def test_get_url_input_invalid_urls(request_context: RequestContextFixture,
invalid_url: str) -> None:
html.request.set_var("varname", invalid_url)
with pytest.raises(MKUserError) as e:
global_request.get_url_input("varname")
assert "not a valid URL" in "%s" % e
def page(self) -> None:
assert user.id is not None
html.set_render_headfoot(False)
html.add_body_css_class("login")
html.add_body_css_class("two_factor")
html.header(_("Two-factor authentication"), Breadcrumb(), javascripts=[])
html.open_div(id_="login")
html.open_div(id_="login_window")
html.open_a(href="https://checkmk.com")
html.img(
src=theme.detect_icon_path(icon_name="logo", prefix="mk-"),
id_="logo",
class_="custom" if theme.has_custom_logo() else None,
)
html.close_a()
if not is_two_factor_login_enabled(user.id):
raise MKGeneralException(_("Two-factor authentication not enabled"))
html.begin_form(
"two_factor_login", method="POST", add_transid=False, action="user_login_two_factor.py"
)
html.prevent_password_auto_completion()
html.hidden_field(
"_origtarget", origtarget := request.get_url_input("_origtarget", "index.py")
)
if backup_code := request.get_ascii_input("_backup_code"):
if is_two_factor_backup_code_valid(user.id, backup_code):
set_two_factor_completed()
raise HTTPRedirect(origtarget)
def page_login() -> None:
title = _("Checkmk Mobile")
mobile_html_head(title)
jqm_page_header(title, id_="login")
html.div(_("Welcome to Checkmk Mobile."), id_="loginhead")
html.begin_form("login", method='POST', add_transid=False)
# Keep information about original target URL
default_origtarget = "index.py" if requested_file_name(request) in ["login", "logout"
] else makeuri(request, [])
origtarget = request.get_url_input("_origtarget", default_origtarget)
html.hidden_field('_origtarget', escaping.escape_attribute(origtarget))
html.text_input("_username", label=_("Username:"******"username", id_="input_user")
html.password_input(
"_password",
size=None,
label=_("Password:"******"current-password",
id_="input_pass",
)
html.br()
html.button("_login", _('Login'))
html.set_focus("_username")
html.end_form()
html.open_div(id_="loginfoot")
html.img("themes/facelift/images/logo_cmk_small.png", class_="logomk")
html.div(HTML(_("© <a target=\"_blank\" href=\"https://checkmk.com\">tribe29 GmbH</a>")),
class_="copyright")
html.close_div() # close content-div
html.close_div()
html.close_div() # close page-div
mobile_html_foot()
def _from_vars(self):
self._what = html.request.var("what")
if self._what not in ["host", "folder"]:
raise NotImplementedError()
self._ident = html.request.var("ident")
self._back_url = global_request.get_url_input("back_url")
if not self._back_url or not self._back_url.startswith("wato.py"):
raise MKUserError("back_url", _("Invalid back URL provided."))
def page(self) -> None:
title = _("Replicate user profile")
breadcrumb = make_simple_page_breadcrumb(
mega_menu_registry.menu_user(), title)
html.header(title, breadcrumb, self._page_menu(breadcrumb))
for message in get_flashed_messages():
html.show_message(message)
# Now, if in distributed environment where users can login to remote sites, set the trigger for
# pushing the new user profile to the remote sites asynchronously
user_profile_async_replication_page(
back_url=request.get_url_input("back", "user_profile.py"))
def test_get_url_input(request_context: RequestContextFixture) -> None:
global_request.set_var("url", "view.py?bla=blub")
global_request.set_var("no_url", "2")
global_request.set_var("invalid_url", "http://bla/")
with pytest.raises(MKUserError) as e:
global_request.get_url_input("not_existing")
assert "is missing" in "%s" % e
assert global_request.get_url_input("get_default", "my_url.py") == "my_url.py"
assert global_request.get_url_input("get_default", "http://bla/") == "http://bla/"
assert global_request.get_url_input("url") == "view.py?bla=blub"
assert global_request.get_url_input("no_url") == "2"
with pytest.raises(MKUserError) as e:
global_request.get_url_input("invalid_url")
assert "not a valid" in "%s" % e
assert global_request.get_url_input("no_url") == "2"
def _from_vars(self) -> None:
user.need_permission("wato.download_agent_output")
host_name = request.var("host")
if not host_name:
raise MKGeneralException(_("The host is missing."))
ty = request.var("type")
if ty not in ["walk", "agent"]:
raise MKGeneralException(_("Invalid type specified."))
self._back_url = request.get_url_input("back_url", deflt="") or None
host = watolib.Folder.current().host(host_name)
if not host:
raise MKGeneralException(
_("Host is not managed by WATO. "
'Click <a href="%s">here</a> to go back.') %
escape_attribute(self._back_url))
host.need_permission("read")
self._request = FetchAgentOutputRequest(host=host, agent_type=ty)
def _paint_download_host_info(what, row, tags, host_custom_vars, ty):
if ((what == "host" or
(what == "service" and row["service_description"] == "Check_MK"))
and user.may("wato.download_agent_output")
and not row["host_check_type"] == 2): # Not for shadow hosts
# Not 100% acurate to use the tags here, but this is the best we can do
# with the available information.
# Render "download agent output" for non agent hosts, because there might
# be piggyback data available which should be downloadable.
if ty == "walk" and "snmp" not in tags:
return
if ty == "agent" and "snmp" in tags and "tcp" not in tags:
return
params = [
("host", row["host_name"]),
("folder", _wato_folder_from_filename(row["host_filename"])),
("type", ty),
("_start", "1"),
]
# When the download icon is part of the host/service action menu, then
# the _back_url set in paint_action_menu() needs to be used. Otherwise
# makeuri(request, []) (not request.requested_uri()) is the right choice.
back_url = request.get_url_input("_back_url", makeuri(request, []))
if back_url:
params.append(("back_url", back_url))
if ty == "agent":
title = _("Download agent output")
else:
title = _("Download SNMP walk")
url = makeuri_contextless(request,
params,
filename="fetch_agent_output.py")
return "agents", title, url
def _from_vars(self) -> None:
config.user.need_permission("wato.download_agent_output")
host_name = html.request.var("host")
if not host_name:
raise MKGeneralException(_("The host is missing."))
ty = html.request.var("type")
if ty not in ["walk", "agent"]:
raise MKGeneralException(_("Invalid type specified."))
self._back_url = global_request.get_url_input("back_url", deflt="") or None
watolib.init_wato_datastructures(with_wato_lock=True)
host = watolib.Folder.current().host(host_name)
if not host:
raise MKGeneralException(
_("Host is not managed by WATO. "
"Click <a href=\"%s\">here</a> to go back.") % escape_attribute(self._back_url))
host.need_permission("read")
self._request = FetchAgentOutputRequest(host=host, agent_type=ty)
def _get_start_url() -> str:
default_start_url = user.start_url or config.start_url
if not utils.is_allowed_url(default_start_url):
default_start_url = "dashboard.py"
return request.get_url_input("start_url", default_start_url)
def _show_login_page(self) -> None:
html.set_render_headfoot(False)
html.add_body_css_class("login")
html.header(get_page_heading(), Breadcrumb(), javascripts=[])
default_origtarget = ("index.py" if requested_file_name(request)
in ["login", "logout"] else makeuri(request, []))
origtarget = request.get_url_input("_origtarget", default_origtarget)
# Never allow the login page to be opened in the iframe. Redirect top page to login page.
# This will result in a full screen login page.
html.javascript("""if(top != self) {
window.top.location.href = location;
}""")
# When someone calls the login page directly and is already authed redirect to main page
if requested_file_name(request) == "login" and _check_auth(request):
raise HTTPRedirect(origtarget)
html.open_div(id_="login")
html.open_div(id_="login_window")
html.open_a(href="https://checkmk.com")
html.img(
src=theme.detect_icon_path(icon_name="logo", prefix="mk-"),
id_="logo",
class_="custom" if theme.has_custom_logo() else None,
)
html.close_a()
html.begin_form("login",
method="POST",
add_transid=False,
action="login.py")
html.hidden_field("_login", "1")
html.hidden_field("_origtarget", origtarget)
html.label("%s:" % _("Username"),
id_="label_user",
class_=["legend"],
for_="_username")
html.br()
html.text_input("_username", id_="input_user")
html.label("%s:" % _("Password"),
id_="label_pass",
class_=["legend"],
for_="_password")
html.br()
html.password_input("_password", id_="input_pass", size=None)
if user_errors:
html.open_div(id_="login_error")
html.show_user_errors()
html.close_div()
html.open_div(id_="button_text")
html.button("_login", _("Login"), cssclass="hot")
html.close_div()
html.close_div()
html.open_div(id_="foot")
if config.login_screen.get("login_message"):
html.open_div(id_="login_message")
html.show_message(config.login_screen["login_message"])
html.close_div()
footer: List[HTML] = []
for title, url, target in config.login_screen.get("footer_links", []):
footer.append(html.render_a(title, href=url, target=target))
if "hide_version" not in config.login_screen:
footer.append(escape_html("Version: %s" % cmk_version.__version__))
footer.append(
HTML("© %s" % html.render_a(
"tribe29 GmbH", href="https://tribe29.com", target="_blank")))
html.write_html(HTML(" - ").join(footer))
if cmk_version.is_raw_edition():
html.br()
html.br()
html.write_text(
_('You can use, modify and distribute Check_MK under the terms of the <a href="%s" target="_blank">'
"GNU GPL Version 2</a>.") % "https://checkmk.com/gpl.html")
html.close_div()
html.set_focus("_username")
html.hidden_fields()
html.end_form()
html.close_div()
html.footer()
def _do_login(self) -> None:
"""handle the sent login form"""
if not request.var("_login"):
return
try:
if not config.user_login:
raise MKUserError(None,
_("Login is not allowed on this site."))
username_var = request.get_unicode_input("_username", "")
assert username_var is not None
username = UserId(username_var.rstrip())
if not username:
raise MKUserError("_username", _("Missing username"))
password = request.var("_password", "")
if not password:
raise MKUserError("_password", _("Missing password"))
default_origtarget = url_prefix() + "check_mk/"
origtarget = request.get_url_input("_origtarget",
default_origtarget)
# Disallow redirections to:
# - logout.py: Happens after login
# - side.py: Happens when invalid login is detected during sidebar refresh
if "logout.py" in origtarget or "side.py" in origtarget:
origtarget = default_origtarget
result = userdb.check_credentials(username, password)
if result:
# use the username provided by the successful login function, this function
# might have transformed the username provided by the user. e.g. switched
# from mixed case to lower case.
username = result
session_id = userdb.on_succeeded_login(username)
# The login succeeded! Now:
# a) Set the auth cookie
# b) Unset the login vars in further processing
# c) Redirect to really requested page
_create_auth_session(username, session_id)
# Never use inplace redirect handling anymore as used in the past. This results
# in some unexpected situations. We simpy use 302 redirects now. So we have a
# clear situation.
# userdb.need_to_change_pw returns either False or the reason description why the
# password needs to be changed
change_pw_result = userdb.need_to_change_pw(username)
if change_pw_result:
raise HTTPRedirect(
"user_change_pw.py?_origtarget=%s&reason=%s" %
(urlencode(origtarget), change_pw_result))
raise HTTPRedirect(origtarget)
userdb.on_failed_login(username)
raise MKUserError(None, _("Invalid login"))
except MKUserError as e:
user_errors.add(e)
def test_get_url_input(register_builtin_html):
global_request.set_var("url", "view.py?bla=blub")
global_request.set_var("no_url", "2")
global_request.set_var("invalid_url", "http://bla/")
global_request.set_var("invalid_char", "viäw.py")
global_request.set_var("invalid_char2", "vi+w.py")
with pytest.raises(MKUserError) as e:
global_request.get_url_input("not_existing")
assert "is missing" in "%s" % e
assert global_request.get_url_input("get_default", "my_url.py") == "my_url.py"
assert global_request.get_url_input("get_default", "http://bla/") == "http://bla/"
assert global_request.get_url_input("url") == "view.py?bla=blub"
assert global_request.get_url_input("no_url") == "2"
with pytest.raises(MKUserError) as e:
global_request.get_url_input("invalid_url")
assert "not a valid" in "%s" % e
with pytest.raises(MKUserError) as e:
global_request.get_url_input("invalid_char")
assert "not a valid" in "%s" % e
with pytest.raises(MKUserError) as e:
global_request.get_url_input("invalid_char2")
assert "not a valid" in "%s" % e
assert global_request.get_url_input("no_url") == "2"
def test_get_url_input_invalid_urls(register_builtin_html, invalid_url):
html.request.set_var("varname", invalid_url)
with pytest.raises(MKUserError) as e:
global_request.get_url_input("varname")
assert "not a valid URL" in "%s" % e
def back_url(self):
return request.get_url_input("back_url", deflt="")