def filter(self):
"Set filters"
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain.name).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == True)\
.filter(oa.c.user_id == self.user.id).all()
domains = [domain.name for domain in dquery]
if self.direction and self.direction == 'in':
self.query = self.query\
.filter(self.model.to_domain.in_(domains))
elif self.direction and self.direction == 'out':
self.query = self.query\
.filter(self.model.from_domain.in_(domains))
else:
self.query = self.query.filter(
func._(
or_(self.model.to_domain.in_(domains),
self.model.from_domain.in_(domains))))
if self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses]
addrs.append(self.user.email)
if self.direction and self.direction == 'in':
self.query = self.query\
.filter(self.model.to_address.in_(addrs))
elif self.direction and self.direction == 'out':
self.query = self.query\
.filter(self.model.from_address.in_(addrs))
else:
self.query = self.query\
.filter(func._(
or_(self.model.to_address.in_(addrs),
self.model.from_address.in_(addrs))))
return self.query
def get_tagged_addrs(user):
"""Generate a list of tagged addresses for a user"""
query1 = Session.query(Message.to_address)
query2 = Session.query(Message.from_address)
addrs = [addr.address for addr in user.addresses
if '+*' not in addr.address and '-*' not in addr.address]
addrs.append(user.email)
tagged_addrs = [addr.address for addr in user.addresses
if '+*' in addr.address or '-*' in addr.address]
if tagged_addrs:
tagged_opts1 = func._(or_(*[Message.to_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
tagged_opts2 = func._(or_(*[Message.from_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
query1 = query1.filter(func._(
or_(tagged_opts1, Message.to_address.in_(addrs))))
query2 = query2.filter(func._(
or_(tagged_opts2, Message.from_address.in_(addrs))))
else:
query1 = query1.filter(Message.to_address.in_(addrs))
query2 = query2.filter(Message.from_address.in_(addrs))
query1 = query1.distinct()
query2 = query2.distinct()
to_addrs = [val.to_address for val in query1]
from_addrs = [val.from_address for val in query2]
all_addrs = set(to_addrs + from_addrs)
return [str(crc32(val)) for val in all_addrs]
def filter(self):
"Set filters"
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain.name).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == True)\
.filter(oa.c.user_id == self.user.id).all()
domains = [domain.name for domain in dquery]
if not domains:
domains.append('xx')
if self.direction and self.direction == 'in':
self.query = self.query\
.filter(self.model.to_domain.in_(domains))
elif self.direction and self.direction == 'out':
self.query = self.query\
.filter(self.model.from_domain.in_(domains))
else:
self.query = self.query.filter(
func._(or_(self.model.to_domain.in_(domains),
self.model.from_domain.in_(domains))))
if self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses]
addrs.append(self.user.email)
if self.direction and self.direction == 'in':
self.query = self.query\
.filter(self.model.to_address.in_(addrs))
elif self.direction and self.direction == 'out':
self.query = self.query\
.filter(self.model.from_address.in_(addrs))
else:
self.query = self.query\
.filter(func._(
or_(self.model.to_address.in_(addrs),
self.model.from_address.in_(addrs))))
return self.query
def __init__(self, dbsession, user):
"init"
self.dbsession = dbsession
self.user = user
self.query = self.dbsession.query(func.count(MailQueueItem.id))
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == true())\
.filter(oa.c.user_id == self.user.id).all()
# domains = [domain.name for domain in dquery]
domains = []
for domain in dquery:
domains.append(domain.name)
for domain_alias in domain.aliases:
if domain_alias.status:
domains.append(domain_alias.name)
if not domains:
domains.append('xx')
self.query = self.query.filter(
func._(
or_(MailQueueItem.to_domain.in_(domains),
MailQueueItem.from_domain.in_(domains))))
if self.user.is_peleb:
addrs = [
addr.address for addr in self.user.addresses
if '+*' not in addr.address and '-*' not in addr.address
]
addrs.append(self.user.email)
tagged_addrs = [
addr.address for addr in self.user.addresses
if '+*' in addr.address or '-*' in addr.address
]
if tagged_addrs:
tagged_to = func._(
or_(*[
MailQueueItem.to_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
tagged_from = func._(
or_(*[
MailQueueItem.from_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
self.query = self.query\
.filter(func._(
or_(tagged_to,
tagged_from,
MailQueueItem.to_address.in_(addrs),
MailQueueItem.from_address.in_(addrs))
)
)
else:
self.query = self.query\
.filter(func._(
or_(MailQueueItem.to_address.in_(addrs),
MailQueueItem.from_address.in_(addrs))))
def count(self):
"Get the count"
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == true())\
.filter(oa.c.user_id == self.user.id).all()
# domains = [domain.name for domain in dquery]
domains = []
for domain in dquery:
domains.append(domain.name)
for domain_alias in domain.aliases:
if domain_alias.status:
domains.append(domain_alias.name)
self.query = self.query.filter(MessageTotals.id.in_(domains))
elif self.user.is_peleb:
addrs = [
addr.address for addr in self.user.addresses
if '+*' not in addr.address and '-*' not in addr.address
]
tagged_addrs = [
addr.address for addr in self.user.addresses
if '+*' in addr.address or '-*' in addr.address
]
addrs.append(self.user.email)
if tagged_addrs:
tagged_to = func._(
or_(*[
Message.to_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
tagged_from = func._(
or_(*[
Message.from_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
self.query = self.query.filter(
func._(
or_(tagged_to, tagged_from,
Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
else:
self.query = self.query.filter(
func._(
or_(Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
value = self.query.one()
return int(value.total or 0)
def get(self, hostname=None):
"Return the query object"
if hostname is not None:
self.query = self.query.filter(Message.hostname == hostname)
if self.user.is_domain_admin:
domainquery = self.dbsession.query(Domain).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == true())\
.filter(oa.c.user_id == self.user.id).all()
dquery = []
for domain in domainquery:
dquery.append(domain.name)
if domain.aliases:
for domain_alias in domain.aliases:
dquery.append(domain_alias.name)
if not dquery:
dquery.append('xx')
self.query = self.query.filter(func._(
or_(Message.to_domain.in_(dquery),
Message.from_domain.in_(dquery))))
if self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses
if '+*' not in addr.address and '-*' not in addr.address]
addrs.append(self.user.email)
tagged_addrs = [addr.address for addr in self.user.addresses
if '+*' in addr.address or '-*' in addr.address]
if tagged_addrs:
tagged_to = func._(or_(*[Message.to_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
tagged_from = func._(or_(*[Message.from_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
self.query = self.query.filter(
func._(or_(tagged_to, tagged_from,
Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
else:
self.query = self.query.filter(
func._(or_(Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
cachekey = 'dailytotals-%s-%s' % (self.user.username, hostname)
try:
self.query = self.query.\
options(FromCache('sql_cache_short', cachekey))
except PylibmcError:
pass
return self.query.one()
def __init__(self, dbsession, user):
"init"
self.dbsession = dbsession
self.user = user
self.query = self.dbsession.query(func.count(MailQueueItem.id))
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == true())\
.filter(oa.c.user_id == self.user.id).all()
# domains = [domain.name for domain in dquery]
domains = []
for domain in dquery:
domains.append(domain.name)
for domain_alias in domain.aliases:
if domain_alias.status:
domains.append(domain_alias.name)
if not domains:
domains.append('xx')
self.query = self.query.filter(
func._(or_(MailQueueItem.to_domain.in_(domains),
MailQueueItem.from_domain.in_(domains))))
if self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses
if '+*' not in addr.address and '-*' not in addr.address]
addrs.append(self.user.email)
tagged_addrs = [addr.address for addr in self.user.addresses
if '+*' in addr.address or '-*' in addr.address]
if tagged_addrs:
tagged_to = func._(or_(*[MailQueueItem.to_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
tagged_from = func._(or_(*[MailQueueItem.from_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
self.query = self.query\
.filter(func._(
or_(tagged_to,
tagged_from,
MailQueueItem.to_address.in_(addrs),
MailQueueItem.from_address.in_(addrs))
)
)
else:
self.query = self.query\
.filter(func._(
or_(MailQueueItem.to_address.in_(addrs),
MailQueueItem.from_address.in_(addrs))))
def filter(self):
"Set filters"
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == true())\
.filter(oa.c.user_id == self.user.id).all()
domains = []
for domain in dquery:
domains.append(domain.name)
for domain_alias in domain.aliases:
if domain_alias.status:
domains.append(domain_alias.name)
if not domains:
domains.append('xx')
if self.direction and self.direction == 'in':
self.query = self.query\
.filter(self.model.to_domain.in_(domains))
elif self.direction and self.direction == 'out':
self.query = self.query\
.filter(self.model.from_domain.in_(domains))
else:
self.query = self.query.filter(
func._(or_(self.model.to_domain.in_(domains),
self.model.from_domain.in_(domains))))
if self.user.is_peleb:
self._build_user_filter()
return self.query
def domain_pie_query(domain, reportid, num_of_days=0):
"Run domain query"
queryfield = getattr(Message, REPORTS[reportid]['address'])
orderby = REPORTS[reportid]['sort']
query = Session.query(queryfield.label('address'),
func.count(queryfield).label('count'),
func.sum(Message.size).label('size'))
if reportid == '10':
query = query.filter(queryfield != u'127.0.0.1')\
.group_by(queryfield)\
.order_by(desc(orderby))
else:
query = query.filter(queryfield != u'')\
.group_by(queryfield)\
.order_by(desc(orderby))
if reportid in ['5', '6', '7', '8']:
query = query.filter(Message.to_domain == domain)
else:
query = query.filter(func._(or_(Message.from_domain == domain,
Message.to_domain == domain)))
if int(num_of_days) > 0:
numofdays = datetime.timedelta(days=num_of_days)
startdate = now().date() - numofdays
query = query.filter(Message.timestamp > str(startdate))
data = query[:10]
return data
def filter(self):
"Set filters"
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == true())\
.filter(oa.c.user_id == self.user.id).all()
domains = []
for domain in dquery:
domains.append(domain.name)
for domain_alias in domain.aliases:
if domain_alias.status:
domains.append(domain_alias.name)
if not domains:
domains.append('xx')
if self.direction and self.direction == 'in':
self.query = self.query\
.filter(self.model.to_domain.in_(domains))
elif self.direction and self.direction == 'out':
self.query = self.query\
.filter(self.model.from_domain.in_(domains))
else:
self.query = self.query.filter(
func._(
or_(self.model.to_domain.in_(domains),
self.model.from_domain.in_(domains))))
if self.user.is_peleb:
self._build_user_filter()
return self.query
def get(self, hostname=None):
if not hostname is None:
self.query = self.query.filter(Message.hostname == hostname)
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain.name).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == True)\
.filter(oa.c.user_id == self.user.id).all()
self.query = self.query.filter(func._(
or_(Message.to_domain.in_(dquery),
Message.from_domain.in_(dquery))))
if self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses]
addrs.append(self.user.email)
self.query = self.query.filter(
func._(or_(Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
cachekey = 'dailytotals-%s-%s' % (self.user.username, hostname)
self.query = self.query.options(FromCache('sql_cache_short', cachekey))
return self.query.one()
def _build_user_filter(self):
"Build user filter"
addrs = [addr.address for addr in self.user.addresses
if '+*' not in addr.address and '-*' not in addr.address]
addrs.append(self.user.email)
tagged_addrs = [addr.address for addr in self.user.addresses
if '+*' in addr.address or '-*' in addr.address]
if self.direction and self.direction == 'in':
if tagged_addrs:
tagged_opts = func._(or_(*[self.model.to_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
self.query = self.query\
.filter(
func._(
or_(tagged_opts,
self.model.to_address.in_(addrs))))
else:
self.query = self.query\
.filter(self.model.to_address.in_(addrs))
elif self.direction and self.direction == 'out':
if tagged_addrs:
tagged_opts = func._(or_(*[self.model.from_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
self.query = self.query\
.filter(
func._(
or_(tagged_opts,
self.model.from_address.in_(addrs))))
else:
self.query = self.query\
.filter(self.model.from_address.in_(addrs))
else:
if tagged_addrs:
tagged_to = func._(or_(*[self.model.to_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
tagged_from = func._(or_(*[self.model.from_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
self.query = self.query\
.filter(func._(
or_(tagged_to, tagged_from,
self.model.to_address.in_(addrs),
self.model.from_address.in_(addrs))))
else:
self.query = self.query\
.filter(func._(
or_(self.model.to_address.in_(addrs),
self.model.from_address.in_(addrs))))
def __init__(self, dbsession, user):
"init"
self.dbsession = dbsession
self.user = user
self.query = self.dbsession.query(func.count(MailQueueItem.id))
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain.name).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == True)\
.filter(oa.c.user_id == self.user.id).all()
domains = [domain.name for domain in dquery]
self.query = self.query.filter(
func._(or_(MailQueueItem.to_domain.in_(domains),
MailQueueItem.from_domain.in_(domains))))
if self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses]
addrs.append(self.user.email)
self.query = self.query\
.filter(func._(
or_(MailQueueItem.to_address.in_(addrs),
MailQueueItem.from_address.in_(addrs))))
def __init__(self, dbsession, user):
"init"
self.dbsession = dbsession
self.user = user
self.query = self.dbsession.query(func.count(MailQueueItem.id))
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain.name).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == True)\
.filter(oa.c.user_id == self.user.id).all()
domains = [domain.name for domain in dquery]
self.query = self.query.filter(
func._(
or_(MailQueueItem.to_domain.in_(domains),
MailQueueItem.from_domain.in_(domains))))
if self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses]
addrs.append(self.user.email)
self.query = self.query\
.filter(func._(
or_(MailQueueItem.to_address.in_(addrs),
MailQueueItem.from_address.in_(addrs))))
def get(self, hostname=None):
if not hostname is None:
self.query = self.query.filter(Message.hostname == hostname)
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain.name).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == True)\
.filter(oa.c.user_id == self.user.id).all()
self.query = self.query.filter(
func._(
or_(Message.to_domain.in_(dquery),
Message.from_domain.in_(dquery))))
if self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses]
addrs.append(self.user.email)
self.query = self.query.filter(
func._(
or_(Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
cachekey = 'dailytotals-%s-%s' % (self.user.username, hostname)
self.query = self.query.options(FromCache('sql_cache_short', cachekey))
return self.query.one()
def count(self):
"Get the count"
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == true())\
.filter(oa.c.user_id == self.user.id).all()
# domains = [domain.name for domain in dquery]
domains = []
for domain in dquery:
domains.append(domain.name)
for domain_alias in domain.aliases:
if domain_alias.status:
domains.append(domain_alias.name)
self.query = self.query.filter(MessageTotals.id.in_(domains))
elif self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses
if '+*' not in addr.address and '-*' not in addr.address]
tagged_addrs = [addr.address for addr in self.user.addresses
if '+*' in addr.address or '-*' in addr.address]
addrs.append(self.user.email)
if tagged_addrs:
tagged_to = func._(or_(*[Message.to_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
tagged_from = func._(or_(*[Message.from_address
.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs]))
self.query = self.query.filter(func._(or_(
tagged_to, tagged_from,
Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
else:
self.query = self.query.filter(func._(
or_(Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
value = self.query.one()
return int(value.total or 0)
def get_tagged_addrs(user):
"""Generate a list of tagged addresses for a user"""
query1 = Session.query(Message.to_address)
query2 = Session.query(Message.from_address)
addrs = [
addr.address for addr in user.addresses
if '+*' not in addr.address and '-*' not in addr.address
]
addrs.append(user.email)
tagged_addrs = [
addr.address for addr in user.addresses
if '+*' in addr.address or '-*' in addr.address
]
if tagged_addrs:
tagged_opts1 = func._(
or_(*[
Message.to_address.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
tagged_opts2 = func._(
or_(*[
Message.from_address.like(TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
query1 = query1.filter(
func._(or_(tagged_opts1, Message.to_address.in_(addrs))))
query2 = query2.filter(
func._(or_(tagged_opts2, Message.from_address.in_(addrs))))
else:
query1 = query1.filter(Message.to_address.in_(addrs))
query2 = query2.filter(Message.from_address.in_(addrs))
query1 = query1.distinct()
query2 = query2.distinct()
to_addrs = [val.to_address for val in query1]
from_addrs = [val.from_address for val in query2]
all_addrs = set(to_addrs + from_addrs)
return [str(crc32(val)) for val in all_addrs]
def count(self):
"Get the count"
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain.name).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == True)\
.filter(oa.c.user_id == self.user.id).all()
domains = [domain.name for domain in dquery]
self.query = self.query.filter(MessageTotals.id.in_(domains))
elif self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses]
addrs.append(self.user.email)
self.query = self.query.filter(func._(or_(Message\
.to_address.in_(addrs),
Message.from_address.in_(addrs))))
value = self.query.one()
return int(value.total or 0)
def count(self):
"Get the count"
if self.user.is_domain_admin:
dquery = self.dbsession.query(Domain.name).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == True)\
.filter(oa.c.user_id == self.user.id).all()
domains = [domain.name for domain in dquery]
self.query = self.query.filter(MessageTotals.id.in_(domains))
elif self.user.is_peleb:
addrs = [addr.address for addr in self.user.addresses]
addrs.append(self.user.email)
self.query = self.query.filter(func._(or_(Message\
.to_address.in_(addrs),
Message.from_address.in_(addrs))))
value = self.query.one()
return int(value.total or 0)
def authenticate(self, environ, identity):
"""authenticator"""
try:
if check_failed_logins(environ):
return None
login = identity['login'].decode('utf-8')
password = identity['password'].decode('utf-8')
username = login
domain = None
if '@' not in login:
return None
username, domain = login.split('@')
and_clause = and_(self.domainmodel.id == self.aliasmodel.domain_id,
self.aliasmodel.name == domain,
self.aliasmodel.status == True)
radiussettings = self.dbsession.query(self.radsettingsmodel,
self.authsettingsmodel.address,
self.authsettingsmodel.port,
self.authsettingsmodel.split_address,
self.authsettingsmodel.user_map_template,
self.domainmodel.name)\
.join(self.authsettingsmodel)\
.join(self.domainmodel)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.domainmodel.status == True)\
.filter(or_(self.domainmodel.name == domain,
func._(and_clause)))\
.all()
settings, address, port, split_address, template, \
domain_name = radiussettings[0]
if not port:
port = 1812
radclient = Client(server=address,
authport=port,
secret=settings.secret.encode('utf-8'),
dict=Dictionary(StringIO(DICTIONARY)))
if settings.timeout:
radclient.timeout = settings.timeout
if split_address:
login = username
if domain != domain_name:
identity['login'] = "******" % (username, domain_name)
if not split_address:
login = "******" % (username, domain_name)
if (template and (USER_TEMPLATE_MAP_RE.search(template)
or DOM_TEMPLATE_MAP_RE.search(template))):
# domain has user template
login = USER_TEMPLATE_MAP_RE.sub(username, template)
login = DOM_TEMPLATE_MAP_RE.sub(domain, login)
request = radclient.CreateAuthPacket(code=packet.AccessRequest,
User_Name=login)
request["User-Password"] = request.PwCrypt(password)
reply = radclient.SendPacket(request)
if reply.code == packet.AccessAccept:
return identity['login']
except (KeyError, IndexError, NoResultFound, Timeout):
return None
return None
def authenticate(self, environ, identity):
"""authenticator"""
try:
if check_failed_logins(environ):
return None
login = identity['login'].decode('utf-8')
password = identity['password'].decode('utf-8')
username = login
domain = None
if '@' not in login:
return None
username, domain = login.split('@')
and_clause = and_(self.domainmodel.id == self.aliasmodel.domain_id,
self.aliasmodel.name == domain,
self.aliasmodel.status == True)
radiussettings = self.dbsession.query(self.radsettingsmodel,
self.authsettingsmodel.address,
self.authsettingsmodel.port,
self.authsettingsmodel.split_address,
self.authsettingsmodel.user_map_template,
self.domainmodel.name)\
.join(self.authsettingsmodel)\
.join(self.domainmodel)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.domainmodel.status == True)\
.filter(or_(self.domainmodel.name == domain,
func._(and_clause)))\
.all()
settings, address, port, split_address, template, \
domain_name = radiussettings[0]
if not port:
port = 1812
radclient = Client(server=address, authport=port,
secret=settings.secret.encode('utf-8'),
dict=Dictionary(StringIO(DICTIONARY)))
if settings.timeout:
radclient.timeout = settings.timeout
if split_address:
login = username
if domain != domain_name:
identity['login'] = "******" % (username, domain_name)
if not split_address:
login = "******" % (username, domain_name)
if (template and (USER_TEMPLATE_MAP_RE.search(template) or
DOM_TEMPLATE_MAP_RE.search(template))):
# domain has user template
login = USER_TEMPLATE_MAP_RE.sub(username, template)
login = DOM_TEMPLATE_MAP_RE.sub(domain, login)
request = radclient.CreateAuthPacket(code=packet.AccessRequest,
User_Name=login)
request["User-Password"] = request.PwCrypt(password)
reply = radclient.SendPacket(request)
if reply.code == packet.AccessAccept:
return identity['login']
except (KeyError, IndexError, NoResultFound, Timeout):
return None
return None
def _build_user_filter(self):
"Build user filter"
addrs = [
addr.address for addr in self.user.addresses
if '+*' not in addr.address and '-*' not in addr.address
]
addrs.append(self.user.email)
tagged_addrs = [
addr.address for addr in self.user.addresses
if '+*' in addr.address or '-*' in addr.address
]
if self.direction and self.direction == 'in':
if tagged_addrs:
tagged_opts = func._(
or_(*[
self.model.to_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
self.query = self.query\
.filter(
func._(
or_(tagged_opts,
self.model.to_address.in_(addrs))))
else:
self.query = self.query\
.filter(self.model.to_address.in_(addrs))
elif self.direction and self.direction == 'out':
if tagged_addrs:
tagged_opts = func._(
or_(*[
self.model.from_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
self.query = self.query\
.filter(
func._(
or_(tagged_opts,
self.model.from_address.in_(addrs))))
else:
self.query = self.query\
.filter(self.model.from_address.in_(addrs))
else:
if tagged_addrs:
tagged_to = func._(
or_(*[
self.model.to_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
tagged_from = func._(
or_(*[
self.model.from_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
self.query = self.query\
.filter(func._(
or_(tagged_to, tagged_from,
self.model.to_address.in_(addrs),
self.model.from_address.in_(addrs))))
else:
self.query = self.query\
.filter(func._(
or_(self.model.to_address.in_(addrs),
self.model.from_address.in_(addrs))))
def get(self, hostname=None):
"Return the query object"
if hostname is not None:
self.query = self.query.filter(Message.hostname == hostname)
if self.user.is_domain_admin:
domainquery = self.dbsession.query(Domain).join(downs,
(oa, downs.c.organization_id == oa.c.organization_id))\
.filter(Domain.status == true())\
.filter(oa.c.user_id == self.user.id).all()
dquery = []
for domain in domainquery:
dquery.append(domain.name)
if domain.aliases:
for domain_alias in domain.aliases:
dquery.append(domain_alias.name)
if not dquery:
dquery.append('xx')
self.query = self.query.filter(
func._(
or_(Message.to_domain.in_(dquery),
Message.from_domain.in_(dquery))))
if self.user.is_peleb:
addrs = [
addr.address for addr in self.user.addresses
if '+*' not in addr.address and '-*' not in addr.address
]
addrs.append(self.user.email)
tagged_addrs = [
addr.address for addr in self.user.addresses
if '+*' in addr.address or '-*' in addr.address
]
if tagged_addrs:
tagged_to = func._(
or_(*[
Message.to_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
tagged_from = func._(
or_(*[
Message.from_address.like(
TAGGED_RE.sub(r'\g<one>%', taddr))
for taddr in tagged_addrs
]))
self.query = self.query.filter(
func._(
or_(tagged_to, tagged_from,
Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
else:
self.query = self.query.filter(
func._(
or_(Message.to_address.in_(addrs),
Message.from_address.in_(addrs))))
cachekey = 'dailytotals-%s-%s' % (self.user.username, hostname)
try:
self.query = self.query.\
options(FromCache('sql_cache_short', cachekey))
except PylibmcError:
pass
return self.query.one()
def authenticate(self, environ, identity):
"Authenticate identity"
try:
if check_failed_logins(environ):
raise TypeError
login = identity['login']
username, domain = login.split('@')
ldapsettings = self.dbsession.query(self.ldapsettingsmodel,
self.authsettingsmodel.address,
self.authsettingsmodel.port,
self.authsettingsmodel.split_address,
self.domainmodel.name)\
.join(self.authsettingsmodel)\
.join(self.domainmodel)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.domainmodel.status == True)\
.filter(or_(self.domainmodel.name == domain,
func._(and_(\
self.domainmodel.id == self.alias.domain_id,
self.alias.name == domain,
self.alias.status == True)
)
)).all()
(settings,
address,
port,
split_address,
domain_name) = ldapsettings[0]
ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 5)
ldap_uri = make_ldap_uri(address, port)
ldap_connection = make_ldap_connection(ldap_uri)
kwargs = dict(naming_attribute=settings.nameattribute,
returned_id=self.returned_id,
bind_dn=settings.binddn,
bind_pass=settings.bindpw,
start_tls=settings.usetls)
if domain != domain_name:
# override alias domain
domain = domain_name
if settings.usesearch:
ldap_module = 'LDAPSearchAuthenticatorPlugin'
# build_search_filters(kwargs, settings.search_scope,
# settings.searchfilter, domain,
# login, username)
kwargs['search_scope'] = settings.search_scope
if settings.searchfilter != '':
params = []
domaindn = ','.join(['dc=' + part
for part in domain.split('.')])
mapping = {
'%n':login,
'%u':username,
'%d':domain,
'%D': domaindn
}
searchfilter = escape_filter_chars(settings.searchfilter)
for key in ['%n', '%u', '%d', '%D']:
for _ in xrange(searchfilter.count(key)):
searchfilter = searchfilter.replace(key, '%s', 1)
params.append(mapping[key])
searchfilter = filter_format(searchfilter, params)
kwargs['filterstr'] = searchfilter
else:
ldap_module = 'LDAPAuthenticatorPlugin'
if split_address:
identity['login'] = username
else:
# use main domain name not alias reset above
identity['login'] = "******" % (username, domain)
auth = resolveDotted('repoze.who.plugins.ldap:%s' % ldap_module)
ldap_auth = auth(ldap_connection, settings.basedn, **kwargs)
userid = ldap_auth.authenticate(environ, identity)
fulladdr = "%s@%s" % (username, domain)
return userid if userid is None or '@' in userid else fulladdr
except (KeyError, TypeError, ValueError, AttributeError,
NoResultFound, IndexError, ldap.LDAPError):
return None
def authenticate(self, environ, identity):
"""authenticator"""
try:
if check_failed_logins(environ):
return None
login = identity['login']
password = identity['password']
username = login
domain = None
if '@' not in login:
return None
username, domain = login.split('@')
and_clause = and_(self.domainmodel.id == self.aliasmodel.domain_id,
self.aliasmodel.name == domain,
self.aliasmodel.status == True)
smtpsettings = self.dbsession.query(self.authsettingsmodel.port,
self.authsettingsmodel.address,
self.authsettingsmodel.split_address,
self.authsettingsmodel.user_map_template,
self.domainmodel.name)\
.join(self.domainmodel)\
.filter(self.authsettingsmodel.protocol == 3)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.domainmodel.status == True)\
.filter(or_(self.domainmodel.name == domain,
func._(and_clause)))\
.all()
port, address, split_address, template, \
domain_name = smtpsettings[0]
if split_address:
login = username
if domain != domain_name:
identity['login'] = "******" % (username, domain_name)
if not split_address:
login = "******" % (username, domain_name)
if (template and (USER_TEMPLATE_MAP_RE.search(template) or
DOM_TEMPLATE_MAP_RE.search(template))):
# domain has user template
login = USER_TEMPLATE_MAP_RE.sub(username, template)
login = DOM_TEMPLATE_MAP_RE.sub(domain, login)
if port == 465:
conn = smtplib.SMTP_SSL(address, timeout=5)
elif port == 25 or port is None:
conn = smtplib.SMTP(address, timeout=5)
else:
conn = smtplib.SMTP(address, port, timeout=5)
conn.ehlo()
if conn.has_extn('STARTTLS') and port != 465:
conn.starttls()
conn.ehlo()
conn.login(login, password)
return identity['login']
except (KeyError, IndexError, NoResultFound, smtplib.SMTPException,
socket.error, SSLError):
return None
finally:
if 'conn' in locals():
try:
conn.quit()
except smtplib.SMTPServerDisconnected:
pass
return None
def authenticate(self, environ, identity):
"Authenticate identity"
try:
if check_failed_logins(environ):
raise TypeError
login = identity['login']
username, domain = login.split('@')
ldapsettings = self.dbsession.query(self.ldapsettingsmodel,
self.authsettingsmodel.address,
self.authsettingsmodel.port,
self.authsettingsmodel.split_address,
self.domainmodel.name)\
.join(self.authsettingsmodel)\
.join(self.domainmodel)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.domainmodel.status == True)\
.filter(or_(self.domainmodel.name == domain,
func._(and_(\
self.domainmodel.id == self.alias.domain_id,
self.alias.name == domain,
self.alias.status == True)
)
)).all()
(settings, address, port, split_address,
domain_name) = ldapsettings[0]
ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 5)
ldap_uri = make_ldap_uri(address, port)
ldap_connection = make_ldap_connection(ldap_uri)
kwargs = dict(naming_attribute=settings.nameattribute,
returned_id=self.returned_id,
bind_dn=settings.binddn,
bind_pass=settings.bindpw,
start_tls=settings.usetls)
if domain != domain_name:
# override alias domain
domain = domain_name
if settings.usesearch:
ldap_module = 'LDAPSearchAuthenticatorPlugin'
# build_search_filters(kwargs, settings.search_scope,
# settings.searchfilter, domain,
# login, username)
kwargs['search_scope'] = settings.search_scope
if settings.searchfilter != '':
params = []
domaindn = ','.join(
['dc=' + part for part in domain.split('.')])
mapping = {
'%n': login,
'%u': username,
'%d': domain,
'%D': domaindn
}
searchfilter = escape_filter_chars(settings.searchfilter)
for key in ['%n', '%u', '%d', '%D']:
for _ in xrange(searchfilter.count(key)):
searchfilter = searchfilter.replace(key, '%s', 1)
params.append(mapping[key])
searchfilter = filter_format(searchfilter, params)
kwargs['filterstr'] = searchfilter
else:
ldap_module = 'LDAPAuthenticatorPlugin'
if split_address:
identity['login'] = username
else:
# use main domain name not alias reset above
identity['login'] = "******" % (username, domain)
auth = resolveDotted('repoze.who.plugins.ldap:%s' % ldap_module)
ldap_auth = auth(ldap_connection, settings.basedn, **kwargs)
userid = ldap_auth.authenticate(environ, identity)
fulladdr = "%s@%s" % (username, domain)
return userid if userid is None or '@' in userid else fulladdr
except (KeyError, TypeError, ValueError, AttributeError, NoResultFound,
IndexError, ldap.LDAPError):
return None
def authenticate(self, environ, identity):
"""authenticator"""
try:
if check_failed_logins(environ):
return None
login = identity['login']
password = identity['password']
username = login
domain = None
if '@' not in login:
return None
username, domain = login.split('@')
and_clause = and_(self.domainmodel.id == self.aliasmodel.domain_id,
self.aliasmodel.name == domain,
self.aliasmodel.status == True)
popsettings = self.dbsession.query(self.authsettingsmodel.port,
self.authsettingsmodel.address,
self.authsettingsmodel.split_address,
self.authsettingsmodel.user_map_template,
self.domainmodel.name)\
.join(self.domainmodel)\
.filter(self.authsettingsmodel.protocol == 1)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.domainmodel.status == True)\
.filter(or_(self.domainmodel.name == domain,
func._(and_clause)))\
.all()
port, address, split_address, template, domain_name = popsettings[0]
if split_address:
login = username
if domain != domain_name:
identity['login'] = "******" % (username, domain_name)
if not split_address:
login = "******" % (username, domain_name)
if (template and (USER_TEMPLATE_MAP_RE.search(template) or
DOM_TEMPLATE_MAP_RE.search(template))):
# domain has user template
login = USER_TEMPLATE_MAP_RE.sub(username, template)
login = DOM_TEMPLATE_MAP_RE.sub(domain, login)
if port == 995:
conn = poplib.POP3_SSL(address)
elif port == 110 or port is None:
conn = poplib.POP3(address)
else:
conn = poplib.POP3(address, port)
if APOP_RE.match(conn.getwelcome()):
conn.apop(login, password)
else:
conn.user(login)
conn.pass_(password)
return identity['login']
except (KeyError, IndexError, NoResultFound, poplib.error_proto,
socket.error, SSLError):
return None
finally:
if 'conn' in locals():
conn.quit()
return None
def authenticate(self, environ, identity):
"""authenticator"""
try:
if check_failed_logins(environ):
return None
login = identity['login']
password = identity['password']
username = login
domain = None
if '@' not in login:
return None
username, domain = login.split('@')
and_clause = and_(self.dommodel.id == self.aliasmodel.domain_id,
self.aliasmodel.name == domain,
self.aliasmodel.status == True)
query = self.dbsession.query(self.authsettingsmodel.port,
self.authsettingsmodel.address,
self.authsettingsmodel.split_address,
self.authsettingsmodel.user_map_template,
self.dommodel.name)\
.join(self.dommodel)\
.filter(self.authsettingsmodel.protocol == 2)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.dommodel.status == True)\
.filter(or_(self.dommodel.name == domain,
func._(and_clause)))\
.all()
port, address, split_address, template, domain_name = query[0]
if split_address:
login = username
if domain != domain_name:
identity['login'] = "******" % (username, domain_name)
if not split_address:
login = "******" % (username, domain_name)
if (template and (USER_TEMPLATE_MAP_RE.search(template)
or DOM_TEMPLATE_MAP_RE.search(template))):
# domain has user template
login = USER_TEMPLATE_MAP_RE.sub(username, template)
login = DOM_TEMPLATE_MAP_RE.sub(domain, login)
if port == 993:
conn = imaplib.IMAP4_SSL(address)
elif port == 143 or port is None:
conn = imaplib.IMAP4(address)
else:
conn = imaplib.IMAP4(address, port)
conn.login(login, password)
return identity['login']
except (KeyError, IndexError, NoResultFound, imaplib.IMAP4.error,
socket.error, SSLError):
return None
finally:
if 'conn' in locals():
conn.logout()
return None