def get(self, mod_type=None, target=None, pkg_name=None): """DynamicManifest get handler. Returns: A webapp.Response() response. """ # TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_READONLY. self.user = auth.DoUserAuth(is_admin=True) try: self._ParseParameters(mod_type, target, pkg_name) except InvalidModificationType: self.error(404) return if not self.target: logging.warning('Target is required but was not specified.') self.error(400) return query = self.model.all().filter('%s =' % self.mod_type, self.target) if self.pkg_name: query.filter('value =', self.pkg_name) mods = [m.Serialize() for m in query] if not mods: self.error(404) return self.response.headers['Content-Type'] = 'application/json' self.response.out.write(mods)
def _DoAuth(self): try: self.user = auth.DoOAuthAuth() except auth.NotAuthenticated: enable_admin_check = True # OAuth was either not used or failed, so perform regular user auth. self.user = auth.DoUserAuth(is_admin=enable_admin_check)
def get(self, report=None, uuid=None): """Misc get handler.""" auth.DoUserAuth() if report == 'hostmanifest': self._DisplayHostManifest(uuid=uuid) elif report == 'installs': pending = self.request.get('pending') == '1' pkg = urllib.unquote(self.request.get('pkg', 'all')) if pending: self._DisplayHostsPendingPkg(pkg) else: self._DisplayInstallsForPackage(pkg) elif report == 'installproblems': self._DisplayInstallProblems() elif report == 'preflightexits': self._DisplayPreflightExits() elif report == 'diskfree': self._DisplayLowDiskFree() elif report == 'uptime': self._DisplayLongestUptime() elif report == 'offcorp': self._DisplayLongestOffCorp() elif report == 'manifest': track = uuid self._DisplayManifest(track) elif report == 'msulogsummary': self._DisplayMsuLogSummary() elif report == 'msulogevent': self._DisplayMsuLogEvent() elif report == 'user_settings': self._DisplayUserSettings() elif report == 'clientlog': log_key_name = uuid l = models.ClientLogFile.get_by_key_name(log_key_name) if l: self.response.headers[ 'Content-Type'] = 'text/plain; charset=utf-8' self.response.out.write(l.log_file) else: self.response.out.write('Log not found') self.response.set_status(404) elif report == 'maintenance': if not self.IsAdminUser(): self.response.set_status(403) return from simian.mac.admin import maintenance action = uuid if action == 'update_installs_schema': maintenance.UpdateInstallLogSchema() elif action == 'update_legacy_apple_updates': maintenance.ConvertLegacyAppleUpdateInstallLogEntities() elif action == 'rebuild_install_counts': maintenance.RebuildInstallCounts() else: self.response.set_status(404) else: self.response.set_status(404)
def post(self, date=None, range_of_days=None): """POST handler.""" auth.DoUserAuth() if date: if range_of_days: self._DisplayReleaseReport(date, range_of_days) else: self._DisplayReleaseReport(date) else: self._DisplayReleaseReport()
def testDoUserAuthAnyDomainUserSuccess(self): self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', True) self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users)) mock_user = self.mox.CreateMockAnything() email = '*****@*****.**' auth.users.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(email) self.mox.ReplayAll() self.assertEqual(mock_user, auth.DoUserAuth()) self.mox.VerifyAll()
def post(self, filename): auth.DoUserAuth() try: bucket = settings.ICONS_GCS_BUCKET except AttributeError: self._RenderError( httplib.NOT_FOUND, 'Dedicated icons GCS bucket is not set.') return p = models.PackageInfo.get_by_key_name(filename) if not p: self._RenderError( httplib.NOT_FOUND, 'PackageInfo not found: %s' % filename) return if not p.name: self._RenderError( httplib.NOT_FOUND, 'PackageInfo Name is empty: %s' % filename) return icon_filename = self.request.POST['icon'].filename if not icon_filename.endswith('.png'): self._RenderError( httplib.BAD_REQUEST, 'Only png icons supported.') return lock = models.GetLockForPackage(p.filename) try: lock.Acquire() except datastore_locks.AcquireLockError: self._RenderError(httplib.CONFLICT, 'PackageInfo is locked') return content = self.request.POST['icon'].file.read() icon_path = '/%s/%s.png' % ( bucket, base64.urlsafe_b64encode(p.name)) with gcs.open(icon_path, 'w') as f: f.write(content) plist = p.plist plist['icon_hash'] = hashlib.sha256(content).hexdigest() # replace p._plist p.plist = str(plist) p.put() lock.Release() for catalog in p.catalogs: models.Catalog.Generate(catalog) self.redirect('/admin/package/%s' % filename)
def get(self, report=None, product_id=None): """GET handler.""" auth.DoUserAuth() if not report: self._DisplayMain() if report == 'product': self._DisplayProductDescription(product_id) elif report == 'logs': product_id = self.request.get('product_id') self._DisplayUpdateLogs(product_id=product_id) else: self.response.set_status(404)
def MockDoUserAuth(self, user=None, is_admin=None, fail=False): """Mock calling auth.DoUserAuth(). Args: user: user for DoUserAuth to return. fail: bool, whether to fail or not """ if 'authDoUserAuth' not in self._set_mock: self.mox.StubOutWithMock(auth, 'DoUserAuth') self._set_mock['authDoUserAuth'] = 1 if fail: if is_admin is None: auth.DoUserAuth().AndRaise(auth.NotAuthenticated) else: auth.DoUserAuth(is_admin=is_admin).AndRaise( auth.NotAuthenticated) else: if is_admin is None: auth.DoUserAuth().AndReturn(user) else: auth.DoUserAuth(is_admin=is_admin).AndReturn(user)
def get(self): """Summary get handler.""" auth.DoUserAuth() report_type = self.request.get('filter-type') report_filter = self.request.get('filter') if report_type and report_filter: report_filter = urllib.unquote(report_filter) report_filter = report_filter.strip() include_inactive = self.request.get('include-inactive') != '' self._DisplaySummary(report_type, report_filter, include_inactive) else: self._DisplayCachedSummary()
def testDoUserAuthWithIsAdminTrueSuccess(self): self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users)) self.mox.StubOutWithMock(auth, 'IsAdminUser') mock_user = self.mox.CreateMockAnything() email = '*****@*****.**' auth.users.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(email) auth.IsAdminUser(email).AndReturn(True) auth.IsAdminUser(email).AndReturn(True) self.mox.ReplayAll() self.assertEqual(mock_user, auth.DoUserAuth(is_admin=True)) self.mox.VerifyAll()
def testDoAnyAuth(self): """Test DoAnyAuth().""" is_admin = True require_level = 123 self.mox.StubOutWithMock(auth, 'DoUserAuth') self.mox.StubOutWithMock(auth.gaeserver, 'DoMunkiAuth') auth.DoUserAuth(is_admin=is_admin).AndReturn('user') auth.DoUserAuth(is_admin=is_admin).AndRaise(auth.IsAdminMismatch) auth.DoUserAuth(is_admin=is_admin).AndRaise(auth.NotAuthenticated) auth.gaeserver.DoMunkiAuth( require_level=require_level).AndReturn('token') auth.DoUserAuth(is_admin=is_admin).AndRaise(auth.NotAuthenticated) auth.gaeserver.DoMunkiAuth(require_level=require_level).AndRaise( auth.gaeserver.NotAuthenticated) self.mox.ReplayAll() self.assertEqual(auth.DoAnyAuth(is_admin=is_admin), 'user') self.assertRaises(auth.IsAdminMismatch, auth.DoAnyAuth, is_admin=is_admin) self.assertEqual( auth.DoAnyAuth(is_admin=is_admin, require_level=require_level), 'token') self.assertRaises(auth.base.NotAuthenticated, auth.DoAnyAuth, is_admin=is_admin, require_level=require_level) self.mox.VerifyAll()
def get(self, report=None): """GET handler.""" auth.DoUserAuth() if report == 'logs': self._DisplayLogs() else: historical = self.request.get('historical') == '1' applesus = self.request.get('applesus') == '1' if historical or applesus: self._DisplayPackagesListFromCache(applesus=applesus) else: self._DisplayPackagesList()
def testIsAllowedTo(self): """Test PermissionResolver.IsAllowedTo.""" test_resolver = auth.PermissionResolver('task') self.mox.StubOutWithMock(auth, 'DoUserAuth') self.mox.StubOutWithMock(auth.PermissionResolver, '_IsAllowedToPropose') auth.DoUserAuth().AndReturn(True) auth.PermissionResolver._IsAllowedToPropose().AndReturn(True) auth.DoUserAuth().AndReturn(True) auth.PermissionResolver._IsAllowedToPropose().AndReturn(False) auth.DoUserAuth().AndRaise(auth.NotAuthenticated('')) auth.DoUserAuth().AndReturn(True) self.mox.ReplayAll() test_resolver.email = '*****@*****.**' test_resolver.task = 'Propose' self.assertTrue(test_resolver.IsAllowedTo()) self.assertFalse(test_resolver.IsAllowedTo()) self.assertFalse(test_resolver.IsAllowedTo()) test_resolver.task = 'FakeTask' self.assertFalse(test_resolver.IsAllowedTo()) self.mox.VerifyAll()
def post(self): """DynamicManifest post handler.""" # TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_DYN_MAN. try: self.user = auth.DoOAuthAuth() except auth.NotAuthenticated: enable_admin_check = True # OAuth was either not used or failed, so perform regular user auth. self.user = auth.DoUserAuth(is_admin=enable_admin_check) mod_type = self.request.get('mod_type') target = self.request.get('target') mutate = self.request.get('mutate', 'true').lower() == 'true' if not mutate: logging.info('Enabling dry-run mode') pkg_alias = self.request.get('pkg_alias') if pkg_alias: pkg_name = models.PackageAlias.ResolvePackageName(pkg_alias) if not pkg_name: logging.info('Package alias not found: %s', pkg_alias) self.error(404) return logging.debug('Found pkg_name=%s for pkg_alias=%s', pkg_name, pkg_alias) else: pkg_name = self.request.get('pkg_name') try: self._ParseParameters(mod_type, target, pkg_name) except InvalidModificationType: self.error(404) return try: if mutate: self._PutMod() self.response.headers['Content-Type'] = 'application/json' self.response.out.write(json.dumps([{'pkg_name': pkg_name}])) except ValueError: self.error(400) except db.Error: self.error(500)
def put(self, mod_type=None, target=None, pkg_name=None): """DynamicManifest put handler. Returns: A webapp.Response() response. """ # TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_DYN_MAN. self.user = auth.DoUserAuth(is_admin=True) try: self._ParseParameters(mod_type, target, pkg_name) except InvalidModificationType: self.error(404) return try: self._PutMod() except ValueError: self.error(400) except db.Error: self.error(500)
def testDoUserAuthWithAllDomainUsersOff(self): self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', False) self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users)) self.mox.StubOutWithMock(auth, 'IsAdminUser') self.mox.StubOutWithMock(auth, 'IsSupportUser') self.mox.StubOutWithMock(auth, 'IsSecurityUser') self.mox.StubOutWithMock(auth, 'IsPhysicalSecurityUser') mock_user = self.mox.CreateMockAnything() email = '*****@*****.**' auth.users.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(email) auth.IsAdminUser(email).AndReturn(False) auth.IsSupportUser(email).AndReturn(False) auth.IsSecurityUser(email).AndReturn(False) auth.IsPhysicalSecurityUser(email).AndReturn(True) self.mox.ReplayAll() self.assertEqual(mock_user, auth.DoUserAuth()) self.mox.VerifyAll()
def delete(self, mod_type=None, target=None, pkg_name=None): """DynamicManifest delete handler. Returns: A webapp.Response() response. """ # TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_DYN_MAN. self.user = auth.DoUserAuth(is_admin=True) try: self._ParseParameters(mod_type, target, pkg_name) except InvalidModificationType: self.error(404) return mod = self.model.get_by_key_name(self.key_name) if not mod: self.error(404) return try: mod.delete() except db.Error: logging.exception('error on DynamicManifest.delete()') self.error(500)
def get(self, report=None, product_id=None): """GET handler.""" auth.DoUserAuth() self._DisplayMain()
def get(self, report=None, uuid=None): """Stats get handler.""" auth.DoUserAuth() if not report: report_type = self.request.get('type') report_filter = self.request.get('filter') if report_type and report_filter: report_filter = urllib.unquote(report_filter) report_filter = report_filter.strip() self._DisplaySummary(report_type, report_filter) else: self._DisplayCachedSummary() elif report == 'host': self._DisplayHost(uuid=uuid) elif report == 'hostmanifest': self._DisplayHostManifest(uuid=uuid) elif report == 'installs': pkg = self.request.get('pkg') historical = self.request.get('historical') == '1' applesus = self.request.get('applesus') == '1' pending = self.request.get('pending') == '1' if pkg: if pending: self._DisplayHostsPendingPkg(pkg) else: self._DisplayInstallsForPackage(pkg) else: if historical or applesus: self._DisplayPackagesListFromCache(applesus=applesus) else: self._DisplayPackagesList() elif report == 'installproblems': self._DisplayInstallProblems() elif report == 'preflightexits': self._DisplayPreflightExits() elif report == 'diskfree': self._DisplayLowDiskFree() elif report == 'uptime': self._DisplayLongestUptime() elif report == 'offcorp': self._DisplayLongestOffCorp() elif report == 'brokenclients': self._DisplayBrokenClients() elif report == 'msulogsummary': self._DisplayMsuLogSummary(since_days=uuid) elif report == 'msulogevent': self._DisplayMsuLogEvent() elif report == 'user_settings': self._DisplayUserSettings() elif report == 'adminlogs': self._DisplayAdminLogs() elif report == 'loststolen': self._DisplayLostStolen() elif report == 'packagealias': self._DisplayPackageAlias() elif report == 'clientlog': log_key_name = uuid l = models.ClientLogFile.get_by_key_name(log_key_name) if l: self.response.headers[ 'Content-Type'] = 'text/plain; charset=utf-8' self.response.out.write(l.log_file) else: self.response.out.write('Log not found') self.response.set_status(404) elif report == 'maintenance': if not auth.IsAdminUser(): self.response.set_status(403) return from simian.mac.admin import maintenance action = uuid if action == 'update_installs_schema': maintenance.UpdateInstallLogSchema() elif action == 'update_legacy_apple_updates': maintenance.ConvertLegacyAppleUpdateInstallLogEntities() elif action == 'rebuild_install_counts': maintenance.RebuildInstallCounts() else: self.response.set_status(404) else: self.response.set_status(404)
def get(self, uuid=None): """GET handler.""" if uuid: uuid = util.UrlUnquote(uuid) auth.DoUserAuth() self._DisplayHost(uuid=uuid)
def get(self): """GET handler.""" auth.DoUserAuth() self._DisplayReleaseReport()
def testDoUserAuthAnyDomainUserSuccess(self): self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', True) self.assertEqual(self.email, auth.DoUserAuth().email())
def _UserAuthWithApiKeyCheck(self): # TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_READONLY. self.user = auth.DoUserAuth(is_admin=True) self._CheckApiKey()
def get(self): """GET handler.""" auth.DoUserAuth() self._DisplayBrokenClients()
def testDoUserAuthWithIsAdminTrueSuccess(self, _): self.assertEqual(self.email, auth.DoUserAuth(is_admin=True).email())
def testDoUserAuthWithAllDomainUsersOff(self, *_): self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', False) self.assertEqual(self.email, auth.DoUserAuth().email())