def test_not_exists(self):
with htpasswd.Basic(t_userdb, mode='md5') as userdb:
def not_exists():
userdb.__contains__("nobody")
self.assertRaises(UserNotExists, not_exists())
def add_user(user_ID):
data = request.get_json()
password = data.get('password')
# add user to passwd.git
with htpasswd.Basic(PASSWD) as userdb:
userdb.add(user_ID, password)
return jsonify({'response': 1})
def user_has_api_password(self, user):
try:
with htpasswd.Basic(self.filename) as userdb:
return user in userdb.users
except IOError as e:
logger.debug('Could not check htpasswd: %s' % unicode(e))
raise e
def setup_apache(args):
env = create_env(args)
render_template('index.html.template', '/var/www/html/index.html', env)
render_httpd_template('apache-proxy.conf.template', env)
render_httpd_template('apache-proxy-nn.conf.template', env)
render_httpd_template('apache-proxy-ap.conf.template', env)
render_httpd_template('apache-proxy-rm.conf.template', env)
render_httpd_template('apache-proxy-hue.conf.template', env)
render_httpd_template('apache-proxy-hbase.conf.template', env)
render_httpd_template('apache-proxy-zeppelin.conf.template', env)
render_httpd_template('apache-proxy-jupyter.conf.template', env)
hostname = env['aliasHostName']
create_certificate(hostname)
create_certificate('nn.' + hostname)
create_certificate('ap.' + hostname)
create_certificate('rm.' + hostname)
create_certificate('hue.' + hostname)
create_certificate('hbase.' + hostname)
create_certificate('zeppelin.' + hostname)
create_certificate('jupyter.' + hostname)
with open(env["htpasswd"], 'wt') as userdb:
pass
with htpasswd.Basic(env["htpasswd"]) as userdb:
userdb.add(env['username'], env['password'])
def user_groups(username):
admin, message = check_user_is_admin(get_remote_user(request))
if not admin:
# User is not admin or admin group does exist. Ciao
return render_template("message.html", message=message)
with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb:
with htpasswd.Group(CONF["GROUP_FILE"]) as groupdb:
if request.method == "GET":
groups = dict()
for group in groupdb.groups:
if groupdb.is_user_in(username, group):
groups[group] = True
else:
groups[group] = False
return render_template("groups.html", groups=groups)
else:
# POST Request
checked_groups = [
g.split("_", 1)[1] for g in list(request.form.keys())
if g.startswith("group_")
]
for group in groupdb.groups:
if group in checked_groups:
if not groupdb.is_user_in(username, group):
groupdb.add_user(username, group)
else:
if groupdb.is_user_in(username, group):
groupdb.delete_user(username, group)
return render_template("message.html",
message="User groups changed",
success=True)
def setup_munin():
upload_template('config/munin/apache.conf',
'/etc/munin/apache.conf',
context=get_context(env),
use_jinja=True,
use_sudo=True)
if not config_secrets['munin_auth_info']:
# Generate a random password for now.
config_secrets['munin_auth_info'] = {
'munin':
''.join([
random.choice(string.letters + string.digits)
for i in range(40)
])
}
if not os.path.exists('config_secrets/munin-htpasswd'):
f = open('config_secrets/munin-htpasswd', 'w')
f.close()
with htpasswd.Basic("config_secrets/munin-htpasswd") as userdb:
for username, password in config_secrets['munin_auth_info'].iteritems(
):
if username not in userdb:
userdb.add(username, password)
else:
userdb.change_password(username, password)
upload_template('config_secrets/munin-htpasswd',
'/etc/munin/munin-htpasswd',
context=get_context(env),
use_jinja=True,
use_sudo=True)
def add_user(self, user, password, file_id="default"):
file_config_section = self._get_file_config_section(file_id)
if file_config_section is None:
raise FileIdNotFound()
# Read file config
path = file_config_section["path"]
mode = file_config_section["mode"]
autocreate = file_config_section.getboolean("autocreate")
# Create file at the path if configured so
if autocreate:
try:
open(path, 'a').close()
except OSError as e:
L.error("Can't create file: {}".format(e))
# Create user
try:
with htpasswd.Basic(
userdb=path,
mode=self._mode_to_htpasswd_mod_map[mode]
) as userdb:
userdb.add(user, password)
except FileNotFoundError:
L.error("File '{}' not found.".format(path))
raise FileNotFound()
except ValueError as e:
L.error("Invalid file '{}': {}".format(path, e))
raise InvalidFile()
except htpasswd.basic.UserExists:
L.error("User '{}' already exists".format(user))
raise UserNotFound()
def get_users():
with htpasswd.Basic(
f'{str(os.path.realpath(str(Path(__file__).parent.parent)))}/config/.htpasswd'
) as userdb:
try:
return userdb.users
except Exception:
return []
def test_no_newline(self):
with htpasswd.Basic(t_userdb, mode='md5') as userdb:
self.assertNotIn('\n',
userdb._encrypt_password('password'),
msg="no newline characters allowed in pwd")
self.assertNotIn('\r',
userdb._encrypt_password('password'),
msg="no newline characters allowed in pwd")
def test_change_password(self):
with htpasswd.Basic(t_userdb, mode='md5') as userdb:
userdb.change_password("alice", "password")
with open(t_userdb, "r") as users:
for user in users.readlines():
if user.startswith("alice:"):
test = user
self.assertRegexpMatches(test, "alice:\$apr1\$")
def test_change_password(self):
with htpasswd.Basic(t_userdb) as userdb:
userdb.change_password("alice", "password")
with open(t_userdb, "r") as users:
for user in users.readlines():
if user.startswith("alice:"):
test = user
self.assertNotEqual(test, "alice:2EtHk7FyD0THc\n")
def test_change_password(self):
with htpasswd.Basic(t_userdb_md5_base, mode='md5-base') as userdb:
userdb.change_password("john", "password")
with open(t_userdb_md5_base, "r") as users:
for user in users.readlines():
if user.startswith("john:"):
test = user
self.assertRegexpMatches(test, "john:\$1\$")
def user(username):
with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb:
new_user = username not in userdb
admin, admin_error_message = check_user_is_admin(
request.environ.get('REMOTE_USER'))
ask_old_password = True
if admin and request.environ.get('REMOTE_USER') != username:
ask_old_password = False
if CONF["REQUIRE_REMOTE_USER"]:
if not request.environ.get('REMOTE_USER'):
return render_template(
"message.html",
message=
"Sorry, you must be logged with http basic auth to go here"
)
if request.environ.get('REMOTE_USER') != username or new_user:
# User trying to change someone else password
if not admin:
# User is not admin or admin group does exist. Ciao
return render_template("message.html",
message=admin_error_message)
if request.method == "GET":
return render_template("user.html",
username=username,
new=new_user,
ask_old_password=ask_old_password,
password_pattern=CONF["PASSWORD_PATTERN"])
else:
# POST Request
if request.form["new_password"] != request.form["repeat_password"]:
return render_template(
"message.html",
message="Password differ. Please hit back and try again")
if ask_old_password and not check_password(
userdb.new_users[username], request.form["old_password"]):
return render_template("message.html",
message="password does not match")
if not match(CONF["PASSWORD_PATTERN"],
request.form["new_password"]):
return render_template(
"message.html",
message="new password does not match requirements (%s" %
CONF["PASSWORD_PATTERN_HELP"])
# Ok, ready to change password or create user
if new_user:
userdb.add(username, request.form["new_password"])
message = "User created"
else:
userdb.change_password(username, request.form["new_password"])
message = "Password changed"
if request.args.get("return_to"):
return redirect(request.args.get("return_to"))
else:
return render_template("message.html",
message=message,
success=True)
def change_password(data):
with htpasswd.Basic(
f'{str(os.path.realpath(str(Path(__file__).parent.parent)))}/config/.htpasswd'
) as userdb:
try:
userdb.change_password(data['user'], data['password'])
except htpasswd.basic.UserNotExists:
return False
return Password.get_users()
def add_user():
username = request.form['username']
password = request.form['password']
with htpasswd.Basic(USER_DB) as userdb:
try:
userdb.add(username, password)
except UserExists: # user exists
flash('Error: user already exists', 'danger')
return redirect(url_for('index'))
def batch_user_creation():
admin, message = check_user_is_admin(get_remote_user(request))
if not admin:
# User is not admin or admin group does exist. Ciao
return render_template("message.html", message=message)
with htpasswd.Basic(CONF["PWD_FILE"], mode="md5") as userdb:
with htpasswd.Group(CONF["GROUP_FILE"]) as groupdb:
if request.method == "GET":
groups = []
for group in groupdb.groups:
groups.append(group)
return render_template(
"batch_user_creation.html",
groups=groups,
mail_capabilities=CONF["ENABLE_MAIL_CAPABILITIES"])
else:
# POST Request
users = request.form["users_login"].split("\r\n")
checked_groups = [
g.split("_", 1)[1] for g in list(request.form.keys())
if g.startswith("group_")
]
result = []
for username in users:
new_password = generate_random_password()
new_user = username not in userdb
if new_user:
userdb.add(username, new_password)
action = "create"
else:
userdb.change_password(username, new_password)
action = "update"
result.append((username, new_password, action))
for group in groupdb.groups:
if group in checked_groups:
if not groupdb.is_user_in(username, group):
groupdb.add_user(username, group)
else:
if groupdb.is_user_in(username, group):
groupdb.delete_user(username, group)
message = "Batch of user created with generated passwords"
# If the "send_mail" checkbox is enabled
if request.form.get("send_mail") is not None:
message = "Batch of user created with generated passwords, a mail has been sent to all of them"
send_mail(result, request.form["mail_suffix"],
request.form["instance"])
return render_template("message.html",
message=message,
success=True,
result=render_template(
"result_template.html",
result=result))
def change_password(username=None):
password = request.form['password']
print("Updating password for {}".format(username))
with htpasswd.Basic(USER_DB) as userdb:
try:
userdb.change_password(username, password)
flash('Password updated', 'success')
except UserNotExists:
flash('Error: unknown user', 'danger')
return redirect(url_for('index'))
def delete(self, user):
try:
with htpasswd.Basic(self.filename) as userdb:
userdb.pop(user)
except htpasswd.basic.UserNotExists:
# we don't care
pass
except IOError as e:
logger.debug('Could not update htpasswd: %s' % unicode(e))
raise e
def create_file():
file_name = '.htpasswd'
if os.path.exists(file_name):
return file_name
open(file_name, 'a').close()
users = [('Adam', 'haslo'), ('Steve', 'Rogers'), ('Tony', 'haslo')]
with htpasswd.Basic(file_name) as userdb:
for user in users:
userdb.add(*user)
return file_name
def reset_git_directory():
for d in os.listdir(CHALLENGES_BASE_PATH):
full_path = os.path.join(CHALLENGES_BASE_PATH, d)
if os.path.isdir(full_path):
subprocess.call(['sudo', 'chmod', '-R', '777', full_path])
shutil.rmtree(full_path)
with htpasswd.Basic(CHALLENGES_AUTH_FP) as authdb:
for user in authdb.users:
authdb.pop(user)
def _verify(self, expected_pairs):
expected = OrderedDict()
for user, password in expected_pairs:
expected[user] = password
with htpasswd.Basic(settings.HTPASSWD_PATH) as found:
self.assertEqual(expected.keys(), found.new_users.keys())
for item in expected.items():
user = item[0]
pwd = item[1]
hash = found.new_users[user]
_, alg, salt, value = hash.split('$', 3)
self.assertEqual(hash, _recrypt(alg, salt, pwd))
def delete_user(username=None):
# do not allow the admin user to be deleted
if username == 'admin':
flash('Error: you cannot delete the admin user', 'danger')
else:
with htpasswd.Basic(USER_DB) as userdb:
try:
userdb.pop(username)
print("User deleted: {}".format(username))
except UserNotExists:
pass
return redirect(url_for('index'))
def index():
auth = request.authorization
if not app.config['DEBUG']:
# only allow the admin user
if auth.username != 'admin':
abort(403)
with htpasswd.Basic(USER_DB) as userdb:
users = userdb.users
ctx = {
'users': userdb.users,
}
return render_template('index.html', **ctx)
def add_user(user_ID):
"""
called every time when user registered
:param user_ID:
:return:
"""
data = request.get_json()
password = data.get('password')
# add user to passwd.git
with htpasswd.Basic(PASSWD) as userdb:
userdb.add(user_ID, password)
return jsonify({'response': 1})
def rewrite_htpasswd():
written_users = []
users = User.objects.all()
with open(settings.HTPASSWD_PATH, 'a'):
pass
with htpasswd.Basic(settings.HTPASSWD_PATH, 'md5') as userdb:
userdb.new_users.clear()
for u in users:
if hasattr(u, 'encryptedpwd'):
enc = u.encryptedpwd
userdb.new_users[u.username] = enc.pwd
written_users.append(u.username)
return written_users
def gen_htpasswd(pn, user):
passwd = _gen_token(8)
print('Writing user to {}'.format(pn))
if not os.path.exists(pn):
with open(pn, 'w'):
pass
with htpasswd.Basic(pn) as passdb:
try:
passdb.add(user, passwd)
except htpasswd.basic.UserExists:
print('WARNING: changing existing password')
passdb.change_password(user, passwd)
print('Password for user {} is "{}"'.format(user, passwd))
def handleHtp(data, output):
htpName = '.htpasswd_{}'.format(data['campus'])
if os.path.isdir(conf.HTPDIR):
if os.path.isfile(conf.HTPDIR + htpName):
output['htpStatus'] = 'updated'
else:
htp = open(conf.HTPDIR + htpName, "w+")
htp.close()
output['htpStatus'] = 'created'
with htpasswd.Basic(conf.HTPDIR + htpName) as userdb:
try:
userdb.add(data['login'], data['password'])
except htpasswd.basic.UserExists, e:
output['htpStatus'] = 'user exists'
return 0
def set_api_password(self, user):
password = ''.join(
random.SystemRandom().choice(string.letters + string.digits)
for _ in range(12))
try:
with htpasswd.Basic(self.filename) as userdb:
try:
userdb.add(user, password)
except htpasswd.basic.UserExists:
pass
userdb.change_password(user, password)
logger.debug('Updated htpasswd entry for user %s' % user)
except IOError as e:
logger.debug('Could not update htpasswd: %s' % unicode(e))
raise e
return password
def read_users(self, file_id="default"):
path = self._get_file_path(file_id)
if path is None:
raise FileIdNotFound()
try:
with htpasswd.Basic(path) as userdb:
users = userdb.users
except FileNotFoundError:
L.error("File '{}' not found.".format(path))
raise FileNotFound()
except ValueError as e:
L.error("Invalid file '{}': {}".format(path, e))
raise InvalidFile()
return users
def setUp(self):
self.passwd = join(dirname(__name__), "test_password")
self.group = join(dirname(__name__), "test_group")
open(self.passwd, "w").close()
open(self.group, "w").close()
with htpasswd.Basic(self.passwd, mode="md5") as userdb:
userdb.add("user1", "user1")
userdb.add("user2", "user2")
with htpasswd.Group(self.group) as groupdb:
groupdb.add_user("user1", "admin")
groupdb.add_user("user1", "users")
groupdb.add_user("user2", "users")
app.config["TESTING"] = True
CONF["PWD_FILE"] = self.passwd
CONF["GROUP_FILE"] = self.group
self.client = app.test_client()
