Exemple #1
0
def _():
    bs = app.get_beaker_session()
    userid = bs.get('userid') or 0
    wikipath = bottle.request.forms.wikipath
    if wikipath:
        with MyS() as session:
            page = session.query(WikiPages).filter(WikiPages.path == wikipath).first()
            is_wiki_admin = app.check_user_in_groups(app.module_config.get('admins access'))
            if page:
                page_id = page.id
                is_owner = (userid == page.userid)
                can_admin = is_wiki_admin or is_owner
                if can_admin:
                    upload = bottle.request.files.get('upload')
                    if upload:
                        # name, ext = os.path.splitext(upload.filename)
                        upload_folder = app.module_config.get('upload folder', 'upload')
                        upload_path = os.path.join(app.module_folder, upload_folder)
                        save_path = os.path.join(app.module_folder, upload_folder, str(page_id))
                        try:
                            os.mkdir(upload_path)
                        except:
                            pass
                        try:
                            os.mkdir(save_path)
                        except:
                            pass
                        upload.save(save_path)  # appends upload.filename automatically
            return html_redirect('/{}{}'.format(app.module_name, wikipath))
    return '??'
Exemple #2
0
def _(wikipath):
    if not wikipath.startswith('/'):
        wikipath = '/' + wikipath
    wikipath = u''+wikipath
    version_index = int(bottle.request.query.get('v', 0))
    bs = app.get_beaker_session()
    userid = bs.get('userid') or 0
    with MyS() as session:
        page = session.query(WikiPages).filter(WikiPages.path == wikipath).first()
        if page:
            page_versions = session.query(WikiVersions).filter(WikiVersions.parent_id == page.id) \
                .order_by(WikiVersions.created.desc()).all()
        else:
            page_versions = []
        if page:
            version = page_versions[version_index]
            is_wiki_admin = app.check_user_in_groups(app.module_config.get('admins access'))
            is_owner = (userid == version.userid) or (userid == page.userid)
            can_admin = is_wiki_admin or is_owner
            if can_admin:
                session.delete(version)
            else:
                return app.err_msg(wikipath, "You can't delete this page version.")
    url = '/{}{}'.format(app.module_name, wikipath)
    return html_redirect(url)
Exemple #3
0
def _():
    """
        Login with token and autoconfirm cookie
    """
    code = bottle.request.query.code
    go = bottle.request.query.go
    cookie = bottle.request.query.cookie
    cookielaw_name = app.server_config.get('cookielaw_name')
    using_cookies = bottle.request.get_cookie(cookielaw_name)
    if not using_cookies:
        # redirect
        d = bottle.request.query
        q = '&'.join(['{}={}'.format(x,d[x]) for x in d.keys()])
        url = '/confirmcookie?back=/{}/users/qrscan&{}'.format(app.module_name, q)
        return html_redirect(url)
    if not cookie and not using_cookies:
        # cookie not accepted
        return "Cookies not accepted by browser."
    bs = app.get_beaker_session()
    token = code.split('=')[-1]
    with MyS() as session:
        obuser = session.query(Users).filter(Users.token == token).first()
        if obuser:
            # user is logged in
            bs.clear()
            bs[getRndString(12)] = getRndString(32)
            bs['username'] = obuser.name
            bs['userid'] = obuser.id
            bs['userfullname'] = obuser.fullname
            bs['REMOTE_ADDR'] = bottle.request.environ.get('REMOTE_ADDR')
            # add group id -1 (All users)
            L = [gr.id for gr in obuser.groups]
            L.append(-1)
            bs['groups'] = L
            bs['authenticated'] = True
            # something random
            bs[getRndString(12)] = getRndString(32)
            if go:
                return html_redirect(go)
            else:
                return html_redirect(obuser.home or '/')
        else:
            # return 'No access! Invalid or expired token.'
            return html_redirect('/auth/login')
Exemple #4
0
def logout():
    """
        Logout method
    """
    bs = app.get_beaker_session()
    try:
        bs.delete()
        confirm_logout = '/{}/confirmlogout'.format(app.module_name)
        return html_redirect(confirm_logout)
    except:
        return 'Logout Error'
Exemple #5
0
def _(wikipath):
    if not wikipath.startswith('/'):
        wikipath = '/' + wikipath
    wikipath = u''+wikipath
    bs = app.get_beaker_session()
    userid = bs.get('userid') or 0
    is_wiki_admin = app.check_user_in_groups(app.module_config.get('admins access'))
    with MyS() as session:
        page = session.query(WikiPages).filter(WikiPages.path == wikipath).first()
        if page:
            is_owner = (userid == page.userid)
            can_admin = is_wiki_admin or is_owner
            if can_admin:
                for ver in page.versions:
                    session.delete(ver)
                session.delete(page)
            else:
                return app.err_msg(wikipath, "You can't delete this page.")
    url = '/{}'.format(app.module_name)
    return html_redirect(url)
Exemple #6
0
def callback():
    expires = int(server_config.get('cookie_life') or 3)
    bottle.response.set_cookie(server_config.get('cookielaw_name'),
                               'yes',
                               expires=datetime.datetime.now() +
                               datetime.timedelta(days=expires),
                               path="/")

    d = bottle.request.query
    q = '&'.join(['{}={}'.format(x, d[x]) for x in d.keys()])

    referer = bottle.request.environ.get('HTTP_REFERER', '/')
    urlback = bottle.request.query.back or referer
    if urlback.find('?') == -1:
        urlback = urlback + '?cookie=y'
    else:
        urlback = urlback + '&cookie=y'
    if q:
        urlback = urlback + '&' + q

    return html_redirect(urlback)
Exemple #7
0
 def wrapper(*args, **kwargs):
     # executed on each request
     if self.module_config.get('module disabled'):
         return self.err_msg("Error", "Module disabled by admin")
     accesspath = '/{}{}'.format(self.module_name,
                                 bottle.request.path)
     if self.server_config.get('DEBUG'):
         print('auth {} {}'.format(bottle.request.method,
                                   accesspath))
     # check permission
     authenticated = False
     permission = saved_permission
     if isinstance(permission, (str, )):
         permission = [permission]
     for p in permission:
         groups_list = self.module_config.get(p)
         if self.check_user_in_groups(groups_list):
             authenticated = True
             break
     if not authenticated:
         url = '{}?back={}'.format(self.login_url, accesspath)
         return html_redirect(url)
     return func(*args, **kwargs)
Exemple #8
0
def login():
    """
        Login dialog
    """
    title = 'Login'
    with MyS() as session:
        bs = app.get_beaker_session()
        notUsingCookies = type(bs) is dict
        back = bottle.request.forms.get('back', None)  # from HTML form with POST
        if not back:
            back = bottle.request.query.get('back', '/')  # from URL with GET
        if not back.startswith('/'):
            back = '/' + back
        emergency_admin_activated = app.server_config.get('emergency admin')
        if emergency_admin_activated:
            # Emergency Admin
            back = '/adm'
            EmergencyAdmin = bottle.request.query.EmergencyAdmin
            if EmergencyAdmin:
                print('Login Emergency Admin')
                bs.clear()
                # something random
                bs[getRndString(12)] = getRndString(32)
                bs['username'] = '******'
                bs['userfullname'] = 'Emergency Admin'
                bs['userid'] = 1
                bs['REMOTE_ADDR'] = bottle.request.environ.get('REMOTE_ADDR')
                # Emergency Admin groups: All users, Anonymous and Admins
                bs['groups'] = [-1, 0, 1]
                bs['authenticated'] = True
                # something random
                bs[getRndString(12)] = getRndString(32)
                return html_redirect(back)
        authenticated = False
        user = bottle.request.forms.user  # POST
        password = bottle.request.forms.password  # POST
        msg = ''
        if user:
            try:
                obuser = session.query(Users).filter(Users.name == user).first()
                if obuser:
                    if obuser._validate(password):
                        bs.clear()
                        # when password is correct, set the session cookie
                        # something random
                        bs[getRndString(12)] = getRndString(32)
                        bs['username'] = obuser.name
                        bs['userid'] = obuser.id
                        bs['userfullname'] = obuser.fullname
                        bs['REMOTE_ADDR'] = bottle.request.environ.get('REMOTE_ADDR')
                        # add group id -1 (All users)
                        L = [gr.id for gr in obuser.groups]
                        L.append(-1)
                        bs['groups'] = L
                        bs['authenticated'] = True
                        authenticated = True
                        # something random
                        bs[getRndString(12)] = getRndString(32)
                    else:
                        msg = "Invalid password"
                else:
                    msg = "Invalid user"
            except Exception as ex:
                # import sys, traceback
                # traceback.print_exc(file=sys.stdout)
                if emergency_admin_activated:
                    msg = 'SQL error: <b>{}</b>'.format(ex)
                else:
                    msg = '''SQL error: <b>{}</b>

Activate emergency admin in auth module and login
as emergency admin if this error persists.
'''.format(ex).replace('\n', '<br>')

    if authenticated:
        return html_redirect(back)
    else:
        # render login
        return dict(title=title, msg=msg, back=back,
                    emergency_admin_activated=emergency_admin_activated,
                    notUsingCookies=notUsingCookies)
Exemple #9
0
def _():
    """
        Save json config of user or of module.
    """
    bs = app.get_beaker_session()
    module_name = bottle.request.forms.module
    foruser = bottle.request.forms.foruser
    if foruser:
        username = bs.get('username')
        configFile = 'config_{}.json'.format(username)
    else:
        configFile = 'config.json'
        #
        # json module config contains sensitive data (like SQL DSN)
        # and is accesible ony to ADMIN = users in group id=1
        #
        if not app.check_user_in_groups(app.module_config.get('ADMIN')):
            return 'Access denied.'
    Referer = bottle.request.headers.get('Referer')
    if module_name:
        server_folder = app.server_config['DATAFOLDER']
        extensions_folder = os.path.join(server_folder, app.server_config.get('extensions_folder', 'extensions'))
        custom_module_folder = os.path.join(extensions_folder, module_name)
        if not os.path.isdir(custom_module_folder):
            pth = custom_module_folder+'.pth'
            if os.path.isfile(pth):
                with open(pth, 'rt') as f:
                    custom_module_folder = f.read().replace('\r','').replace('\n','')
        if os.path.isdir(custom_module_folder):
            config_file = os.path.join(custom_module_folder, configFile)
            with open(config_file) as f:
                data = json.loads(f.read())
            for i in data.get('data').keys():
                name = 'par{}'.format(i)
                value = bottle.request.forms.getall(name) or ''
                if data.get('data')[i]['type'] not in ('mc',):
                    if value and len(value) == 1:
                        # because of getall
                        value = value[0]
                else:
                    value = value or []
                data.get('data')[i]['value'] = value
            # delete oldest and rename old versions
            VERSIONS = int(app.server_config.get('keep config baks') or 0)
            if VERSIONS < 2:
                # at least 2 versions (baks) must be used
                VERSIONS = 2
            for cnt in range(VERSIONS - 1, 0, -1):
                oldfile = '{}.{}'.format(config_file, cnt)
                newfile = '{}.{}'.format(config_file, cnt - 1)
                if os.path.isfile(oldfile):
                    os.remove(oldfile)
                if os.path.isfile(newfile):
                    os.rename(newfile, oldfile)
            newfile = '{}.{}'.format(config_file, 0)
            if os.path.isfile(config_file):
                os.rename(config_file, newfile)
            with open(config_file, 'wb') as f:
                ret = json.dumps(data, sort_keys=True, indent=2, separators=(',', ': ')).encode('utf-8')
                f.write(ret)
            if Referer:
                return html_redirect(Referer)
            else:
                return html_redirect('/{}'.format(module_name))
Exemple #10
0
def _():
    return html_redirect(server_config.get('home_url', '/adm'))