def system_pages(name):
if current_user.is_authenticated and name:
args = getattr(interface, name)()
combine_dicts(args, {"authKey": current_user.get_auth_token()})
return render_template("pages/" + name + "/index.html", **args)
else:
return {"status": "Could Not Log In."}
def get(self, **kwargs):
"""
Get authentication token
"""
token = current_user.get_auth_token()
return dict(username=current_user.username,
value=token, role=current_user.role)
def loginPage():
if current_user.is_authenticated:
args = {"apps": config.getApps(), "authKey":current_user.get_auth_token(), "currentUser":current_user.email}
return render_template("container.html", **args)
else:
return {"status" : "Could Not Log In."}
def get_auth_token_cached(current_user):
""" Cache users tokens. If token is less then 15 min away from expiry, expired or
not in cache, generate a fresh auth token.
# todo
Note: This method is a hack. Replace it with encrypted, auto-expiring redis cache
as soon as the redis cluster is deployed.
Faults:
- will only work if user is served from precisely this server && instance
- will cause memory leaks if not pruned every once in a while
"""
global auth_token_cache
if not current_user or not current_user.is_authenticated:
return
def _has_expired(dto: dt.datetime) -> bool:
return dto < dt.datetime.now()
cache = auth_token_cache.get(current_user.id)
if (cache and _has_expired(cache[1])) or not cache:
expiry_time = dt.datetime.now() + dt.timedelta(
seconds=(app.config['SECURITY_TOKEN_MAX_AGE'] - 900))
auth_token_cache[current_user.id] = \
(current_user.get_auth_token(), expiry_time)
return auth_token_cache[current_user.id][0]
def __func():
if current_user.is_authenticated:
return json.dumps({"auth_token":
current_user.get_auth_token()}), SUCCESS
else:
current_app.logger.debug('Unsuccessful login attempt')
return {"error": "Could not log in."}, UNAUTHORIZED_ERROR
def get(self):
return {
'user': {
'username': current_user.username,
'email': current_user.email,
'authtoken': current_user.get_auth_token(),
}
}
def post(self, **kwargs):
"""
Get authentication token
It's the same as the GET request,
but supports authenticating via saml-response in the body
"""
token = current_user.get_auth_token()
return dict(value=token, role=current_user.role)
def user():
""" Info on the currently logged in user. """
if current_user.is_anonymous():
raise ApiException(401, "not authenticated")
user = serializers.to_dict(current_user)
user['authentication_token'] = current_user.get_auth_token()
return send_api_response({'current_user': user})
def post(self, **kwargs):
"""
Get authentication token
It's the same as the GET request,
but supports authenticating via saml-response in the body
"""
token = current_user.get_auth_token()
return dict(username=current_user.username,
value=token, role=current_user.role)
def __func():
if current_user.is_authenticated and interface_name:
args = getattr(interface, interface_name)()
combine_dicts(args, {"authKey": current_user.get_auth_token()})
return render_template("pages/" + interface_name + "/index.html",
**args), SUCCESS
else:
current_app.logger.debug('Unsuccessful login attempt')
return {"error": "Could not Log In."}, UNAUTHORIZED_ERROR
def _execute_task(task_queue, execution_id, execution_parameters, context):
context['rest_token'] = current_user.get_auth_token()
context['tenant_name'] = current_app.config[CURRENT_TENANT_CONFIG].name
execution_parameters['__cloudify_context'] = context
celery = celery_client.get_client()
try:
return celery.execute_task(task_queue=task_queue,
task_id=execution_id,
kwargs=execution_parameters)
finally:
celery.close()
def _hand_off_to_app(path: str) -> Response:
return render_template(
'ui.html',
bot_id=_CONFIG.get("BOT", "client_id"),
jwt=create_jwt_for_user(
current_user if current_user.has_role('tagger') else g.demo_user),
auth_token=(current_user.get_auth_token()
if current_user.has_role('tagger') else
g.demo_user.get_auth_token()),
path=path,
version=_CONFIG.get('DEFAULT', 'version'))
def _execute_task(execution_id, execution_parameters, context):
context['rest_token'] = current_user.get_auth_token()
context['tenant'] = _get_tenant_dict()
context['task_target'] = MGMTWORKER_QUEUE
execution_parameters['__cloudify_context'] = context
celery = celery_client.get_client()
try:
return celery.execute_task(task_queue=MGMTWORKER_QUEUE,
task_id=execution_id,
kwargs=execution_parameters)
finally:
celery.close()
def default():
if current_user.is_authenticated:
default_page_name = "dashboard"
args = {
"apps": config.getApps(),
"authKey": current_user.get_auth_token(),
"currentUser": current_user.email,
"default_page": default_page_name
}
return render_template("container.html", **args)
else:
return {"status": "Could Not Log In."}
def default():
if current_user.is_authenticated:
default_page_name = 'dashboard'
args = {
"apps": running_context.get_apps(),
"authKey": current_user.get_auth_token(),
"currentUser": current_user.email,
"default_page": default_page_name
}
return render_template("container.html", **args)
else:
return redirect(url_for('/login'))
def cancel_execution(execution_id):
message = {
'service_task': {
'task_name': 'cancel-workflow',
'kwargs': {
'execution_id': execution_id,
'rest_token': current_user.get_auth_token(),
'tenant': _get_tenant_dict()
}
}
}
_send_mgmtworker_task(message, routing_key='service')
def cancel_execution(execution_id):
message = {
'service_task': {
'task_name': 'cancel-workflow',
'kwargs': {
'execution_id': execution_id,
'rest_token': current_user.get_auth_token(),
'tenant': _get_tenant_dict(),
'execution_token': generate_execution_token(execution_id)
}
}
}
_send_mgmtworker_task(message, routing_key='service')
def _execute_task(execution_id, execution_parameters, context):
context['rest_token'] = current_user.get_auth_token()
context['tenant'] = _get_tenant_dict()
context['task_target'] = MGMTWORKER_QUEUE
execution_parameters['__cloudify_context'] = context
message = {
'cloudify_task': {
'kwargs': execution_parameters
},
'id': execution_id,
}
_send_mgmtworker_task(message)
def cancel_execution(execution):
sm = get_storage_manager()
managers = sm.list(models.Manager)
message = {
'service_task': {
'task_name': 'cancel-workflow',
'kwargs': {
'rest_host': [manager.private_ip for manager in managers],
'execution_id': execution.id,
'rest_token': current_user.get_auth_token(),
'tenant': _get_tenant_dict(),
'execution_token': generate_execution_token(execution)
}
}
}
_broadcast_mgmtworker_task(message)
def get_user() -> str:
"""
Get a JSON-fied user object including a JWT to be used for api endpoints.
The user needs to have a proper auth token / login session in order to exchange it for a JWT that can be used
in a non session context.
:return: the JSON-fied user object.
"""
user = (current_user
if current_user.has_role('tagger') else g.demo_user)
user_json: str = jsonify(email=user.email,
active=user.active,
confirmed_at=user.confirmed_at,
auth_token=current_user.get_auth_token(),
jwt=create_jwt_for_user(current_user),
roles=[role.name for role in user.roles])
return user_json
def get_device_list():
auth_token = current_user.get_auth_token()
if auth_token:
baseURL = request.base_url.replace(request.path, "")
device_list_req = requests.post(baseURL + "/configuration/LinuxShell/devices/all", headers={"Authentication-Token":auth_token}, verify=False)
if device_list_req.status_code == 200:
device_list = device_list_req.json()
device_list_parsed = []
if "status" not in device_list:
for device in device_list:
device_list_parsed.append((device['name'],device['ip'],device['port'],device['username']))
return device_list_parsed
else:
return "Could not retrieve devices"
else:
return "Current user not logged in"
def _get_plugin_message(plugin, task='install-plugin', target_names=None):
"""Make plugin-related service task message.
This is for creating plugin install/uninstall messages, to send to
the mgmtworkers/agents.
"""
sm = get_storage_manager()
managers = sm.list(models.Manager)
message = {
'service_task': {
'task_name': task,
'kwargs': {
'plugin': plugin.to_dict(),
'rest_host': [manager.private_ip for manager in managers],
'rest_token': current_user.get_auth_token(),
'tenant': _get_tenant_dict(),
}
}
}
if target_names:
message['service_task']['kwargs']['target'] = target_names
return message
def loginInfo():
print current_user
if current_user.is_authenticated:
return json.dumps({"auth_token" : current_user.get_auth_token()})
else:
return {"status" : "Could Not Log In."}
def token():
token = current_user.get_auth_token()
return render_template('security/show_token.html', token=token)
def get(self):
return {'token': current_user.get_auth_token()}
def auth_token():
return jsonify({'auth_token': current_user.get_auth_token()})
def loginInfo():
if current_user.is_authenticated:
return json.dumps({"auth_token" : current_user.get_auth_token()})
else:
return {"status" : "Could Not Log In."}
def load_from_api(resource_name, resource_id=None, page=None, return_everything=False, fields=None, params=None, pagesize=None):
""" Load data from the PMG API.
:param str resource_name: resource to load (used as the start of the URL), or a full URL
:param int resource_id: resource id (optional), appended to the resource name
:param int page: page number to load (default is the first page)
:param bool return_everything: fetch all pages? (default: False)
:param list fields: list of field names to ask for (V2 only).
:param dict params: additional query params
:param int pagesize: items per page
"""
params = {} if (params is None) else params
# check for full URL?
if resource_name.startswith('http'):
resource_name = resource_name.split('/', 3)[3]
v2 = resource_name.startswith('v2')
if fields and not v2:
raise ValueError("Fields parameter is only supported for API v2 urls.")
query_str = resource_name
if resource_id:
query_str += "/" + str(resource_id)
if not v2:
query_str += '/'
if page:
params["page"] = str(page)
if fields:
params["fields"] = ','.join(fields)
if pagesize:
params["per_page"] = pagesize
headers = {}
# add auth header
if current_user.is_authenticated():
headers = {'Authentication-Token': current_user.get_auth_token()}
try:
response = http.request('GET', API_URL + query_str, headers=headers, fields=params)
if response.status == 404:
abort(404)
if response.status != 200 and response.status not in [401, 403]:
try:
msg = response_json(response).get('message')
except Exception:
msg = None
raise ApiException(response.status, msg or "An unspecified error has occurred.")
out = response_json(response)
if return_everything:
next_response_json = out
i = 0
while next_response_json.get('next') and i < 1000:
next_response = http.request('GET', next_response_json.get('next'), headers=headers)
next_response_json = response_json(next_response)
out['results'] += next_response_json['results']
i += 1
if out.get('next'):
out.pop('next')
return out
except urllib3.exceptions.HTTPError as e:
logger.error("Error connecting to backend service: %s" % e, exc_info=e)
flash(u'Error connecting to backend service.', 'danger')
raise e
def flask_security_login2():
u = row2dict(current_user)
tk = current_user.get_auth_token()
return jsonify({'user': u, 'token': tk})
def load_from_api(resource_name,
resource_id=None,
page=None,
return_everything=False,
fields=None,
params=None,
pagesize=None):
""" Load data from the PMG API.
:param str resource_name: resource to load (used as the start of the URL), or a full URL
:param int resource_id: resource id (optional), appended to the resource name
:param int page: page number to load (default is the first page)
:param bool return_everything: fetch all pages? (default: False)
:param list fields: list of field names to ask for (V2 only).
:param dict params: additional query params
:param int pagesize: items per page
"""
params = {} if (params is None) else params
# check for full URL?
if resource_name.startswith('http'):
resource_name = resource_name.split('/', 3)[3]
v2 = resource_name.startswith('v2')
if fields and not v2:
raise ValueError("Fields parameter is only supported for API v2 urls.")
query_str = resource_name
if resource_id:
query_str += "/" + str(resource_id)
if not v2:
query_str += '/'
if page:
params["page"] = str(page)
if fields:
params["fields"] = ','.join(fields)
if pagesize:
params["per_page"] = pagesize
headers = {}
# add auth header
if current_user.is_authenticated():
headers = {'Authentication-Token': current_user.get_auth_token()}
try:
response = http.request('GET',
API_URL + query_str,
headers=headers,
fields=params)
if response.status == 404:
abort(404)
if response.status != 200 and response.status not in [401, 403]:
try:
msg = response_json(response).get('message')
except Exception:
msg = None
raise ApiException(response.status, msg
or "An unspecified error has occurred.")
out = response_json(response)
if return_everything:
next_response_json = out
i = 0
while next_response_json.get('next') and i < 1000:
next_response = http.request('GET',
next_response_json.get('next'),
headers=headers)
next_response_json = response_json(next_response)
out['results'] += next_response_json['results']
i += 1
if out.get('next'):
out.pop('next')
return out
except urllib3.exceptions.HTTPError as e:
logger.error("Error connecting to backend service: %s" % e, exc_info=e)
flash(u'Error connecting to backend service.', 'danger')
raise e
def get_all_users():
users = User.query.all()
return response('User List', 'Full user list', 200,
users_schema.dump(users), current_user.get_auth_token())
def token():
token = current_user.get_auth_token()
return render_template('security/show_token.html', token=token)
def login_info():
if current_user.is_authenticated:
return json.dumps({"auth_token": current_user.get_auth_token()})
else:
app.logger.debug('Unsuccessful login attempt')
return {"status": "Could Not Log In."}
def get_token():
return jsonify(current_user.get_auth_token())
def auth_token():
return current_user.get_auth_token()
