def lwp_tokens(): """ returns api tokens info and get posts request: can show/delete or add token in page. this function uses sqlite3, require admin privilege """ if session['su'] != 'Yes': return abort(403) if request.method == 'POST': if request.form['action'] == 'add': # we want to add a new token token = request.form['token'] description = request.form['description'] username = session[ 'username'] # we should save the username due to ldap option g.db.execute( "INSERT INTO api_tokens (username, token, description) VALUES(?, ?, ?)", [username, token, description]) g.db.commit() flash(u'Token %s successfully added!' % token, 'success') if request.args.get('action') == 'del': token = request.args['token'] g.db.execute("DELETE FROM api_tokens WHERE token=?", [token]) g.db.commit() flash(u'Token %s successfully deleted!' % token, 'success') tokens = query_db( "SELECT description, token, username FROM api_tokens ORDER BY token DESC" ) return render_template('tokens.html', containers=lxc.ls(), tokens=tokens)
def lwp_tokens(): """ returns api tokens info and get posts request: can show/delete or add token in page. this function uses sqlite3, require admin privilege """ if session['su'] != 'Yes': return abort(403) if request.method == 'POST': if request.form['action'] == 'add': # we want to add a new token token = request.form['token'] description = request.form['description'] username = session['username'] # we should save the username due to ldap option g.db.execute("INSERT INTO api_tokens (username, token, description) VALUES(?, ?, ?)", [username, token, description]) g.db.commit() flash(u'Token %s successfully added!' % token, 'success') if request.args.get('action') == 'del': token = request.args['token'] g.db.execute("DELETE FROM api_tokens WHERE token=?", [token]) g.db.commit() flash(u'Token %s successfully deleted!' % token, 'success') tokens = query_db("SELECT description, token, username FROM api_tokens ORDER BY token DESC") return render_template('tokens.html', containers=lxc.ls(), tokens=tokens)
def login(): if request.method == 'POST': request_username = request.form['username'] request_passwd = request.form['password'] current_url = request.form['url'] if AUTH == 'ldap': try: l = ldap.initialize('ldap://%s:%d' % (LDAP_HOST, LDAP_PORT)) l.set_option(ldap.OPT_REFERRALS, 0) l.protocol_version = 3 l.simple_bind(LDAP_BIND_DN, LDAP_PASS) q = l.search_s(LDAP_BASE, ldap.SCOPE_SUBTREE, '(&(objectClass=' + OBJECT_CLASS + ')(' + ID_MAPPING + '=' + request_username + '))', [])[0] l.bind_s(q[0], request_passwd, ldap.AUTH_SIMPLE) #set the parameters for user by ldap objectClass user = { 'username': q[1][ID_MAPPING][0].decode('utf8'), 'name': q[1][DISPLAY_MAPPING][0].decode('utf8'), 'su': 'Yes' } except Exception, e: print(str(e)) user = None elif AUTH == 'htpasswd': from lwp.utils import check_htpasswd user = None if check_htpasswd(HTPASSWD_FILE, request_username, request_passwd): user = { 'username': request_username, 'name': request_username, 'su': 'Yes' } elif AUTH == 'pam': user = None p = pam.pam() if p.authenticate(request_username, request_passwd, service=PAM_SERVICE): user = { 'username': request_username, 'name': request_username, 'su': 'Yes' } else: request_passwd = hash_passwd(request_passwd) user = query_db('select name, username, su from users where username=? and password=?', [request_username, request_passwd], one=True) if user: session['logged_in'] = True session['token'] = get_token() session['last_activity'] = int(time.time()) session['username'] = user['username'] session['name'] = user['name'] session['su'] = user['su'] flash(u'You are logged in!', 'success') if current_url == url_for('auth.login'): return redirect(url_for('main.home')) return redirect(current_url) flash(u'Invalid username or password!', 'error')
def lwp_tokens(): """ returns api tokens info and get posts request: can show/delete or add token in page. this function uses sqlite3, require admin privilege """ if session["su"] != "Yes": return abort(403) if request.method == "POST": if request.form["action"] == "add": # we want to add a new token token = request.form["token"] description = request.form["description"] username = session["username"] # we should save the username due to ldap option g.db.execute( "INSERT INTO api_tokens (username, token, description) VALUES(?, ?, ?)", [username, token, description] ) g.db.commit() flash(u"Token %s successfully added!" % token, "success") if request.args.get("action") == "del": token = request.args["token"] g.db.execute("DELETE FROM api_tokens WHERE token=?", [token]) g.db.commit() flash(u"Token %s successfully deleted!" % token, "success") tokens = query_db("SELECT description, token, username FROM api_tokens ORDER BY token DESC") return render_template("tokens.html", containers=lxc.ls(), tokens=tokens)
def login(): if request.method == 'POST': request_username = request.form['username'] request_passwd = request.form['password'] current_url = request.form['url'] if AUTH == 'ldap': try: l = ldap.initialize('ldap://%s:%d' % (LDAP_HOST, LDAP_PORT)) l.set_option(ldap.OPT_REFERRALS, 0) l.protocol_version = 3 l.simple_bind(LDAP_BIND_DN, LDAP_PASS) q = l.search_s(LDAP_BASE, ldap.SCOPE_SUBTREE, '(&(objectClass=' + OBJECT_CLASS + ')(' + ID_MAPPING + '=' + request_username + '))', [])[0] l.bind_s(q[0], request_passwd, ldap.AUTH_SIMPLE) #set the parameters for user by ldap objectClass user = { 'username': q[1][ID_MAPPING][0].decode('utf8'), 'name': q[1][DISPLAY_MAPPING][0].decode('utf8'), 'su': 'Yes' } except Exception, e: print(str(e)) user = None elif AUTH == 'htpasswd': from lwp.utils import check_htpasswd user = None if check_htpasswd(HTPASSWD_FILE, request_username, request_passwd): user = { 'username': request_username, 'name': request_username, 'su': 'Yes' } else: request_passwd = hash_passwd(request_passwd) user = query_db('select name, username, su from users where username=? and password=?', [request_username, request_passwd], one=True) if user: session['logged_in'] = True session['token'] = get_token() session['last_activity'] = int(time.time()) session['username'] = user['username'] session['name'] = user['name'] session['su'] = user['su'] flash(u'You are logged in!', 'success') if current_url == url_for('auth.login'): return redirect(url_for('main.home')) return redirect(current_url) flash(u'Invalid username or password!', 'error')
def lwp_users(): """ returns users and get posts request : can edit or add user in page. this funtction uses sqlite3 """ if session['su'] != 'Yes': return abort(403) if AUTH == 'ldap': return abort(403, 'You are using ldap as AUTH backend.') if AUTH == 'htpasswd': return abort(403, 'You are using htpasswd as AUTH backend.') try: trash = request.args.get('trash') except KeyError: trash = 0 su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True) if request.args.get('token') == session.get('token') and int(trash) == 1 and request.args.get('userid') and \ request.args.get('username'): nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True) if nb_users['num'] > 1: if su_users['num'] <= 1: su_user = query_db("SELECT username FROM users WHERE su='Yes'", [], one=True) if su_user['username'] == request.args.get('username'): flash( u'Can\'t delete the last admin user : %s' % request.args.get('username'), 'error') return redirect(url_for('main.lwp_users')) g.db.execute( "DELETE FROM users WHERE id=? AND username=?", [request.args.get('userid'), request.args.get('username')]) g.db.commit() flash(u'Deleted %s' % request.args.get('username'), 'success') return redirect(url_for('main.lwp_users')) flash(u'Can\'t delete the last user!', 'error') return redirect(url_for('main.lwp_users')) if request.method == 'POST': users = query_db( 'SELECT id, name, username, su FROM users ORDER BY id ASC') if request.form['newUser'] == 'True': if not request.form['username'] in [ user['username'] for user in users ]: if re.match('^\w+$', request.form['username'] ) and request.form['password1']: if request.form['password1'] == request.form['password2']: if request.form['name']: if re.match('[a-z A-Z0-9]{3,32}', request.form['name']): g.db.execute( "INSERT INTO users (name, username, password) VALUES (?, ?, ?)", [ request.form['name'], request.form['username'], hash_passwd(request.form['password1']) ]) g.db.commit() else: flash(u'Invalid name!', 'error') else: g.db.execute( "INSERT INTO users (username, password) VALUES (?, ?)", [ request.form['username'], hash_passwd(request.form['password1']) ]) g.db.commit() flash(u'Created %s' % request.form['username'], 'success') else: flash(u'No password match', 'error') else: flash(u'Invalid username or password!', 'error') else: flash(u'Username already exist!', 'error') elif request.form['newUser'] == 'False': if request.form['password1'] == request.form['password2']: if re.match('[a-z A-Z0-9]{3,32}', request.form['name']): if su_users['num'] <= 1: su = 'Yes' else: try: su = request.form['su'] except KeyError: su = 'No' if not request.form['name']: g.db.execute( "UPDATE users SET name='', su=? WHERE username=?", [su, request.form['username']]) g.db.commit() elif request.form['name'] and not request.form[ 'password1'] and not request.form['password2']: g.db.execute( "UPDATE users SET name=?, su=? WHERE username=?", [ request.form['name'], su, request.form['username'] ]) g.db.commit() elif request.form['name'] and request.form[ 'password1'] and request.form['password2']: g.db.execute( "UPDATE users SET name=?, password=?, su=? WHERE username=?", [ request.form['name'], hash_passwd(request.form['password1']), su, request.form['username'] ]) g.db.commit() elif request.form['password1'] and request.form[ 'password2']: g.db.execute( "UPDATE users SET password=?, su=? WHERE username=?", [ hash_passwd(request.form['password1']), su, request.form['username'] ]) g.db.commit() flash(u'Updated', 'success') else: flash(u'Invalid name!', 'error') else: flash(u'No password match', 'error') else: flash(u'Unknown error!', 'error') users = query_db( "SELECT id, name, username, su FROM users ORDER BY id ASC") nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True) su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True) return render_template('users.html', containers=lxc.ls(), users=users, nb_users=nb_users, su_users=su_users)
def lwp_users(): """ returns users and get posts request : can edit or add user in page. this funtction uses sqlite3 """ if session['su'] != 'Yes': return abort(403) if AUTH != 'database': return abort(403, 'You are using an auth method other that database.') try: trash = request.args.get('trash') except KeyError: trash = 0 su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True) if request.args.get('token') == session.get('token') and int(trash) == 1 and request.args.get('userid') and \ request.args.get('username'): nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True) if nb_users['num'] > 1: if su_users['num'] <= 1: su_user = query_db("SELECT username FROM users WHERE su='Yes'", [], one=True) if su_user['username'] == request.args.get('username'): flash(u'Can\'t delete the last admin user : %s' % request.args.get('username'), 'error') return redirect(url_for('main.lwp_users')) g.db.execute("DELETE FROM users WHERE id=? AND username=?", [request.args.get('userid'), request.args.get('username')]) g.db.commit() flash(u'Deleted %s' % request.args.get('username'), 'success') return redirect(url_for('main.lwp_users')) flash(u'Can\'t delete the last user!', 'error') return redirect(url_for('main.lwp_users')) if request.method == 'POST': users = query_db('SELECT id, name, username, su FROM users ORDER BY id ASC') if request.form['newUser'] == 'True': if not request.form['username'] in [user['username'] for user in users]: if re.match('^\w+$', request.form['username']) and request.form['password1']: if request.form['password1'] == request.form['password2']: if request.form['name']: if re.match('[a-z A-Z0-9]{3,32}', request.form['name']): g.db.execute("INSERT INTO users (name, username, password) VALUES (?, ?, ?)", [request.form['name'], request.form['username'], hash_passwd(request.form['password1'])]) g.db.commit() else: flash(u'Invalid name!', 'error') else: g.db.execute("INSERT INTO users (username, password) VALUES (?, ?)", [request.form['username'], hash_passwd(request.form['password1'])]) g.db.commit() flash(u'Created %s' % request.form['username'], 'success') else: flash(u'No password match', 'error') else: flash(u'Invalid username or password!', 'error') else: flash(u'Username already exist!', 'error') elif request.form['newUser'] == 'False': if request.form['password1'] == request.form['password2']: if re.match('[a-z A-Z0-9]{3,32}', request.form['name']): if su_users['num'] <= 1: su = 'Yes' else: try: su = request.form['su'] except KeyError: su = 'No' if not request.form['name']: g.db.execute("UPDATE users SET name='', su=? WHERE username=?", [su, request.form['username']]) g.db.commit() elif request.form['name'] and not request.form['password1'] and not request.form['password2']: g.db.execute("UPDATE users SET name=?, su=? WHERE username=?", [request.form['name'], su, request.form['username']]) g.db.commit() elif request.form['name'] and request.form['password1'] and request.form['password2']: g.db.execute("UPDATE users SET name=?, password=?, su=? WHERE username=?", [request.form['name'], hash_passwd(request.form['password1']), su, request.form['username']]) g.db.commit() elif request.form['password1'] and request.form['password2']: g.db.execute("UPDATE users SET password=?, su=? WHERE username=?", [hash_passwd(request.form['password1']), su, request.form['username']]) g.db.commit() flash(u'Updated', 'success') else: flash(u'Invalid name!', 'error') else: flash(u'No password match', 'error') else: flash(u'Unknown error!', 'error') users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC") nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True) su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True) return render_template('users.html', containers=lxc.ls(), users=users, nb_users=nb_users, su_users=su_users)
def authenticate(self, username, password): hash_password = hash_passwd(password) return query_db('select name, username, su from users where username=? and password=?', [username, hash_password], one=True)
def authenticate(self, username, password): hash_password = hash_passwd(password) return query_db( 'select name, username, su from users where username=? and password=?', [username, hash_password], one=True)
def lwp_users(): """ returns users and get posts request : can edit or add user in page. this funtction uses sqlite3 """ if session["su"] != "Yes": return abort(403) if AUTH != "database": return abort(403, "You are using an auth method other that database.") try: trash = request.args.get("trash") except KeyError: trash = 0 su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True) if ( request.args.get("token") == session.get("token") and int(trash) == 1 and request.args.get("userid") and request.args.get("username") ): nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True) if nb_users["num"] > 1: if su_users["num"] <= 1: su_user = query_db("SELECT username FROM users WHERE su='Yes'", [], one=True) if su_user["username"] == request.args.get("username"): flash(u"Can't delete the last admin user : %s" % request.args.get("username"), "error") return redirect(url_for("main.lwp_users")) g.db.execute( "DELETE FROM users WHERE id=? AND username=?", [request.args.get("userid"), request.args.get("username")], ) g.db.commit() flash(u"Deleted %s" % request.args.get("username"), "success") return redirect(url_for("main.lwp_users")) flash(u"Can't delete the last user!", "error") return redirect(url_for("main.lwp_users")) if request.method == "POST": users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC") if request.form["newUser"] == "True": if not request.form["username"] in [user["username"] for user in users]: if re.match("^\w+$", request.form["username"]) and request.form["password1"]: if request.form["password1"] == request.form["password2"]: if request.form["name"]: if re.match("[a-z A-Z0-9]{3,32}", request.form["name"]): g.db.execute( "INSERT INTO users (name, username, password) VALUES (?, ?, ?)", [ request.form["name"], request.form["username"], hash_passwd(request.form["password1"]), ], ) g.db.commit() else: flash(u"Invalid name!", "error") else: g.db.execute( "INSERT INTO users (username, password) VALUES (?, ?)", [request.form["username"], hash_passwd(request.form["password1"])], ) g.db.commit() flash(u"Created %s" % request.form["username"], "success") else: flash(u"No password match", "error") else: flash(u"Invalid username or password!", "error") else: flash(u"Username already exist!", "error") elif request.form["newUser"] == "False": if request.form["password1"] == request.form["password2"]: if re.match("[a-z A-Z0-9]{3,32}", request.form["name"]): if su_users["num"] <= 1: su = "Yes" else: try: su = request.form["su"] except KeyError: su = "No" if not request.form["name"]: g.db.execute("UPDATE users SET name='', su=? WHERE username=?", [su, request.form["username"]]) g.db.commit() elif request.form["name"] and not request.form["password1"] and not request.form["password2"]: g.db.execute( "UPDATE users SET name=?, su=? WHERE username=?", [request.form["name"], su, request.form["username"]], ) g.db.commit() elif request.form["name"] and request.form["password1"] and request.form["password2"]: g.db.execute( "UPDATE users SET name=?, password=?, su=? WHERE username=?", [ request.form["name"], hash_passwd(request.form["password1"]), su, request.form["username"], ], ) g.db.commit() elif request.form["password1"] and request.form["password2"]: g.db.execute( "UPDATE users SET password=?, su=? WHERE username=?", [hash_passwd(request.form["password1"]), su, request.form["username"]], ) g.db.commit() flash(u"Updated", "success") else: flash(u"Invalid name!", "error") else: flash(u"No password match", "error") else: flash(u"Unknown error!", "error") users = query_db("SELECT id, name, username, su FROM users ORDER BY id ASC") nb_users = query_db("SELECT COUNT(id) as num FROM users", [], one=True) su_users = query_db("SELECT COUNT(id) as num FROM users WHERE su='Yes'", [], one=True) return render_template("users.html", containers=lxc.ls(), users=users, nb_users=nb_users, su_users=su_users)