def get_user_account(username, **kwargs):
"""
Load the user account information.
Variables:
username => Name of the user to get the account info
Arguments:
load_avatar => If exists, this will load the avatar as well
Data Block:
None
Result example:
{
"name": "Test user", # Name of the user
"is_active": true, # Is the user active?
"classification": "", # Max classification for user
"uname": "usertest", # Username
"is_admin": false, # Is the user admin?
"avatar": null, # Avatar of the user
"groups": ["TEST"] # Groups the user is member of
}
"""
if username != kwargs['user']['uname'] and not kwargs['user']['is_admin']:
return make_api_response(
{}, "You are not allow to view other users then yourself.", 403)
user = STORAGE.get_user_account(username)
if not user:
return make_api_response({}, "User %s does not exists" % username, 404)
user['2fa_enabled'] = user.pop('otp_sk', None) is not None
user['apikeys'] = [x[0] for x in user.get('apikeys', [])]
user['has_password'] = user.pop('password', None) is not None
user['u2f_enabled'] = len(user.pop('u2f_devices', [])) != 0
if "api_quota" not in user:
user['api_quota'] = ACCOUNT_DEFAULT.get('api_quota', 10)
if "submission_quota" not in user:
user['submission_quota'] = ACCOUNT_DEFAULT.get('submission_quota', 5)
if "load_avatar" in request.args:
user['avatar'] = STORAGE.get_user_avatar(username)
return make_api_response(user)
def login():
if request.environ.get("HTTP_X_REMOTE_CERT_VERIFIED",
"FAILURE") == "SUCCESS":
dn = ",".join(
request.environ.get("HTTP_X_REMOTE_DN").split("/")[::-1][:-1])
else:
dn = ""
avatar = None
username = ''
alternate_login = '******'
if dn:
u_list = STORAGE.advanced_search('user',
'dn:"%s"' % dn,
args=[('fl', '_yz_rk')
])['response']['docs']
if len(u_list):
username = u_list[0]['_yz_rk']
avatar = STORAGE.get_user_avatar(
username) or "/static/images/user_default.png"
alternate_login = '******'
else:
try:
username = dn.rsplit('CN=', 1)[1]
except IndexError:
username = dn
avatar = "/static/images/user_default.png"
alternate_login = '******'
if config.auth.get('encrypted_login', True):
public_key = STORAGE.get_blob('id_rsa.pub')
if not public_key:
public_key, private_key = generate_async_keys(
key_size=config.ui.get('rsa_key_size', 2048))
STORAGE.save_blob('id_rsa.pub', public_key)
STORAGE.save_blob('id_rsa', private_key)
else:
public_key = None
next_url = angular_safe(request.args.get('next', "/"))
return custom_render("login.html",
next=next_url,
public_key=public_key,
avatar=avatar,
username=username,
alternate_login=alternate_login)
def get_user_avatar(username, **_):
"""
Loads the user's avatar.
Variables:
username => Name of the user you want to get the avatar for
Arguments:
None
Data Block:
None
Result example:
"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD..."
"""
avatar = STORAGE.get_user_avatar(username)
return make_api_response(avatar)
def base(*args, **kwargs):
# Validate User-Agent
user_agent = request.environ.get("HTTP_USER_AGENT",
"Unknown browser")
if "MSIE 8" in user_agent or "MSIE 9" in user_agent or "MSIE 7" in user_agent or "MSIE 6" in user_agent:
return redirect(redirect_helper("/unsupported.html"))
# Create Path
path = request.path + "?" + request.query_string
# Login
try:
session_id = flsk_session.get("session_id", None)
if not session_id:
abort(401)
session = KV_SESSION.get(session_id)
if not session:
abort(401)
else:
session = json.loads(session)
cur_time = now()
if session.get('expire_at', 0) < cur_time:
KV_SESSION.pop(session_id)
abort(401)
else:
session['expire_at'] = cur_time + session.get(
'duration', 3600)
if request.headers.get("X-Forward-For", None) != session.get('ip', None) or \
request.headers.get("User-Agent", None) != session.get('user_agent', None):
abort(401)
KV_SESSION.set(session_id, session)
logged_in_uname = session.get("username", None)
if not set(self.required_priv).intersection(
set(session.get("privileges", []))):
abort(401)
user = login(logged_in_uname, path)
if self.require_admin and not user['is_admin']:
raise AccessDeniedException(
"Url '%s' requires ADMIN privileges" % request.path)
except AccessDeniedException:
raise
if self.audit:
json_blob = request.json
if not isinstance(json_blob, dict):
json_blob = {}
params_list = list(args) + \
["%s=%s" % (k, v) for k, v in kwargs.iteritems() if k in AUDIT_KW_TARGET] + \
["%s=%s" % (k, v) for k, v in request.args.iteritems() if k in AUDIT_KW_TARGET] + \
["%s=%s" % (k, v) for k, v in json_blob.iteritems() if k in AUDIT_KW_TARGET]
AUDIT_LOG.info("%s [%s] :: %s(%s)" %
(logged_in_uname, user['classification'],
func.func_name, ", ".join(params_list)))
# Dump Generic KWARGS
kwargs['build_master'] = "%s.%s" % (BUILD_MASTER, BUILD_LOWER)
kwargs['user'] = user
kwargs['user_js'] = json.dumps(user)
kwargs['debug'] = str(DEBUG).lower()
kwargs['menu'] = create_menu(user, path)
kwargs['avatar'] = STORAGE.get_user_avatar(user['uname'])
kwargs['is_prod'] = SYSTEM_NAME == "production"
options = STORAGE.get_user_options(user['uname'])
if not request.path == "/terms.html":
if not user.get('agrees_with_tos', False) and config.ui.get(
"tos", None) is not None:
return redirect(redirect_helper("/terms.html"))
if not options and not request.path == "/settings.html":
return redirect(redirect_helper("/settings.html?forced"))
if self.load_options:
kwargs['options'] = json.dumps(options)
kwargs["build_no"] = BUILD_NO
return func(*args, **kwargs)
