def cert_form():
instance = request.script_root
if instance == "/":
instance = ""
# The backend URL should come from the configuration of the system.
backend_url = ""
authtoken = request.all_data.get("authtoken")
ca = request.all_data.get("ca")
return send_html(
render_template("cert_request_form.html",
instance=instance,
backendUrl=backend_url,
ca=ca,
authtoken=authtoken))
def cert_enroll():
instance = request.script_root
if instance == "/":
instance = ""
# The backend URL should come from the configuration of the system.
backend_url = ""
r = request
request_key = request.form.get("requestkey")
# Firefox creates line breaks, Google Chrome does not
request_key = request_key.replace('\n', "")
request_key = request_key.replace('\r', "")
ca = request.form.get("ca")
# TODO: Read the email address from the user source
email = "meine"
csr = """SPKAC={0!s}
CN={1!s},CN={2!s},O={3!s}
emailAddress={4!s}
""".format(request_key, request.PI_username, request.PI_role, request.PI_realm,
email)
# Take the CSR and run a token init
from privacyidea.lib.token import init_token
tokenobject = init_token({
"request": csr,
"spkac": 1,
"type": "certificate",
"ca": ca
})
certificate = tokenobject.get_tokeninfo("certificate")
serial = tokenobject.get_serial()
cert_pem = certificate.replace('\r', "").replace('\n', "")
cert_pem = cert_pem.replace("-----BEGIN CERTIFICATE-----", "")
cert_pem = cert_pem.replace("-----END CERTIFICATE-----", "")
render_context = {
'instance': instance,
'backendUrl': backend_url,
'username': "******".format(request.PI_username,
request.PI_realm),
'role': request.PI_role,
'serial': serial,
'certificate': certificate,
'cert_pem': cert_pem
}
return send_html(render_template("token_enrolled.html", **render_context))
def single_page_application():
instance = request.script_root
if instance == "/":
instance = ""
# The backend URL should come from the configuration of the system.
backend_url = ""
if current_app.config.get("PI_UI_DEACTIVATED"):
# Do not provide the UI
return send_html(render_template("deactivated.html"))
# The default theme. We can change this later
theme = current_app.config.get("PI_CSS", DEFAULT_THEME)
theme = theme.strip('/')
# Get further customizations
customization = current_app.config.get("PI_CUSTOMIZATION",
"/static/customize/")
customization = customization.strip('/')
custom_css = customization + "/css/custom.css" if current_app.config.get("PI_CUSTOM_CSS") else ""
# Enrollment-Wizard:
# PI_CUSTOMIZATION/views/includes/token.enroll.pre.top.html
# PI_CUSTOMIZATION/views/includes/token.enroll.pre.bottom.html
# PI_CUSTOMIZATION/views/includes/token.enroll.post.top.html
# PI_CUSTOMIZATION/views/includes/token.enroll.post.bottom.html
# Get the hidden external links
external_links = current_app.config.get("PI_EXTERNAL_LINKS", True)
# Read the UI translation warning
translation_warning = current_app.config.get("PI_TRANSLATION_WARNING", False)
# Get the logo file
logo = current_app.config.get("PI_LOGO", "privacyIDEA1.png")
browser_lang = request.accept_languages.best_match(["en", "de", "de-DE", "nl"], default="en").split("-")[0]
# The page title can be configured in pi.cfg
page_title = current_app.config.get("PI_PAGE_TITLE", "privacyIDEA Authentication System")
# check if login with REMOTE_USER is allowed.
remote_user = ""
password_reset = False
if not hasattr(request, "all_data"):
request.all_data = {}
# Depending on displaying the realm dropdown, we fill realms or not.
realms = ""
realm_dropdown = Match.action_only(g, scope=SCOPE.WEBUI, action=ACTION.REALMDROPDOWN)\
.policies(write_to_audit_log=False)
if realm_dropdown:
try:
realm_dropdown_values = Match.action_only(g, scope=SCOPE.WEBUI, action=ACTION.REALMDROPDOWN) \
.action_values(unique=False, write_to_audit_log=False)
# Use the realms from the policy.
realms = ",".join(realm_dropdown_values)
except AttributeError as _e:
# The policy is still a boolean realm_dropdown action
# Thus we display ALL realms
realms = ",".join(get_realms())
try:
if is_remote_user_allowed(request):
remote_user = request.remote_user
password_reset = is_password_reset(g)
hsm_ready = True
except HSMException:
hsm_ready = False
# Use policies to determine the customization of menu
# and baseline. get_action_values returns an array!
sub_state = subscription_status()
customization_menu_file = Match.action_only(g, action=ACTION.CUSTOM_MENU,
scope=SCOPE.WEBUI)\
.action_values(unique=True, allow_white_space_in_action=True, write_to_audit_log=False)
if len(customization_menu_file) and list(customization_menu_file)[0] \
and sub_state not in [1, 2]:
customization_menu_file = list(customization_menu_file)[0]
else:
customization_menu_file = "templates/menu.html"
customization_baseline_file = Match.action_only(g, action=ACTION.CUSTOM_BASELINE,
scope=SCOPE.WEBUI) \
.action_values(unique=True, allow_white_space_in_action=True, write_to_audit_log=False)
if len(customization_baseline_file) and list(customization_baseline_file)[0] \
and sub_state not in [1, 2]:
customization_baseline_file = list(customization_baseline_file)[0]
else:
customization_baseline_file = "templates/baseline.html"
login_text = Match.action_only(g, action=ACTION.LOGIN_TEXT, scope=SCOPE.WEBUI) \
.action_values(unique=True, allow_white_space_in_action=True, write_to_audit_log=False)
if len(login_text) and list(login_text)[0] and sub_state not in [1, 2]:
login_text = list(login_text)[0]
else:
login_text = ""
render_context = {
'instance': instance,
'backendUrl': backend_url,
'browser_lang': browser_lang,
'remote_user': remote_user,
'theme': theme,
'translation_warning': translation_warning,
'password_reset': password_reset,
'hsm_ready': hsm_ready,
'has_job_queue': str(has_job_queue()),
'customization': customization,
'custom_css': custom_css,
'customization_menu_file': customization_menu_file,
'customization_baseline_file': customization_baseline_file,
'realms': realms,
'external_links': external_links,
'login_text': login_text,
'logo': logo,
'page_title': page_title
}
return send_html(render_template("index.html", **render_context))