def _poll(self):
assert self.ws and self.ws.connected, 'cannot poll while websocket is not connected'
try:
self.call(self.poll_method)
except:
log.warning('no poll response received from {!r}, closing connection, will attempt to reconnect', self.url, exc_info=True)
self.ws.close()
else:
self._last_poll = datetime.now()
def watchlist_guess(self):
try:
from uber.models import Session
with Session() as session:
watchentries = session.guess_attendee_watchentry(self)
return [w.to_dict() for w in watchentries]
except Exception as ex:
log.warning('Error guessing watchlist entry: {}', ex)
return None
def _poll(self):
assert self.ws and self.ws.connected, 'cannot poll while websocket is not connected'
try:
self.call(self.poll_method)
except:
log.warning('no poll response received from {!r}, closing connection, will attempt to reconnect', self.url, exc_info=True)
self.ws.close()
else:
self._last_poll = datetime.now()
def check_authentication(cls):
host, origin = cherrypy.request.headers['host'], cherrypy.request.headers['origin']
if ('//' + host) not in origin:
log.error('Javascript websocket connections must follow same-origin policy; origin {!r} does not match host {!r}', origin, host)
raise ValueError('Origin and Host headers do not match')
if config['ws.auth_required'] and 'username' not in cherrypy.session:
log.warning('websocket connections to this address must have a valid session')
raise ValueError('you are not logged in')
return cherrypy.session.get('username', '<UNAUTHENTICATED>')
def _put(self, item):
delay, item = item
if delay:
if self.task.running:
heapq.heappush(self.delayed, (time.time() + delay, item))
else:
message = 'TimeDelayQueue.put called with a delay parameter without background task having been started'
log.warning(message)
warn(message)
else:
Queue._put(self, item)
def _put(self, item):
delay, item = item
if delay:
if self.task.running:
heapq.heappush(self.delayed, (time.time() + delay, item))
else:
message = 'TimeDelayQueue.put called with a delay parameter without background task having been started'
log.warning(message)
warn(message)
else:
Queue._put(self, item)
def stop(self):
with self.lock:
if self.running:
self.stopped.set()
for i in range(50):
self.threads[:] = [t for t in self.threads if t.is_alive()]
if self.threads:
time.sleep(0.1)
else:
break
else:
log.warning('not all daemons have been joined: {}', self.threads)
del self.threads[:]
def stop(self):
with self.lock:
if self.running:
self.stopped.set()
for i in range(50):
self.threads[:] = [t for t in self.threads if t.is_alive()]
if self.threads:
time.sleep(0.1)
else:
break
else:
log.warning('not all daemons have been joined: {}', self.threads)
del self.threads[:]
def ldap_auth(username, password):
if not username or not password:
return False
try:
ssl_material = (
config['ldap.cacert'], config['ldap.cert'], config['ldap.key']
)
server_kwargs = {}
tls_kwargs = {}
if config['ldap.url'].startswith('ldaps') or any(ssl_material):
server_kwargs['use_ssl'] = True
else:
server_kwargs['use_ssl'] = False
server_kwargs['host'] = config['ldap.url']
if config['ldap.cacert']:
tls_kwargs['ca_certs_file'] = config['ldap.cacert']
# if we specify a CA certs file, assume we want to validate it
tls_kwargs['validate'] = ssl.CERT_REQUIRED
if tls_kwargs:
server_kwargs['tls'] = ldap3.Tls(**tls_kwargs)
server = ldap3.Server(**server_kwargs)
except:
log.error('Error initializing LDAP server', exc_info=True)
raise
# attempt to bind on each base DN that was configured
for basedn in listify(config['ldap.basedn']):
dn = '{}={},{}'.format(config['ldap.userattr'], username, basedn)
log.debug('attempting to bind with dn {}', dn)
try:
connection = ldap3.Connection(server, user=dn, password=password)
connection.start_tls()
is_bound = connection.bind()
except:
log.warning("Error binding to LDAP server with dn", exc_info=True)
raise
if is_bound:
return True
# we couldn't auth on anything
return False
def check_authentication(cls):
host, origin = cherrypy.request.headers[
'host'], cherrypy.request.headers['origin']
if ('//' + host) not in origin:
log.error(
'Javascript websocket connections must follow same-origin policy; origin {!r} does not match host {!r}',
origin, host)
raise ValueError('Origin and Host headers do not match')
if config['ws.auth_required'] and 'username' not in cherrypy.session:
log.warning(
'websocket connections to this address must have a valid session'
)
raise ValueError('you are not logged in')
return cherrypy.session.get('username', '<UNAUTHENTICATED>')
def check_authentication(cls):
host, origin = cherrypy.request.headers[
'host'], cherrypy.request.headers['origin']
if ('//' + host.split(':')[0]) not in origin:
log.error(
'Javascript websocket connections must follow same-origin policy; origin {!r} does not match host {!r}',
origin, host)
raise WebSocketAuthError('Origin and Host headers do not match')
if config['ws.auth_required'] and not cherrypy.session.get(
config['ws.auth_field']):
log.warning(
'websocket connections to this address must have a valid session'
)
raise WebSocketAuthError('You are not logged in')
return WebSocketDispatcher.check_authentication()
def ldap_auth(username, password):
if not username or not password:
return False
try:
conn = ldap.initialize(config['ldap.url'])
force_start_tls = False
if config['ldap.cacert']:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, config['ldap.cacert'])
force_start_tls = True
if config['ldap.cert']:
ldap.set_option(ldap.OPT_X_TLS_CERTFILE, config['ldap.cert'])
force_start_tls = True
if config['ldap.key']:
ldap.set_option(ldap.OPT_X_TLS_KEYFILE, config['ldap.key'])
force_start_tls = True
if force_start_tls:
conn.start_tls_s()
else:
conn.set_option(ldap.OPT_X_TLS_DEMAND, config['ldap.start_tls'])
except:
log.error('Error initializing LDAP connection', exc_info=True)
raise
for basedn in listify(config['ldap.basedn']):
dn = '{}={},{}'.format(config['ldap.userattr'], username, basedn)
log.debug('attempting to bind with dn {}', dn)
try:
conn.simple_bind_s(dn, password)
except ldap.INVALID_CREDENTIALS as x:
continue
except:
log.warning("Error binding to LDAP server with dn", exc_info=True)
raise
else:
return True
def ldap_auth(username, password):
if not username or not password:
return False
try:
conn = ldap.initialize(config['ldap.url'])
force_start_tls = False
if config['ldap.cacert']:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, config['ldap.cacert'])
force_start_tls = True
if config['ldap.cert']:
ldap.set_option(ldap.OPT_X_TLS_CERTFILE, config['ldap.cert'])
force_start_tls = True
if config['ldap.key']:
ldap.set_option(ldap.OPT_X_TLS_KEYFILE, config['ldap.key'])
force_start_tls = True
if force_start_tls:
conn.start_tls_s()
else:
conn.set_option(ldap.OPT_X_TLS_DEMAND, config['ldap.start_tls'])
except:
log.error('Error initializing LDAP connection', exc_info=True)
raise
for basedn in listify(config['ldap.basedn']):
dn = '{}={},{}'.format(config['ldap.userattr'], username, basedn)
log.debug('attempting to bind with dn {}', dn)
try:
conn.simple_bind_s(dn, password)
except ldap.INVALID_CREDENTIALS as x:
continue
except:
log.warning("Error binding to LDAP server with dn", exc_info=True)
raise
else:
return True
from __future__ import unicode_literals
import importlib
import six
import cherrypy
from sideboard._version import __version__
try:
import sideboard.server
except:
from sideboard.lib import log
log.warning('Error importing server', exc_info=True)
from sideboard.internal.imports import _discover_plugins
from sideboard.internal.logging import _configure_logging
_discover_plugins()
_configure_logging()