def doManifestLogFile(action):
""" do manifest log file """
service = request.params.get('service', '')
package = request.params.get('package', '')
manifest = request.params.get('manifest', 'active')
if (service == '' or package == ''):
c.errorMsg = 'missing service or package parameter from request'
c.errorCode = Errors.LOG_PARAM_REQUIRED
return render('/derived/error.html')
print 'service/package/manifest ', service, package, manifest
packagePathStr = packagePath(service, package, manifest)
print 'package path ', packagePathStr
pkgInit = PkgInitConfig(service, package, manifest)
pkgConfig = pkgInit.getConfigs()
if not pkgConfig:
c.errorMsg = 'cronus.ini does not exist, view log needs cronus.ini to know log location, please check your cronus package to make sure cronus.ini exist and have property logAppDir'
c.errorCode = Errors.CRONUS_INI_EMPTY_NOT_FOUND
return render('/derived/error.html')
print '*** packageConfig ', pkgConfig
manifestFileName = pkgConfig['logManifestFile']
if (action == 'download'):
return downloadFile(os.path.join(packagePathStr, manifestFileName))
if (action == 'tail'):
lines = request.params.get('size', '100')
return tailFile(os.path.join(packagePathStr, manifestFileName),
lines)
if (action == 'list'):
return manifestFileName
def listAppLogDir(service, manifest, package, shortDirName, dirName):
""" listAppLogDir """
LOG.debug('In ApplogController dirName ' + dirName)
contentType = request.environ['CONTENT_TYPE']
if (not os.path.exists(dirName)):
c.errorMsg = 'App Log directory (%s) missing' % (dirName)
c.errorCode = Errors.LOG_APP_DIR_NOT_FOUND
return render('/derived/error.html')
if (os.path.isfile(dirName)):
if contentType == 'text/plain':
return downloadFile(dirName)
else:
return viewFile(dirName)
if (os.path.isdir(dirName)):
logList = os.listdir(dirName)
if contentType == 'application/json':
return ApplogController.doJSonStr(logList)
else:
fullLogList = []
for fileName in logList:
logList = ApplogController.getAppLogEntryHtml(
service, manifest, package, shortDirName, dirName, fileName)
fullLogList.append(logList)
c.status = fullLogList
c.message = "List Of Files/Directories" + ""
c.absolutePath = dirName
c.menuTab = 'MENU_TAB_APPLOGS'
return render('/derived/appLogDirectory.html')
def login(self):
'''
This is the redirect of the first template
'''
param = request.params
c.defaultRealm = getDefaultRealm()
c.p = {}
c.user = ""
c.title = "LinOTP OpenID Service"
for k in param:
c.p[k] = param[k]
if "openid.claimed_id" == k:
c.user = param[k].rsplit("/", 1)[1]
## if we have already a cookie but
## a difference between login and cookie user
## we show (via /status) that he is already logged in
## and that he first must log out
cookie = request.cookies.get(COOKIE_NAME)
if cookie is not None:
cookie_user, token = cookie.split(":")
if cookie_user != c.user:
c.login = cookie_user
c.message = ("Before logging in as >%s< you have to log out." %
(c.user))
return render("/openid/status.mako")
return render('/openid/login.mako')
def login(self):
'''
This is the redirect of the first template
'''
param = request.params
c.defaultRealm = getDefaultRealm()
c.p = {}
c.user = ""
c.title = "LinOTP OpenID Service"
for k in param:
c.p[k] = param[k]
if "openid.claimed_id" == k:
c.user = param[k].rsplit("/", 1)[1]
## if we have already a cookie but
## a difference between login and cookie user
## we show (via /status) that he is already logged in
## and that he first must log out
cookie = request.cookies.get(COOKIE_NAME)
if cookie is not None:
cookie_user, token = cookie.split(":")
if cookie_user != c.user:
c.login = cookie_user
c.message = ("Before logging in as >%s< you have to log out."
% (c.user))
return render("/openid/status.mako")
return render('/openid/login.mako')
def confirm(self):
"""
Triggered by user action. Confirm, or reject, access.
"""
user = pylons.request.environ['fts3.User.Credentials']
try:
auth, app = self._auth_fields()
if 'accept' in pylons.request.POST:
cookie_csrftoken = pylons.request.cookies.get(
'fts3oauth2_csrf')
form_csrftoken = pylons.request.POST.get('CSRFToken', None)
if cookie_csrftoken != form_csrftoken or cookie_csrftoken is None:
log.critical(
"Got something that looks like a CSRF attempt!")
log.critical("User: %s (%s)" % (user.user_dn, user.method))
log.critical("App id: %s" % auth['client_id'])
log.critical("Origin: %s" %
pylons.request.headers.get('Origin'))
log.critical("Referer: %s" %
pylons.request.headers.get('Referer'))
raise OAuth2Error(
'Cross-site request forgery token mismatch! Authorization denied'
)
log.info(
"User %s authorized application %s with scope %s" %
(user.user_dn, auth['client_id'], auth['state']['scope']))
response = self.oauth2_provider.get_authorization_code(
auth['response_type'], auth['client_id'],
auth['redirect_uri'], **auth['state'])
for k, v in response.headers.iteritems():
pylons.response.headers[str(k)] = str(v)
if auth['redirect_uri'] == URN_NO_REDIRECT:
location = pylons.response.headers['Location']
del pylons.response.headers['Location']
return render('/authz_noredirect.html',
extra_vars={
'params':
urlparse.parse_qs(
urlparse.urlparse(location).query),
'site':
pylons.config['fts3.SiteName']
})
else:
pylons.response.status_int = response.status_code
return response.raw
else:
redirect(url_for(controller='oauth2', action='get_my_apps'),
code=HTTPSeeOther.code)
except OAuth2Error, e:
pylons.response.status_int = 403
return render('/authz_failure.html',
extra_vars={
'reason': str(e),
'site': pylons.config['fts3.SiteName']
})
def doManifestLogFile(action):
""" do manifest log file """
service = request.params.get('service', '')
package = request.params.get('package', '')
manifest = request.params.get('manifest', 'active')
if (service == '' or package == ''):
c.errorMsg = 'missing service or package parameter from request'
c.errorCode = Errors.LOG_PARAM_REQUIRED
return render('/derived/error.html')
print 'service/package/manifest ', service, package, manifest
packagePathStr = packagePath(service, package, manifest)
print 'package path ', packagePathStr
pkgInit = PkgInitConfig(service, package, manifest)
pkgConfig = pkgInit.getConfigs()
if not pkgConfig:
c.errorMsg = 'cronus.ini does not exist, view log needs cronus.ini to know log location, please check your cronus package to make sure cronus.ini exist and have property logAppDir'
c.errorCode = Errors.CRONUS_INI_EMPTY_NOT_FOUND
return render('/derived/error.html')
print '*** packageConfig ', pkgConfig
manifestFileName = pkgConfig['logManifestFile']
if (action == 'download'):
return downloadFile(os.path.join(packagePathStr, manifestFileName))
if (action == 'tail'):
lines = request.params.get('size', '100')
return tailFile(os.path.join(packagePathStr, manifestFileName), lines)
if (action == 'list'):
return manifestFileName
def listAllAppLogDir(service, manifest, package, shortDirName, packagePathStr, appLogDirList):
""" listAllAppLogDir """
if (len(appLogDirList) < 1):
c.errorMsg = 'Could not find logDirs config values in config file %s' % (appLogDirList)
c.errorCode = Errors.LOG_APP_DIR_CONFIG_MISSING
return render('/derived/error.html')
for fileName in appLogDirList:
if (not os.path.exists(os.path.join(packagePathStr, fileName))):
c.errorMsg = 'App Log directory (%s) missing' % (fileName)
c.errorCode = Errors.LOG_APP_DIR_NOT_FOUND
return render('/derived/error.html')
if (request.environ['CONTENT_TYPE'] == 'application/json'):
return ApplogController.doJSonStr(appLogDirList)
else:
fullLogList = []
for fileName in appLogDirList:
logList = ApplogController.getAppLogEntryHtml(
service, manifest, package, shortDirName, packagePathStr, fileName)
fullLogList.append(logList)
c.status = fullLogList
c.message = "List Of Files/Directories"
c.absolutePath = packagePathStr
c.menuTab = 'MENU_TAB_APPLOGS'
return render('/derived/appLogDirectory.html')
def cache_content(self, key, do_work, template):
"""Argh!
Okay, so. Use this when you want to cache the BODY of a page but not
the CHROME (i.e., wrapper or base or whatever).
``key``
The key that uniquely identifies this particular rendering of this
page content.
``do_work``
Some function that will stuff a bunch of expensive data in c. This
will only be called if the page hasn't yet been cached. It'll be
passed the key.
``template``
Name of the template to use.
Also, DO NOT FORGET TO wrap the cachable part of your template in a
<%lib:cache_content> tag, or nothing will get cached!
If a page body is pulled from cache, c.timer.from_cache will be set to
True. If the page had to be generated, it will be set to False. (If
this function wasn't involved at all, it will be set to None.)
"""
# Content needs to be cached per-language
key = u"{0}/{1}".format(key, c.lang)
# Cache for... ten hours? Sure, whatever
content_cache = cache.get_cache("content_cache:" + template, expiretime=36000)
# XXX This is dumb. Caches don't actually respect the 'enabled'
# setting, so we gotta fake it.
if not content_cache.nsargs.get("enabled", True):
def skip_cache(context, mako_def):
do_work(key)
mako_def.body()
c._cache_me = skip_cache
return render(template)
# These pages can be pretty big. In the case of e.g. memcached, that's
# a lot of RAM spent on giant pages that consist half of whitespace.
# Solution: gzip everything. Use level 1 for speed!
def cache_me(context, mako_def):
c.timer.from_cache = True
def generate_page():
c.timer.from_cache = False
do_work(key)
return zlib.compress(capture(context, mako_def.body).encode("utf8"), 1)
context.write(zlib.decompress(content_cache.get_value(key=key, createfunc=generate_page)).decode("utf8"))
c._cache_me = cache_me
return render(template)
def add_dynamic_selfservice_enrollment(config, actions):
'''
add_dynamic_actions - load the html of the dynamic tokens
according to the policy definition
:param actions: the allowd policy actions for the current scope
:type actions: array of actions names
:return: hash of {tokentype : html for tab}
'''
dynanmic_actions = {}
g = config['pylons.app_globals']
tokenclasses = g.tokenclasses
for tok in tokenclasses.keys():
tclass = tokenclasses.get(tok)
tclass_object = newToken(tclass)
if hasattr(tclass_object, 'getClassInfo'):
try:
selfservice = tclass_object.getClassInfo('selfservice', ret=None)
# # check if we have a policy in the token definition for the enroll
if selfservice.has_key('enroll') and 'enroll' + tok.upper() in actions:
service = selfservice.get('enroll')
tab = service.get('title')
c.scope = tab.get('scope')
t_file = tab.get('html')
t_html = render(t_file)
''' remove empty lines '''
t_html = '\n'.join([line for line in t_html.split('\n') if line.strip() != ''])
e_name = "%s.%s.%s" % (tok, 'selfservice', 'enroll')
dynanmic_actions[e_name] = t_html
# # check if there are other selfserive policy actions
policy = tclass_object.getClassInfo('policy', ret=None)
if 'selfservice' in policy:
selfserv_policies = policy.get('selfservice').keys()
for action in actions:
if action in selfserv_policies:
# # now lookup, if there is an additional section
# # in the selfservice to render
service = selfservice.get(action)
tab = service.get('title')
c.scope = tab.get('scope')
t_file = tab.get('html')
t_html = render(t_file)
''' remove empty lines '''
t_html = '\n'.join([line for line in t_html.split('\n') if line.strip() != ''])
e_name = "%s.%s.%s" % (tok, 'selfservice', action)
dynanmic_actions[e_name] = t_html
except Exception as e:
log.info('[_add_dynamic_actions] no policy for tokentype '
'%s found (%r)' % (unicode(tok), e))
return dynanmic_actions
def add_dynamic_selfservice_enrollment(config, actions):
'''
add_dynamic_actions - load the html of the dynamic tokens
according to the policy definition
:param actions: the allowd policy actions for the current scope
:type actions: array of actions names
:return: hash of {tokentype : html for tab}
'''
dynanmic_actions = {}
g = config['pylons.app_globals']
tokenclasses = g.tokenclasses
for tok in tokenclasses.keys():
tclass = tokenclasses.get(tok)
tclass_object = newToken(tclass)
if hasattr(tclass_object, 'getClassInfo'):
try:
selfservice = tclass_object.getClassInfo('selfservice', ret=None)
# # check if we have a policy in the token definition for the enroll
if selfservice.has_key('enroll') and 'enroll' + tok.upper() in actions:
service = selfservice.get('enroll')
tab = service.get('title')
c.scope = tab.get('scope')
t_file = tab.get('html')
t_html = render(t_file)
''' remove empty lines '''
t_html = '\n'.join([line for line in t_html.split('\n') if line.strip() != ''])
e_name = "%s.%s.%s" % (tok, 'selfservice', 'enroll')
dynanmic_actions[e_name] = t_html
# # check if there are other selfserive policy actions
policy = tclass_object.getClassInfo('policy', ret=None)
if 'selfservice' in policy:
selfserv_policies = policy.get('selfservice').keys()
for action in actions:
if action in selfserv_policies:
# # now lookup, if there is an additional section
# # in the selfservice to render
service = selfservice.get(action)
tab = service.get('title')
c.scope = tab.get('scope')
t_file = tab.get('html')
t_html = render(t_file)
''' remove empty lines '''
t_html = '\n'.join([line for line in t_html.split('\n') if line.strip() != ''])
e_name = "%s.%s.%s" % (tok, 'selfservice', action)
dynanmic_actions[e_name] = t_html
except Exception as e:
log.info('[_add_dynamic_actions] no policy for tokentype '
'%s found (%r)' % (unicode(tok), e))
return dynanmic_actions
def add_dynamic_selfservice_enrollment(config, actions):
"""
add_dynamic_actions - load the html of the dynamic tokens
according to the policy definition
:param actions: the allowd policy actions for the current scope
:type actions: array of actions names
:return: hash of {tokentype : html for tab}
"""
dynanmic_actions = {}
g = config["pylons.app_globals"]
tokenclasses = g.tokenclasses
for tok in tokenclasses.keys():
tclass = tokenclasses.get(tok)
tclass_object = newToken(tclass)
if hasattr(tclass_object, "getClassInfo"):
try:
selfservice = tclass_object.getClassInfo("selfservice", ret=None)
# # check if we have a policy in the token definition for the enroll
if selfservice.has_key("enroll") and "enroll" + tok.upper() in actions:
service = selfservice.get("enroll")
tab = service.get("title")
c.scope = tab.get("scope")
t_file = tab.get("html")
t_html = render(t_file)
""" remove empty lines """
t_html = "\n".join([line for line in t_html.split("\n") if line.strip() != ""])
e_name = "%s.%s.%s" % (tok, "selfservice", "enroll")
dynanmic_actions[e_name] = t_html
# # check if there are other selfserive policy actions
policy = tclass_object.getClassInfo("policy", ret=None)
if "selfservice" in policy:
selfserv_policies = policy.get("selfservice").keys()
for action in actions:
if action in selfserv_policies:
# # now lookup, if there is an additional section
# # in the selfservice to render
service = selfservice.get(action)
tab = service.get("title")
c.scope = tab.get("scope")
t_file = tab.get("html")
t_html = render(t_file)
""" remove empty lines """
t_html = "\n".join([line for line in t_html.split("\n") if line.strip() != ""])
e_name = "%s.%s.%s" % (tok, "selfservice", action)
dynanmic_actions[e_name] = t_html
except Exception as e:
log.info("[_add_dynamic_actions] no policy for tokentype " "%s found (%r)" % (unicode(tok), e))
return dynanmic_actions
def _getTokenTypeConfig(section='config'):
'''
_getTokenTypeConfig - retrieve from the dynamic token the
tokentype section, eg. config or enroll
:param section: the section of the tokentypeconfig
:type section: string
:return: dict with tab and page definition (rendered)
:rtype: dict
'''
res = {}
g = config['pylons.app_globals']
tokenclasses = g.tokenclasses
for tok in tokenclasses.keys():
tclass = tokenclasses.get(tok)
tclass_object = newToken(tclass)
if hasattr(tclass_object, 'getClassInfo'):
conf = tclass_object.getClassInfo(section, ret={})
## set globale render scope, so that the mako
## renderer will return only a subsection from the template
p_html = ''
t_html = ''
try:
page = conf.get('page')
c.scope = page.get('scope')
p_html = render(os.path.sep + page.get('html'))
p_html = remove_empty_lines(p_html)
tab = conf.get('title')
c.scope = tab.get('scope')
t_html = render(os.path.sep + tab.get('html'))
t_html = remove_empty_lines(t_html)
except CompileException as ex:
log.error(
"[_getTokenTypeConfig] compile error while processing %r.%r:"
% (tok, section))
log.error("[_getTokenTypeConfig] %r" % ex)
log.error("[_getTokenTypeConfig] %s" % traceback.format_exc())
raise Exception(ex)
except Exception as e:
log.debug('no config for token type %r (%r)' % (tok, e))
p_html = ''
if len(p_html) > 0:
res[tok] = {'html': p_html, 'title': t_html}
return res
def _getTokenTypeConfig(section='config'):
'''
_getTokenTypeConfig - retrieve from the dynamic token the
tokentype section, eg. config or enroll
:param section: the section of the tokentypeconfig
:type section: string
:return: dict with tab and page definition (rendered)
:rtype: dict
'''
res = {}
g = config['pylons.app_globals']
tokenclasses = g.tokenclasses
for tok in tokenclasses.keys():
tclass = tokenclasses.get(tok)
tclass_object = newToken(tclass)
if hasattr(tclass_object, 'getClassInfo'):
conf = tclass_object.getClassInfo(section, ret={})
## set globale render scope, so that the mako
## renderer will return only a subsection from the template
p_html = ''
t_html = ''
try:
page = conf.get('page')
c.scope = page.get('scope')
p_html = render(os.path.sep + page.get('html'))
p_html = remove_empty_lines(p_html)
tab = conf.get('title')
c.scope = tab.get('scope')
t_html = render(os.path.sep + tab.get('html'))
t_html = remove_empty_lines(t_html)
except CompileException as ex:
log.error("[_getTokenTypeConfig] compile error while processing %r.%r:" % (tok, section))
log.error("[_getTokenTypeConfig] %r" % ex)
log.error("[_getTokenTypeConfig] %s" % traceback.format_exc())
raise Exception(ex)
except Exception as e:
log.debug('no config for token type %r (%r)' % (tok, e))
p_html = ''
if len (p_html) > 0:
res[tok] = { 'html' : p_html, 'title' : t_html}
return res
def _getTokenTypeConfig(section="config"):
"""
_getTokenTypeConfig - retrieve from the dynamic token the
tokentype section, eg. config or enroll
:param section: the section of the tokentypeconfig
:type section: string
:return: dict with tab and page definition (rendered)
:rtype: dict
"""
res = {}
g = config["pylons.app_globals"]
tokenclasses = g.tokenclasses
for tok in tokenclasses.keys():
tclass = tokenclasses.get(tok)
tclass_object = newToken(tclass)
if hasattr(tclass_object, "getClassInfo"):
conf = tclass_object.getClassInfo(section, ret={})
## set globale render scope, so that the mako
## renderer will return only a subsection from the template
p_html = ""
t_html = ""
try:
page = conf.get("page")
c.scope = page.get("scope")
p_html = render(os.path.sep + page.get("html"))
p_html = remove_empty_lines(p_html)
tab = conf.get("title")
c.scope = tab.get("scope")
t_html = render(os.path.sep + tab.get("html"))
t_html = remove_empty_lines(t_html)
except CompileException as ex:
log.exception("[_getTokenTypeConfig] compile error while processing %r.%r:" % (tok, section))
log.error("[_getTokenTypeConfig] %r" % ex)
raise Exception(ex)
except Exception as e:
log.debug("no config for token type %r (%r)" % (tok, e))
p_html = ""
if len(p_html) > 0:
res[tok] = {"html": p_html, "title": t_html}
return res
def doAppLogFile(action):
""" listAppLog """
service = request.params.get('service', '')
package = request.params.get('package', '')
manifest = request.params.get('manifest', 'active')
if (service == '' or package == ''):
c.errorMsg = 'missing service or package parameter from request'
c.errorCode = Errors.LOG_PARAM_REQUIRED
return render('/derived/error.html')
packagePathStr = packagePath(service, manifest, package)
if (not os.path.isdir(packagePathStr)):
return ModulelogController.listManifests(service)
LOG.info('In ModuleLogController doAppLogFile ' + packagePathStr)
pkgInit = PkgInitConfig(service, manifest, package)
pkgConfig = pkgInit.getConfigs()
if not pkgConfig:
c.errorMsg = 'cronus.ini does not exist, view log needs cronus.ini to know log location, please check your cronus package to make sure cronus.ini exist and have property logAppDir'
c.errorCode = Errors.CRONUS_INI_EMPTY_NOT_FOUND
return render('/derived/error.html')
logAppDirList = pkgConfig['logAppDir']
dirName = request.params.get('dirName', '')
fileName = request.params.get('fileName', '')
if (action == 'list'):
if (fileName != '' and dirName != ''):
dirName = os.path.join(dirName, fileName)
if (dirName != ''):
return ModulelogController.listAppLogDir(
service, manifest, package, dirName,
os.path.join(packagePathStr, dirName))
else:
return ModulelogController.listAllAppLogDir(
service, manifest, package, dirName, packagePathStr,
logAppDirList)
if (dirName == '' or fileName == ''):
c.errorMsg = 'tail/download App log requires dirName & FileName params missing'
c.errorCode = Errors.NOT_ENOUGH_PARAMS
return render('/derived/error.html')
if (action == 'tail'):
lines = request.params.get('size', '100')
return tailFile(os.path.join(packagePathStr, dirName, fileName),
lines)
if (action == 'download'):
return downloadFile(os.path.join(packagePathStr, dirName,
fileName))
def document(self):
"""Render the error document"""
resp = request.environ.get('pylons.original_response')
content = literal(resp.body) or cgi.escape(request.GET.get('message', ''))
code = resp.status_int
if code == 404:
return render('/404.mako')
elif code == 500:
return render('/500.mako')
page = error_document_template % \
dict(prefix=request.environ.get('SCRIPT_NAME', ''),
code=cgi.escape(request.GET.get('code', str(resp.status_int))),
message=content)
return page
def view(self, id):
"""
The primary view page for an organism
"""
organism_guid = id
credentials = m.login("kconragan", "dulcev1da")
query = {
"*" : None,
"guid" : '#' + id,
"type" : "/user/kconragan/scuba_diving/marine_creature",
"/common/topic/article" : [{}],
"/common/topic/image" : [{}]
}
c.content = m.read(query, credentials)
related_query = [{
"higher_classification" : c.content['higher_classification'],
"name" : [],
"guid" : None,
"type" : "/biology/organism_classification"
}]
c.related = m.read(related_query, credentials)
return render('/derived/organism/view.html')
def accept_inner(f, *args, **kwargs):
try:
best_match = pylons.request.accept.best_match(
offers, default_match='application/json')
except:
best_match = 'application/json'
if not best_match:
raise HTTPNotAcceptable('Available: %s' % ', '.join(offers))
data = f(*args, **kwargs)
if best_match == 'text/html':
if html_template:
return render(
html_template,
extra_vars={
'data': data,
'config': pylons.config,
'user': pylons.request.environ['fts3.User.Credentials']
})
else:
return redirect(html_redirect, code=HTTPSeeOther.code)
else:
pylons.response.headers['Content-Type'] = 'application/json'
return to_json(data)
def document(self):
"""Render the error document"""
resp = request.environ.get('pylons.original_response')
content = literal(resp.body) or cgi.escape(request.GET.get('message', ''))
c.code=cgi.escape(request.GET.get('code', str(resp.status_int)))
c.message = content
return render('error/error.mako')
def get_my_apps(self):
"""
Returns the list of registered apps
"""
user = pylons.request.environ['fts3.User.Credentials']
my_apps = Session.query(OAuth2Application).filter(OAuth2Application.owner == user.user_dn).all()
authorized_apps = Session.query(
OAuth2Application.client_id, OAuth2Application.name, OAuth2Application.website,
OAuth2Application.description, OAuth2Token.refresh_token, OAuth2Token.scope, OAuth2Token.expires
).filter((OAuth2Token.dlg_id == user.delegation_id) & (OAuth2Token.client_id == OAuth2Application.client_id))
response = {'apps': my_apps, 'authorized': authorized_apps}
if _accept_html(pylons.request.accept):
pylons.response.headers['Content-Type'] = 'text/html; charset=UTF-8'
response['user'] = user
response['site'] = pylons.config['fts3.SiteName']
return render('/apps.html', extra_vars=response)
else:
pylons.response.headers['Content-Type'] = 'application/json'
# Better serialization for authorized apps
authorized = list()
for auth in authorized_apps:
authorized.append({
'name': auth.name,
'website': auth.website,
'description': auth.description,
'scope': auth.scope,
'expires': auth.expires
})
response['authorized'] = authorized
return to_json(response)
def tokeninfo(self):
'''
this returns the contents of /admin/show?serial=xyz in a html format
'''
param = request.params
try:
serial = getParam(param, 'serial', required)
filterRealm = ""
# check admin authorization
res = checkPolicyPre('admin', 'show', param)
filterRealm = res['realms']
# check if policies are active at all
# If they are not active, we are allowed to SHOW any tokens.
pol = getAdminPolicies("show")
if not pol['active']:
filterRealm = ["*"]
log.info("[tokeninfo] admin >%s< may display the following realms: %s" % (res['admin'], filterRealm))
log.info("[tokeninfo] displaying tokens: serial: %s", serial)
toks = TokenIterator(User("", "", ""), serial, filterRealm=filterRealm)
### now row by row
lines = []
for tok in toks:
lines.append(tok)
if len(lines) > 0:
c.tokeninfo = lines[0]
else:
c.tokeninfo = {}
for k in c.tokeninfo:
if "LinOtp.TokenInfo" == k:
try:
# Try to convert string to Dictionary
c.tokeninfo['LinOtp.TokenInfo'] = json.loads(c.tokeninfo['LinOtp.TokenInfo'])
except:
pass
return render('/manage/tokeninfo.mako')
except PolicyException as pe:
log.error("[tokeninfo] Error during checking policies: %r" % pe)
log.error("[tokeninfo] %s" % traceback.format_exc())
Session.rollback()
return sendError(response, unicode(pe), 1)
except Exception as e:
log.error("[tokeninfo] failed! %r" % e)
log.error("[tokeninfo] %s" % traceback.format_exc())
Session.rollback()
return sendError(response, e)
finally:
Session.close()
log.debug('[tokeninfo] done')
def login(self):
log.debug("[login] selfservice login screen")
identity = request.environ.get('repoze.who.identity')
if identity is not None:
# After login We always redirect to the start page
redirect("/")
res = {}
try:
c.defaultRealm = getDefaultRealm()
res = getRealms()
c.realmArray = []
#log.debug("[login] %s" % str(res) )
for (k, v) in res.items():
c.realmArray.append(k)
c.realmbox = getRealmBox()
log.debug("[login] displaying realmbox: %i" % int(c.realmbox))
Session.commit()
response.status = '%i Logout from LinOTP selfservice' % LOGIN_CODE
return render('/selfservice/login.mako')
except Exception as e:
log.exception('[login] failed %r' % e)
Session.rollback()
return sendError(response, e)
finally:
Session.close()
def get_my_apps(self):
"""
Returns the list of registered apps
"""
user = pylons.request.environ['fts3.User.Credentials']
my_apps = Session.query(OAuth2Application).filter(OAuth2Application.owner == user.user_dn).all()
authorized_apps = Session.query(
OAuth2Application.client_id, OAuth2Application.name, OAuth2Application.website,
OAuth2Application.description, OAuth2Token.refresh_token, OAuth2Token.scope, OAuth2Token.expires,
OAuth2Application.scope
).filter((OAuth2Token.dlg_id == user.delegation_id) & (OAuth2Token.client_id == OAuth2Application.client_id))
response = {'apps': my_apps, 'authorized': authorized_apps}
if _accept_html(pylons.request.accept):
pylons.response.headers['Content-Type'] = 'text/html; charset=UTF-8'
response['user'] = user
response['site'] = pylons.config['fts3.SiteName']
return render('/apps.html', extra_vars=response)
else:
pylons.response.headers['Content-Type'] = 'application/json'
# Better serialization for authorized apps
authorized = list()
for auth in authorized_apps:
authorized.append({
'name': auth.name,
'website': auth.website,
'description': auth.description,
'scope': auth.scope,
'expires': auth.expires
})
response['authorized'] = authorized
return [to_json(response)]
def render(self, **kwargs):
'''Override FormAlchemy rendering to use a Ckan template'''
if hasattr(self, 'form_template') and self.form_template is not None:
c.fieldset = self
return render(self.form_template)
else:
return formalchemy.FieldSet.render(self, **kwargs)
def form(self):
base_url = request.params.get('base_url', "")
service = request.params.get('service', "WMS")
restful = request.params.get('restful', False)
ssurl = request.params.get('ssurl', "")
if base_url and service:
c = ows_checker._checker.OWSCheck(base_url=base_url,
service=service,
#version='1.1.1',
auto=True,
cwd= os.path.join(config['buildout_path'], "ows_checker/settings/"),
ssurl=ssurl,
restful=restful
)
# see http://stackoverflow.com/questions/2352252/how-to-use-dicts-in-mako-templates
#results_dict = to_bunch(c.getResultsOverview())
results_dict = c.getResultsOverview(aggregate=True)
else:
results_dict = None
return render('/owschecker.mako', extra_vars={
'results_dict':results_dict,
'base_url': base_url,
'service': service,
'restful': restful,
'ssurl':ssurl
})
def wrapped_f(*args, **kwargs):
result = f(*args, **kwargs)
extra_vars = {
# Steal a page from TurboGears' book:
# include the genshi XML helper for convenience in templates.
'XML': XML
}
extra_vars.update(result)
# If the provided template path isn't absolute (ie, doesn't start with
# a '/'), then prepend the default search path. By providing the
# template path to genshi as an absolute path, we invoke different
# rules for the resolution of 'xi:include' paths in the template.
# See http://genshi.edgewall.org/browser/trunk/genshi/template/loader.py#L178
if not template.startswith('/'):
tmpl = os.path.join(config['genshi_search_path'], template)
else:
tmpl = template
if request.environ.get('paste.testing', False):
# Make the vars passed from action to template accessible to tests
request.environ['paste.testing_variables']['tmpl_vars'] = result
# Serve application/xhtml+xml instead of text/html during testing.
# This allows us to query the response xhtml as ElementTree XML
# instead of BeautifulSoup HTML.
# NOTE: We do not serve true xhtml to all clients that support it
# because of a bug in Mootools Swiff as of v1.2.4:
# https://mootools.lighthouseapp.com/projects/2706/tickets/758
if response.content_type == 'text/html':
response.content_type = 'application/xhtml+xml'
return render(tmpl, extra_vars=extra_vars)
def userview(self):
'''
This is the template for the token TAB
'''
c.title = "LinOTP Management"
c.tokenArray = []
return render('/manage/userview.mako')
def tokenview(self):
'''
This is the template for the token TAB
'''
c.title = "privacyIDEA Management"
c.tokenArray = []
return render('/manage/tokenview.mako')
def setmpin(self):
'''
In this form the user my set the PIN for his mOTP application soft
token on his phone. This is the pin, he needs to enter on his phone,
before a otp value will be generated.
'''
return render('/selfservice/setmpin.mako')
def userview(self):
"""
This is the template for the token TAB
"""
c.title = "LinOTP Management"
c.tokenArray = []
return render("/manage/userview.mako")
def login(self):
log.debug("[login] selfservice login screen")
identity = request.environ.get('repoze.who.identity')
if identity is not None:
# After login We always redirect to the start page
redirect("/")
res = {}
try:
c.defaultRealm = getDefaultRealm()
res = getRealms()
c.realmArray = []
#log.debug("[login] %s" % str(res) )
for (k, v) in res.items():
c.realmArray.append(k)
c.realmbox = getRealmBox()
log.debug("[login] displaying realmbox: %i" % int(c.realmbox))
Session.commit()
response.status = '%i Logout from LinOTP selfservice' % LOGIN_CODE
return render('/selfservice/login.mako')
except Exception as e:
log.exception('[login] failed %r' % e)
Session.rollback()
return sendError(response, e)
finally:
Session.close()
def tokeninfo(self):
"""
this returns the contents of /admin/show?serial=xyz in a html format
"""
param = request.params
try:
serial = getParam(param, "serial", required)
filterRealm = ""
# check admin authorization
res = checkPolicyPre("admin", "show", param)
filterRealm = res["realms"]
# check if policies are active at all
# If they are not active, we are allowed to SHOW any tokens.
pol = getAdminPolicies("show")
if not pol["active"]:
filterRealm = ["*"]
log.info("[tokeninfo] admin >%s< may display the following realms: %s" % (res["admin"], filterRealm))
log.info("[tokeninfo] displaying tokens: serial: %s", serial)
toks = TokenIterator(User("", "", ""), serial, filterRealm=filterRealm)
### now row by row
lines = []
for tok in toks:
lines.append(tok)
if len(lines) > 0:
c.tokeninfo = lines[0]
else:
c.tokeninfo = {}
for k in c.tokeninfo:
if "LinOtp.TokenInfo" == k:
try:
# Try to convert string to Dictionary
c.tokeninfo["LinOtp.TokenInfo"] = json.loads(c.tokeninfo["LinOtp.TokenInfo"])
except:
pass
return render("/manage/tokeninfo.mako")
except PolicyException as pe:
log.error("[tokeninfo] Error during checking policies: %r" % pe)
log.error("[tokeninfo] %s" % traceback.format_exc())
Session.rollback()
return sendError(response, unicode(pe), 1)
except Exception as e:
log.error("[tokeninfo] failed! %r" % e)
log.error("[tokeninfo] %s" % traceback.format_exc())
Session.rollback()
return sendError(response, e)
finally:
Session.close()
log.debug("[tokeninfo] done")
def usertokenlist(self):
'''
This returns a tokenlist as html output
'''
c.tokenArray = getTokenForUser(self.authUser)
res = render('/selfservice/tokenlist.mako')
return res
def userview(self):
'''
This is the template for the token TAB
'''
c.title = "LinOTP Management"
c.tokenArray = []
return render('/manage/userview.mako')
def setmpin(self):
'''
In this form the user my set the PIN for his mOTP application soft
token on his phone. This is the pin, he needs to enter on his phone,
before a otp value will be generated.
'''
return render('/selfservice/setmpin.mako')
def index(self):
'''
This is the redirect to the first template
'''
c.title = _("LinOTP Self Service")
return render('selfservice/base.mako')
def render(self, **kwargs):
'''Override FormAlchemy rendering to use a Ckan template'''
if hasattr(self, 'form_template') and self.form_template is not None:
c.fieldset = self
return render(self.form_template)
else:
return formalchemy.FieldSet.render(self, **kwargs)
def index(self):
'''
This is the redirect to the first template
'''
c.title = "LinOTP Self Service"
ren = render('/selfservice/base.mako')
return ren
def tokeninfo(self, action, **params):
'''
this returns the contents of /admin/show?serial=xyz in a html format
'''
param = request.params
try:
serial = getParam(param, 'serial', required)
filterRealm = ""
# check admin authorization
res = self.Policy.checkPolicyPre('admin', 'show', param)
filterRealm = res['realms']
# check if policies are active at all
# If they are not active, we are allowed to SHOW any tokens.
pol = self.Policy.getAdminPolicies("show")
if not pol['active']:
filterRealm = ["*"]
log.info("admin >%s< may display the following realms: %s" % (res['admin'], filterRealm))
log.info("displaying tokens: serial: %s", serial)
toks = TokenIterator(User("", "", ""), serial, filterRealm=filterRealm)
### now row by row
lines = []
for tok in toks:
lines.append(tok)
if len(lines) > 0:
c.tokeninfo = lines[0]
else:
c.tokeninfo = {}
for k in c.tokeninfo:
if "privacyIDEA.TokenInfo" == k:
try:
# Try to convert string to Dictionary
c.tokeninfo['privacyIDEA.TokenInfo'] = json.loads(c.tokeninfo['privacyIDEA.TokenInfo'])
except:
pass
return render('/manage/tokeninfo.mako')
except PolicyException as pe:
log.error("Error during checking policies: %r" % pe)
log.error(traceback.format_exc())
Session.rollback()
return sendError(response, unicode(pe), 1)
except Exception as e:
log.error("failed! %r" % e)
log.error(traceback.format_exc())
Session.rollback()
return sendError(response, e)
finally:
Session.close()
def tokeninfo(self):
'''
this returns the contents of /admin/show?serial=xyz in an html format
'''
param = request.params
try:
serial = getParam(param, 'serial', required)
filterRealm = ""
# check admin authorization
res = checkPolicyPre('admin', 'show', param)
# check if policies are active at all
# If they are not active, we are allowed to SHOW any tokens.
filterRealm = ["*"]
if res['active'] and res['realms']:
filterRealm = res['realms']
log.info("[tokeninfo] admin >%s< may display the following realms:"
" %s" % (res['admin'], filterRealm))
log.info("[tokeninfo] displaying tokens: serial: %s", serial)
toks = TokenIterator(User("", "", ""), serial,
filterRealm=filterRealm)
# now row by row
lines = []
for tok in toks:
lines.append(tok)
if len(lines) > 0:
c.tokeninfo = lines[0]
else:
c.tokeninfo = {}
for k in c.tokeninfo:
if "LinOtp.TokenInfo" == k:
try:
# Try to convert string to Dictionary
c.tokeninfo['LinOtp.TokenInfo'] = json.loads(
c.tokeninfo['LinOtp.TokenInfo'])
except:
pass
return render('/manage/tokeninfo.mako')
except PolicyException as pe:
log.exception("[tokeninfo] Error during checking policies: %r" % pe)
Session.rollback()
return sendError(response, unicode(pe), 1)
except Exception as e:
log.exception("[tokeninfo] failed! %r" % e)
Session.rollback()
return sendError(response, e)
finally:
Session.close()
log.debug('[tokeninfo] done')
def tokenview(self):
'''
This is the template for the token TAB
'''
c.title = "LinOTP Management"
c.tokenArray = []
c.getotp_active = config.get("linotpGetotp.active", "False") == "True"
return render('/manage/tokenview.mako')
def doAppLogFile():
""" listAppLog """
service = request.params.get('service', '')
package = request.params.get('package', '')
manifest = request.params.get('manifest', 'active')
if (service == '' or package == ''):
c.errorMsg = 'Missing service or package from request'
c.errorCode = Errors.LOG_PARAM_REQUIRED
return render('/derived/error.html')
packagePathStr = packagePath(service, manifest, package)
if (not os.path.isdir(packagePathStr)):
c.errorMsg = 'Invalid service, manifest, or package from request'
c.errorCode = Errors.LOG_PARAM_REQUIRED
return render('/derived/error.html')
LOG.debug('In ApplogController doAppLogFile ' + packagePathStr)
pkgPath = packagePath(service, manifest, package)
pkgInit = PkgInitConfig(pkgPath)
logDirList = pkgInit.getConfig(PkgInitConfig.KEY_LOGDIRS)
if not logDirList:
c.errorMsg = 'No cronus.ini in package, please check your cronus package to make sure cronus.ini exist and have property logDirs'
c.errorCode = Errors.CRONUS_INI_EMPTY_NOT_FOUND
return render('/derived/error.html')
dirName = request.params.get('dirName', '')
fileName = request.params.get('fileName', '')
if (fileName != '' and dirName != ''):
dirName = os.path.join(dirName, fileName)
if (dirName != ''):
return ApplogController.listAppLogDir(service,
manifest,
package,
dirName,
os.path.join(packagePathStr, dirName))
else:
return ApplogController.listAllAppLogDir(service,
manifest,
package,
dirName,
packagePathStr,
logDirList)
def tokenview(self):
'''
This is the template for the token TAB
'''
c.title = "LinOTP Management"
c.tokenArray = []
c.getotp_active = config.get("linotpGetotp.active", "False") == "True"
return render('/manage/tokenview.mako')
def edit_test(self, id):
testsuite = Session.query(TestSuite).get(int(id))
if testsuite:
c.questions = testsuite.questions
c.testsuite = testsuite
return render('/admin/tests/edit_test.html')
else:
redirect(url(controller='tests', action='index'))
def getPkgUploadPage(self):
""" show existing packages in packages folder """
pkgs = [ os.path.basename(packageDir) for packageDir in os.listdir(PackageMgr.packagePath()) ]
c.content = pkgs
menuTab = "MENU_TAB_PKGS"
c.menuTab = menuTab
return render('/derived/pkgUpload.html')
def document(self):
"""Render the error document"""
resp = request.environ.get('pylons.original_response')
content = literal(resp.body) or cgi.escape(
request.GET.get('message', ''))
c.code = cgi.escape(request.GET.get('code', str(resp.status_int)))
c.message = content
return render('error/error.mako')
def load_form(self):
'''
This shows the enrollment form for a requested token type.
implicit parameters are:
:param type: token type
:param scope: defines the rendering scope
:return: rendered html of the requested token
'''
res = ''
try:
try:
act = self.request_params["type"]
except KeyError:
raise ParameterError("Missing parameter: 'type'", id=905)
try:
(tok, section, scope) = act.split('.')
except Exception:
return res
if section != 'selfservice':
return res
if tok in tokenclass_registry:
tclt = tokenclass_registry.get(tok)
if hasattr(tclt, 'getClassInfo'):
sections = tclt.getClassInfo(section, {})
if scope in sections.keys():
section = sections.get(scope)
page = section.get('page')
c.scope = page.get('scope')
c.authUser = self.authUser
html = page.get('html')
res = render(os.path.sep + html)
res = remove_empty_lines(res)
Session.commit()
return res
except CompileException as exx:
log.exception("[load_form] compile error while processing %r.%r:"
"Exeption was %r" % (tok, scope, exx))
Session.rollback()
raise exx
except Exception as exx:
Session.rollback()
error = ('error (%r) accessing form data for: tok:%r, scope:%r'
', section:%r' % (exx, tok, scope, section))
log.exception(error)
return '<pre>%s</pre>' % error
finally:
Session.close()
def ocra(self):
'''
This is the method for testing ocra tokens
Call it directly in your browser like this
http(s)://server/auth/ocra
'''
log.debug("[ocra] authenticating user")
return render("/auth-ocra.mako")
def qrtoken(self):
'''
This is the method for testing authentication
Call it directly in your browser like this
http(s)://server/auth/qrtoken
'''
log.debug("[qrtoken] authenticating user")
return render("/auth-qrtoken.mako")
def index3(self):
'''
This is the method for testing authentication
Call it directly in your browser like this
http(s)://server/auth/index3
'''
log.debug("[index3] index, authenticating user")
return render("/auth3.mako")
def listManifests(self):
""" listManifests """
service = request.params.get('service', '')
if (service == ''):
c.errorMsg = 'missing service or package parameter from request'
c.errorCode = Errors.LOG_PARAM_REQUIRED
return render('/derived/error.html')
return ModulelogController.doListManifests(service)
def ocra(self):
'''
This is the method for testing ocra tokens
Call it directly in your browser like this
http(s)://server/auth/ocra
'''
log.debug("[ocra] authenticating user")
return render("/auth-ocra.mako")
def register_form(self):
"""
Registration form
"""
user = pylons.request.environ['fts3.User.Credentials']
return render('/app_register.html',
extra_vars={
'user': user,
'site': pylons.config['fts3.SiteName']
})
def pushtoken(self):
'''
This is the method for testing authentication
using your KeyIdentity Push Token
Call it directly in your browser like this
http(s)://server/auth/pushtoken
'''
log.debug("[pushtoken] authenticating user")
return render("/auth-push.mako")
def challenge_response(self):
'''
This is the method for testing challenge-response
authentication
Call it directly in your browser like this
http(s)://server/auth/challenge-response
'''
log.debug("[challenge-response] index, authenticating user")
return render("/auth-challenge-response.mako")
def render(self, **kwargs):
c.resources = self.value or []
# [:] does a copy, so we don't change original
c.resources = c.resources[:]
c.resources.extend([None])
c.id = self.name
c.columns = model.Resource.get_columns()
c.field = self.field
c.fieldset = self.field.parent
return render('package/form_resources.html')
def render(self, **kwargs):
c.resources = self.value or []
# [:] does a copy, so we don't change original
c.resources = c.resources[:]
c.resources.extend([None])
c.id = self.name
c.columns = ('url', 'format', 'description')
c.field = self.field
c.fieldset = self.field.parent
return render('form_resources.html')
def edit_question(self, id, testsuite_id):
question = Session.query(Question).get(int(id))
testsuite = Session.query(TestSuite).get(int(testsuite_id))
if question and testsuite:
c.max_name_length = 50
c.question = question
return render('/admin/tests/edit_question.html')
elif testsuite:
redirect(url(controller='tests', action='edit_test', id=testsuite.id))
else:
redirect(url(controller='tests', action='index'))
def getLogDirectory(self):
""" show log directory """
logList = os.listdir('logs')
for fileName in logList:
if not fileName.endswith('.log'):
logList.remove(fileName)
c.content = logList
menuTab = "MENU_TAB_LOGS"
c.menuTab = menuTab
return render('/derived/logDirectory.html')
