def POST(self): i = web.input() f = form_talk() if not f.validates(i): return render_template("talks/submit", form=f) key = new_talk(i) if config.get('from_address') and config.get('talk_submission_contact'): email = render_template("talks/email", i) web.sendmail( from_address=config.from_address, to_address=config.talk_submission_contact, subject=web.safestr(email.subject.strip()), message=web.safestr(email) ) dir = config.get("talks_dir", "/tmp/talks") write("%s/%s.txt" % (dir, time.time()), simplejson.dumps(i)) tweet.tweet("talk_template", title=i.title, author=i.authors, url=web.ctx.home + "/" + key) add_flash_message("info", "Thanks for submitting your talk. The selection committee will review your talk and get in touch with you shortly.") raise web.seeother("/" + key)
def POST(self): # Get username, password. i = web.input(_unicode=False) username = web.safestr(i.get('username').strip()) password = str(i.get('password').strip()) save_pass = web.safestr(i.get('save_pass', 'no').strip()) auth = core.Auth() auth_result = auth.auth(username=username, password=password) if auth_result[0] is True: # Config session data. web.config.session_parameters['cookie_name'] = 'iRedAdmin' # Session expire when client ip was changed. web.config.session_parameters['ignore_change_ip'] = False # Don't ignore session expiration. web.config.session_parameters['ignore_expiry'] = False if save_pass == 'yes': # Session timeout (in seconds). web.config.session_parameters['timeout'] = 86400 # 24 hours else: # Expire session when browser closed. web.config.session_parameters['timeout'] = 600 # 10 minutes web.logger(msg="Login success", event='login',) return web.seeother('/dashboard/checknew') else: session['failedTimes'] += 1 web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',) return web.seeother('/login?msg=%s' % auth_result[1])
def enableOrDisableAccount(self, mails, action, attr='accountStatus',): if mails is None or len(mails) == 0: return (False, 'NO_ACCOUNT_SELECTED') result = {} connutils = connUtils.Utils() for mail in mails: self.mail = web.safestr(mail).strip().lower() if not iredutils.is_email(self.mail): continue self.domain = self.mail.split('@')[-1] self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn try: connutils.enableOrDisableAccount( domain=self.domain, account=self.mail, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger='admin', ) except ldap.LDAPError, e: result[self.mail] = str(e)
def delete(self, domain, mails=[]): if mails is None or len(mails) == 0: return (False, 'NO_ACCOUNT_SELECTED') self.domain = web.safestr(domain) self.mails = [str(v) for v in mails if iredutils.isEmail(v) and str(v).endswith('@'+self.domain)] self.domaindn = ldaputils.convKeywordToDN(self.domain, accountType='domain') if not iredutils.isDomain(self.domain): return (False, 'INVALID_DOMAIN_NAME') result = {} for mail in self.mails: self.mail = web.safestr(mail) try: # Delete user object (ldap.SCOPE_BASE). self.deleteSingleUser(self.mail,) # Delete user object and whole sub-tree. # Get dn of mail user and domain. """ self.userdn = ldaputils.convKeywordToDN(self.mail, accountType='user') deltree.DelTree(self.conn, self.userdn, ldap.SCOPE_SUBTREE) # Log delete action. web.logger( msg="Delete user: %s." % (self.mail), domain=self.mail.split('@')[1], event='delete', ) """ except ldap.LDAPError, e: result[self.mail] = ldaputils.getExceptionDesc(e)
def GET(self, profile_type, domain): i = web.input() self.domain = web.safestr(domain.split('/', 1)[0]) self.profile_type = web.safestr(profile_type) if not iredutils.isDomain(self.domain): return web.seeother('/domains?msg=EMPTY_DOMAIN') domainLib = domainlib.Domain() result = domainLib.profile(domain=self.domain) if result[0] is True: r = domainLib.listAccounts(attrs=['domainName']) if r[0] is True: allDomains = r[1] else: return r allAccountSettings = ldaputils.getAccountSettingFromLdapQueryResult(result[1], key='domainName',) return web.render( 'ldap/domain/profile.html', cur_domain=self.domain, allDomains=allDomains, allAccountSettings=allAccountSettings, profile=result[1], profile_type=self.profile_type, msg=i.get('msg', None), ) else: return web.seeother('/domains?msg=' + result[1])
def enableOrDisableAccount(self, domain, account, dn, action, accountTypeInLogger=None): self.domain = web.safestr(domain).strip().lower() self.account = web.safestr(account).strip().lower() self.dn = escape_filter_chars(web.safestr(dn)) # Validate operation action. if action in ["enable", "disable"]: self.action = action else: return (False, "INVALID_ACTION") # Set value of valid account status. if action == "enable": self.status = attrs.ACCOUNT_STATUS_ACTIVE else: self.status = attrs.ACCOUNT_STATUS_DISABLED try: self.updateAttrSingleValue(dn=self.dn, attr="accountStatus", value=self.status) if accountTypeInLogger is not None: web.logger( msg="%s %s: %s." % (str(action).capitalize(), str(accountTypeInLogger), self.account), domain=self.domain, event=self.action, ) return (True,) except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e))
def updateAttrSingleValue(self, dn, attr, value): self.mod_attrs = [(ldap.MOD_REPLACE, web.safestr(attr), web.safestr(value))] try: result = self.conn.modify_s(web.safestr(dn), self.mod_attrs) return (True,) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def GET(self): i = web.input(_unicode=False,) # Get queries. self.event = web.safestr(i.get('event', 'all')) self.domain = web.safestr(i.get('domain', 'all')) self.admin = web.safestr(i.get('admin', 'all')) self.cur_page = web.safestr(i.get('page', '1')) if not self.cur_page.isdigit() or self.cur_page == '0': self.cur_page = 1 else: self.cur_page = int(self.cur_page) logLib = loglib.Log() total, entries = logLib.listLogs( event=self.event, domain=self.domain, admin=self.admin, cur_page=self.cur_page, ) return web.render( 'panel/log.html', event=self.event, domain=self.domain, admin=self.admin, allEvents=LOG_EVENTS, cur_page=self.cur_page, total=total, entries=entries, msg=i.get('msg'), )
def enableOrDisableAccount(self, domain, mails, action, attr='accountStatus',): if mails is None or len(mails) == 0: return (False, 'NO_ACCOUNT_SELECTED') self.mails = [str(v) for v in mails if iredutils.isEmail(v) and str(v).endswith('@'+str(domain)) ] result = {} connutils = connUtils.Utils() for mail in self.mails: self.mail = web.safestr(mail) if not iredutils.isEmail(self.mail): continue self.domain = self.mail.split('@')[-1] self.dn = ldaputils.convKeywordToDN(self.mail, accountType='user') try: connutils.enableOrDisableAccount( domain=self.domain, account=self.mail, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger='user', ) except ldap.LDAPError, e: result[self.mail] = str(e)
def proxyfunc(self, *args, **kw): if 'mail' in kw.keys() and iredutils.isEmail(kw.get('mail')): self.domain = web.safestr(kw['mail']).split('@')[-1] elif 'domain' in kw.keys() and iredutils.isDomain(kw.get('domain')): self.domain = web.safestr(kw['domain']) else: return False self.admin = session.get('username') if not iredutils.isEmail(self.admin): return False # Check domain global admin. if session.get('domainGlobalAdmin') is True: return func(self, *args, **kw) else: # Check whether is domain admin. try: result = self.conn.select( 'domain_admins', what='username', where='''username=%s AND domain IN %s''' % ( web.sqlquote(self.admin), web.sqlquote([self.domain, 'ALL']), ), ) except Exception, e: result = {} if len(result) != 1: return func(self, *args, **kw) else: return web.seeother('/users' + '?msg=PERMISSION_DENIED&domain=' + self.domain)
def enableOrDisableAccount(self, domain, mails, action, attr="accountStatus"): if mails is None or len(mails) == 0: return (False, "NO_ACCOUNT_SELECTED") self.mails = [str(v) for v in mails if iredutils.is_email(v) and str(v).endswith("@" + str(domain))] result = {} connutils = connUtils.Utils() for mail in self.mails: self.mail = web.safestr(mail) if not iredutils.is_email(self.mail): continue self.domain = self.mail.split("@")[-1] self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="user") if self.dn[0] is False: result[self.mail] = self.dn[1] continue try: connutils.enableOrDisableAccount( domain=self.domain, account=self.mail, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger="user", ) except ldap.LDAPError, e: result[self.mail] = str(e)
def GET(self, profile_type, mail): self.mail = web.safestr(mail) self.profile_type = web.safestr(profile_type) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username')) # Get admin profile. adminLib = admin.Admin() result = adminLib.profile(self.mail) if result[0] is not True: raise web.seeother('/admins?msg=' + result[1]) else: self.admin_profile = result[1] i = web.input() if self.profile_type == 'general': # Get available languages. if result[0] is True: ################### # Managed domains # # Check permission. #if session.get('domainGlobalAdmin') is not True: # raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % self.mail) # Get all domains. domainLib = domainlib.Domain() resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ]) if resultOfAllDomains[0] is True: self.allDomains = resultOfAllDomains[1] else: return resultOfAllDomains return web.render( 'ldap/admin/profile.html', mail=self.mail, profile_type=self.profile_type, profile=self.admin_profile, languagemaps=languages.get_language_maps(), allDomains=self.allDomains, msg=i.get('msg', None), ) else: raise web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1])) elif self.profile_type == 'password': return web.render('ldap/admin/profile.html', mail=self.mail, profile_type=self.profile_type, profile=self.admin_profile, min_passwd_length=settings.min_passwd_length, max_passwd_length=settings.max_passwd_length, msg=i.get('msg', None), )
def request(self, sitename, path, method='GET', data=None): url = self.base_url + '/' + sitename + path path = '/' + sitename + path if isinstance(data, dict): for k in data.keys(): if data[k] is None: del data[k] if web.config.debug: web.ctx.infobase_req_count = 1 + web.ctx.get('infobase_req_count', 0) a = time.time() _path = path _data = data if data: if isinstance(data, dict): data = dict((web.safestr(k), web.safestr(v)) for k, v in data.items()) data = urllib.urlencode(data) if method == 'GET': path += '?' + data data = None conn = httplib.HTTPConnection(self.base_url) env = web.ctx.get('env') or {} if self.auth_token: import Cookie c = Cookie.SimpleCookie() c['infobase_auth_token'] = self.auth_token cookie = c.output(header='').strip() headers = {'Cookie': cookie} else: headers = {} # pass the remote ip to the infobase server headers['X-REMOTE-IP'] = web.ctx.ip try: conn.request(method, path, data, headers=headers) response = conn.getresponse() except socket.error: raise ClientException("503 Service Unavailable", "Unable to connect to infobase server") cookie = response.getheader('Set-Cookie') if cookie: import Cookie c = Cookie.SimpleCookie() c.load(cookie) if 'infobase_auth_token' in c: self.set_auth_token(c['infobase_auth_token'].value) if web.config.debug: b = time.time() print >> web.debug, "%.02f (%s):" % (round(b-a, 2), web.ctx.infobase_req_count), response.status, method, _path, _data if response.status == 200: return response.read() else: self.handle_error("%d %s" % (response.status, response.reason), response.read())
def POST(self): # Get username, password. i = web.input(_unicode=False) username = web.safestr(i.get('username', '').strip()) password = i.get('password', '').strip() save_pass = web.safestr(i.get('save_pass', 'no').strip()) if not iredutils.isEmail(username): return web.seeother('/login?msg=INVALID_USERNAME') if len(password) == 0: return web.seeother('/login?msg=EMPTY_PASSWORD') # Convert username to ldap dn. userdn = ldaputils.convKeywordToDN(username, accountType='admin') # Return True if auth success, otherwise return error msg. self.auth_result = auth.Auth(cfg.ldap.get('uri', 'ldap://127.0.0.1/'), userdn, password,) if self.auth_result is True: session['username'] = username session['logged'] = True # Read preferred language from db. adminLib = adminlib.Admin() #session['lang'] = adminLib.getPreferredLanguage(userdn) or cfg.general.get('lang', 'en_US') adminProfile = adminLib.profile(username) if adminProfile[0] is True: cn = adminProfile[1][0][1].get('cn', [None])[0] lang = adminProfile[1][0][1].get('preferredLanguage', [cfg.general.get('lang', 'en_US')])[0] session['cn'] = cn session['lang'] = lang else: pass web.config.session_parameters['cookie_name'] = 'iRedAdmin' # Session expire when client ip was changed. web.config.session_parameters['ignore_change_ip'] = False # Don't ignore session expiration. web.config.session_parameters['ignore_expiry'] = False if save_pass == 'yes': # Session timeout (in seconds). web.config.session_parameters['timeout'] = 86400 # 24 hours else: # Expire session when browser closed. web.config.session_parameters['timeout'] = 600 # 10 minutes web.logger(msg="Login success", event='login',) return web.seeother('/dashboard/checknew') else: session['failedTimes'] += 1 web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',) return web.seeother('/login?msg=%s' % self.auth_result)
def sendmail(to, msg, cc=None): cc = cc or [] if config.get("dummy_sendmail"): print "To:", to print "From:", config.from_address print "Subject:", msg.subject print print web.safestr(msg) else: web.sendmail(config.from_address, to, subject=msg.subject.strip(), message=web.safestr(msg), cc=cc)
def sendmail(to, msg, cc=None): cc = cc or [] if config.get('dummy_sendmail'): print 'To:', to print 'From:', config.from_address print 'Subject:', msg.subject print print web.safestr(msg) else: web.sendmail(config.from_address, to, subject=msg.subject.strip(), message=web.safestr(msg), cc=cc)
def add(self, data): self.cn = data.get('cn', '') self.mail = web.safestr(data.get('mail')).strip().lower() if not iredutils.is_email(self.mail): return (False, 'INVALID_MAIL') # Check admin exist. connutils = connUtils.Utils() if connutils.isAdminExists(self.mail): return (False, 'ALREADY_EXISTS') # Get domainGlobalAdmin setting. self.domainGlobalAdmin = web.safestr(data.get('domainGlobalAdmin', 'no')) if self.domainGlobalAdmin not in ['yes', 'no', ]: self.domainGlobalAdmin = 'no' # Get language setting. self.preferredLanguage = web.safestr(data.get('preferredLanguage', 'en_US')) # Get new password. self.newpw = web.safestr(data.get('newpw')) self.confirmpw = web.safestr(data.get('confirmpw')) result = iredutils.verify_new_password(self.newpw, self.confirmpw) if result[0] is True: self.passwd = result[1] else: return result try: self.conn.insert( 'admin', username=self.mail, name=self.cn, password=iredutils.generate_password_hash(self.passwd), language=self.preferredLanguage, created=iredutils.get_gmttime(), active='1', ) if self.domainGlobalAdmin == 'yes': self.conn.insert( 'domain_admins', username=self.mail, domain='ALL', created=iredutils.get_gmttime(), active='1', ) web.logger(msg="Create admin: %s." % (self.mail), event='create',) return (True,) except Exception, e: return (False, str(e))
def sendmail(to, msg, cc=None): cc = cc or [] if config.get('dummy_sendmail'): message = ('' + 'To: ' + to + '\n' + 'From:' + config.from_address + '\n' + 'Subject:' + msg.subject + '\n' + '\n' + web.safestr(msg)) print >> web.debug, "sending email", message else: web.sendmail(config.from_address, to, subject=msg.subject.strip(), message=web.safestr(msg), cc=cc)
def POST(self): i = web.input() # Get domain name, username, cn. self.cur_domain = web.safestr(i.get('domainName')) self.username = web.safestr(i.get('username')) userLib = user.User() result = userLib.add(domain=self.cur_domain, data=i) if result[0] is True: return web.seeother('/profile/user/general/%s?msg=CREATED_SUCCESS' % (self.username + '@' + self.cur_domain)) else: return web.seeother('/create/user/%s?msg=%s' % (self.cur_domain, result[1]))
def POST(self, domain): i = web.input() # Get domain name, username, cn. self.username = web.safestr(i.get('username', '')) self.cur_domain = web.safestr(i.get('domainName', '')) userLib = userlib.User() result = userLib.add(domain=self.cur_domain, data=i) if result[0] is True: raise web.seeother('/profile/user/general/%s@%s?msg=CREATED' % (self.username, self.cur_domain)) else: raise web.seeother('/create/user/%s?msg=%s' % (self.cur_domain, web.urlquote(result[1])))
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) self.username, self.domain = self.mail.split('@', 1) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn mod_attrs = [] if self.profile_type == 'general': # Get preferredLanguage. lang = web.safestr(data.get('preferredLanguage', 'en_US')) mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', lang)] # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.username) first_name = data.get('first_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='givenName', value=first_name, default=self.username) last_name = data.get('last_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='sn', value=last_name, default=self.username) # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get('username') == self.mail and \ session.get('lang', 'en_US') != lang: session['lang'] = lang except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e))
def _sendmail(to, msg, cc=None, frm=None): cc = cc or [] frm = frm or config.from_address if config.get('dummy_sendmail'): message = ('' + 'To: ' + to + '\n' + 'From:' + config.from_address + '\n' + 'Subject:' + msg.subject + '\n' + '\n' + web.safestr(msg)) print("sending email", message, file=web.debug) else: web.sendmail(frm, to, subject=msg.subject.strip(), message=web.safestr(msg), cc=cc)
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') sql_vars = {'username': self.mail, } if self.profile_type == 'general': # Get name self.cn = data.get('cn', '') # Get preferred language. self.preferredLanguage = str(data.get('preferredLanguage', 'en_US')) # Update in SQL db. try: self.conn.update( 'admin', vars=sql_vars, where='username=$username', name=self.cn, language=self.preferredLanguage, ) # Update language immediately. if session.get('username') == self.mail and \ session.get('lang', 'en_US') != self.preferredLanguage: session['lang'] = self.preferredLanguage except Exception, e: return (False, str(e)) if session.get('domainGlobalAdmin') is True: # Update account status self.accountStatus = '0' # Disabled if 'accountStatus' in data.keys(): self.accountStatus = '1' # Active try: self.conn.update( 'admin', vars=sql_vars, where='username=$username', active=self.accountStatus, ) except Exception, e: return (False, str(e))
def ldif_mailadmin(mail, passwd, cn, preferredLanguage='en_US', domainGlobalAdmin='no'): mail = web.safestr(mail).lower() ldif = [ ('objectClass', ['mailAdmin']), ('mail', [mail]), ('userPassword', [str(passwd)]), ('accountStatus', ['active']), ('preferredLanguage', [web.safestr(preferredLanguage)]), ('domainGlobalAdmin', ['yes']), ] ldif += ldaputils.getLdifOfSingleAttr(attr='cn', value=cn, default=mail.split('@', 1)[0],) return ldif
def generate_ids(): wd_to_gt = load_wd_mapping() # Govtrack for pol in govtrack.parse_basics(): current_member = False collision = False watchdog_id = tools.getWatchdogID(pol.get('represents'),pol.lastname) if watchdog_id: current_member = True # pol.represents should always be the same as current_member, if we # remove the origional politician.json file we can use that # instead. assert(pol.represents) else: try: assert(not pol.get('represents')) except: print "no watchdog id for", web.safestr(pol.name), web.safestr(pol.represents) continue watchdog_id = gen_pol_id(pol) if watchdog_id in wd_to_gt and \ wd_to_gt[watchdog_id]['govtrack_id'] != pol.id: collision = True if (not collision) or current_member: if watchdog_id not in wd_to_gt: wd_to_gt[watchdog_id] = {} wd_to_gt[watchdog_id]['govtrack_id'] = pol.id if collision: wd_to_gt[watchdog_id]['collision'] = True if current_member: wd_to_gt[watchdog_id]['current_member'] = True # Votesmart for district, cands in votesmart.candidates(): district=tools.fix_district_name(district) for pol in cands: watchdog_id = tools.getWatchdogID(district, pol['lastName']) if not watchdog_id: watchdog_id = gen_pol_id(pol) vsid=pol['candidateId'] #TODO: Could use some more checking to be sure we are 1. adding the # correct votesmart id to the correct watchdog_id (eg. in the # case that there was a collision in processing the govtrack # data). And 2. aren't creating a new watchdog_id when there # was already one for this person. if watchdog_id not in wd_to_gt: wd_to_gt[watchdog_id] = {} wd_to_gt[watchdog_id]['votesmart_id'] = vsid return wd_to_gt
def GET(self, profile_type, mail): i = web.input() self.mail = web.safestr(mail) self.profile_type = web.safestr(profile_type) if not iredutils.isEmail(self.mail): return web.seeother("/admins?msg=INVALID_MAIL") if session.get("domainGlobalAdmin") is not True and session.get("username") != self.mail: # Don't allow to view/update other admins' profile. return web.seeother("/profile/admin/general/%s?msg=PERMISSION_DENIED" % session.get("username")) adminLib = adminlib.Admin() result = adminLib.profile(mail=self.mail) if result[0] is True: domainGlobalAdmin, profile = result[1], result[2] # Get all domains. self.allDomains = [] domainLib = domainlib.Domain() resultOfAllDomains = domainLib.getAllDomains() if resultOfAllDomains[0] is True: self.allDomains = resultOfAllDomains[1] # Get managed domains. self.managedDomains = [] qr = adminLib.getManagedDomains(admin=self.mail, domainNameOnly=True, listedOnly=True) if qr[0] is True: self.managedDomains += qr[1] return web.render( "mysql/admin/profile.html", mail=self.mail, profile_type=self.profile_type, domainGlobalAdmin=domainGlobalAdmin, profile=profile, languagemaps=languages.getLanguageMaps(), allDomains=self.allDomains, managedDomains=self.managedDomains, min_passwd_length=cfg.general.get("min_passwd_length", "0"), max_passwd_length=cfg.general.get("max_passwd_length", "0"), msg=i.get("msg"), ) else: return web.seeother("/admins?msg=" + result[1])
def websafe(text): if isinstance(text, HTML): return text elif isinstance(text, web.template.TemplateResult): return web.safestr(text) else: return _websafe(text)
def get(self, key): try: value = self._client.get(web.safestr(key)) except memcache.Client.MemcachedKeyError: return None return value and self.decompress(value)
def add(self, data): # msg: {key: value} msg = {} self.domain = web.safestr(data.get('domainName', '')).strip().lower() # Check domain name. if not iredutils.isDomain(self.domain): return (False, 'INVALID_DOMAIN_NAME') # Check whether domain name already exist (domainName, domainAliasName). connutils = connUtils.Utils() if connutils.isDomainExists(self.domain): return (False, 'ALREADY_EXISTS') self.dn = ldaputils.convKeywordToDN(self.domain, accountType='domain') self.cn = data.get('cn', None) ldif = iredldif.ldif_maildomain(domain=self.domain, cn=self.cn,) # Add domain dn. try: result = self.conn.add_s(self.dn, ldif) web.logger(msg="Create domain: %s." % (self.domain), domain=self.domain, event='create',) except ldap.ALREADY_EXISTS: msg[self.domain] = 'ALREADY_EXISTS' except ldap.LDAPError, e: msg[self.domain] = str(e)
def getDomainDefaultUserQuota(self, domain, domainAccountSetting=None,): # Return 0 as unlimited. self.domain = web.safestr(domain) self.dn = ldaputils.convKeywordToDN(self.domain, accountType='domain') if domainAccountSetting is not None: if 'defaultQuota' in domainAccountSetting.keys(): return int(domainAccountSetting['defaultQuota']) else: return 0 else: try: result = self.conn.search_s( self.dn, ldap.SCOPE_BASE, '(domainName=%s)' % self.domain, ['domainName', 'accountSetting'], ) settings = ldaputils.getAccountSettingFromLdapQueryResult(result, key='domainName',) if 'defaultQuota' in settings[self.domain].keys(): return int(settings[self.domain]['defaultQuota']) else: return 0 except Exception, e: return 0
def POST(self): form = web.input() mail = web.safestr(form.get('mail')) qr = ldap_lib_admin.add(form=form) if qr[0] is True: # Redirect to assign domains. raise web.seeother('/profile/admin/general/%s?msg=CREATED' % mail) else: raise web.seeother('/create/admin?msg=' + web.urlquote(qr[1]))
def internalerror(): i = web.input(_method='GET', debug='false') name = save_error() openlibrary.core.stats.increment('ol.internal-errors', 1) if i.debug.lower() == 'true': raise web.debugerror() else: msg = render.site(render.internalerror(name)) raise web.internalerror(web.safestr(msg))
def get(self, key): key = adapter.convert_key(key) if key is None: return None try: value = self._client.get(web.safestr(key)) except memcache.Client.MemcachedKeyError: return None return value and self.decompress(value)
def get_item_json(itemid): itemid = web.safestr(itemid.strip()) url = 'http://archive.org/metadata/%s' % itemid try: stats.begin("archive.org", url=url) metadata_json = urllib2.urlopen(url).read() stats.end() return simplejson.loads(metadata_json) except IOError: stats.end() return {}
def add(self, data): self.cn = data.get('cn') self.mail = web.safestr(data.get('mail')).strip().lower() if not iredutils.is_email(self.mail): return (False, 'INVALID_MAIL') self.domainGlobalAdmin = web.safestr(data.get('domainGlobalAdmin', 'no')) if self.domainGlobalAdmin not in ['yes', 'no', ]: self.domainGlobalAdmin = 'no' self.preferredLanguage = web.safestr(data.get('preferredLanguage', 'en_US')) # Check password. self.newpw = web.safestr(data.get('newpw')) self.confirmpw = web.safestr(data.get('confirmpw')) result = iredutils.verify_new_password(self.newpw, self.confirmpw) if result[0] is True: self.passwd = iredutils.generate_password_hash(result[1]) else: return result ldif = iredldif.ldif_mailadmin(mail=self.mail, passwd=self.passwd, cn=self.cn, preferredLanguage=self.preferredLanguage, domainGlobalAdmin=self.domainGlobalAdmin) self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn try: self.conn.add_s(self.dn, ldif) web.logger(msg="Create admin: %s." % (self.mail), event='create',) return (True,) except ldap.ALREADY_EXISTS: return (False, 'ALREADY_EXISTS') except Exception as e: return (False, ldaputils.getExceptionDesc(e))
def POST(self): i = web.input() self.mail = web.safestr(i.get('mail')) adminLib = admin.Admin() result = adminLib.add(data=i) if result[0] is True: # Redirect to assign domains. return web.seeother('/profile/admin/general/%s?msg=CREATED_SUCCESS' % self.mail) else: return web.seeother('/create/admin?msg=' + result[1])
def deleteObjWithDN(self, domain, dn, account, accountType,): self.domain = web.safestr(domain) if not iredutils.is_domain(self.domain): return (False, 'INVALID_DOMAIN_NAME') self.dn = escape_filter_chars(dn) # Used for logger. self.account = web.safestr(account) try: delete_ldap_tree(dn=self.dn, conn=self.conn) web.logger( msg="Delete %s: %s." % (str(accountType), self.account), domain=self.domain, event='delete', ) return (True,) except Exception as e: return (False, ldaputils.getExceptionDesc(e))
def __call__(self, *a): try: a = [x or "" for x in a] return str(self) % tuple(web.safestr(x) for x in a) except: traceback.print_exc() print( 'failed to substitute (%s/%s) in language %s' % (self._namespace, self._key, web.ctx.lang), file=web.debug, ) return str(self)
def ldif_mailadmin(mail, passwd, cn, account_status=None, preferred_language=None, account_setting=None, disabled_services=None): """Generate LDIF used to create a standalone domain admin account. :param mail: full email address. The mail domain cannot be one of locally hosted domain. :param passwd: hashed password string :param cn: the display name of this admin :param account_status: account status (active, disabled) :param preferred_language: short code of preferred language. e.g. en_US. :param is_global_admin: mark this admin as a global admin (yes, no) :param account_setting: a dict of per-account settings. :param disabled_services: a list/tupe/set of disabled services. """ mail = web.safestr(mail).lower() if account_status not in ['active', 'disabled']: account_status = 'disabled' ldif = ldaputils.attrs_ldif({ 'objectClass': 'mailAdmin', 'mail': mail, 'userPassword': passwd, 'accountStatus': account_status, 'domainGlobalAdmin': 'yes', 'shadowLastChange': ldaputils.get_days_of_shadow_last_change(), 'cn': cn, 'disabledService': disabled_services, }) if preferred_language: if preferred_language in iredutils.get_language_maps(): ldif += ldaputils.attr_ldif("preferredLanguage", preferred_language) if account_setting and isinstance(account_setting, dict): _as = ldaputils.account_setting_dict_to_list(account_setting) ldif += ldaputils.attr_ldif("accountSetting", _as) return ldif
def profile(self, domain): domain = web.safestr(domain) if not iredutils.is_domain(domain): return (False, 'INVALID_DOMAIN_NAME') try: qr = self.conn.query( ''' SELECT domain.domain, domain.description, domain.aliases, domain.mailboxes, domain.maxquota, domain.quota, domain.transport, domain.backupmx, domain.active, sbcc.bcc_address AS sbcc_addr, sbcc.active AS sbcc_active, rbcc.bcc_address AS rbcc_addr, rbcc.active AS rbcc_active, alias.goto AS catchall, alias.active AS catchall_active, COUNT(DISTINCT mailbox.username) AS mailbox_count, COUNT(DISTINCT alias.address) AS alias_count FROM domain LEFT JOIN sender_bcc_domain AS sbcc ON (sbcc.domain=domain.domain) LEFT JOIN recipient_bcc_domain AS rbcc ON (rbcc.domain=domain.domain) LEFT JOIN domain_admins ON (domain.domain = domain_admins.domain) LEFT JOIN mailbox ON (domain.domain = mailbox.domain) LEFT JOIN alias ON ( domain.domain = alias.address AND alias.address <> alias.goto ) WHERE domain.domain=$domain GROUP BY domain.domain, domain.description, domain.aliases, domain.mailboxes, domain.maxquota, domain.quota, domain.transport, domain.backupmx, domain.active, sbcc.bcc_address, sbcc.active, rbcc.bcc_address, rbcc.active, alias.goto, alias.active ORDER BY domain.domain LIMIT 1 ''', vars={ 'domain': domain, }, ) if len(qr) == 1: # Return first list element. return (True, list(qr)[0]) else: return (False, 'NO_SUCH_OBJECT') except Exception, e: return (False, str(e))
def _load_macro(page, lazy=False): if lazy: page = web.storage( key=page.key, macro=web.safestr(_stringify(page.macro)), description=page.description or "", ) wikimacros[page.key] = LazyTemplate(lambda: _load_macro(page)) else: t = _compile_template(page.key, page.macro) t.__doc__ = page.description or '' wikimacros[page.key] = t
def save_error(dir, prefix): try: logger.error("Error", exc_info=True) error = web.djangoerror() now = datetime.datetime.utcnow() path = '%s/%04d-%02d-%02d/%s-%02d%02d%02d.%06d.html' % (dir, \ now.year, now.month, now.day, prefix, now.hour, now.minute, now.second, now.microsecond) logger.error('Error saved to %s', path) write(path, web.safestr(error)) except: logger.error('Exception in saving the error', exc_info=True)
def POST(self): form = web.input(_unicode=False, id=[]) action = form.get('action', 'delete') delete_all = False if action == 'deleteAll': delete_all = True qr = loglib.delete_logs(form=form, delete_all=delete_all) if qr[0]: # Keep the log filter. form_domain = web.safestr(form.get('domain')) form_admin = web.safestr(form.get('admin')) form_event = web.safestr(form.get('event')) url = 'domain={}&admin={}&event={}'.format(form_domain, form_admin, form_event) raise web.seeother('/activities/admins?%s&msg=DELETED' % url) else: raise web.seeother('/activities/admins?msg=%s' % web.urlquote(qr[1]))
def sendmail(from_address, to_address, subject, message): if config.get('dummy_sendmail'): msg = ('' + 'To: ' + to_address + '\n' + 'From:' + from_address + '\n' + 'Subject:' + subject + '\n' + '\n' + web.safestr(message)) logger.info("sending email:\n%s", msg) else: web.sendmail(from_address, to_address, subject, message)
def POST(self): i = web.input() self.mail = web.safestr(i.get('mail')) adminLib = adminlib.Admin() result = adminLib.add(data=i) if result[0] is True: # Redirect to assign domains. raise web.seeother('/profile/admin/general/%s?msg=CREATED' % self.mail) else: raise web.seeother('/create/admin?msg=' + web.urlquote(result[1]))
def POST(self): # Get username, password. i = web.input(_unicode=False) username = web.safestr(i.get('username').strip()) password = str(i.get('password').strip()) save_pass = web.safestr(i.get('save_pass', 'no').strip()) auth = core.Auth() auth_result = auth.auth(username=username, password=password) if auth_result[0] is True: # Config session data. web.config.session_parameters['cookie_name'] = 'iRedAdmin' # Session expire when client ip was changed. web.config.session_parameters['ignore_change_ip'] = False # Don't ignore session expiration. web.config.session_parameters['ignore_expiry'] = False if save_pass == 'yes': # Session timeout (in seconds). web.config.session_parameters['timeout'] = 86400 # 24 hours else: # Expire session when browser closed. web.config.session_parameters['timeout'] = 600 # 10 minutes web.logger( msg="Login success", event='login', ) return web.seeother('/dashboard/checknew') else: session['failedTimes'] += 1 web.logger( msg="Login failed.", admin=username, event='login', loglevel='error', ) return web.seeother('/login?msg=%s' % auth_result[1])
def ldif_mailExternalUser(mail, ): mail = web.safestr(mail).lower() if not iredutils.is_email(mail): return None listname, domain = mail.split('@') ldif = [ ('objectClass', ['mailExternalUser']), ('accountStatus', ['active']), ('memberOfGroup', [mail]), ('enabledService', ['mail', 'deliver']), ] return ldif
def proxyfunc(*args, **kw): # Check domain global admin. if session.get('domainGlobalAdmin') is True: return func(*args, **kw) else: if 'mail' in kw.keys() and iredutils.is_email(kw.get('mail')): domain = web.safestr(kw['mail']).split('@')[-1] elif 'domain' in kw.keys() and iredutils.is_domain( kw.get('domain')): domain = web.safestr(kw['domain']) else: return (False, 'PERMISSION_DENIED') # Check whether is domain admin. validator = Validator() if validator.is_domainAdmin( domain=domain, admin=session.get('username'), ): return func(*args, **kw) else: return (False, 'PERMISSION_DENIED')
def generate_hash(secret_key, text, salt=None): if not isinstance(secret_key, bytes): secret_key = secret_key.encode('utf-8') salt = ( salt or hmac.HMAC( secret_key, str(random.random()).encode('utf-8'), hashlib.md5 ).hexdigest()[:5] ) hash = hmac.HMAC( secret_key, (salt + web.safestr(text)).encode('utf-8'), hashlib.md5 ).hexdigest() return f'{salt}${hash}'
def enableOrDisableAccount( self, domain, mails, action, attr='accountStatus', ): if mails is None or len(mails) == 0: return (False, 'NO_ACCOUNT_SELECTED') self.mails = [ str(v) for v in mails if iredutils.is_email(v) and str(v).endswith('@' + str(domain)) ] result = {} connutils = connUtils.Utils() for mail in self.mails: self.mail = web.safestr(mail) if not iredutils.is_email(self.mail): continue self.domain = self.mail.split('@')[-1] self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='user') if self.dn[0] is False: result[self.mail] = self.dn[1] continue try: connutils.enableOrDisableAccount( domain=self.domain, account=self.mail, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger='user', ) except ldap.LDAPError, e: result[self.mail] = str(e)
def write_sitemaps(data, outdir, prefix): timestamp = datetime.datetime.utcnow().isoformat() + 'Z' # maximum permitted entries in one sitemap is 50K. for i, rows in enumerate(web.group(data, 50000)): filename = "sitemap_%s_%04d.xml.gz" % (prefix, i) print("generating", filename, file=sys.stderr) sitemap = web.safestr(t_sitemap(rows)) path = os.path.join(outdir, filename) gzwrite(path, sitemap) yield filename, timestamp
def _get_metadata(itemid): """Returns metadata by querying the archive.org metadata API. """ itemid = web.safestr(itemid.strip()) url = '%s/metadata/%s' % (IA_BASE_URL, itemid) try: stats.begin('archive.org', url=url) metadata = requests.get(url) stats.end() return metadata.json() except IOError: stats.end() return {}
def delete(self, domain, mails=[]): if mails is None or len(mails) == 0: return (False, 'NO_ACCOUNT_SELECTED') self.domain = web.safestr(domain) self.mails = [ str(v) for v in mails if iredutils.isEmail(v) and str(v).endswith('@' + self.domain) ] self.domaindn = ldaputils.convKeywordToDN(self.domain, accountType='domain') if not iredutils.isDomain(self.domain): return (False, 'INVALID_DOMAIN_NAME') result = {} for mail in self.mails: self.mail = web.safestr(mail) try: # Delete user object (ldap.SCOPE_BASE). self.deleteSingleUser(self.mail, ) # Delete user object and whole sub-tree. # Get dn of mail user and domain. """ self.userdn = ldaputils.convKeywordToDN(self.mail, accountType='user') deltree.DelTree(self.conn, self.userdn, ldap.SCOPE_SUBTREE) # Log delete action. web.logger( msg="Delete user: %s." % (self.mail), domain=self.mail.split('@')[1], event='delete', ) """ except ldap.LDAPError, e: result[self.mail] = ldaputils.getExceptionDesc(e)
def getAllAliasDomains( self, domains, namesOnly=False, ): if isinstance(domains, list): domains = [v.lower() for v in domains if iredutils.isDomain(v)] else: domains = str(domains) if not iredutils.isDomain(domains): return (False, 'INVALID_DOMAIN_NAME') else: domains = [domains] try: qr = self.conn.select( 'dbmail_alias_domains', vars={ 'domains': domains, }, where='target_domain IN $domains', ) if namesOnly is True: target_domains = {} for r in qr: target_domain = web.safestr(r.target_domain) if target_domain in target_domains: target_domains[target_domain] += [ web.safestr(r.alias_domain) ] else: target_domains[target_domain] = [ web.safestr(r.alias_domain) ] return (True, target_domains) else: return (True, list(qr)) except Exception, e: return (False, str(e))
def sendmail(self, to, msg, cc=None): cc = cc or [] subject = msg.subject.strip() body = web.safestr(msg).strip() if config.get('dummy_sendmail'): print >> web.debug, 'To:', to print >> web.debug, 'From:', config.from_address print >> web.debug, 'Subject:', subject print >> web.debug print >> web.debug, body else: web.sendmail(config.from_address, to, subject=subject, message=body, cc=cc)
def get_language_maps() -> Dict: # Get available languages file. rootdir = os.path.abspath(os.path.dirname(__file__)) + "/../" available_langs = [ web.safestr(os.path.basename(v)) for v in glob.glob(rootdir + "i18n/[a-z][a-z]_[A-Z][A-Z]") if os.path.basename(v) in l10n.langmaps ] available_langs += [ web.safestr(os.path.basename(v)) for v in glob.glob(rootdir + "i18n/[a-z][a-z]") if os.path.basename(v) in l10n.langmaps ] # Get language maps. languagemaps = {} for i in available_langs: if i in l10n.langmaps: languagemaps.update({i: l10n.langmaps[i]}) return languagemaps
def make_index(dump_file): """Make index with "path", "title", "created" and "last_modified" columns.""" for type, key, revision, timestamp, json_data in read_tsv(dump_file): data = json.loads(json_data) if type in ("/type/edition", "/type/work"): title = data.get("title", "untitled") path = key + "/" + urlsafe(title) elif type == "/type/author": title = data.get("name", "unnamed") path = key + "/" + urlsafe(title) else: title = data.get("title", key) path = key title = title.replace("\t", " ") if "created" in data: created = data["created"]["value"] else: created = "-" print("\t".join([web.safestr(path), web.safestr(title), created, timestamp]))
def enableOrDisableAccount(self, domains, action, attr='accountStatus',): if domains is None or len(domains) == 0: return (False, 'NO_DOMAIN_SELECTED') result = {} connutils = connUtils.Utils() for domain in domains: self.domain = web.safestr(domain) self.dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.dn[0] is False: return self.dn try: connutils.enableOrDisableAccount( domain=self.domain, account=self.domain, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger='domain', ) except ldap.LDAPError, e: result[self.domain] = str(e)
def GET(self, domain='', cur_page=1): domain = web.safestr(domain).split('/', 1)[0] cur_page = int(cur_page) if not iredutils.is_domain(domain): raise web.seeother('/domains?msg=INVALID_DOMAIN_NAME') if cur_page == 0: cur_page = 1 i = web.input() domainLib = domainlib.Domain() result = domainLib.listAccounts(attrs=[ 'domainName', 'accountStatus', ]) if result[0] is True: allDomains = result[1] else: return result userLib = user.User() result = userLib.listAccounts(domain=domain) if result[0] is True: connutils = connUtils.Utils() sl = connutils.getSizelimitFromAccountLists( result[1], curPage=cur_page, sizelimit=settings.PAGE_SIZE_LIMIT, accountType='user', domain=domain, ) accountList = sl.get('accountList', []) if cur_page > sl.get('totalPages'): cur_page = sl.get('totalPages') return web.render( 'ldap/user/list.html', cur_page=cur_page, total=sl.get('totalAccounts'), users=accountList, cur_domain=domain, allDomains=allDomains, accountUsedQuota={}, msg=i.get('msg'), ) else: raise web.seeother('/domains?msg=%s' % web.urlquote(result[1]))
def GET(self, profile_type, domain): form = web.input() domain = web.safestr(domain).lower() _wrap = LDAPWrap() conn = _wrap.conn qr = ldap_lib_domain.get_profile(domain=domain, conn=conn) if not qr[0]: raise web.seeother('/domains?msg=' + web.urlquote(qr[1])) domain_profile = qr[1]['ldif'] r = ldap_lib_domain.list_accounts(attributes=['domainName'], conn=conn) if r[0] is True: all_domains = r[1] else: return r domain_account_settings = ldaputils.get_account_setting_from_profile( domain_profile) (min_passwd_length, max_passwd_length) = ldap_lib_general.get_domain_password_lengths( domain=domain, account_settings=domain_account_settings, fallback_to_global_settings=False) # Get settings from db. _settings = iredutils.get_settings_from_db( params=['min_passwd_length', 'max_passwd_length']) global_min_passwd_length = _settings['min_passwd_length'] global_max_passwd_length = _settings['max_passwd_length'] return web.render( 'ldap/domain/profile.html', cur_domain=domain, allDomains=all_domains, domain_account_settings=domain_account_settings, profile=domain_profile, profile_type=profile_type, global_min_passwd_length=global_min_passwd_length, global_max_passwd_length=global_max_passwd_length, min_passwd_length=min_passwd_length, max_passwd_length=max_passwd_length, timezones=TIMEZONES, default_mta_transport=settings.default_mta_transport, languagemaps=iredutils.get_language_maps(), msg=form.get('msg', None), )