def search(i_args, o_out, i_path, i_depth):
i_depth += 1
if i_depth > i_args['depth']:
return
if not os.path.isdir(i_path):
return
try:
listdir = os.listdir(i_path)
except:
return
for entry in listdir:
if entry == '.': continue
if entry == '..': continue
path = os.path.join(i_path, entry)
if not os.path.isdir(path):
continue
found = False
rufolder = os.path.join(path, i_args['rufolder'])
if os.path.isdir(rufolder):
found = True
if found and 'status' in i_args:
found = False
rufile = os.path.join(rufolder, 'status.json')
if os.path.isfile(rufile):
obj = functions.readObj(rufile)
if obj and searchStatus(i_args['status'], obj):
found = True
if found and 'body' in i_args:
found = False
rufile = os.path.join(rufolder, 'body.html')
if os.path.isfile(rufile):
data = functions.fileRead(rufile)
if data and data.find(i_args['body']) != -1:
found = True
if found and 'comment' in i_args:
found = False
rufile = os.path.join(rufolder, 'comments.json')
if os.path.isfile(rufile):
obj = functions.readObj(rufile)
if obj and searchComment(i_args['comment'], obj):
found = True
if found:
o_out['result'].append(path)
if i_depth < i_args['depth']:
search(i_args, o_out, path, i_depth)
def initApp(i_app_root):
global CGRU_LOCATION
global CGRU_VERSION
CGRU_LOCATION = os.path.dirname(i_app_root)
CGRU_VERSION = functions.fileRead(os.path.join(CGRU_LOCATION,'version.txt'))
os.environ['CGRU_LOCATION'] = CGRU_LOCATION
os.environ['CGRU_VERSION'] = CGRU_VERSION
os.environ['AF_ROOT'] = os.path.join(CGRU_LOCATION, 'afanasy')
sys.path.append(os.path.join(CGRU_LOCATION, 'lib', 'python'))
sys.path.append(os.path.join(CGRU_LOCATION, 'afanasy', 'python'))
def htdigest(self, i_args, o_out):
user = i_args['user']
# Not admin can change only own password,
# and only if he has a special state "passwd".
# Admin can change any user password.
if not self.isAdmin(o_out):
if user != self.session.USER_ID:
o_out['error'] = 'User can`t change other user password'
return
# Check "passwd" state:
out = dict()
functions.readAllUsers(out, False)
if 'error' in out:
o_out['error'] = out['error']
return
if not user in out['users']:
o_out['error'] = 'User "%s" not found.' % user
return
uobj = out['users'][user]
if (not 'states' in uobj) or (not 'passwd' in uobj['states']):
o_out['error'] = 'You are not allowed to change password.'
return
data = functions.fileRead(environ.HT_DIGEST_FILE_NAME, True)
if data is None:
data = ''
# Construct new lines w/o our user (if it exists):
o_out['status'] = 'User "%s" set.' % user
o_out['user'] = user
new_lines = []
for line in data.split('\n'):
values = line.split(':')
if len(values) == 3:
if values[0] == user:
# Just skip old line with our user:
o_out['status'] = 'User "%s" updated.' % user
else:
# Store line with other user:
new_lines.append(line)
# Add our user at the end:
new_lines.append(i_args['digest'])
data = '\n'.join(new_lines) + '\n'
if not functions.fileWrite(environ.HT_DIGEST_FILE_NAME, data):
o_out['error'] = 'Unable to write into the file.'
def req_getfile(self, i_file, out):
if not os.path.isfile(i_file):
out['error'] = 'No such file: ' + i_file
return
if not self.admin.htaccessPath(i_file):
o_out['error'] = 'Permissions denied';
return
data = functions.fileRead(i_file)
if data:
return data
out['error'] = 'Unable to load file: ' + i_file
def permissionsGet(self, i_args, o_out):
o_out['groups'] = []
o_out['users'] = []
o_out['merge'] = False
if not os.path.isdir(i_args['path']):
o_out['error'] = 'No such directory.'
return
htaccess = os.path.join(i_args['path'], environ.HT_ACCESS_FILE_NAME)
if not os.path.isfile(htaccess):
return
data = functions.fileRead(htaccess)
if data is None:
o_out['error'] = 'Can`t read the file.'
return
for line in data.split('\n'):
if len(line) <= 1:
continue
words = line.split(' ')
if len(words) < 2:
o_out['error'] = 'Invalid line: "%s"' % line
return
if words[0] == 'AuthMerging':
if words[1] == 'Or':
o_out['merge'] = True
continue
if words[0] != 'Require':
continue
del words[0]
if words[0] == 'group':
del words[0]
for group in words:
o_out['groups'].append(group)
elif words[0] == 'user':
del words[0]
for user in words:
o_out['users'].append(user)
elif words[0] == 'valid-user':
o_out['valid_user'] = True
def http_digest_validate(self, i_digest, o_out):
if not os.path.isfile(environ.HT_DIGEST_FILE_NAME):
o_out['error'] = 'HT digest file does not exist.'
return False
data = functions.fileRead(environ.HT_DIGEST_FILE_NAME, True)
if data is None:
o_out['error'] = 'Can`t read HT digest file.'
error_log(o_out['error'])
return False
data = data.split('\n')
found = False
for line in data:
if line.find(i_digest['username']) == 0:
data = line
found = True
break
if not found:
o_out['error'] = 'Wrong!'
return False
data = data.split(':')
if len(data) != 3:
o_out['error'] = 'Invalid HT digest entry.'
return False
print(i_digest)
for field in ['uri','nonce','nc','cnonce','qop']:
if not field in i_digest:
o_out['error'] = 'Received diges does not contain "%s" field.' % field
return False
data = data[2]
hashlib = __import__('hashlib', globals(), locals(), [])
hget = hashlib.md5(('POST:' + i_digest['uri']).encode()).hexdigest()
data = data + ':' + i_digest['nonce'] + ':' + str(i_digest['nc']) + ':' + i_digest['cnonce'] + ':' + i_digest['qop'] + ':' + hget
valid_response = hashlib.md5(data.encode()).hexdigest()
if i_digest['response'] == valid_response:
return True
o_out['error'] = 'Wrong!'
return False
def readGroups(self, o_out = None):
if self.session.GROUPS is not None:
return True
if not os.path.isfile(environ.HT_GROUPS_FILE_NAME):
error = 'HT Groups file does not exist.'
if o_out:
o_out['error'] = error
else:
print(error)
return False
data = functions.fileRead(environ.HT_GROUPS_FILE_NAME)
if data is None:
error = 'Unable to read groups file.'
if o_out:
o_out['error'] = error
else:
print(error)
return False
groups = dict()
for line in data.split('\n'):
if len(line) < 3:
continue
fields = line.split(':')
if len(fields) == 0:
continue
if len(fields[0]) < 1:
continue
groups[fields[0]] = []
if len(fields) < 2:
continue
for user in fields[1].split(' '):
if len(user) < 1:
continue
groups[fields[0]].append(user)
self.session.GROUPS = groups
return True
def disableUser(self, i_args, o_out):
uid = i_args['uid']
udir = os.path.join('users', uid)
ufile = os.path.join(udir, uid+'.json')
if not os.path.isfile(ufile):
o_out['error'] = 'User file does not exist.'
return
# If user new object provided, we write it.
# This needed to just disable user and not to loose its settings.
if 'uobj' in i_args:
if functions.writeUser(i_args['uobj'], True):
o_out['status'] = 'success'
else:
o_out['error'] = 'Unable to write "%s" user file' % uid
else:
# Delete user files and loose all its data:
shutil.rmtree(udir)
# Remove user from digest file
data = functions.fileRead(environ.HT_DIGEST_FILE_NAME, True)
if data is None:
o_out['error'] = 'Unable to read the file.'
return
old_lines = data.split('\n')
new_lines = []
for line in old_lines:
values = line.split(':')
if len(values) == 3:
if values[0] != uid:
new_lines.append(line)
data = '\n'.join(new_lines) + '\n'
if not functions.fileWrite(environ.HT_DIGEST_FILE_NAME, data):
o_out['error'] = 'Unable to write into the file.'