def validate(self):
v = Validate()
if not v.sha256(self.key):
raise Exception('Invalid key')
if not v.sha256(self.secret):
raise Exception('Invalid secret')
if self.deleted != 0 and self.deleted != 1:
raise Exception('deleted must be 1 or 0')
def post(self):
email = request.form.get("email", None)
password = request.form.get("password", None)
if email is None or password is None:
return abort(400, message="email and password required")
if not Validate().email(email):
return abort(400, message="invalid email")
try:
account = ModelAccount.get(ModelAccount.email == email,
ModelAccount.status == 'active')
except peewee.DoesNotExist:
return abort(401, message="invalid email or password")
# check password!
if not account.check_password(password):
return abort(401, message="invalid email or password")
# update to bcrypt
if account.get_password_algo() != "bcrypt":
account.set_password(password)
account.save()
user_agent = request.headers.get('User-Agent')
generated_cookie = account.generate_cookie_value(account, user_agent)
data = {"status": "ok", "account": account.to_clean_dict()}
response = make_response(self.serialize(data))
response.mimetype = 'application/json'
response.set_cookie('vegadns', generated_cookie)
return response
def validate(self):
if not Validate().sha256(self.token_value):
raise Exception("Invalid email")
if not self.date_created:
raise Exception("date_created is not set")
if not self.account_id:
raise Exception("account_id is not set")
def validate(self, default_record=False):
if not default_record:
self.validate_domain_id()
self.validate_record_hostname(default_record)
ip = str(self.values.get("value"))
if not Validate().ipv6(ip):
raise RecordValueException("Invalid IPv6 address: " + ip)
def validate(self):
if self.prefix_type not in ['ipv4', 'ipv6']:
raise ValueError("prefix_type must be ipv4 or ipv6")
if not Validate().ip_prefix(self.prefix, self.prefix_type):
raise ValueError("prefix must be a valid network prefix")
if self.location_id is None:
raise ValueError("location_id is required")
def validate(self):
if not Validate().email(self.email):
raise Exception("Invalid email")
if not self.time:
raise Exception("time is not set")
if not self.entry:
raise Exception("entry is not set")
if not self.account_id:
raise Exception("account_id is not set")
def validate(self):
if not Validate().email(self.email):
raise Exception("Invalid email: " + self.email)
if not self.first_name:
raise Exception("first_name must not be empty")
if not self.last_name:
raise Exception("last_name must not be empty")
if self.account_type not in ["senior_admin", "group_admin", "user"]:
raise Exception("Invalid account_type: " + self.account_type)
if self.status not in ["active", "inactive"]:
raise Exception("Invalid status: " + self.status)
def post(self):
email = request.form.get("email", None)
if email is None:
abort(400, message="email is required")
if not Validate().email(email):
abort(400, message="invalid email address")
try:
account = ModelAccount.get(ModelAccount.email == email)
except peewee.DoesNotExist:
abort(400, message="email does not exist")
# create token
now = round(time.time())
token = ModelToken()
token.account_id = account.account_id
token.token_value = token.generateToken()
token.date_created = now
token.save()
# cleanup old tokens
oldtokens = ModelToken.delete().where(
ModelToken.date_created < now - ModelToken.EXPIRE_IN
)
oldtokens.execute()
# prep email data
name = account.first_name + " " + account.last_name
url = config.get(
'ui_server', 'ui_url'
) + "#passwordReset?token=" + token.token_value
data = {
'name': name,
'url': url,
}
body = vegadns.api.email.parseTemplate('password_reset_request', data)
to = account.email
subject = "VegaDNS Password Reset Request"
# send email
common = vegadns.api.email.common.Common()
vegadns.api.email.send(to, subject, body)
return {'status': 'ok'}
def post(self):
if self.auth.account.account_type != "senior_admin":
abort(
403,
message="Insufficient privileges to create a location prefix"
)
location_id = self.get_location_id()
# make sure the location exists
try:
locationdb = Location.get(Location.location_id == location_id)
except peewee.DoesNotExist:
abort(400, message="location_id does not exist")
prefix_type = str(request.form.get('prefix_type', 'ipv4')).lower()
if prefix_type not in ['ipv4', 'ipv6']:
abort(400, message='prefix_type must be either ipv4 or ipv6')
prefix = request.form.get('prefix', None)
if prefix is None or not Validate().ip_prefix(prefix, prefix_type):
abort(
400,
message='invalid prefix for prefix_type ' + prefix_type
)
prefix_description = request.form.get('prefix_description', None)
new_prefix = LocationPrefix()
new_prefix.location_id = location_id
new_prefix.prefix = prefix
new_prefix.prefix_type = prefix_type
if prefix_description is not None:
new_prefix.prefix_description = prefix_description
try:
new_prefix.save()
except peewee.IntegrityError as e:
abort(
400,
message=str(e)
)
# notify listeners of dns data change
self.send_update_notification()
return {'status': 'ok', 'location_prefix': new_prefix.to_dict()}
def put(self, prefix_id):
if self.auth.account.account_type != "senior_admin":
abort(
403,
message="Insufficient privileges to update a location prefix"
)
try:
prefixdb = ModelPrefix.get(ModelPrefix.prefix_id == prefix_id)
except peewee.DoesNotExist:
abort(404, message="prefix not found")
prefix_type = str(request.form.get('prefix_type', 'ipv4')).lower()
if prefix_type not in ['ipv4', 'ipv6']:
abort(400, message='prefix_type must be either ipv4 or ipv6')
prefix = request.form.get('prefix', None)
valid_prefix = Validate().ip_prefix(prefix, prefix_type)
if not valid_prefix:
abort(
400,
message='invalid prefix for prefix_type ' + prefix_type
)
prefix_description = request.form.get('prefix_description', None)
prefixdb.prefix = prefix
prefixdb.prefix_type = prefix_type
if prefix_description is not None:
prefixdb.prefix_description = prefix_description
try:
prefixdb.save()
except peewee.IntegrityError as e:
abort(
400,
message=str(e)
)
# notify listeners of dns data change
self.send_update_notification()
return {'status': 'ok', 'location_prefix': prefixdb.to_dict()}
def post(self):
if self.auth.account.account_type != 'senior_admin':
abort(403, message="Insufficient privileges to create accounts")
first_name = request.form.get("first_name", None)
last_name = request.form.get("last_name", None)
if first_name is None or last_name is None:
abort(400, message="first_name and last_name are required")
email = request.form.get("email", None)
if not Validate().email(email):
abort(400, message="invalid email")
try:
existing_account = ModelAccount.get(ModelAccount.email == email)
abort(400, message="Email address already in use")
except peewee.DoesNotExist:
# Expected
pass
account_type = request.form.get("account_type", None)
if account_type not in ["senior_admin", "user"]:
abort(400,
message="account_type must be either senior_admin or user")
phone = request.form.get("phone", "")
# Configurable password regex?
password = request.form.get("password", None)
account = ModelAccount()
account.first_name = first_name
account.last_name = last_name
account.email = email
account.account_type = account_type
account.phone = phone
account.status = 'active'
account.set_password(password)
account.save()
self.dns_log(0, ("created account " + account.first_name + " " +
account.last_name + ", " + account.email))
return {'status': 'ok', 'account': account.to_clean_dict()}, 201
def get(self, format):
if format != 'tinydns':
abort(400, message="invalid format: " + format)
records = self.get_records()
domains = {}
for record in records:
if record.domain_id.domain not in domains:
domains[record.domain_id.domain] = []
domains[record.domain_id.domain].append(record)
organized = []
for key, val in sorted(domains.items()):
organized.append({'domain_name': key, 'records': val})
locations = self.get_locations()
prefixes = self.get_prefixes()
locationdata = "# locations\n"
# need to build this manually since peewee join results are limiting
for location in locations:
temp_list = []
for prefix in prefixes:
if prefix.location_id != location.location_id:
continue
else:
if prefix.prefix_type == "ipv4":
temp_list.append(prefix.prefix)
else:
temp_list.append("s" +
str(prefix.prefix).replace(":", ""))
if len(temp_list) == 0:
locationdata += "%" + location.location + "\n"
else:
for i in temp_list:
locationdata += "%" + location.location + ":" + i + "\n"
datafile = locationdata + "\n"
tinydns = ExportTinydnsData()
datafile += tinydns.export_domains(organized, locations)
generation_record_host = config.get('monitoring',
'vegadns_generation_txt_record')
if generation_record_host \
and Validate().record_hostname(generation_record_host):
timestamp = self.get_latest_log_timestamp()
md5 = hashlib.md5(datafile + "\n").hexdigest()
model = ModelRecord()
model.type = RecordType().set('TXT')
model.host = generation_record_host
model.val = str(timestamp) + "-" + md5
model.ttl = 3600
generation_record_line = tinydns.data_line_from_model(model)
datafile += "\n\n# VegaDNS Generation TXT Record\n"
datafile += generation_record_line.rstrip("\n")
response = make_response(datafile)
response.headers['content-type'] = 'text/plain'
return response
class TestValidate(unittest.TestCase):
def setUp(self):
self.validate = Validate()
def test_ipv4_valid(self):
self.assertTrue(self.validate.ipv4('127.0.0.1'))
self.assertTrue(self.validate.ipv4('255.255.255.0'))
self.assertTrue(self.validate.ipv4('1.2.3.4'))
def test_ipv4_invalid(self):
self.assertFalse(self.validate.ipv4('4'))
self.assertFalse(self.validate.ipv4('4.2.3'))
self.assertFalse(self.validate.ipv4('294.1.2.0'))
self.assertFalse(self.validate.ipv4('255.255.255.256'))
self.assertFalse(self.validate.ipv4('fe80::1610:9fff:fee3:74a9%en0'))
self.assertFalse(self.validate.ipv4('i like turtles'))
def test_ipv6_valid(self):
self.assertTrue(
self.validate.ipv6('FE80:0000:0000:0000:0202:B3FF:FE1E:8329')
)
self.assertTrue(self.validate.ipv6('FE80::0202:B3FF:FE1E:8329'))
self.assertTrue(self.validate.ipv6('FE80::202:B3FF:FE1E:8329'))
self.assertTrue(self.validate.ipv6('fe80::1'))
def test_ipv6_invalid(self):
self.assertFalse(self.validate.ipv6('4'))
self.assertFalse(self.validate.ipv6('4.2.3'))
self.assertFalse(self.validate.ipv6('294.1.2.0'))
self.assertFalse(self.validate.ipv6('255.255.255.256'))
self.assertFalse(self.validate.ipv6('i like turtles'))
def test_record_name_valid(self):
self.assertTrue(self.validate.record_hostname('vegadns.org'))
self.assertTrue(self.validate.record_hostname('www.vegadns.org'))
self.assertTrue(self.validate.record_hostname('foo.www.vegadns.org'))
self.assertTrue(self.validate.record_hostname('b.foo.www.vegadns.org'))
self.assertTrue(
self.validate.record_hostname('foo-bar.foo.www.vegadns.org')
)
def test_record_name_invalid(self):
self.assertFalse(self.validate.record_hostname('foo'))
self.assertFalse(self.validate.record_hostname('..vegadns.org'))
def test_is_sha256_valid(self):
s = 'c69c30d355dd7c8ab3ecae9c005701a51d30e7c3af1855f1f1be3c7919b2b2c1'
self.assertTrue(self.validate.sha256(s))
def test_is_sha256_invalid(self):
self.assertFalse(self.validate.sha256('foo'))
s = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
self.assertFalse(self.validate.sha256(s))
s = 'e7c3af1855f1f1be3c7919b2b2c1'
self.assertFalse(self.validate.sha256(s))
def test_is_uuid_valid(self):
s = '465aba85-7c4b-4631-86c4-ef3404a463f6'
self.assertTrue(self.validate.uuid(s))
def test_is_uuid_invalid(self):
self.assertFalse(self.validate.uuid('foo'))
def test_ipv4_prefix_valid(self):
self.assertTrue(self.validate.ip_prefix('127.0.0', 'ipv4'))
self.assertTrue(self.validate.ip_prefix('255.255.255', 'ipv4'))
self.assertTrue(self.validate.ip_prefix('1.2', 'ipv4'))
self.assertTrue(self.validate.ip_prefix('1', 'ipv4'))
def test_ipv4_prefix_invalid(self):
self.assertFalse(self.validate.ip_prefix(None, 'ipv4'))
self.assertFalse(self.validate.ip_prefix('256.0.0', 'ipv4'))
self.assertFalse(self.validate.ip_prefix('255.255.255.', 'ipv4'))
self.assertFalse(self.validate.ip_prefix('-25.240.10', 'ipv4'))
self.assertFalse(self.validate.ip_prefix('', 'ipv4'))
def test_ipv6_prefix_valid(self):
self.assertTrue(
self.validate.ip_prefix('FE80:0000:0000:0000:0202:B3FF', 'ipv6')
)
self.assertTrue(
self.validate.ip_prefix('FE80:0202:B3FF:FE1E:8329', 'ipv6')
)
self.assertTrue(self.validate.ip_prefix('FE80', 'ipv6'))
def test_ipv6_prefix_invalid(self):
self.assertFalse(self.validate.ip_prefix(None, 'ipv6'))
self.assertFalse(
self.validate.ip_prefix('FE80:0000:0000:0000:0202:B3FG', 'ipv6')
)
self.assertFalse(
self.validate.ip_prefix('FE80:202:B3FF:FE1E:8329', 'ipv6')
)
self.assertFalse(self.validate.ip_prefix(
'FE80:0000:0000:0000:0202:B3FF:0000:0000:0000:0000', 'ipv6')
)
def setUp(self):
self.validate = Validate()
def put(self, account_id):
if self.auth.account.account_type != 'senior_admin':
if self.auth.account.account_id != account_id:
abort(
403,
message="Insufficient privileges to edit this account"
)
first_name = request.form.get("first_name", None)
last_name = request.form.get("last_name", None)
if first_name is None or last_name is None:
abort(400, message="first_name and last_name are required")
email = request.form.get("email", None)
if not Validate().email(email):
abort(400, message="invalid email")
try:
existing_account = ModelAccount.get(
ModelAccount.email == email,
ModelAccount.account_id != account_id
)
abort(400, message="Email address already in use")
except peewee.DoesNotExist:
# Expected
pass
account_type = request.form.get("account_type", None)
if account_type not in ["senior_admin", "user"]:
abort(
400,
message="account_type must be either system_admin or user"
)
status = request.form.get("status", None)
if status not in ["active", "inactive"]:
abort(400, message="status must be 'active' or 'inactive'")
phone = request.form.get("phone", None)
# Configurable password regex?
password = request.form.get("password", None)
try:
account = ModelAccount.get(ModelAccount.account_id == account_id)
except peewee.DoesNotExist:
abort(404, message="Account does not exist")
account.first_name = first_name
account.last_name = last_name
account.email = email
account.account_type = account_type
account.phone = phone
account.status = status
# only set password if it was provided
if password is not None:
account.set_password(password)
account.save()
data = {
"status": "ok",
"account": account.to_clean_dict()
}
response = make_response(self.serialize(data))
response.mimetype = 'application/json'
if (password is not None and
account.account_id == self.auth.account.account_id):
user_agent = request.headers.get('User-Agent')
generated_cookie = account.generate_cookie_value(
account,
user_agent
)
response.set_cookie('vegadns', generated_cookie)
return response
def validate(self):
v = Validate()
if not v.uuid(self.access_token):
raise Exception('Invalid access_token')
def validate(self):
v = Validate()
if not v.uuid(self.access_token):
raise Exception('Invalid access_token')
def setUp(self):
self.validate = Validate()
class TestValidate(unittest.TestCase):
def setUp(self):
self.validate = Validate()
def test_ipv4_valid(self):
self.assertTrue(self.validate.ipv4('127.0.0.1'))
self.assertTrue(self.validate.ipv4('255.255.255.0'))
self.assertTrue(self.validate.ipv4('1.2.3.4'))
def test_ipv4_invalid(self):
self.assertFalse(self.validate.ipv4('4'))
self.assertFalse(self.validate.ipv4('4.2.3'))
self.assertFalse(self.validate.ipv4('294.1.2.0'))
self.assertFalse(self.validate.ipv4('255.255.255.256'))
self.assertFalse(self.validate.ipv4('fe80::1610:9fff:fee3:74a9%en0'))
self.assertFalse(self.validate.ipv4('i like turtles'))
def test_ipv6_valid(self):
self.assertTrue(
self.validate.ipv6('FE80:0000:0000:0000:0202:B3FF:FE1E:8329'))
self.assertTrue(self.validate.ipv6('FE80::0202:B3FF:FE1E:8329'))
self.assertTrue(self.validate.ipv6('FE80::202:B3FF:FE1E:8329'))
self.assertTrue(self.validate.ipv6('fe80::1'))
def test_ipv6_invalid(self):
self.assertFalse(self.validate.ipv6('4'))
self.assertFalse(self.validate.ipv6('4.2.3'))
self.assertFalse(self.validate.ipv6('294.1.2.0'))
self.assertFalse(self.validate.ipv6('255.255.255.256'))
self.assertFalse(self.validate.ipv6('i like turtles'))
def test_record_name_valid(self):
self.assertTrue(self.validate.record_hostname('vegadns.org'))
self.assertTrue(self.validate.record_hostname('www.vegadns.org'))
self.assertTrue(self.validate.record_hostname('foo.www.vegadns.org'))
self.assertTrue(self.validate.record_hostname('b.foo.www.vegadns.org'))
self.assertTrue(
self.validate.record_hostname('foo-bar.foo.www.vegadns.org'))
def test_record_name_invalid(self):
self.assertFalse(self.validate.record_hostname('foo'))
self.assertFalse(self.validate.record_hostname('..vegadns.org'))
def test_is_sha256_valid(self):
s = 'c69c30d355dd7c8ab3ecae9c005701a51d30e7c3af1855f1f1be3c7919b2b2c1'
self.assertTrue(self.validate.sha256(s))
def test_is_sha256_invalid(self):
self.assertFalse(self.validate.sha256('foo'))
s = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
self.assertFalse(self.validate.sha256(s))
s = 'e7c3af1855f1f1be3c7919b2b2c1'
self.assertFalse(self.validate.sha256(s))
def test_is_uuid_valid(self):
s = '465aba85-7c4b-4631-86c4-ef3404a463f6'
self.assertTrue(self.validate.uuid(s))
def test_is_uuid_invalid(self):
self.assertFalse(self.validate.uuid('foo'))
def test_ipv4_prefix_valid(self):
self.assertTrue(self.validate.ip_prefix('127.0.0', 'ipv4'))
self.assertTrue(self.validate.ip_prefix('255.255.255', 'ipv4'))
self.assertTrue(self.validate.ip_prefix('1.2', 'ipv4'))
self.assertTrue(self.validate.ip_prefix('1', 'ipv4'))
def test_ipv4_prefix_invalid(self):
self.assertFalse(self.validate.ip_prefix(None, 'ipv4'))
self.assertFalse(self.validate.ip_prefix('256.0.0', 'ipv4'))
self.assertFalse(self.validate.ip_prefix('255.255.255.', 'ipv4'))
self.assertFalse(self.validate.ip_prefix('-25.240.10', 'ipv4'))
self.assertFalse(self.validate.ip_prefix('', 'ipv4'))
def test_ipv6_prefix_valid(self):
self.assertTrue(
self.validate.ip_prefix('FE80:0000:0000:0000:0202:B3FF', 'ipv6'))
self.assertTrue(
self.validate.ip_prefix('FE80:0202:B3FF:FE1E:8329', 'ipv6'))
self.assertTrue(self.validate.ip_prefix('FE80', 'ipv6'))
def test_ipv6_prefix_invalid(self):
self.assertFalse(self.validate.ip_prefix(None, 'ipv6'))
self.assertFalse(
self.validate.ip_prefix('FE80:0000:0000:0000:0202:B3FG', 'ipv6'))
self.assertFalse(
self.validate.ip_prefix('FE80:202:B3FF:FE1E:8329', 'ipv6'))
self.assertFalse(
self.validate.ip_prefix(
'FE80:0000:0000:0000:0202:B3FF:0000:0000:0000:0000', 'ipv6'))