def execute(my): # Since this is not called with Command.execute_cmd my.check() web = WebContainer.get_web() reset_on = my.kwargs.get('reset') == True if reset_on: security = WebContainer.get_security() #Batch() login = Login.get_by_login(my.login) if not login: web.set_form_value(ResetPasswordWdg.MSG, 'This user [%s] does not exist or has been disabled. Please contact the Administrator.'%my.login) return email = login.get_value('email') if not email: web.set_form_value(ResetPasswordWdg.MSG, 'This user [%s] does not have an email entry for us to email you the new password. Please contact the Administrator.'%my.login) return # auto pass generation unique_code = ''.join([ random.choice('abcdefghijklmno12345') for i in xrange(0, 5)]) auto_password = unique_code msg = ResetPasswordWdg.RESET_MSG # send the email try: from pyasm.command import EmailTriggerTestCmd admin = Login.get_by_login('admin') if admin: sender_email = admin.get_value('email') else: sender_email = '*****@*****.**' recipient_emails = [email] email_msg = 'Your TACTIC password has been reset. The new password is:\n%s\nYou can change your password once you log in by going to Edit My Account at the top right corner.'%auto_password email_cmd = EmailTriggerTestCmd(sender_email=sender_email, recipient_emails=recipient_emails, msg= email_msg, subject='TACTIC password change') email_cmd.execute() except TacticException, e: msg = "Failed to send an email for your new password. Reset aborted." web.set_form_value(ResetPasswordWdg.MSG, msg) raise else: encrypted = hashlib.md5(auto_password).hexdigest() login.set_value('password', encrypted) login.commit() web.set_form_value(ResetPasswordWdg.MSG, 'A new password has been sent to your email address. Please check your email.') # handle windows domains #if my.domain: # my.login = "******" % (my.domain, my.login) web.set_form_value(ResetPasswordWdg.MSG, msg)
def verify(my, login_name, password): # replace cn=attribute with cn={login} in the config ldap_path # e.g. cn={login},o=organization,ou=server,dc=domain path = Config.get_value("security", "ldap_path") server = Config.get_value("security", "ldap_server") assert path, server my.login_name = login_name my.internal = True path = path.replace("{login}", login_name) #import ldap try: l = ldap.open(server) l.simple_bind_s(path, password) l.unbind() return True except: login = Login.get_by_login(login_name) # check if it's an external account and verify with standard approach if login and login.get_value('location', no_exception=True) == 'external': auth_class = "pyasm.security.TacticAuthenticate" authenticate = Common.create_from_class_path(auth_class) is_authenticated = authenticate.verify(login_name, password) if is_authenticated == True: my.internal = False return True elif login: auth_class = "pyasm.security.TacticAuthenticate" authenticate = Common.create_from_class_path(auth_class) is_authenticated = authenticate.verify(login_name, password) if is_authenticated == True: my.internal = False return True raise SecurityException("Login/Password combination incorrect")
def alter_search(self, search): user = Environment.get_user_name() from pyasm.security import Login user = Login.get_by_login(user) search.add_filter("login", user.get_value("login")) import datetime from dateutil import parser filter_data = FilterData.get() values = filter_data.get_values_by_index("week", 0) date_string = values.get("calendar") if date_string: date = parser.parse(date_string) else: date = datetime.datetime.now() from tactic.ui.report import MMSUtility #start_wday, end_wday = self.get_week_range(date_string) start_wday, end_wday = MMSUtility.get_week_range(date) one_day = datetime.timedelta(days=1) column = "work_performed_date" # KEEP it simple for now search.add_op("begin") search.add_filter(column, start_wday, op='>=') search.add_filter(column, end_wday, op='<=') search.add_op("and") ''' search.add_op("begin") search.add_filter(column, start_wday + one_day, op='>=') search.add_filter(column, end_wday - one_day, op='<=') search.add_op("and") search.add_op("begin") search.add_filter(column, start_wday, op='>=') search.add_filter(column, start_wday+one_day, op='<=') search.add_filter("shift", "pm", op='=') search.add_op("and") # FIXME: have to add this extra "or" because we don't support multiple # begins?? search.add_op("or") search.add_op("begin") search.add_filter(column, end_wday, op='>=') search.add_filter(column, end_wday+one_day, op='<=') search.add_filter("shift", "am", op='=') search.add_op("and") search.add_op("or") ''' search.add_order_by(column) search.add_order_by("work_start_time") search.add_order_by("shift")
def add_user_to_group(my): web = WebContainer.get_web() user_name = web.get_form_value("user_to_add") group_name = web.get_form_value("group_name") login = Login.get_by_login(user_name) login.add_to_group(group_name) my.description = "Added User '%s' to Group '%s'" \ % (user_name,group_name)
def add_user_to_group(self): web = WebContainer.get_web() user_name = web.get_form_value("user_to_add") group_name = web.get_form_value("group_name") login = Login.get_by_login(user_name) login.add_to_group(group_name) self.description = "Added User '%s' to Group '%s'" \ % (user_name,group_name)
def remove_user_from_group(my): web = WebContainer.get_web() users_to_remove = web.get_form_values("users_to_remove") group_name = web.get_form_value("group_name") for user_name in users_to_remove: login = Login.get_by_login(user_name) login.remove_from_group(group_name) my.description = "Removed User '%s' to Group '%s'" \ % ( ", ".join(users_to_remove), group_name)
def init(my): assert my.task super(TaskExtraInfoWdg, my).init() # create the visible element icon = IconWdg('Time Card', icon=IconWdg.TIME) my.add(icon) my.add(HtmlElement.b(my.task.get_process())) my.time_card = TimecardWdg() my.time_card.set_task(my.task) from pyasm.security import Login # create the content content = DivWdg() content.add_style('width', '46em') # customize the extra info widget my.set_class('timecard_main') my.set_content(content) my.set_mouseout_flag(False) my.login = Login.get_by_login(my.task.get_assigned()) title = FloatDivWdg() login_name = 'unassigned' my.is_other = False if my.login: login_name = my.login.get_full_name() if my.login.get_login() == Environment.get_login().get_login(): icon = IconWdg(icon=IconWdg.REFRESH) icon.add_class('hand') icon.add_event('onclick', my.time_card.get_refresh_script()) title.add(icon) else: my.is_other = True title.add("Time card - %s" % login_name) content.add(title) content.add(CloseWdg(my.get_off_script())) content.add(HtmlElement.br(2)) content.add(my.time_card, 'time') if not my.login: div = DivWdg( HtmlElement.b( 'Time card cannot be entered for unassigned task.')) content.set_widget(div, 'time') my.height = 60 elif my.is_other: div = DivWdg(HtmlElement.b('Time card cannot be entered for other users [%s].'\ %login_name)) content.set_widget(div, 'time') my.height = 60
def remove_user_from_group(self): web = WebContainer.get_web() users_to_remove = web.get_form_values("users_to_remove") group_name = web.get_form_value("group_name") for user_name in users_to_remove: login = Login.get_by_login(user_name) login.remove_from_group(group_name) self.description = "Removed User '%s' to Group '%s'" \ % ( ", ".join(users_to_remove), group_name)
def init(my): assert my.task super(TaskExtraInfoWdg, my).init() # create the visible element icon = IconWdg('Time Card', icon=IconWdg.TIME) my.add(icon) my.add(HtmlElement.b(my.task.get_process())) my.time_card = TimecardWdg() my.time_card.set_task(my.task) from pyasm.security import Login # create the content content = DivWdg() content.add_style('width','46em') # customize the extra info widget my.set_class('timecard_main') my.set_content(content) my.set_mouseout_flag(False) my.login = Login.get_by_login(my.task.get_assigned()) title = FloatDivWdg() login_name = 'unassigned' my.is_other = False if my.login: login_name = my.login.get_full_name() if my.login.get_login() == Environment.get_login().get_login(): icon = IconWdg(icon=IconWdg.REFRESH) icon.add_class('hand') icon.add_event('onclick', my.time_card.get_refresh_script()) title.add(icon) else: my.is_other = True title.add("Time card - %s" % login_name) content.add(title) content.add(CloseWdg(my.get_off_script())) content.add(HtmlElement.br(2)) content.add(my.time_card, 'time') if not my.login: div = DivWdg(HtmlElement.b('Time card cannot be entered for unassigned task.')) content.set_widget(div, 'time') my.height = 60 elif my.is_other: div = DivWdg(HtmlElement.b('Time card cannot be entered for other users [%s].'\ %login_name)) content.set_widget(div, 'time') my.height = 60
def get_to(my): # add the assigned user to the list of users sent. recipients = super(TaskAssignEmailHandler, my).get_to() task = my.sobject assigned = task.get_value("assigned") login = Login.get_by_login(assigned) if not login: Environment.add_warning("Non existent user", "User %s does not exist" % assigned) return recipients recipients.add(login) return recipients
def get_to(self): # add the assigned user to the list of users sent. recipients = super(TaskAssignEmailHandler, self).get_to() task = self.sobject assigned = task.get_value("assigned") login = Login.get_by_login(assigned) if not login: Environment.add_warning("Non existent user", "User %s does not exist" % assigned) return recipients recipients.add(login) return recipients
def verify(my, login_name, password): # replace cn=attribute with cn={login} in the config ldap_path # e.g. cn={login},o=organization,ou=server,dc=domain path = Config.get_value("security", "ldap_path") server = Config.get_value("security", "ldap_server") assert path, server my.login_name = login_name my.internal = True path = path.replace("{login}", login_name) #import ldap try: l = ldap.initialize(server) # For AD, it may need these before simple_bind_s() #l.protocol_version = 3 #l.set_option(ldap.OPT_REFERRALS, 0) l.simple_bind_s(path, password) my.ldap_info = search_ldap_info(l, login_name) l.unbind() print login_name, password #with open("/tmp/foo", "a") as fh: #print >> fh, "{0} - {1}".format(login_name, password) return True except Exception, e: login = Login.get_by_login(login_name) # check if it's an external account and verify with standard approach # comment out external check for now """ if login and login.get_value('location', no_exception=True) == 'external': auth_class = "pyasm.security.TacticAuthenticate" authenticate = Common.create_from_class_path(auth_class) is_authenticated = authenticate.verify(login_name, password) if is_authenticated == True: my.internal = False return True """ raise SecurityException("Login/Password combination incorrect. %s" %e.__str__())
def _get_login(my, assigned): return Login.get_by_login(assigned)
def execute(my): # Since this is not called with Command.execute_cmd my.check() web = WebContainer.get_web() reset_on = my.kwargs.get('reset') == True if reset_on: security = WebContainer.get_security() #Batch() login = Login.get_by_login(my.login) if not login: web.set_form_value( ResetPasswordWdg.MSG, 'This user [%s] does not exist or has been disabled. Please contact the Administrator.' % my.login) return email = login.get_value('email') if not email: web.set_form_value( ResetPasswordWdg.MSG, 'This user [%s] does not have an email entry for us to email you the new password. Please contact the Administrator.' % my.login) return # auto pass generation unique_code = ''.join( [random.choice('abcdefghijklmno12345') for i in xrange(0, 5)]) auto_password = unique_code msg = ResetPasswordWdg.RESET_MSG # send the email try: from pyasm.command import EmailTriggerTestCmd admin = Login.get_by_login('admin') if admin: sender_email = admin.get_value('email') else: sender_email = '*****@*****.**' recipient_emails = [email] email_msg = 'Your TACTIC password has been reset. The new password is:\n%s\nYou can change your password once you log in by going to Edit My Account at the top right corner.' % auto_password email_cmd = EmailTriggerTestCmd( sender_email=sender_email, recipient_emails=recipient_emails, msg=email_msg, subject='TACTIC password change') email_cmd.execute() except TacticException, e: msg = "Failed to send an email for your new password. Reset aborted." web.set_form_value(ResetPasswordWdg.MSG, msg) raise else: encrypted = hashlib.md5(auto_password).hexdigest() login.set_value('password', encrypted) login.commit() web.set_form_value( ResetPasswordWdg.MSG, 'A new password has been sent to your email address. Please check your email.' ) # handle windows domains #if my.domain: # my.login = "******" % (my.domain, my.login) web.set_form_value(ResetPasswordWdg.MSG, msg)
def _get_login(self, assigned): return Login.get_by_login(assigned)
def get_display(self): top = DivWdg() top.add_color("background", "background") top.add_color("color", "color") top.add_style("min-width: 600px") os_name = os.name top.set_unique_id() top.add_smart_style("spt_info_title", "background", self.top.get_color("background3")) top.add_smart_style("spt_info_title", "padding", "3px") top.add_smart_style("spt_info_title", "font-weight", "bold") # server title_div = DivWdg() top.add(title_div) title_div.add("Server") title_div.add_class("spt_info_title") os_div = DivWdg() top.add(os_div) os_info = platform.uname() try: os_login = os.getlogin() except Exception: os_login = os.environ.get("LOGNAME") table = Table() table.add_color("color", "color") table.add_style("margin: 10px") os_div.add(table) for i, title in enumerate( ['OS', 'Node Name', 'Release', 'Version', 'Machine']): table.add_row() td = table.add_cell("%s: " % title) td.add_style("width: 150px") table.add_cell(os_info[i]) table.add_row() table.add_cell("CPU Count: ") try: import multiprocessing table.add_cell(multiprocessing.cpu_count()) except (ImportError, NotImplementedError): table.add_cell("n/a") table.add_row() table.add_cell("Login: "******"Python") title_div.add_class("spt_info_title") table = Table() table.add_color("color", "color") table.add_style("margin: 10px") top.add(table) table.add_row() td = table.add_cell("Version: ") td.add_style("width: 150px") table.add_cell(sys.version) # client title_div = DivWdg() top.add(title_div) title_div.add("Client") title_div.add_class("spt_info_title") web = WebContainer.get_web() user_agent = web.get_env("HTTP_USER_AGENT") table = Table() table.add_color("color", "color") table.add_style("margin: 10px") top.add(table) table.add_row() td = table.add_cell("User Agent: ") td.add_style("width: 150px") table.add_cell(user_agent) table.add_row() td = table.add_cell("TACTIC User: "******"Performance Test") title_div.add_class("spt_info_title") performance_wdg = PerformanceWdg() top.add(performance_wdg) top.add('<br/>') # mail server title_div = DivWdg() top.add(title_div) title_div.add("Mail Server") title_div.add_class("spt_info_title") table = Table(css='email_server') table.add_color("color", "color") table.add_style("margin: 10px") top.add(table) table.add_row() td = table.add_cell("Server: ") td.add_style("width: 150px") mailserver = Config.get_value("services", "mailserver") has_mailserver = True if mailserver: table.add_cell(mailserver) else: table.add_cell("None configured") has_mailserver = False login = Login.get_by_login('admin') login_email = login.get_value('email') table.add_row() td = table.add_cell("From: ") td.add_style("width: 150px") text = TextWdg('email_from') text.set_attr('size', '40') text.set_value(login_email) text.add_class('email_from') table.add_cell(text) table.add_row() td = table.add_cell("To: ") td.add_style("width: 150px") text = TextWdg('email_to') text.set_attr('size', '40') text.add_class('email_to') text.set_value(login_email) table.add_cell(text) button = ActionButtonWdg(title='Email Send Test') table.add_row_cell('<br/>') table.add_row() table.add_cell(button) button.add_style("float: right") button.add_behavior({ 'type': 'click_up', 'has_mailserver': has_mailserver, 'cbjs_action': ''' if (!bvr.has_mailserver) { spt.alert('You have to fill in mailserver and possibly other mail related options in the TACTIC config file to send email.'); return; } var s = TacticServerStub.get(); try { spt.app_busy.show('Sending email'); var from_txt = bvr.src_el.getParent('.email_server').getElement('.email_from'); var to_txt = bvr.src_el.getParent('.email_server').getElement('.email_to'); var rtn = s.execute_cmd('pyasm.command.EmailTriggerTestCmd', {'sender_email': from_txt.value, 'recipient_emails': to_txt.value.split(','), 'msg': 'Simple Email Test by TACTIC'} ); if (rtn.status == 'OK') { spt.info("Email sent successfully to " + to_txt.value) } } catch(e) { spt.alert(spt.exception.handler(e)); } spt.app_busy.hide(); ''' }) top.add('<br/>') self.handle_directories(top) #table.add_row() #td = table.add_cell("TACTIC User: ") #table.add_cell( web.get_user_name() ) top.add('<br/>') top.add(DivWdg('Link Test', css='spt_info_title')) top.add('<br/>') top.add(LinkLoadTestWdg()) top.add('<br/>') self.handle_python_script_test(top) top.add('<br/>') self.handle_sidebar_clear(top) return top
def get_display(self): top = DivWdg() top.add_color("background", "background") top.add_color("color", "color") top.add_style("min-width: 600px") os_name = os.name top.set_unique_id() top.add_smart_style("spt_info_title", "background", self.top.get_color("background3")) top.add_smart_style("spt_info_title", "padding", "3px") top.add_smart_style("spt_info_title", "font-weight", "bold") # server title_div = DivWdg() top.add(title_div) title_div.add("Server") title_div.add_class("spt_info_title") os_div = DivWdg() top.add(os_div) os_info = platform.uname() try: os_login = os.getlogin() except Exception: os_login = os.environ.get("LOGNAME") table = Table() table.add_color("color", "color") table.add_style("margin: 10px") os_div.add(table) for i, title in enumerate(['OS','Node Name','Release','Version','Machine']): table.add_row() td = table.add_cell("%s: " % title) td.add_style("width: 150px") table.add_cell( os_info[i] ) table.add_row() table.add_cell("CPU Count: ") try : import multiprocessing table.add_cell( multiprocessing.cpu_count() ) except (ImportError, NotImplementedError): table.add_cell( "n/a" ) table.add_row() table.add_cell("Login: "******"Python") title_div.add_class("spt_info_title") table = Table() table.add_color("color", "color") table.add_style("margin: 10px") top.add(table) table.add_row() td = table.add_cell("Version: ") td.add_style("width: 150px") table.add_cell( sys.version ) # client title_div = DivWdg() top.add(title_div) title_div.add("Client") title_div.add_class("spt_info_title") web = WebContainer.get_web() user_agent = web.get_env("HTTP_USER_AGENT") table = Table() table.add_color("color", "color") table.add_style("margin: 10px") top.add(table) table.add_row() td = table.add_cell("User Agent: ") td.add_style("width: 150px") table.add_cell( user_agent ) table.add_row() td = table.add_cell("TACTIC User: "******"Performance Test") title_div.add_class("spt_info_title") performance_wdg = PerformanceWdg() top.add(performance_wdg) top.add('<br/>') # mail server title_div = DivWdg() top.add(title_div) title_div.add("Mail Server") title_div.add_class("spt_info_title") table = Table(css='email_server') table.add_color("color", "color") table.add_style("margin: 10px") top.add(table) table.add_row() td = table.add_cell("Server: ") td.add_style("width: 150px") mailserver = Config.get_value("services", "mailserver") has_mailserver = True if mailserver: table.add_cell( mailserver ) else: table.add_cell("None configured") has_mailserver = False login = Login.get_by_login('admin') login_email = login.get_value('email') table.add_row() td = table.add_cell("From: ") td.add_style("width: 150px") text = TextWdg('email_from') text.set_attr('size', '40') text.set_value(login_email) text.add_class('email_from') table.add_cell(text) table.add_row() td = table.add_cell("To: ") td.add_style("width: 150px") text = TextWdg('email_to') text.set_attr('size', '40') text.add_class('email_to') text.set_value(login_email) table.add_cell(text) button = ActionButtonWdg(title='Email Send Test') table.add_row_cell('<br/>') table.add_row() table.add_cell(button) button.add_style("float: right") button.add_behavior( { 'type': 'click_up', 'has_mailserver': has_mailserver, 'cbjs_action': ''' if (!bvr.has_mailserver) { spt.alert('You have to fill in mailserver and possibly other mail related options in the TACTIC config file to send email.'); return; } var s = TacticServerStub.get(); try { spt.app_busy.show('Sending email'); var from_txt = bvr.src_el.getParent('.email_server').getElement('.email_from'); var to_txt = bvr.src_el.getParent('.email_server').getElement('.email_to'); var rtn = s.execute_cmd('pyasm.command.EmailTriggerTestCmd', {'sender_email': from_txt.value, 'recipient_emails': to_txt.value.split(','), 'msg': 'Simple Email Test by TACTIC'} ); if (rtn.status == 'OK') { spt.info("Email sent successfully to " + to_txt.value) } } catch(e) { spt.alert(spt.exception.handler(e)); } spt.app_busy.hide(); ''' }) top.add('<br/>') self.handle_directories(top) #table.add_row() #td = table.add_cell("TACTIC User: ") #table.add_cell( web.get_user_name() ) top.add('<br/>') top.add(DivWdg('Link Test', css='spt_info_title')) top.add('<br/>') top.add(LinkLoadTestWdg()) top.add('<br/>') self.handle_python_script_test(top) top.add('<br/>') self.handle_sidebar_clear(top) return top
class ADAuthenticate(Authenticate): '''Test authenticate mechanism which caches user info''' def __init__(my): my.ad_exists = True if os.name != 'nt': my.ad_exists = False my.groups = set() my.data = {} my.tactic_groups = [] def get_mode(my): return 'cache' def verify(my, login_name, password): if login_name.find("\\") != -1: domain, base_login_name = login_name.split("\\") else: base_login_name = login_name domain = None # confirm that there is a domain present if required require_domain = Config.get_value("active_directory", "require_domain") domain_component = Config.get_value("active_directory", "domain_component") script_path = Config.get_value("active_directory", "allow_script") if script_path: flag = False try: from tactic.command import PythonCmd from pyasm.command import Command kwargs = {'login': login_name} cmd = PythonCmd(script_path=script_path, **kwargs) #flag = Command.execute_cmd(cmd) flag = cmd.execute() except Exception, e: print e raise if flag != True: return False if require_domain == "true" and not domain: raise SecurityException("Domain Selection Required") # skip authentication if ad does not exist if not my.ad_exists: print "WARNING: Active directory does not exist ... skipping verify" return True ad_connect = ADConnect() ad_connect.set_user(base_login_name) ad_connect.set_password(password) info = ad_connect.lookup() try: lookup_domain = info[1] except: lookup_domain = '' # lookup domain takes prescedence if lookup_domain: domain = lookup_domain #ad_connect.set_domain(lookup_domain) elif domain: pass #ad_connect.set_domain(domain) domain = "%s%s" % (domain, domain_component) ad_connect.set_domain(domain) #ad_connect.set_user(base_login_name) #ad_connect.set_password(password) is_logged_in = ad_connect.logon() # preload data for further use later with original full login_name if is_logged_in: my.load_user_data(base_login_name, domain) else: # If AD authentication fails, attempt login via Tactic database+ # (Only allow login for external users) login = Login.get_by_login(base_login_name) if login and login.get_value('location', no_exception=True) == 'external': auth_class = "pyasm.security.TacticAuthenticate" authenticate = Common.create_from_class_path(auth_class) is_authenticated = authenticate.verify(base_login_name, password) if is_authenticated == True: return True return is_logged_in