def login():
if request.method == 'POST':
request_username = request.form['username']
request_passwd = request.form['password']
current_url = request.form['url']
if AUTH == 'ldap':
try:
l = ldap.initialize('ldap://%s:%d' % (LDAP_HOST, LDAP_PORT))
l.set_option(ldap.OPT_REFERRALS, 0)
l.protocol_version = 3
l.simple_bind(LDAP_BIND_DN, LDAP_PASS)
q = l.search_s(LDAP_BASE, ldap.SCOPE_SUBTREE, '(&(objectClass=' + OBJECT_CLASS + ')(' + ID_MAPPING + '=' + request_username + '))', [])[0]
l.bind_s(q[0], request_passwd, ldap.AUTH_SIMPLE)
#set the parameters for user by ldap objectClass
user = {
'username': q[1][ID_MAPPING][0].decode('utf8'),
'name': q[1][DISPLAY_MAPPING][0].decode('utf8'),
'su': 'Yes'
}
except Exception, e:
print(str(e))
user = None
elif AUTH == 'htpasswd':
from lwp.utils import check_htpasswd
user = None
if check_htpasswd(HTPASSWD_FILE, request_username, request_passwd):
user = {
'username': request_username,
'name': request_username,
'su': 'Yes'
}
elif AUTH == 'pam':
user = None
p = pam.pam()
if p.authenticate(request_username, request_passwd, service=PAM_SERVICE):
user = {
'username': request_username,
'name': request_username,
'su': 'Yes'
}
else:
request_passwd = hash_passwd(request_passwd)
user = query_db('select name, username, su from users where username=? and password=?', [request_username, request_passwd], one=True)
if user:
session['logged_in'] = True
session['token'] = get_token()
session['last_activity'] = int(time.time())
session['username'] = user['username']
session['name'] = user['name']
session['su'] = user['su']
flash(u'You are logged in!', 'success')
if current_url == url_for('auth.login'):
return redirect(url_for('main.home'))
return redirect(current_url)
flash(u'Invalid username or password!', 'error')
def login():
if request.method == 'POST':
request_username = request.form['username']
request_passwd = request.form['password']
current_url = request.form['url']
if AUTH == 'ldap':
try:
l = ldap.initialize('ldap://%s:%d' % (LDAP_HOST, LDAP_PORT))
l.set_option(ldap.OPT_REFERRALS, 0)
l.protocol_version = 3
l.simple_bind(LDAP_BIND_DN, LDAP_PASS)
q = l.search_s(LDAP_BASE, ldap.SCOPE_SUBTREE, '(&(objectClass=' + OBJECT_CLASS + ')(' + ID_MAPPING + '=' + request_username + '))', [])[0]
l.bind_s(q[0], request_passwd, ldap.AUTH_SIMPLE)
#set the parameters for user by ldap objectClass
user = {
'username': q[1][ID_MAPPING][0].decode('utf8'),
'name': q[1][DISPLAY_MAPPING][0].decode('utf8'),
'su': 'Yes'
}
except Exception, e:
print(str(e))
user = None
elif AUTH == 'htpasswd':
from lwp.utils import check_htpasswd
user = None
if check_htpasswd(HTPASSWD_FILE, request_username, request_passwd):
user = {
'username': request_username,
'name': request_username,
'su': 'Yes'
}
else:
request_passwd = hash_passwd(request_passwd)
user = query_db('select name, username, su from users where username=? and password=?', [request_username, request_passwd], one=True)
if user:
session['logged_in'] = True
session['token'] = get_token()
session['last_activity'] = int(time.time())
session['username'] = user['username']
session['name'] = user['name']
session['su'] = user['su']
flash(u'You are logged in!', 'success')
if current_url == url_for('auth.login'):
return redirect(url_for('main.home'))
return redirect(current_url)
flash(u'Invalid username or password!', 'error')
def lwp_users():
"""
returns users and get posts request : can edit or add user in page.
this funtction uses sqlite3
"""
if session['su'] != 'Yes':
return abort(403)
if AUTH == 'ldap':
return abort(403, 'You are using ldap as AUTH backend.')
if AUTH == 'htpasswd':
return abort(403, 'You are using htpasswd as AUTH backend.')
try:
trash = request.args.get('trash')
except KeyError:
trash = 0
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'",
[],
one=True)
if request.args.get('token') == session.get('token') and int(trash) == 1 and request.args.get('userid') and \
request.args.get('username'):
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
if nb_users['num'] > 1:
if su_users['num'] <= 1:
su_user = query_db("SELECT username FROM users WHERE su='Yes'",
[],
one=True)
if su_user['username'] == request.args.get('username'):
flash(
u'Can\'t delete the last admin user : %s' %
request.args.get('username'), 'error')
return redirect(url_for('main.lwp_users'))
g.db.execute(
"DELETE FROM users WHERE id=? AND username=?",
[request.args.get('userid'),
request.args.get('username')])
g.db.commit()
flash(u'Deleted %s' % request.args.get('username'), 'success')
return redirect(url_for('main.lwp_users'))
flash(u'Can\'t delete the last user!', 'error')
return redirect(url_for('main.lwp_users'))
if request.method == 'POST':
users = query_db(
'SELECT id, name, username, su FROM users ORDER BY id ASC')
if request.form['newUser'] == 'True':
if not request.form['username'] in [
user['username'] for user in users
]:
if re.match('^\w+$', request.form['username']
) and request.form['password1']:
if request.form['password1'] == request.form['password2']:
if request.form['name']:
if re.match('[a-z A-Z0-9]{3,32}',
request.form['name']):
g.db.execute(
"INSERT INTO users (name, username, password) VALUES (?, ?, ?)",
[
request.form['name'],
request.form['username'],
hash_passwd(request.form['password1'])
])
g.db.commit()
else:
flash(u'Invalid name!', 'error')
else:
g.db.execute(
"INSERT INTO users (username, password) VALUES (?, ?)",
[
request.form['username'],
hash_passwd(request.form['password1'])
])
g.db.commit()
flash(u'Created %s' % request.form['username'],
'success')
else:
flash(u'No password match', 'error')
else:
flash(u'Invalid username or password!', 'error')
else:
flash(u'Username already exist!', 'error')
elif request.form['newUser'] == 'False':
if request.form['password1'] == request.form['password2']:
if re.match('[a-z A-Z0-9]{3,32}', request.form['name']):
if su_users['num'] <= 1:
su = 'Yes'
else:
try:
su = request.form['su']
except KeyError:
su = 'No'
if not request.form['name']:
g.db.execute(
"UPDATE users SET name='', su=? WHERE username=?",
[su, request.form['username']])
g.db.commit()
elif request.form['name'] and not request.form[
'password1'] and not request.form['password2']:
g.db.execute(
"UPDATE users SET name=?, su=? WHERE username=?", [
request.form['name'], su,
request.form['username']
])
g.db.commit()
elif request.form['name'] and request.form[
'password1'] and request.form['password2']:
g.db.execute(
"UPDATE users SET name=?, password=?, su=? WHERE username=?",
[
request.form['name'],
hash_passwd(request.form['password1']), su,
request.form['username']
])
g.db.commit()
elif request.form['password1'] and request.form[
'password2']:
g.db.execute(
"UPDATE users SET password=?, su=? WHERE username=?",
[
hash_passwd(request.form['password1']), su,
request.form['username']
])
g.db.commit()
flash(u'Updated', 'success')
else:
flash(u'Invalid name!', 'error')
else:
flash(u'No password match', 'error')
else:
flash(u'Unknown error!', 'error')
users = query_db(
"SELECT id, name, username, su FROM users ORDER BY id ASC")
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'",
[],
one=True)
return render_template('users.html',
containers=lxc.ls(),
users=users,
nb_users=nb_users,
su_users=su_users)
def lwp_users():
"""
returns users and get posts request : can edit or add user in page.
this funtction uses sqlite3
"""
if session['su'] != 'Yes':
return abort(403)
if AUTH != 'database':
return abort(403, 'You are using an auth method other that database.')
try:
trash = request.args.get('trash')
except KeyError:
trash = 0
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True)
if request.args.get('token') == session.get('token') and int(trash) == 1 and request.args.get('userid') and \
request.args.get('username'):
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
if nb_users['num'] > 1:
if su_users['num'] <= 1:
su_user = query_db("SELECT username FROM users WHERE su='Yes'", [], one=True)
if su_user['username'] == request.args.get('username'):
flash(u'Can\'t delete the last admin user : %s' % request.args.get('username'), 'error')
return redirect(url_for('main.lwp_users'))
g.db.execute("DELETE FROM users WHERE id=? AND username=?", [request.args.get('userid'),
request.args.get('username')])
g.db.commit()
flash(u'Deleted %s' % request.args.get('username'), 'success')
return redirect(url_for('main.lwp_users'))
flash(u'Can\'t delete the last user!', 'error')
return redirect(url_for('main.lwp_users'))
if request.method == 'POST':
users = query_db('SELECT id, name, username, su FROM users ORDER BY id ASC')
if request.form['newUser'] == 'True':
if not request.form['username'] in [user['username'] for user in users]:
if re.match('^\w+$', request.form['username']) and request.form['password1']:
if request.form['password1'] == request.form['password2']:
if request.form['name']:
if re.match('[a-z A-Z0-9]{3,32}', request.form['name']):
g.db.execute("INSERT INTO users (name, username, password) VALUES (?, ?, ?)",
[request.form['name'], request.form['username'],
hash_passwd(request.form['password1'])])
g.db.commit()
else:
flash(u'Invalid name!', 'error')
else:
g.db.execute("INSERT INTO users (username, password) VALUES (?, ?)",
[request.form['username'], hash_passwd(request.form['password1'])])
g.db.commit()
flash(u'Created %s' % request.form['username'], 'success')
else:
flash(u'No password match', 'error')
else:
flash(u'Invalid username or password!', 'error')
else:
flash(u'Username already exist!', 'error')
elif request.form['newUser'] == 'False':
if request.form['password1'] == request.form['password2']:
if re.match('[a-z A-Z0-9]{3,32}', request.form['name']):
if su_users['num'] <= 1:
su = 'Yes'
else:
try:
su = request.form['su']
except KeyError:
su = 'No'
if not request.form['name']:
g.db.execute("UPDATE users SET name='', su=? WHERE username=?", [su, request.form['username']])
g.db.commit()
elif request.form['name'] and not request.form['password1'] and not request.form['password2']:
g.db.execute("UPDATE users SET name=?, su=? WHERE username=?",
[request.form['name'], su, request.form['username']])
g.db.commit()
elif request.form['name'] and request.form['password1'] and request.form['password2']:
g.db.execute("UPDATE users SET name=?, password=?, su=? WHERE username=?",
[request.form['name'], hash_passwd(request.form['password1']), su,
request.form['username']])
g.db.commit()
elif request.form['password1'] and request.form['password2']:
g.db.execute("UPDATE users SET password=?, su=? WHERE username=?",
[hash_passwd(request.form['password1']), su, request.form['username']])
g.db.commit()
flash(u'Updated', 'success')
else:
flash(u'Invalid name!', 'error')
else:
flash(u'No password match', 'error')
else:
flash(u'Unknown error!', 'error')
users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC")
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True)
return render_template('users.html', containers=lxc.ls(), users=users, nb_users=nb_users, su_users=su_users)
def lwp_users():
"""
Returns users and get posts request : can edit or add user in page.
this funtction uses sqlite3
"""
if session['su'] != 'Yes':
return abort(403)
if AUTH != 'database':
return abort(403, 'You are using an auth method other that database.')
try:
trash = request.args.get('trash')
except KeyError:
trash = 0
gantry = GantryClient(config)
users = g.api.get_users()
su_users = []
for u in users:
if u['su'] == 'Yes':
su_users.append(u)
if request.args.get('token') == session.get('token') and int(trash) == 1 and request.args.get('userid') and \
request.args.get('username'):
if len(users) > 1:
if len(su_users) == 1:
if su_users[0]['username'] == request.args.get('username'):
flash(
u'Can\'t delete the last admin user : %s' %
request.args.get('username'), 'error')
return redirect(url_for('main.lwp_users'))
g.api.delete_user(user_id=request.args.get('userid'))
flash(u'Deleted %s' % request.args.get('username'), 'success')
return redirect(url_for('main.lwp_users'))
flash(u'Can\'t delete the last user!', 'error')
return redirect(url_for('main.lwp_users'))
if request.method == 'POST':
if request.form['newUser'] == 'True':
if not request.form['username'] in [
user['username'] for user in users
]:
if re.match('^\w+$', request.form['username']
) and request.form['password1']:
if request.form['password1'] == request.form['password2']:
if request.form['name']:
if re.match('[a-z A-Z0-9]{3,32}',
request.form['name']):
g.api.create_user(
name=request.form['name'],
username=request.form['username'],
password=hash_passwd(
request.form['password1']))
else:
flash(u'Invalid name!', 'error')
else:
g.api.create_user(
username=request.form['username'],
password=hash_passwd(
request.form['password1']))
users = g.api.get_users()
su_users = []
for u in users:
if u['su'] == Yes:
su_users.append(u)
flash(u'Created %s' % request.form['username'],
'success')
else:
flash(u'No password match', 'error')
else:
flash(u'Invalid username or password!', 'error')
else:
flash(u'Username already exist!', 'error')
elif request.form['newUser'] == 'False':
if re.match('[a-z A-Z0-9]{3,32}', request.form['name']):
if len(su_users) <= 1:
su = 'Yes'
else:
try:
su = request.form['su']
except KeyError:
su = 'No'
update_user = {
'user_id': request.form['id'],
'username': request.form['username'],
'name': request.form.get('name', request.form['username']),
'su': su,
}
if request.form['password1'] and request.form[
'password2'] and request.form[
'password1'] == request.form['password2']:
update_user['password'] = hash_passwd(
request.form['password1'])
elif request.form['password1'] and request.form[
'password2'] and request.form[
'password1'] != request.form['password2']:
flash(u'No password match. Not changed', 'error')
g.api.update_user(request.form['id'], update_user)
users = g.api.get_users()
su_users = []
for u in users:
if u['su'] == 'Yes':
su_users.append(u)
flash(u'Updated', 'success')
else:
flash(u'Invalid name!', 'error')
else:
flash(u'Unknown error!', 'error')
context = {
'users': users,
'su_users': su_users,
}
return render_template('users.html', **context)
def authenticate(self, username, password):
hash_password = hash_passwd(password)
results = Users.select().where((Users.username == username)).limit(1)
return results[0] if len(results) > 0 else None
def authenticate(self, username, password):
hash_password = hash_passwd(password)
return query_db('select name, username, su from users where username=? and password=?', [username, hash_password], one=True)
def install(path):
"""
Installer
"""
exec_path = os.path.abspath(os.path.dirname(sys.argv[0]))
if len(path) > 0:
return redirect('/')
test_file = os.path.join('/etc', id_generator())
can_we_install = False
already_installed = is_already_installed()
#~ print(already_installed)
context = {
'can_we_install': can_we_install,
'already_installed': already_installed,
}
try:
open(test_file, 'w').close()
except:
pass
if os.path.exists(test_file):
context['can_we_install'] = True
os.remove(test_file)
else:
return render_template('installer.html', **context)
context['checks'] = lxc.checkconfig()
if request.method == 'POST':
from lwp.utils import hash_passwd
f = request.form
datadir = f.get('datadir', '/var/lwp')
create(datadir)
conffile = f.get('conffile', '/etc/lwp/lwp.conf')
create(get_parent_path(conffile))
config = ConfigParser()
config['global'] = {}
config['global']['address'] = f.get('address', '127.0.0.1')
config['global']['debug'] = f.get('debug', 'False')
config['global']['port'] = f.get('port', '5000')
config['global']['auth'] = f.get('auth', 'database')
config['global']['prefix'] = f.get('prefix', '')
config['storage_repository'] = {}
config['storage_repository']['local'] = f.get(
'local_storage_repository', 'backups')
create(os.path.join(datadir, config['storage_repository']['local']))
config['database'] = {}
config['database']['file'] = f.get('database_uri',
'sqlite:////var/lwp/lwp.db')
config['session'] = {}
config['session']['time'] = f.get('time', '10')
config['api'] = {}
internal_token = hash_passwd('lwp')
config['api']['username'] = f.get('api_username', 'admin')
config['api']['token'] = f.get('api_token', internal_token)
with open(conffile, 'w') as configfile:
config.write(configfile)
from lwp.database.models import get_database, Users, ApiTokens, Projects, Hosts, Containers, ContainerTag, Tags
database = get_database()
database.create_tables([
Users, ApiTokens, Projects, Hosts, Containers, ContainerTag, Tags
])
admin = Users.create(name='Admin',
username='******',
su='Yes',
password=hash_passwd('admin'))
ApiTokens.create(username='******',
description='internal',
token=internal_token)
host = Hosts.create(hostname=socket.gethostname(),
admin=admin,
api_token=config['api']['token'],
api_user=config['api']['username'])
default_project = Projects.create(
title='Default',
description='Default project to start with',
admin=admin)
subprocess.check_call('touch {}'.format(exec_path), shell=True)
context['already_installed'] = is_already_installed()
return render_template('installer.html', **context)
def authenticate(self, username, password):
hash_password = hash_passwd(password)
return query_db(
'select name, username, su from users where username=? and password=?',
[username, hash_password],
one=True)
def lwp_users():
"""
returns users and get posts request : can edit or add user in page.
this funtction uses sqlite3
"""
if session["su"] != "Yes":
return abort(403)
if AUTH != "database":
return abort(403, "You are using an auth method other that database.")
try:
trash = request.args.get("trash")
except KeyError:
trash = 0
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True)
if (
request.args.get("token") == session.get("token")
and int(trash) == 1
and request.args.get("userid")
and request.args.get("username")
):
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
if nb_users["num"] > 1:
if su_users["num"] <= 1:
su_user = query_db("SELECT username FROM users WHERE su='Yes'", [], one=True)
if su_user["username"] == request.args.get("username"):
flash(u"Can't delete the last admin user : %s" % request.args.get("username"), "error")
return redirect(url_for("main.lwp_users"))
g.db.execute(
"DELETE FROM users WHERE id=? AND username=?",
[request.args.get("userid"), request.args.get("username")],
)
g.db.commit()
flash(u"Deleted %s" % request.args.get("username"), "success")
return redirect(url_for("main.lwp_users"))
flash(u"Can't delete the last user!", "error")
return redirect(url_for("main.lwp_users"))
if request.method == "POST":
users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC")
if request.form["newUser"] == "True":
if not request.form["username"] in [user["username"] for user in users]:
if re.match("^\w+$", request.form["username"]) and request.form["password1"]:
if request.form["password1"] == request.form["password2"]:
if request.form["name"]:
if re.match("[a-z A-Z0-9]{3,32}", request.form["name"]):
g.db.execute(
"INSERT INTO users (name, username, password) VALUES (?, ?, ?)",
[
request.form["name"],
request.form["username"],
hash_passwd(request.form["password1"]),
],
)
g.db.commit()
else:
flash(u"Invalid name!", "error")
else:
g.db.execute(
"INSERT INTO users (username, password) VALUES (?, ?)",
[request.form["username"], hash_passwd(request.form["password1"])],
)
g.db.commit()
flash(u"Created %s" % request.form["username"], "success")
else:
flash(u"No password match", "error")
else:
flash(u"Invalid username or password!", "error")
else:
flash(u"Username already exist!", "error")
elif request.form["newUser"] == "False":
if request.form["password1"] == request.form["password2"]:
if re.match("[a-z A-Z0-9]{3,32}", request.form["name"]):
if su_users["num"] <= 1:
su = "Yes"
else:
try:
su = request.form["su"]
except KeyError:
su = "No"
if not request.form["name"]:
g.db.execute("UPDATE users SET name='', su=? WHERE username=?", [su, request.form["username"]])
g.db.commit()
elif request.form["name"] and not request.form["password1"] and not request.form["password2"]:
g.db.execute(
"UPDATE users SET name=?, su=? WHERE username=?",
[request.form["name"], su, request.form["username"]],
)
g.db.commit()
elif request.form["name"] and request.form["password1"] and request.form["password2"]:
g.db.execute(
"UPDATE users SET name=?, password=?, su=? WHERE username=?",
[
request.form["name"],
hash_passwd(request.form["password1"]),
su,
request.form["username"],
],
)
g.db.commit()
elif request.form["password1"] and request.form["password2"]:
g.db.execute(
"UPDATE users SET password=?, su=? WHERE username=?",
[hash_passwd(request.form["password1"]), su, request.form["username"]],
)
g.db.commit()
flash(u"Updated", "success")
else:
flash(u"Invalid name!", "error")
else:
flash(u"No password match", "error")
else:
flash(u"Unknown error!", "error")
users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC")
nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True)
su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True)
return render_template("users.html", containers=lxc.ls(), users=users, nb_users=nb_users, su_users=su_users)