
if form["bucket"] != get_bucket_token(container):
g.db.execute("INSERT INTO machine(machine_name, bucket_token) VALUES (?, ?)", [container, form["bucket"]])
g.db.commit()
flash(u"Bucket config for %s saved" % container, "success")
# convert boolean in correct value for lxc, if checkbox is inset value is not submitted inside POST
form["flags"] = "up" if "flags" in form else "down"
form["start_auto"] = "1" if "start_auto" in form else "0"
# if memlimits/memswlimit is at max values unset form values
if int(form["memlimit"]) == host_memory["total"]:
form["memlimit"] = ""
if int(form["swlimit"]) == host_memory["total"] * 2:
form["swlimit"] = ""
for option in form.keys():
# if the key is supported AND is different
if option in cfg.keys() and form[option] != cfg[option]:
# validate value with regex
if re.match(cgroup_ext[option][1], form[option]):
lwp.push_config_value(cgroup_ext[option][0], form[option], container=container)
flash(cgroup_ext[option][2], "success")
else:
flash("Cannot validate value for option {}. Unsaved!".format(option), "error")
# we should re-read container configuration now to be coherent with the newly saved values
cfg = lwp.get_container_settings(container)
info = lxc.info(container)
infos = {"status": info["state"], "pid": info["pid"], "memusg": lwp.memory_usage(container)}
# prepare a regex dict from cgroups_ext definition
regex = {}
for k, v in cgroup_ext.items():
regex[k] = v[1]
return render_template(
"edit.html",
containers=lxc.ls(),
container=container,
infos=infos,
settings=cfg,
host_memory=host_memory,
storage_repos=storage_repos,
regex=regex,
clonable_containers=lxc.listx()["STOPPED"],
)
def lxc_net():
"""
lxc-net (/etc/default/lxc) settings page and actions if form post request
"""
if session['su'] != 'Yes':
return abort(403)
if request.method == 'POST':
if lxc.running() == []:
cfg = lwp.get_net_settings()
ip_regex = '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
form = {}
for key in ['bridge', 'address', 'netmask', 'network', 'range', 'max']:
form[key] = request.form.get(key, None)
form['use'] = request.form.get('use', None)
if form['use'] != cfg['use']:
lwp.push_net_value('USE_LXC_BRIDGE', 'true' if form['use'] else 'false')
if form['bridge'] and form['bridge'] != cfg['bridge'] and \
re.match('^[a-zA-Z0-9_-]+$', form['bridge']):
lwp.push_net_value('LXC_BRIDGE', form['bridge'])
if form['address'] and form['address'] != cfg['address'] and \
re.match('^%s$' % ip_regex, form['address']):
lwp.push_net_value('LXC_ADDR', form['address'])
if form['netmask'] and form['netmask'] != cfg['netmask'] and \
re.match('^%s$' % ip_regex, form['netmask']):
lwp.push_net_value('LXC_NETMASK', form['netmask'])
if form['network'] and form['network'] != cfg['network'] and \
re.match('^%s(?:/\d{1,2}|)$' % ip_regex, form['network']):
lwp.push_net_value('LXC_NETWORK', form['network'])
if form['range'] and form['range'] != cfg['range'] and \
re.match('^%s,%s$' % (ip_regex, ip_regex), form['range']):
lwp.push_net_value('LXC_DHCP_RANGE', form['range'])
if form['max'] and form['max'] != cfg['max'] and \
re.match('^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$', form['max']):
lwp.push_net_value('LXC_DHCP_MAX', form['max'])
if lwp.net_restart() == 0:
flash(u'LXC Network settings applied successfully!', 'success')
else:
flash(u'Failed to restart LXC networking.', 'error')
else:
flash(u'Stop all containers before restart lxc-net.', 'warning')
return render_template('lxc-net.html', containers=lxc.ls(), cfg=lwp.get_net_settings(), running=lxc.running())
def edit(container=None):
"""
edit containers page and actions if form post request
"""
host_memory = lwp.host_memory_usage()
cfg = lwp.get_container_settings(container)
if request.method == 'POST':
form = request.form.copy()
if form['bucket'] != get_bucket_token(container):
g.db.execute("INSERT INTO machine(machine_name, bucket_token) VALUES (?, ?)", [container, form['bucket']])
g.db.commit()
flash(u'Bucket config for %s saved' % container, 'success')
# convert boolean in correct value for lxc, if checkbox is inset value is not submitted inside POST
form['flags'] = 'up' if 'flags' in form else 'down'
form['start_auto'] = '1' if 'start_auto' in form else '0'
# if memlimits/memswlimit is at max values unset form values
if int(form['memlimit']) == host_memory['total']:
form['memlimit'] = ''
if int(form['swlimit']) == host_memory['total'] * 2:
form['swlimit'] = ''
for option in form.keys():
# if the key is supported AND is different
if option in cfg.keys() and form[option] != cfg[option]:
# validate value with regex
if re.match(cgroup_ext[option][1], form[option]):
lwp.push_config_value(cgroup_ext[option][0], form[option], container=container)
flash(cgroup_ext[option][2], 'success')
else:
flash('Cannot validate value for option {}. Unsaved!'.format(option), 'error')
# we should re-read container configuration now to be coherent with the newly saved values
cfg = lwp.get_container_settings(container)
info = lxc.info(container)
infos = {'status': info['state'], 'pid': info['pid'], 'memusg': lwp.memory_usage(container)}
# prepare a regex dict from cgroups_ext definition
regex = {}
for k, v in cgroup_ext.items():
regex[k] = v[1]
return render_template('edit.html', containers=lxc.ls(), container=container, infos=infos,
settings=cfg, host_memory=host_memory, storage_repos=storage_repos, regex=regex,
clonable_containers=lxc.listx()['STOPPED'])
def lwp_users():
"""
returns users and get posts request : can edit or add user in page.
this funtction uses sqlite3
"""
if session['su'] != 'Yes':
return abort(403)
if AUTH == 'ldap':
return abort(403, 'You are using ldap as AUTH backend.')
if AUTH == 'htpasswd':
return abort(403, 'You are using htpasswd as AUTH backend.')
try:
trash = request.args.get('trash')
except KeyError:
trash = 0
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'",
[],
one=True)
if request.args.get('token') == session.get('token') and int(trash) == 1 and request.args.get('userid') and \
request.args.get('username'):
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
if nb_users['num'] > 1:
if su_users['num'] <= 1:
su_user = query_db("SELECT username FROM users WHERE su='Yes'",
[],
one=True)
if su_user['username'] == request.args.get('username'):
flash(
u'Can\'t delete the last admin user : %s' %
request.args.get('username'), 'error')
return redirect(url_for('main.lwp_users'))
g.db.execute(
"DELETE FROM users WHERE id=? AND username=?",
[request.args.get('userid'),
request.args.get('username')])
g.db.commit()
flash(u'Deleted %s' % request.args.get('username'), 'success')
return redirect(url_for('main.lwp_users'))
flash(u'Can\'t delete the last user!', 'error')
return redirect(url_for('main.lwp_users'))
if request.method == 'POST':
users = query_db(
'SELECT id, name, username, su FROM users ORDER BY id ASC')
if request.form['newUser'] == 'True':
if not request.form['username'] in [
user['username'] for user in users
]:
if re.match('^\w+$', request.form['username']
) and request.form['password1']:
if request.form['password1'] == request.form['password2']:
if request.form['name']:
if re.match('[a-z A-Z0-9]{3,32}',
request.form['name']):
g.db.execute(
"INSERT INTO users (name, username, password) VALUES (?, ?, ?)",
[
request.form['name'],
request.form['username'],
hash_passwd(request.form['password1'])
])
g.db.commit()
else:
flash(u'Invalid name!', 'error')
else:
g.db.execute(
"INSERT INTO users (username, password) VALUES (?, ?)",
[
request.form['username'],
hash_passwd(request.form['password1'])
])
g.db.commit()
flash(u'Created %s' % request.form['username'],
'success')
else:
flash(u'No password match', 'error')
else:
flash(u'Invalid username or password!', 'error')
else:
flash(u'Username already exist!', 'error')
elif request.form['newUser'] == 'False':
if request.form['password1'] == request.form['password2']:
if re.match('[a-z A-Z0-9]{3,32}', request.form['name']):
if su_users['num'] <= 1:
su = 'Yes'
else:
try:
su = request.form['su']
except KeyError:
su = 'No'
if not request.form['name']:
g.db.execute(
"UPDATE users SET name='', su=? WHERE username=?",
[su, request.form['username']])
g.db.commit()
elif request.form['name'] and not request.form[
'password1'] and not request.form['password2']:
g.db.execute(
"UPDATE users SET name=?, su=? WHERE username=?", [
request.form['name'], su,
request.form['username']
])
g.db.commit()
elif request.form['name'] and request.form[
'password1'] and request.form['password2']:
g.db.execute(
"UPDATE users SET name=?, password=?, su=? WHERE username=?",
[
request.form['name'],
hash_passwd(request.form['password1']), su,
request.form['username']
])
g.db.commit()
elif request.form['password1'] and request.form[
'password2']:
g.db.execute(
"UPDATE users SET password=?, su=? WHERE username=?",
[
hash_passwd(request.form['password1']), su,
request.form['username']
])
g.db.commit()
flash(u'Updated', 'success')
else:
flash(u'Invalid name!', 'error')
else:
flash(u'No password match', 'error')
else:
flash(u'Unknown error!', 'error')
users = query_db(
"SELECT id, name, username, su FROM users ORDER BY id ASC")
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'",
[],
one=True)
return render_template('users.html',
containers=lxc.ls(),
users=users,
nb_users=nb_users,
su_users=su_users)
def containers(self):
"""
The original LXC-Web-Panel sent this manually with every view,
in Pyramid it's best to make this a reify property then.
"""
return lxc.ls()
def about():
"""
about page
"""
return render_template('about.html', containers=lxc.ls(), version=lwp.check_version())
def lwp_users():
"""
returns users and get posts request : can edit or add user in page.
this funtction uses sqlite3
"""
if session['su'] != 'Yes':
return abort(403)
if AUTH != 'database':
return abort(403, 'You are using an auth method other that database.')
try:
trash = request.args.get('trash')
except KeyError:
trash = 0
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True)
if request.args.get('token') == session.get('token') and int(trash) == 1 and request.args.get('userid') and \
request.args.get('username'):
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
if nb_users['num'] > 1:
if su_users['num'] <= 1:
su_user = query_db("SELECT username FROM users WHERE su='Yes'", [], one=True)
if su_user['username'] == request.args.get('username'):
flash(u'Can\'t delete the last admin user : %s' % request.args.get('username'), 'error')
return redirect(url_for('main.lwp_users'))
g.db.execute("DELETE FROM users WHERE id=? AND username=?", [request.args.get('userid'),
request.args.get('username')])
g.db.commit()
flash(u'Deleted %s' % request.args.get('username'), 'success')
return redirect(url_for('main.lwp_users'))
flash(u'Can\'t delete the last user!', 'error')
return redirect(url_for('main.lwp_users'))
if request.method == 'POST':
users = query_db('SELECT id, name, username, su FROM users ORDER BY id ASC')
if request.form['newUser'] == 'True':
if not request.form['username'] in [user['username'] for user in users]:
if re.match('^\w+$', request.form['username']) and request.form['password1']:
if request.form['password1'] == request.form['password2']:
if request.form['name']:
if re.match('[a-z A-Z0-9]{3,32}', request.form['name']):
g.db.execute("INSERT INTO users (name, username, password) VALUES (?, ?, ?)",
[request.form['name'], request.form['username'],
hash_passwd(request.form['password1'])])
g.db.commit()
else:
flash(u'Invalid name!', 'error')
else:
g.db.execute("INSERT INTO users (username, password) VALUES (?, ?)",
[request.form['username'], hash_passwd(request.form['password1'])])
g.db.commit()
flash(u'Created %s' % request.form['username'], 'success')
else:
flash(u'No password match', 'error')
else:
flash(u'Invalid username or password!', 'error')
else:
flash(u'Username already exist!', 'error')
elif request.form['newUser'] == 'False':
if request.form['password1'] == request.form['password2']:
if re.match('[a-z A-Z0-9]{3,32}', request.form['name']):
if su_users['num'] <= 1:
su = 'Yes'
else:
try:
su = request.form['su']
except KeyError:
su = 'No'
if not request.form['name']:
g.db.execute("UPDATE users SET name='', su=? WHERE username=?", [su, request.form['username']])
g.db.commit()
elif request.form['name'] and not request.form['password1'] and not request.form['password2']:
g.db.execute("UPDATE users SET name=?, su=? WHERE username=?",
[request.form['name'], su, request.form['username']])
g.db.commit()
elif request.form['name'] and request.form['password1'] and request.form['password2']:
g.db.execute("UPDATE users SET name=?, password=?, su=? WHERE username=?",
[request.form['name'], hash_passwd(request.form['password1']), su,
request.form['username']])
g.db.commit()
elif request.form['password1'] and request.form['password2']:
g.db.execute("UPDATE users SET password=?, su=? WHERE username=?",
[hash_passwd(request.form['password1']), su, request.form['username']])
g.db.commit()
flash(u'Updated', 'success')
else:
flash(u'Invalid name!', 'error')
else:
flash(u'No password match', 'error')
else:
flash(u'Unknown error!', 'error')
users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC")
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True)
return render_template('users.html', containers=lxc.ls(), users=users, nb_users=nb_users, su_users=su_users)
def lwp_users():
"""
returns users and get posts request : can edit or add user in page.
this funtction uses sqlite3
"""
if session["su"] != "Yes":
return abort(403)
if AUTH != "database":
return abort(403, "You are using an auth method other that database.")
try:
trash = request.args.get("trash")
except KeyError:
trash = 0
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True)
if (
request.args.get("token") == session.get("token")
and int(trash) == 1
and request.args.get("userid")
and request.args.get("username")
):
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
if nb_users["num"] > 1:
if su_users["num"] <= 1:
su_user = query_db("SELECT username FROM users WHERE su='Yes'", [], one=True)
if su_user["username"] == request.args.get("username"):
flash(u"Can't delete the last admin user : %s" % request.args.get("username"), "error")
return redirect(url_for("main.lwp_users"))
g.db.execute(
"DELETE FROM users WHERE id=? AND username=?",
[request.args.get("userid"), request.args.get("username")],
)
g.db.commit()
flash(u"Deleted %s" % request.args.get("username"), "success")
return redirect(url_for("main.lwp_users"))
flash(u"Can't delete the last user!", "error")
return redirect(url_for("main.lwp_users"))
if request.method == "POST":
users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC")
if request.form["newUser"] == "True":
if not request.form["username"] in [user["username"] for user in users]:
if re.match("^\w+$", request.form["username"]) and request.form["password1"]:
if request.form["password1"] == request.form["password2"]:
if request.form["name"]:
if re.match("[a-z A-Z0-9]{3,32}", request.form["name"]):
g.db.execute(
"INSERT INTO users (name, username, password) VALUES (?, ?, ?)",
[
request.form["name"],
request.form["username"],
hash_passwd(request.form["password1"]),
],
)
g.db.commit()
else:
flash(u"Invalid name!", "error")
else:
g.db.execute(
"INSERT INTO users (username, password) VALUES (?, ?)",
[request.form["username"], hash_passwd(request.form["password1"])],
)
g.db.commit()
flash(u"Created %s" % request.form["username"], "success")
else:
flash(u"No password match", "error")
else:
flash(u"Invalid username or password!", "error")
else:
flash(u"Username already exist!", "error")
elif request.form["newUser"] == "False":
if request.form["password1"] == request.form["password2"]:
if re.match("[a-z A-Z0-9]{3,32}", request.form["name"]):
if su_users["num"] <= 1:
su = "Yes"
else:
try:
su = request.form["su"]
except KeyError:
su = "No"
if not request.form["name"]:
g.db.execute("UPDATE users SET name='', su=? WHERE username=?", [su, request.form["username"]])
g.db.commit()
elif request.form["name"] and not request.form["password1"] and not request.form["password2"]:
g.db.execute(
"UPDATE users SET name=?, su=? WHERE username=?",
[request.form["name"], su, request.form["username"]],
)
g.db.commit()
elif request.form["name"] and request.form["password1"] and request.form["password2"]:
g.db.execute(
"UPDATE users SET name=?, password=?, su=? WHERE username=?",
[
request.form["name"],
hash_passwd(request.form["password1"]),
su,
request.form["username"],
],
)
g.db.commit()
elif request.form["password1"] and request.form["password2"]:
g.db.execute(
"UPDATE users SET password=?, su=? WHERE username=?",
[hash_passwd(request.form["password1"]), su, request.form["username"]],
)
g.db.commit()
flash(u"Updated", "success")
else:
flash(u"Invalid name!", "error")
else:
flash(u"No password match", "error")
else:
flash(u"Unknown error!", "error")
users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC")
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True)
return render_template("users.html", containers=lxc.ls(), users=users, nb_users=nb_users, su_users=su_users)
