def index(req: Request): uuid = uuid4().hex env[uuid] = {'session_id': uuid} response = HTMLResponse( templates.TemplateResponse('index.html', {'endpoints': endpoints})) response.set_cookie('sessionId', uuid) return response
async def handle_401_403(request, call_next): response = await call_next(request) request_dict = dict(request) if response.status_code in [401, 404]: if 'text/html' in request.headers['accept']: if response.status_code == 404: return HTMLResponse(self.admin.not_found_page(), status_code=404) response = HTMLResponse(self.admin.login_page( welcome_message='Login Required'), status_code=401) response.set_cookie('token', 'INVALID') response.set_cookie('ref', request.__dict__['scope']['path']) if response.status_code == 500: log.error( f"Internal error - 500 - with request: {request.__dict__}") return response
async def handle_401_403(request, call_next): response = await call_next(request) request_dict = dict(request) if response.status_code in [401, 404]: if "text/html" in request.headers["accept"]: if response.status_code == 404: return self.html_not_found_page() response = HTMLResponse( await self.get_login_page(message="Login Required", request=request), status_code=401, ) response.set_cookie("token", "INVALID", **self.cookie_security) response.set_cookie("ref", request.__dict__["scope"]["path"], **self.cookie_security) if response.status_code == 500: self.log.error( f"Internal error - 500 - with request: {request.__dict__}") return response
async def mock_function(*args, **kwargs): request = kwargs["request"] token = kwargs["token"] if token in {"NO_TOKEN", "INVALID"}: if (response_class is HTMLResponse or "text/html" in request.headers["accept"]): response = HTMLResponse( await self.get_login_page(message="Login Required", request=request), status_code=401, ) response.set_cookie("token", "INVALID", **self.cookie_security) response.set_cookie( "ref", request.__dict__["scope"]["path"], **self.cookie_security, ) return response try: token = self.decode_token(token)[1] except Exception as e: if isinstance(e, InvalidJWSSignature): self.log.error( f"EasyAuthClient failed to decode token - keys may have rotated - login wil be required" ) else: self.log.exception(f"error decoding token") if (response_class is HTMLResponse or "text/html" in request.headers["accept"]): response = HTMLResponse( await self.get_login_page(message="Login Required", request=request), status_code=401, ) response.set_cookie("token", "INVALID", **self.cookie_security) response.set_cookie( "ref", request.__dict__["scope"]["path"], **self.cookie_security, ) # response.headers["ref"] = request.__dict__["scope"]["path"] return response raise HTTPException( status_code=401, detail=f"not authorized, invalid or expired") allowed = False for auth_type, values in permissions.items(): if not auth_type in token["permissions"]: self.log.warning(f"{auth_type} is required") continue for value in values: if value in token["permissions"][auth_type]: allowed = True break if not token["token_id"] in self.store["tokens"]: self.log.error( f"token for user {token['permissions']['users'][0]} - {token['token_id']} is unknown / revoked {self.store['tokens']}" ) if (response_class is HTMLResponse or "text/html" in request.headers["accept"]): response = HTMLResponse( await self.get_login_page(message="Login Required", request=request), status_code=401, ) response.set_cookie("token", "INVALID", **self.cookie_security) response.set_cookie( "ref", request.__dict__["scope"]["path"], **self.cookie_security, ) # response.headers["ref"] = request.__dict__["scope"]["path"] return response raise HTTPException( status_code=401, detail=f"not authorized, invalid or expired") if not allowed: if (response_class is HTMLResponse or "text/html" in request.headers["accept"]): response = HTMLResponse( await self.get_403_page( ), # self.admin.forbidden_page(), status_code=403, ) return response raise HTTPException( status_code=403, detail= f"not authorized, permissions required: {permissions}", ) if "access_token" in kwargs: kwargs["access_token"] = token if not send_token: del kwargs["token"] if not send_request: del kwargs["request"] result = func(*args, **kwargs) if asyncio.iscoroutine(result): return await result return result
async def home(request: Request): """ Primary landing section for the app :param request: request object sent in the post body when accessing this API :return: Will return a rendered HTML page """ # Handle the rendering of the login url login_url = "" user = "" flow = request.cookies.get("flow") if not request.cookies.get("user"): if keyVaultName: flow = auth.build_auth_code_flow( client_id=secret_client.get_secret("login-app-clientid").value, secret=secret_client.get_secret("login-app-pwd").value, scopes=auth.SCOPE) else: flow = auth.build_auth_code_flow(scopes=auth.SCOPE) login_url = flow["auth_uri"] else: user = json.loads(request.cookies.get("user")) # Modal Templates tenant_input_html = "Please enter the Tenant ID for the Azure Instance you are using. This is needed to set up" \ "authentication. You can find this by typing \"Tenant\" into the Azure Portal for where you" \ " intend to deploy your infrastructure." + \ br().render() + \ div( input_("Tenant ID", id="tenantId", cls="form-control", aria_label="Small", aria_describedby="inputGroup-sizing-sm"), div( button("Save Id", type="button", id="saveTenant", cls="btn btn-outline-secondary"), cls="input-group-append"), cls="input-group input-group-sm mb-3").render(pretty=False) login_input_html = "Click the below button to initiate AAD authentication" + br( ).render() + div( a("Login", href=login_url), cls="input-group input-group-sm mb-3").render(pretty=False) try: config = json.load(open("form_config.json")) except FileNotFoundError: config = None # Initiate the HTML Document doc = dominate.document(title="Mission LZ") # Set initial style sheet in HTML doc head with doc.head: link(rel='stylesheet', href=static_location + 'bootstrap.min.css') link(rel='stylesheet', href=static_location + 'custom.css') # Fill in the single page app template with forms and sections with doc: # Case for each variable type in JSON definition with div(cls="navbar navbar-expand-lg fixed-top navbar-dark bg-primary" ): with div(cls="container"): a("Mission LZ", cls="navbar-brand", href="#") with div(cls='text-right'): if user: a("Logout " + user["name"], href="/logout", cls="btn btn-outline-secondary") with div(cls="container"): with div(cls="page-header"): if config: pass # Parse each config element in a switch to generate a section of forms for it else: build_form(find_config()) # Modal with div(cls="modal fade", data_backdrop="static", id="promptModal", tabindex="-1", role="dialog", aria_hidden="true"): with div(cls="modal-dialog modal-dialog-centered modal-lg", role="document"): with div(cls="modal-content"): with div(cls="modal-header"): h5("Modal Title", cls="modal-title") div("Modal Content", cls="modal-body") with div(cls="modal-footer"): button("Close", id="modBtn", type="button", cls="btn btn-secondary", data_dismiss="modal") # Include the Javascript Files in the output HTML script(src=static_location + 'jquery-3.5.1.min.js') script(src=static_location + 'bootstrap.bundle.min.js') script(src=static_location + 'custom.js') script().add_raw_string(""" function promptLogin() { $('#promptModal').on('show.bs.modal', function (event) { var modal = $(this) modal.find('.modal-title').text('Login') modal.find('.modal-body').html('""" + login_input_html + """') modal.find('#modBtn').hide() }) $('#promptModal').modal('show') } var interval = null function retrieve_results() { $.ajax({ type: "GET", url: "/poll", success: function(msg){ $("#terminal").text(msg); $("#terminal").scrollTop($("#terminal")[0].scrollHeight); } }); } function submitForm(){ interval = setInterval(retrieve_results, 2000); } $(document).ready(function(){ $('#showTenant').click(function(){ promptTenant() }) logged_in = readCookie("user") if(!logged_in || $.trim(logged_in) == ""){ promptLogin() } }) $(document).on('submit', '#terraform_config', function(e) { $('#promptModal').on('show.bs.modal', function (event) { var modal = $(this) modal.find('.modal-title').text('Polling execution results: (Box May Stay Blank for an extended amount of time)') modal.find('.modal-body').html('<pre id="terminal"></pre>') modal.find('#modBtn').show() modal.find('#modBtn').click(function(){ clearInterval(interval) }) }) $('#promptModal').modal('show') $.ajax({ url: $(this).attr('action'), type: $(this).attr('method'), data: $(this).serialize(), success: function(html) { submitForm() } }); e.preventDefault(); }); $("input").change(function(){ $("input[name="+ this.name +"]").val(this.value) }) """) response = HTMLResponse(content=str(doc), status_code=200) response.set_cookie("flow", json.dumps(flow), expires=3600) return response
async def mock_function(*args, **kwargs): request = kwargs['request'] token = kwargs['token'] if token == 'NO_TOKEN': if response_class is HTMLResponse or 'text/html' in request.headers[ 'accept']: response = HTMLResponse(self.admin.login_page( welcome_message='Login Required'), status_code=401) response.set_cookie('token', 'INVALID') response.set_cookie('ref', request.__dict__['scope']['path']) return response try: token = self.decode_token(token)[1] self.log.debug(f"decoded token: {token}") except Exception: self.log.exception(f"error decoding token") if response_class is HTMLResponse: response = HTMLResponse(self.admin.login_page( welcome_message='Login Required'), status_code=401) response.set_cookie('token', 'INVALID') response.set_cookie('ref', request.__dict__['scope']['path']) return response raise HTTPException( status_code=401, detail=f"not authorized, invalid or expired") allowed = False for auth_type, values in permissions.items(): if not auth_type in token['permissions']: self.log.warning(f"{auth_type} is required") continue for value in values: if value in token['permissions'][auth_type]: allowed = True break if not allowed: if response_class is HTMLResponse: response = HTMLResponse(self.admin.forbidden_page(), status_code=403) response.set_cookie('token', 'INVALID') return response raise HTTPException( status_code=403, detail= f"not authorized, permissions required: {permissions}") if 'access_token' in kwargs: kwargs['access_token'] = token if not send_token: del kwargs['token'] if not send_request: del kwargs['request'] result = func(*args, **kwargs) if asyncio.iscoroutine(result): return await result return result