def post(self): b = request.get_json() email = b['email'] password = b['password'] user = g.db.execute_one_dict( ''' SELECT id, password FROM "user" WHERE email = %s ''', [email]) if not user: abort(400, 'Invalid email/password combination') if not bcrypt.checkpw(password.encode('utf8'), user['password'].encode('utf8')): abort(400, 'Invalid email/password combination') token = encode_user_token(user['id']) res = OK('Logged in') res.set_cookie('token', token) return res
def post(self): b = request.get_json() email = b['email'].lower() password = b['password'] user = g.db.execute_one_dict(''' SELECT id, password FROM "user" WHERE email = %s ''', [email]) if user and user['id'] == '00000000-0000-0000-0000-000000000000': # Admin login if not bcrypt.checkpw(password.encode('utf8'), user['password'].encode('utf8')): abort(400, 'Invalid email/password combination') else: ldap_user = authenticate(email, password) if not user: user = g.db.execute_one_dict(''' INSERT INTO "user" (email, username, name) VALUES (%s, %s, %s) RETURNING id ''', [email, ldap_user['cn'], ldap_user['displayName']]) token = encode_user_token(user['id']) g.db.commit() res = OK('Logged in') res.set_cookie('token', token) return res
def post(self): b = request.get_json() email = b['email'] password = b['password'] ldap_user = authenticate(email, password) user = g.db.execute_one_dict( ''' SELECT id FROM "user" WHERE email = %s ''', [email]) if not user: user = g.db.execute_one_dict( ''' INSERT INTO "user" (email, username, name) VALUES (%s, %s, %s) RETURNING id ''', [email, ldap_user['cn'], ldap_user['displayName']]) token = encode_user_token(user['id']) g.db.commit() res = OK('Logged in') res.set_cookie('token', token) return res
def post(self): if os.environ['INFRABOX_ACCOUNT_SIGNUP_ENABLED'] != 'true': abort(404) b = request.get_json() email = b['email'] password1 = b['password1'] password2 = b['password2'] username = b['username'] if password1 != password2: abort(400, 'Passwords don\'t match') e = parseaddr(email) if not e: abort(400, 'Invalid email') if not e[1]: abort(400, 'Invalid email') if not username.isalnum(): abort(400, 'Username is not alphanumeric') user = g.db.execute_one_dict( ''' SELECT id, password FROM "user" WHERE email = %s ''', [email]) if user: abort(400, 'An account with this email already exists') user = g.db.execute_one_dict( ''' SELECT id, password FROM "user" WHERE username = %s ''', [username]) if user: abort(400, 'An account with this username already exists') hashed_password = bcrypt.hashpw(password1.encode('utf8'), bcrypt.gensalt()) user = g.db.execute_one_dict( ''' INSERT into "user" (username, email, password) VALUES (%s, %s, %s) RETURNING ID ''', [username, email, hashed_password]) token = encode_user_token(user['id']) g.db.commit() res = OK('Logged in') res.set_cookie('token', token) return res
def get(self, project_id, job_id): filename = request.args.get('filename', None) if not filename: abort(404) result = g.db.execute_one_dict( ''' SELECT cluster_name FROM job WHERE id = %s AND project_id = %s ''', [job_id, project_id]) if not result or not result['cluster_name']: abort(404) job_cluster = result['cluster_name'] key = '%s/%s' % (job_id, filename) if os.environ['INFRABOX_CLUSTER_NAME'] == job_cluster: f = storage.download_archive(key) else: c = g.db.execute_one_dict( ''' SELECT * FROM cluster WHERE name=%s ''', [job_cluster]) url = '%s/api/v1/projects/%s/jobs/%s/archive/download?filename=%s' % ( c['root_url'], project_id, job_id, filename) try: token = encode_user_token(g.token['user']['id']) except AttributeError: #public project has no token here. token = "" headers = {'Authorization': 'bearer ' + token} logger.info('get archive %s from %s', [filename, url]) # TODO(ib-steffen): allow custom ca bundles r = requests.get(url, headers=headers, timeout=120, verify=False, stream=True) f = r.raw if not f: logger.error(key) abort(404) return send_file(f, as_attachment=True, attachment_filename=os.path.basename(filename))
def get(self, project_id, job_id): token = request.headers.get('Authorization') if token: token = token.replace("bearer ", "").replace("Bearer ","") filename = request.args.get('filename', None) force_download = request.args.get('view', "false") == "false" if not filename: abort(404) result = g.db.execute_one_dict(''' SELECT cluster_name FROM job WHERE id = %s AND project_id = %s ''', [job_id, project_id]) if not result or not result['cluster_name']: abort(404) job_cluster = result['cluster_name'] key = '%s/%s' % (job_id, filename) f = storage.download_archive(key) if not f and os.environ['INFRABOX_CLUSTER_NAME'] != job_cluster: c = g.db.execute_one_dict(''' SELECT * FROM cluster WHERE name=%s ''', [job_cluster]) url = '%s/api/v1/projects/%s/jobs/%s/archive/download?filename=%s' % (c['root_url'], project_id, job_id, filename) if not token: try: token = encode_user_token(g.token['user']['id']) except Exception: #public project has no token here. token = "" headers = {'Authorization': 'bearer ' + token} # TODO(ib-steffen): allow custom ca bundles r = requests.get(url, headers=headers, timeout=120, verify=False) f = BytesIO(r.content) f.seek(0) if not f: abort(404) filename = os.path.basename(filename) return send_file(f, as_attachment=force_download, attachment_filename=filename,\ mimetype=mimetypes.guess_type(filename)[0])
def get(self): state = request.args.get('state') code = request.args.get('code') if not states.get(state, None): abort(401) del states[state] r = requests.post(GITHUB_TOKEN_URL, data={ 'client_id': GITHUB_CLIENT_ID, 'client_secret': GITHUB_CLIENT_SECRET, 'code': code, 'state': state }, headers={'Accept': 'application/json'}) result = r.json() access_token = result['access_token'] r = requests.get(GITHUB_USER_PROFILE_URL, headers={ 'Accept': 'application/json', 'Authorization': 'token %s' % access_token }) gu = r.json() github_id = gu['id'] user = g.db.execute_one_dict(''' SELECT id FROM "user" WHERE github_id = %s ''', [github_id]) if not user: user = g.db.execute_one_dict(''' INSERT INTO "user" (github_id, username, avatar_url, name) VALUES (%s, %s, %s, %s) RETURNING id ''', [github_id, gu['login'], gu['avatar_url'], gu['name']]) user_id = user['id'] g.db.execute(''' UPDATE "user" SET github_api_token = %s WHERE id = %s ''', [access_token, user_id]) g.db.commit() token = encode_user_token(user_id) res = redirect('/dashboard') res.set_cookie('token', token) return res
def post(self): auth = init_saml_auth() auth.process_response() errors = auth.get_errors() logger.info("Request: %s %s", request, request.headers) if len(errors) != 0: logger.error("Authentication failed: %s", "; ".join(errors)) abort(500, "Authentication failed") if not auth.is_authenticated(): logger.error("User returned unauthorized from IdP") abort(401, "Unauthorized") attributes = get_attribute_dict(auth) logger.debug("User data: %s", attributes) email = format_user_field( get_env("INFRABOX_ACCOUNT_SAML_EMAIL_FORMAT"), attributes).lower() # Check if user already exists in database user = g.db.execute_one_dict( """ SELECT id FROM "user" WHERE email = %s """, [email]) if not user: name = format_user_field( get_env("INFRABOX_ACCOUNT_SAML_NAME_FORMAT"), attributes) username = format_user_field( get_env("INFRABOX_ACCOUNT_SAML_USERNAME_FORMAT"), attributes) user = g.db.execute_one_dict( """ INSERT INTO "user" (name, username, email) VALUES (%s, %s, %s) RETURNING id """, [name, username, email]) token = encode_user_token(user["id"]) g.db.commit() redirect_url = get_root_url("global") + "/dashboard/" logger.debug("Redirecting authenticated user to %s", redirect_url) response = redirect(redirect_url) response.set_cookie("token", token) return response
def get_project_headers(self): # pragma: no cover token = encode_user_token(self.user_id) h = {'Authorization': 'token %s' % token} return h
def get_user_authorization(user_id): # pragma: no cover token = encode_user_token(user_id) h = {'Authorization': 'token %s' % token} return h
def get(self): state = request.args.get('state') code = request.args.get('code') t = request.args.get('t', None) if not states.get(state, None): abort(401) del states[state] # TODO(ib-steffen): allow custom ca bundles r = requests.post(GITHUB_TOKEN_URL, data={ 'client_id': GITHUB_CLIENT_ID, 'client_secret': GITHUB_CLIENT_SECRET, 'code': code, 'state': state }, headers={'Accept': 'application/json'}, verify=False) if r.status_code != 200: logger.error(r.text) abort(500) result = r.json() access_token = result['access_token'] check_org(access_token) # TODO(ib-steffen): allow custom ca bundles r = requests.get(GITHUB_USER_PROFILE_URL, headers={ 'Accept': 'application/json', 'Authorization': 'token %s' % access_token }, verify=False) gu = r.json() github_id = gu['id'] if os.environ['INFRABOX_GITHUB_LOGIN_ENABLED'] == 'true': user = g.db.execute_one_dict( ''' SELECT id FROM "user" WHERE github_id = %s ''', [github_id]) if not user: user = g.db.execute_one_dict( ''' INSERT INTO "user" (github_id, username, avatar_url, name) VALUES (%s, %s, %s, %s) RETURNING id ''', [github_id, gu['login'], gu['avatar_url'], gu['name']]) user_id = user['id'] else: if not t: abort(404) user = g.db.execute_one_dict( ''' SELECT id FROM "user" WHERE github_api_token = %s ''', [t]) if not user: abort(404) user_id = user['id'] g.db.execute( ''' UPDATE "user" SET github_api_token = %s, github_id = %s WHERE id = %s ''', [access_token, github_id, user_id]) g.db.commit() token = encode_user_token(user_id) url = get_root_url('global') + '/dashboard/' logger.debug("Redirecting GitHub user to %s", url) res = redirect(url) res.set_cookie('token', token) return res
def get_project_authorization(user_id, project_id): # pragma: no cover user_token = encode_user_token(user_id) project_token = encode_project_token(user_token, project_id) h = {'Authorization': 'token %s' % project_token} return h