def POST(self):
i = web.input()
f = form_talk()
if not f.validates(i):
return render_template("talks/submit", form=f)
key = new_talk(i)
if config.get('from_address') and config.get('talk_submission_contact'):
email = render_template("talks/email", i)
web.sendmail(
from_address=config.from_address,
to_address=config.talk_submission_contact,
subject=web.safestr(email.subject.strip()),
message=web.safestr(email)
)
dir = config.get("talks_dir", "/tmp/talks")
write("%s/%s.txt" % (dir, time.time()), simplejson.dumps(i))
tweet.tweet("talk_template", title=i.title, author=i.authors, url=web.ctx.home + "/" + key)
add_flash_message("info", "Thanks for submitting your talk. The selection committee will review your talk and get in touch with you shortly.")
raise web.seeother("/" + key)
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username').strip())
password = str(i.get('password').strip())
save_pass = web.safestr(i.get('save_pass', 'no').strip())
auth = core.Auth()
auth_result = auth.auth(username=username, password=password)
if auth_result[0] is True:
# Config session data.
web.config.session_parameters['cookie_name'] = 'iRedAdmin'
# Session expire when client ip was changed.
web.config.session_parameters['ignore_change_ip'] = False
# Don't ignore session expiration.
web.config.session_parameters['ignore_expiry'] = False
if save_pass == 'yes':
# Session timeout (in seconds).
web.config.session_parameters['timeout'] = 86400 # 24 hours
else:
# Expire session when browser closed.
web.config.session_parameters['timeout'] = 600 # 10 minutes
web.logger(msg="Login success", event='login',)
return web.seeother('/dashboard/checknew')
else:
session['failedTimes'] += 1
web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',)
return web.seeother('/login?msg=%s' % auth_result[1])
def enableOrDisableAccount(self, mails, action, attr='accountStatus',):
if mails is None or len(mails) == 0:
return (False, 'NO_ACCOUNT_SELECTED')
result = {}
connutils = connUtils.Utils()
for mail in mails:
self.mail = web.safestr(mail).strip().lower()
if not iredutils.is_email(self.mail):
continue
self.domain = self.mail.split('@')[-1]
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin')
if self.dn[0] is False:
return self.dn
try:
connutils.enableOrDisableAccount(
domain=self.domain,
account=self.mail,
dn=self.dn,
action=web.safestr(action).strip().lower(),
accountTypeInLogger='admin',
)
except ldap.LDAPError, e:
result[self.mail] = str(e)
def delete(self, domain, mails=[]):
if mails is None or len(mails) == 0:
return (False, 'NO_ACCOUNT_SELECTED')
self.domain = web.safestr(domain)
self.mails = [str(v) for v in mails if iredutils.isEmail(v) and str(v).endswith('@'+self.domain)]
self.domaindn = ldaputils.convKeywordToDN(self.domain, accountType='domain')
if not iredutils.isDomain(self.domain):
return (False, 'INVALID_DOMAIN_NAME')
result = {}
for mail in self.mails:
self.mail = web.safestr(mail)
try:
# Delete user object (ldap.SCOPE_BASE).
self.deleteSingleUser(self.mail,)
# Delete user object and whole sub-tree.
# Get dn of mail user and domain.
"""
self.userdn = ldaputils.convKeywordToDN(self.mail, accountType='user')
deltree.DelTree(self.conn, self.userdn, ldap.SCOPE_SUBTREE)
# Log delete action.
web.logger(
msg="Delete user: %s." % (self.mail),
domain=self.mail.split('@')[1],
event='delete',
)
"""
except ldap.LDAPError, e:
result[self.mail] = ldaputils.getExceptionDesc(e)
def GET(self, profile_type, domain):
i = web.input()
self.domain = web.safestr(domain.split('/', 1)[0])
self.profile_type = web.safestr(profile_type)
if not iredutils.isDomain(self.domain):
return web.seeother('/domains?msg=EMPTY_DOMAIN')
domainLib = domainlib.Domain()
result = domainLib.profile(domain=self.domain)
if result[0] is True:
r = domainLib.listAccounts(attrs=['domainName'])
if r[0] is True:
allDomains = r[1]
else:
return r
allAccountSettings = ldaputils.getAccountSettingFromLdapQueryResult(result[1], key='domainName',)
return web.render(
'ldap/domain/profile.html',
cur_domain=self.domain,
allDomains=allDomains,
allAccountSettings=allAccountSettings,
profile=result[1],
profile_type=self.profile_type,
msg=i.get('msg', None),
)
else:
return web.seeother('/domains?msg=' + result[1])
def enableOrDisableAccount(self, domain, account, dn, action, accountTypeInLogger=None):
self.domain = web.safestr(domain).strip().lower()
self.account = web.safestr(account).strip().lower()
self.dn = escape_filter_chars(web.safestr(dn))
# Validate operation action.
if action in ["enable", "disable"]:
self.action = action
else:
return (False, "INVALID_ACTION")
# Set value of valid account status.
if action == "enable":
self.status = attrs.ACCOUNT_STATUS_ACTIVE
else:
self.status = attrs.ACCOUNT_STATUS_DISABLED
try:
self.updateAttrSingleValue(dn=self.dn, attr="accountStatus", value=self.status)
if accountTypeInLogger is not None:
web.logger(
msg="%s %s: %s." % (str(action).capitalize(), str(accountTypeInLogger), self.account),
domain=self.domain,
event=self.action,
)
return (True,)
except ldap.LDAPError, e:
return (False, ldaputils.getExceptionDesc(e))
def updateAttrSingleValue(self, dn, attr, value):
self.mod_attrs = [(ldap.MOD_REPLACE, web.safestr(attr), web.safestr(value))]
try:
result = self.conn.modify_s(web.safestr(dn), self.mod_attrs)
return (True,)
except Exception, e:
return (False, ldaputils.getExceptionDesc(e))
def GET(self):
i = web.input(_unicode=False,)
# Get queries.
self.event = web.safestr(i.get('event', 'all'))
self.domain = web.safestr(i.get('domain', 'all'))
self.admin = web.safestr(i.get('admin', 'all'))
self.cur_page = web.safestr(i.get('page', '1'))
if not self.cur_page.isdigit() or self.cur_page == '0':
self.cur_page = 1
else:
self.cur_page = int(self.cur_page)
logLib = loglib.Log()
total, entries = logLib.listLogs(
event=self.event,
domain=self.domain,
admin=self.admin,
cur_page=self.cur_page,
)
return web.render(
'panel/log.html',
event=self.event,
domain=self.domain,
admin=self.admin,
allEvents=LOG_EVENTS,
cur_page=self.cur_page,
total=total,
entries=entries,
msg=i.get('msg'),
)
def enableOrDisableAccount(self, domain, mails, action, attr='accountStatus',):
if mails is None or len(mails) == 0:
return (False, 'NO_ACCOUNT_SELECTED')
self.mails = [str(v)
for v in mails
if iredutils.isEmail(v)
and str(v).endswith('@'+str(domain))
]
result = {}
connutils = connUtils.Utils()
for mail in self.mails:
self.mail = web.safestr(mail)
if not iredutils.isEmail(self.mail):
continue
self.domain = self.mail.split('@')[-1]
self.dn = ldaputils.convKeywordToDN(self.mail, accountType='user')
try:
connutils.enableOrDisableAccount(
domain=self.domain,
account=self.mail,
dn=self.dn,
action=web.safestr(action).strip().lower(),
accountTypeInLogger='user',
)
except ldap.LDAPError, e:
result[self.mail] = str(e)
def proxyfunc(self, *args, **kw):
if 'mail' in kw.keys() and iredutils.isEmail(kw.get('mail')):
self.domain = web.safestr(kw['mail']).split('@')[-1]
elif 'domain' in kw.keys() and iredutils.isDomain(kw.get('domain')):
self.domain = web.safestr(kw['domain'])
else:
return False
self.admin = session.get('username')
if not iredutils.isEmail(self.admin):
return False
# Check domain global admin.
if session.get('domainGlobalAdmin') is True:
return func(self, *args, **kw)
else:
# Check whether is domain admin.
try:
result = self.conn.select(
'domain_admins',
what='username',
where='''username=%s AND domain IN %s''' % (
web.sqlquote(self.admin),
web.sqlquote([self.domain, 'ALL']),
),
)
except Exception, e:
result = {}
if len(result) != 1:
return func(self, *args, **kw)
else:
return web.seeother('/users' + '?msg=PERMISSION_DENIED&domain=' + self.domain)
def enableOrDisableAccount(self, domain, mails, action, attr="accountStatus"):
if mails is None or len(mails) == 0:
return (False, "NO_ACCOUNT_SELECTED")
self.mails = [str(v) for v in mails if iredutils.is_email(v) and str(v).endswith("@" + str(domain))]
result = {}
connutils = connUtils.Utils()
for mail in self.mails:
self.mail = web.safestr(mail)
if not iredutils.is_email(self.mail):
continue
self.domain = self.mail.split("@")[-1]
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="user")
if self.dn[0] is False:
result[self.mail] = self.dn[1]
continue
try:
connutils.enableOrDisableAccount(
domain=self.domain,
account=self.mail,
dn=self.dn,
action=web.safestr(action).strip().lower(),
accountTypeInLogger="user",
)
except ldap.LDAPError, e:
result[self.mail] = str(e)
def GET(self, profile_type, mail):
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
# Get admin profile.
adminLib = admin.Admin()
result = adminLib.profile(self.mail)
if result[0] is not True:
raise web.seeother('/admins?msg=' + result[1])
else:
self.admin_profile = result[1]
i = web.input()
if self.profile_type == 'general':
# Get available languages.
if result[0] is True:
###################
# Managed domains
#
# Check permission.
#if session.get('domainGlobalAdmin') is not True:
# raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % self.mail)
# Get all domains.
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ])
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
else:
return resultOfAllDomains
return web.render(
'ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
languagemaps=languages.get_language_maps(),
allDomains=self.allDomains,
msg=i.get('msg', None),
)
else:
raise web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1]))
elif self.profile_type == 'password':
return web.render('ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg', None),
)
def request(self, sitename, path, method='GET', data=None):
url = self.base_url + '/' + sitename + path
path = '/' + sitename + path
if isinstance(data, dict):
for k in data.keys():
if data[k] is None: del data[k]
if web.config.debug:
web.ctx.infobase_req_count = 1 + web.ctx.get('infobase_req_count', 0)
a = time.time()
_path = path
_data = data
if data:
if isinstance(data, dict):
data = dict((web.safestr(k), web.safestr(v)) for k, v in data.items())
data = urllib.urlencode(data)
if method == 'GET':
path += '?' + data
data = None
conn = httplib.HTTPConnection(self.base_url)
env = web.ctx.get('env') or {}
if self.auth_token:
import Cookie
c = Cookie.SimpleCookie()
c['infobase_auth_token'] = self.auth_token
cookie = c.output(header='').strip()
headers = {'Cookie': cookie}
else:
headers = {}
# pass the remote ip to the infobase server
headers['X-REMOTE-IP'] = web.ctx.ip
try:
conn.request(method, path, data, headers=headers)
response = conn.getresponse()
except socket.error:
raise ClientException("503 Service Unavailable", "Unable to connect to infobase server")
cookie = response.getheader('Set-Cookie')
if cookie:
import Cookie
c = Cookie.SimpleCookie()
c.load(cookie)
if 'infobase_auth_token' in c:
self.set_auth_token(c['infobase_auth_token'].value)
if web.config.debug:
b = time.time()
print >> web.debug, "%.02f (%s):" % (round(b-a, 2), web.ctx.infobase_req_count), response.status, method, _path, _data
if response.status == 200:
return response.read()
else:
self.handle_error("%d %s" % (response.status, response.reason), response.read())
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username', '').strip())
password = i.get('password', '').strip()
save_pass = web.safestr(i.get('save_pass', 'no').strip())
if not iredutils.isEmail(username):
return web.seeother('/login?msg=INVALID_USERNAME')
if len(password) == 0:
return web.seeother('/login?msg=EMPTY_PASSWORD')
# Convert username to ldap dn.
userdn = ldaputils.convKeywordToDN(username, accountType='admin')
# Return True if auth success, otherwise return error msg.
self.auth_result = auth.Auth(cfg.ldap.get('uri', 'ldap://127.0.0.1/'), userdn, password,)
if self.auth_result is True:
session['username'] = username
session['logged'] = True
# Read preferred language from db.
adminLib = adminlib.Admin()
#session['lang'] = adminLib.getPreferredLanguage(userdn) or cfg.general.get('lang', 'en_US')
adminProfile = adminLib.profile(username)
if adminProfile[0] is True:
cn = adminProfile[1][0][1].get('cn', [None])[0]
lang = adminProfile[1][0][1].get('preferredLanguage', [cfg.general.get('lang', 'en_US')])[0]
session['cn'] = cn
session['lang'] = lang
else:
pass
web.config.session_parameters['cookie_name'] = 'iRedAdmin'
# Session expire when client ip was changed.
web.config.session_parameters['ignore_change_ip'] = False
# Don't ignore session expiration.
web.config.session_parameters['ignore_expiry'] = False
if save_pass == 'yes':
# Session timeout (in seconds).
web.config.session_parameters['timeout'] = 86400 # 24 hours
else:
# Expire session when browser closed.
web.config.session_parameters['timeout'] = 600 # 10 minutes
web.logger(msg="Login success", event='login',)
return web.seeother('/dashboard/checknew')
else:
session['failedTimes'] += 1
web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',)
return web.seeother('/login?msg=%s' % self.auth_result)
def sendmail(to, msg, cc=None):
cc = cc or []
if config.get("dummy_sendmail"):
print "To:", to
print "From:", config.from_address
print "Subject:", msg.subject
print
print web.safestr(msg)
else:
web.sendmail(config.from_address, to, subject=msg.subject.strip(), message=web.safestr(msg), cc=cc)
def sendmail(to, msg, cc=None):
cc = cc or []
if config.get('dummy_sendmail'):
print 'To:', to
print 'From:', config.from_address
print 'Subject:', msg.subject
print
print web.safestr(msg)
else:
web.sendmail(config.from_address, to, subject=msg.subject.strip(), message=web.safestr(msg), cc=cc)
def add(self, data):
self.cn = data.get('cn', '')
self.mail = web.safestr(data.get('mail')).strip().lower()
if not iredutils.is_email(self.mail):
return (False, 'INVALID_MAIL')
# Check admin exist.
connutils = connUtils.Utils()
if connutils.isAdminExists(self.mail):
return (False, 'ALREADY_EXISTS')
# Get domainGlobalAdmin setting.
self.domainGlobalAdmin = web.safestr(data.get('domainGlobalAdmin', 'no'))
if self.domainGlobalAdmin not in ['yes', 'no', ]:
self.domainGlobalAdmin = 'no'
# Get language setting.
self.preferredLanguage = web.safestr(data.get('preferredLanguage', 'en_US'))
# Get new password.
self.newpw = web.safestr(data.get('newpw'))
self.confirmpw = web.safestr(data.get('confirmpw'))
result = iredutils.verify_new_password(self.newpw, self.confirmpw)
if result[0] is True:
self.passwd = result[1]
else:
return result
try:
self.conn.insert(
'admin',
username=self.mail,
name=self.cn,
password=iredutils.generate_password_hash(self.passwd),
language=self.preferredLanguage,
created=iredutils.get_gmttime(),
active='1',
)
if self.domainGlobalAdmin == 'yes':
self.conn.insert(
'domain_admins',
username=self.mail,
domain='ALL',
created=iredutils.get_gmttime(),
active='1',
)
web.logger(msg="Create admin: %s." % (self.mail), event='create',)
return (True,)
except Exception, e:
return (False, str(e))
def sendmail(to, msg, cc=None):
cc = cc or []
if config.get('dummy_sendmail'):
message = ('' +
'To: ' + to + '\n' +
'From:' + config.from_address + '\n' +
'Subject:' + msg.subject + '\n' +
'\n' +
web.safestr(msg))
print >> web.debug, "sending email", message
else:
web.sendmail(config.from_address, to, subject=msg.subject.strip(), message=web.safestr(msg), cc=cc)
def POST(self):
i = web.input()
# Get domain name, username, cn.
self.cur_domain = web.safestr(i.get('domainName'))
self.username = web.safestr(i.get('username'))
userLib = user.User()
result = userLib.add(domain=self.cur_domain, data=i)
if result[0] is True:
return web.seeother('/profile/user/general/%s?msg=CREATED_SUCCESS' % (self.username + '@' + self.cur_domain))
else:
return web.seeother('/create/user/%s?msg=%s' % (self.cur_domain, result[1]))
def POST(self, domain):
i = web.input()
# Get domain name, username, cn.
self.username = web.safestr(i.get('username', ''))
self.cur_domain = web.safestr(i.get('domainName', ''))
userLib = userlib.User()
result = userLib.add(domain=self.cur_domain, data=i)
if result[0] is True:
raise web.seeother('/profile/user/general/%s@%s?msg=CREATED' % (self.username, self.cur_domain))
else:
raise web.seeother('/create/user/%s?msg=%s' % (self.cur_domain, web.urlquote(result[1])))
def update(self, profile_type, mail, data):
self.profile_type = web.safestr(profile_type)
self.mail = web.safestr(mail)
self.username, self.domain = self.mail.split('@', 1)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
return (False, 'PERMISSION_DENIED')
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin')
if self.dn[0] is False:
return self.dn
mod_attrs = []
if self.profile_type == 'general':
# Get preferredLanguage.
lang = web.safestr(data.get('preferredLanguage', 'en_US'))
mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', lang)]
# Get cn.
cn = data.get('cn', None)
mod_attrs += ldaputils.getSingleModAttr(attr='cn',
value=cn,
default=self.username)
first_name = data.get('first_name', '')
mod_attrs += ldaputils.getSingleModAttr(attr='givenName',
value=first_name,
default=self.username)
last_name = data.get('last_name', '')
mod_attrs += ldaputils.getSingleModAttr(attr='sn',
value=last_name,
default=self.username)
# Get accountStatus.
if 'accountStatus' in data.keys():
accountStatus = 'active'
else:
accountStatus = 'disabled'
mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)]
try:
# Modify profiles.
self.conn.modify_s(self.dn, mod_attrs)
if session.get('username') == self.mail and \
session.get('lang', 'en_US') != lang:
session['lang'] = lang
except ldap.LDAPError, e:
return (False, ldaputils.getExceptionDesc(e))
def _sendmail(to, msg, cc=None, frm=None):
cc = cc or []
frm = frm or config.from_address
if config.get('dummy_sendmail'):
message = ('' +
'To: ' + to + '\n' +
'From:' + config.from_address + '\n' +
'Subject:' + msg.subject + '\n' +
'\n' +
web.safestr(msg))
print("sending email", message, file=web.debug)
else:
web.sendmail(frm, to, subject=msg.subject.strip(), message=web.safestr(msg), cc=cc)
def update(self, profile_type, mail, data):
self.profile_type = web.safestr(profile_type)
self.mail = web.safestr(mail)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
return (False, 'PERMISSION_DENIED')
sql_vars = {'username': self.mail, }
if self.profile_type == 'general':
# Get name
self.cn = data.get('cn', '')
# Get preferred language.
self.preferredLanguage = str(data.get('preferredLanguage', 'en_US'))
# Update in SQL db.
try:
self.conn.update(
'admin',
vars=sql_vars,
where='username=$username',
name=self.cn,
language=self.preferredLanguage,
)
# Update language immediately.
if session.get('username') == self.mail and \
session.get('lang', 'en_US') != self.preferredLanguage:
session['lang'] = self.preferredLanguage
except Exception, e:
return (False, str(e))
if session.get('domainGlobalAdmin') is True:
# Update account status
self.accountStatus = '0' # Disabled
if 'accountStatus' in data.keys():
self.accountStatus = '1' # Active
try:
self.conn.update(
'admin',
vars=sql_vars,
where='username=$username',
active=self.accountStatus,
)
except Exception, e:
return (False, str(e))
def ldif_mailadmin(mail, passwd, cn, preferredLanguage='en_US', domainGlobalAdmin='no'):
mail = web.safestr(mail).lower()
ldif = [
('objectClass', ['mailAdmin']),
('mail', [mail]),
('userPassword', [str(passwd)]),
('accountStatus', ['active']),
('preferredLanguage', [web.safestr(preferredLanguage)]),
('domainGlobalAdmin', ['yes']),
]
ldif += ldaputils.getLdifOfSingleAttr(attr='cn', value=cn, default=mail.split('@', 1)[0],)
return ldif
def generate_ids():
wd_to_gt = load_wd_mapping()
# Govtrack
for pol in govtrack.parse_basics():
current_member = False
collision = False
watchdog_id = tools.getWatchdogID(pol.get('represents'),pol.lastname)
if watchdog_id:
current_member = True
# pol.represents should always be the same as current_member, if we
# remove the origional politician.json file we can use that
# instead.
assert(pol.represents)
else:
try:
assert(not pol.get('represents'))
except:
print "no watchdog id for", web.safestr(pol.name), web.safestr(pol.represents)
continue
watchdog_id = gen_pol_id(pol)
if watchdog_id in wd_to_gt and \
wd_to_gt[watchdog_id]['govtrack_id'] != pol.id:
collision = True
if (not collision) or current_member:
if watchdog_id not in wd_to_gt:
wd_to_gt[watchdog_id] = {}
wd_to_gt[watchdog_id]['govtrack_id'] = pol.id
if collision:
wd_to_gt[watchdog_id]['collision'] = True
if current_member:
wd_to_gt[watchdog_id]['current_member'] = True
# Votesmart
for district, cands in votesmart.candidates():
district=tools.fix_district_name(district)
for pol in cands:
watchdog_id = tools.getWatchdogID(district, pol['lastName'])
if not watchdog_id:
watchdog_id = gen_pol_id(pol)
vsid=pol['candidateId']
#TODO: Could use some more checking to be sure we are 1. adding the
# correct votesmart id to the correct watchdog_id (eg. in the
# case that there was a collision in processing the govtrack
# data). And 2. aren't creating a new watchdog_id when there
# was already one for this person.
if watchdog_id not in wd_to_gt:
wd_to_gt[watchdog_id] = {}
wd_to_gt[watchdog_id]['votesmart_id'] = vsid
return wd_to_gt
def GET(self, profile_type, mail):
i = web.input()
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if not iredutils.isEmail(self.mail):
return web.seeother("/admins?msg=INVALID_MAIL")
if session.get("domainGlobalAdmin") is not True and session.get("username") != self.mail:
# Don't allow to view/update other admins' profile.
return web.seeother("/profile/admin/general/%s?msg=PERMISSION_DENIED" % session.get("username"))
adminLib = adminlib.Admin()
result = adminLib.profile(mail=self.mail)
if result[0] is True:
domainGlobalAdmin, profile = result[1], result[2]
# Get all domains.
self.allDomains = []
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.getAllDomains()
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
# Get managed domains.
self.managedDomains = []
qr = adminLib.getManagedDomains(admin=self.mail, domainNameOnly=True, listedOnly=True)
if qr[0] is True:
self.managedDomains += qr[1]
return web.render(
"mysql/admin/profile.html",
mail=self.mail,
profile_type=self.profile_type,
domainGlobalAdmin=domainGlobalAdmin,
profile=profile,
languagemaps=languages.getLanguageMaps(),
allDomains=self.allDomains,
managedDomains=self.managedDomains,
min_passwd_length=cfg.general.get("min_passwd_length", "0"),
max_passwd_length=cfg.general.get("max_passwd_length", "0"),
msg=i.get("msg"),
)
else:
return web.seeother("/admins?msg=" + result[1])
def websafe(text):
if isinstance(text, HTML):
return text
elif isinstance(text, web.template.TemplateResult):
return web.safestr(text)
else:
return _websafe(text)
def get(self, key):
try:
value = self._client.get(web.safestr(key))
except memcache.Client.MemcachedKeyError:
return None
return value and self.decompress(value)
def add(self, data):
# msg: {key: value}
msg = {}
self.domain = web.safestr(data.get('domainName', '')).strip().lower()
# Check domain name.
if not iredutils.isDomain(self.domain):
return (False, 'INVALID_DOMAIN_NAME')
# Check whether domain name already exist (domainName, domainAliasName).
connutils = connUtils.Utils()
if connutils.isDomainExists(self.domain):
return (False, 'ALREADY_EXISTS')
self.dn = ldaputils.convKeywordToDN(self.domain, accountType='domain')
self.cn = data.get('cn', None)
ldif = iredldif.ldif_maildomain(domain=self.domain, cn=self.cn,)
# Add domain dn.
try:
result = self.conn.add_s(self.dn, ldif)
web.logger(msg="Create domain: %s." % (self.domain), domain=self.domain, event='create',)
except ldap.ALREADY_EXISTS:
msg[self.domain] = 'ALREADY_EXISTS'
except ldap.LDAPError, e:
msg[self.domain] = str(e)
def getDomainDefaultUserQuota(self, domain, domainAccountSetting=None,):
# Return 0 as unlimited.
self.domain = web.safestr(domain)
self.dn = ldaputils.convKeywordToDN(self.domain, accountType='domain')
if domainAccountSetting is not None:
if 'defaultQuota' in domainAccountSetting.keys():
return int(domainAccountSetting['defaultQuota'])
else:
return 0
else:
try:
result = self.conn.search_s(
self.dn,
ldap.SCOPE_BASE,
'(domainName=%s)' % self.domain,
['domainName', 'accountSetting'],
)
settings = ldaputils.getAccountSettingFromLdapQueryResult(result, key='domainName',)
if 'defaultQuota' in settings[self.domain].keys():
return int(settings[self.domain]['defaultQuota'])
else:
return 0
except Exception, e:
return 0
def POST(self):
form = web.input()
mail = web.safestr(form.get('mail'))
qr = ldap_lib_admin.add(form=form)
if qr[0] is True:
# Redirect to assign domains.
raise web.seeother('/profile/admin/general/%s?msg=CREATED' % mail)
else:
raise web.seeother('/create/admin?msg=' + web.urlquote(qr[1]))
def internalerror():
i = web.input(_method='GET', debug='false')
name = save_error()
openlibrary.core.stats.increment('ol.internal-errors', 1)
if i.debug.lower() == 'true':
raise web.debugerror()
else:
msg = render.site(render.internalerror(name))
raise web.internalerror(web.safestr(msg))
def get(self, key):
key = adapter.convert_key(key)
if key is None:
return None
try:
value = self._client.get(web.safestr(key))
except memcache.Client.MemcachedKeyError:
return None
return value and self.decompress(value)
def get_item_json(itemid):
itemid = web.safestr(itemid.strip())
url = 'http://archive.org/metadata/%s' % itemid
try:
stats.begin("archive.org", url=url)
metadata_json = urllib2.urlopen(url).read()
stats.end()
return simplejson.loads(metadata_json)
except IOError:
stats.end()
return {}
def add(self, data):
self.cn = data.get('cn')
self.mail = web.safestr(data.get('mail')).strip().lower()
if not iredutils.is_email(self.mail):
return (False, 'INVALID_MAIL')
self.domainGlobalAdmin = web.safestr(data.get('domainGlobalAdmin', 'no'))
if self.domainGlobalAdmin not in ['yes', 'no', ]:
self.domainGlobalAdmin = 'no'
self.preferredLanguage = web.safestr(data.get('preferredLanguage', 'en_US'))
# Check password.
self.newpw = web.safestr(data.get('newpw'))
self.confirmpw = web.safestr(data.get('confirmpw'))
result = iredutils.verify_new_password(self.newpw, self.confirmpw)
if result[0] is True:
self.passwd = iredutils.generate_password_hash(result[1])
else:
return result
ldif = iredldif.ldif_mailadmin(mail=self.mail,
passwd=self.passwd,
cn=self.cn,
preferredLanguage=self.preferredLanguage,
domainGlobalAdmin=self.domainGlobalAdmin)
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin')
if self.dn[0] is False:
return self.dn
try:
self.conn.add_s(self.dn, ldif)
web.logger(msg="Create admin: %s." % (self.mail), event='create',)
return (True,)
except ldap.ALREADY_EXISTS:
return (False, 'ALREADY_EXISTS')
except Exception as e:
return (False, ldaputils.getExceptionDesc(e))
def POST(self):
i = web.input()
self.mail = web.safestr(i.get('mail'))
adminLib = admin.Admin()
result = adminLib.add(data=i)
if result[0] is True:
# Redirect to assign domains.
return web.seeother('/profile/admin/general/%s?msg=CREATED_SUCCESS' % self.mail)
else:
return web.seeother('/create/admin?msg=' + result[1])
def deleteObjWithDN(self, domain, dn, account, accountType,):
self.domain = web.safestr(domain)
if not iredutils.is_domain(self.domain):
return (False, 'INVALID_DOMAIN_NAME')
self.dn = escape_filter_chars(dn)
# Used for logger.
self.account = web.safestr(account)
try:
delete_ldap_tree(dn=self.dn, conn=self.conn)
web.logger(
msg="Delete %s: %s." % (str(accountType), self.account),
domain=self.domain,
event='delete',
)
return (True,)
except Exception as e:
return (False, ldaputils.getExceptionDesc(e))
def __call__(self, *a):
try:
a = [x or "" for x in a]
return str(self) % tuple(web.safestr(x) for x in a)
except:
traceback.print_exc()
print(
'failed to substitute (%s/%s) in language %s' %
(self._namespace, self._key, web.ctx.lang),
file=web.debug,
)
return str(self)
def ldif_mailadmin(mail,
passwd,
cn,
account_status=None,
preferred_language=None,
account_setting=None,
disabled_services=None):
"""Generate LDIF used to create a standalone domain admin account.
:param mail: full email address. The mail domain cannot be one of locally
hosted domain.
:param passwd: hashed password string
:param cn: the display name of this admin
:param account_status: account status (active, disabled)
:param preferred_language: short code of preferred language. e.g. en_US.
:param is_global_admin: mark this admin as a global admin (yes, no)
:param account_setting: a dict of per-account settings.
:param disabled_services: a list/tupe/set of disabled services.
"""
mail = web.safestr(mail).lower()
if account_status not in ['active', 'disabled']:
account_status = 'disabled'
ldif = ldaputils.attrs_ldif({
'objectClass':
'mailAdmin',
'mail':
mail,
'userPassword':
passwd,
'accountStatus':
account_status,
'domainGlobalAdmin':
'yes',
'shadowLastChange':
ldaputils.get_days_of_shadow_last_change(),
'cn':
cn,
'disabledService':
disabled_services,
})
if preferred_language:
if preferred_language in iredutils.get_language_maps():
ldif += ldaputils.attr_ldif("preferredLanguage",
preferred_language)
if account_setting and isinstance(account_setting, dict):
_as = ldaputils.account_setting_dict_to_list(account_setting)
ldif += ldaputils.attr_ldif("accountSetting", _as)
return ldif
def profile(self, domain):
domain = web.safestr(domain)
if not iredutils.is_domain(domain):
return (False, 'INVALID_DOMAIN_NAME')
try:
qr = self.conn.query(
'''
SELECT
domain.domain, domain.description, domain.aliases,
domain.mailboxes, domain.maxquota, domain.quota,
domain.transport, domain.backupmx, domain.active,
sbcc.bcc_address AS sbcc_addr,
sbcc.active AS sbcc_active,
rbcc.bcc_address AS rbcc_addr,
rbcc.active AS rbcc_active,
alias.goto AS catchall,
alias.active AS catchall_active,
COUNT(DISTINCT mailbox.username) AS mailbox_count,
COUNT(DISTINCT alias.address) AS alias_count
FROM domain
LEFT JOIN sender_bcc_domain AS sbcc ON (sbcc.domain=domain.domain)
LEFT JOIN recipient_bcc_domain AS rbcc ON (rbcc.domain=domain.domain)
LEFT JOIN domain_admins ON (domain.domain = domain_admins.domain)
LEFT JOIN mailbox ON (domain.domain = mailbox.domain)
LEFT JOIN alias ON (
domain.domain = alias.address
AND alias.address <> alias.goto
)
WHERE domain.domain=$domain
GROUP BY
domain.domain, domain.description, domain.aliases,
domain.mailboxes, domain.maxquota, domain.quota,
domain.transport, domain.backupmx, domain.active,
sbcc.bcc_address, sbcc.active,
rbcc.bcc_address, rbcc.active,
alias.goto, alias.active
ORDER BY domain.domain
LIMIT 1
''',
vars={
'domain': domain,
},
)
if len(qr) == 1:
# Return first list element.
return (True, list(qr)[0])
else:
return (False, 'NO_SUCH_OBJECT')
except Exception, e:
return (False, str(e))
def _load_macro(page, lazy=False):
if lazy:
page = web.storage(
key=page.key,
macro=web.safestr(_stringify(page.macro)),
description=page.description or "",
)
wikimacros[page.key] = LazyTemplate(lambda: _load_macro(page))
else:
t = _compile_template(page.key, page.macro)
t.__doc__ = page.description or ''
wikimacros[page.key] = t
def save_error(dir, prefix):
try:
logger.error("Error", exc_info=True)
error = web.djangoerror()
now = datetime.datetime.utcnow()
path = '%s/%04d-%02d-%02d/%s-%02d%02d%02d.%06d.html' % (dir, \
now.year, now.month, now.day, prefix,
now.hour, now.minute, now.second, now.microsecond)
logger.error('Error saved to %s', path)
write(path, web.safestr(error))
except:
logger.error('Exception in saving the error', exc_info=True)
def POST(self):
form = web.input(_unicode=False, id=[])
action = form.get('action', 'delete')
delete_all = False
if action == 'deleteAll':
delete_all = True
qr = loglib.delete_logs(form=form, delete_all=delete_all)
if qr[0]:
# Keep the log filter.
form_domain = web.safestr(form.get('domain'))
form_admin = web.safestr(form.get('admin'))
form_event = web.safestr(form.get('event'))
url = 'domain={}&admin={}&event={}'.format(form_domain, form_admin,
form_event)
raise web.seeother('/activities/admins?%s&msg=DELETED' % url)
else:
raise web.seeother('/activities/admins?msg=%s' %
web.urlquote(qr[1]))
def sendmail(from_address, to_address, subject, message):
if config.get('dummy_sendmail'):
msg = ('' +
'To: ' + to_address + '\n' +
'From:' + from_address + '\n' +
'Subject:' + subject + '\n' +
'\n' +
web.safestr(message))
logger.info("sending email:\n%s", msg)
else:
web.sendmail(from_address, to_address, subject, message)
def POST(self):
i = web.input()
self.mail = web.safestr(i.get('mail'))
adminLib = adminlib.Admin()
result = adminLib.add(data=i)
if result[0] is True:
# Redirect to assign domains.
raise web.seeother('/profile/admin/general/%s?msg=CREATED' % self.mail)
else:
raise web.seeother('/create/admin?msg=' + web.urlquote(result[1]))
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username').strip())
password = str(i.get('password').strip())
save_pass = web.safestr(i.get('save_pass', 'no').strip())
auth = core.Auth()
auth_result = auth.auth(username=username, password=password)
if auth_result[0] is True:
# Config session data.
web.config.session_parameters['cookie_name'] = 'iRedAdmin'
# Session expire when client ip was changed.
web.config.session_parameters['ignore_change_ip'] = False
# Don't ignore session expiration.
web.config.session_parameters['ignore_expiry'] = False
if save_pass == 'yes':
# Session timeout (in seconds).
web.config.session_parameters['timeout'] = 86400 # 24 hours
else:
# Expire session when browser closed.
web.config.session_parameters['timeout'] = 600 # 10 minutes
web.logger(
msg="Login success",
event='login',
)
return web.seeother('/dashboard/checknew')
else:
session['failedTimes'] += 1
web.logger(
msg="Login failed.",
admin=username,
event='login',
loglevel='error',
)
return web.seeother('/login?msg=%s' % auth_result[1])
def ldif_mailExternalUser(mail, ):
mail = web.safestr(mail).lower()
if not iredutils.is_email(mail):
return None
listname, domain = mail.split('@')
ldif = [
('objectClass', ['mailExternalUser']),
('accountStatus', ['active']),
('memberOfGroup', [mail]),
('enabledService', ['mail', 'deliver']),
]
return ldif
def proxyfunc(*args, **kw):
# Check domain global admin.
if session.get('domainGlobalAdmin') is True:
return func(*args, **kw)
else:
if 'mail' in kw.keys() and iredutils.is_email(kw.get('mail')):
domain = web.safestr(kw['mail']).split('@')[-1]
elif 'domain' in kw.keys() and iredutils.is_domain(
kw.get('domain')):
domain = web.safestr(kw['domain'])
else:
return (False, 'PERMISSION_DENIED')
# Check whether is domain admin.
validator = Validator()
if validator.is_domainAdmin(
domain=domain,
admin=session.get('username'),
):
return func(*args, **kw)
else:
return (False, 'PERMISSION_DENIED')
def generate_hash(secret_key, text, salt=None):
if not isinstance(secret_key, bytes):
secret_key = secret_key.encode('utf-8')
salt = (
salt
or hmac.HMAC(
secret_key, str(random.random()).encode('utf-8'), hashlib.md5
).hexdigest()[:5]
)
hash = hmac.HMAC(
secret_key, (salt + web.safestr(text)).encode('utf-8'), hashlib.md5
).hexdigest()
return f'{salt}${hash}'
def enableOrDisableAccount(
self,
domain,
mails,
action,
attr='accountStatus',
):
if mails is None or len(mails) == 0:
return (False, 'NO_ACCOUNT_SELECTED')
self.mails = [
str(v) for v in mails
if iredutils.is_email(v) and str(v).endswith('@' + str(domain))
]
result = {}
connutils = connUtils.Utils()
for mail in self.mails:
self.mail = web.safestr(mail)
if not iredutils.is_email(self.mail):
continue
self.domain = self.mail.split('@')[-1]
self.dn = ldaputils.convert_keyword_to_dn(self.mail,
accountType='user')
if self.dn[0] is False:
result[self.mail] = self.dn[1]
continue
try:
connutils.enableOrDisableAccount(
domain=self.domain,
account=self.mail,
dn=self.dn,
action=web.safestr(action).strip().lower(),
accountTypeInLogger='user',
)
except ldap.LDAPError, e:
result[self.mail] = str(e)
def write_sitemaps(data, outdir, prefix):
timestamp = datetime.datetime.utcnow().isoformat() + 'Z'
# maximum permitted entries in one sitemap is 50K.
for i, rows in enumerate(web.group(data, 50000)):
filename = "sitemap_%s_%04d.xml.gz" % (prefix, i)
print("generating", filename, file=sys.stderr)
sitemap = web.safestr(t_sitemap(rows))
path = os.path.join(outdir, filename)
gzwrite(path, sitemap)
yield filename, timestamp
def _get_metadata(itemid):
"""Returns metadata by querying the archive.org metadata API.
"""
itemid = web.safestr(itemid.strip())
url = '%s/metadata/%s' % (IA_BASE_URL, itemid)
try:
stats.begin('archive.org', url=url)
metadata = requests.get(url)
stats.end()
return metadata.json()
except IOError:
stats.end()
return {}
def delete(self, domain, mails=[]):
if mails is None or len(mails) == 0:
return (False, 'NO_ACCOUNT_SELECTED')
self.domain = web.safestr(domain)
self.mails = [
str(v) for v in mails
if iredutils.isEmail(v) and str(v).endswith('@' + self.domain)
]
self.domaindn = ldaputils.convKeywordToDN(self.domain,
accountType='domain')
if not iredutils.isDomain(self.domain):
return (False, 'INVALID_DOMAIN_NAME')
result = {}
for mail in self.mails:
self.mail = web.safestr(mail)
try:
# Delete user object (ldap.SCOPE_BASE).
self.deleteSingleUser(self.mail, )
# Delete user object and whole sub-tree.
# Get dn of mail user and domain.
"""
self.userdn = ldaputils.convKeywordToDN(self.mail, accountType='user')
deltree.DelTree(self.conn, self.userdn, ldap.SCOPE_SUBTREE)
# Log delete action.
web.logger(
msg="Delete user: %s." % (self.mail),
domain=self.mail.split('@')[1],
event='delete',
)
"""
except ldap.LDAPError, e:
result[self.mail] = ldaputils.getExceptionDesc(e)
def getAllAliasDomains(
self,
domains,
namesOnly=False,
):
if isinstance(domains, list):
domains = [v.lower() for v in domains if iredutils.isDomain(v)]
else:
domains = str(domains)
if not iredutils.isDomain(domains):
return (False, 'INVALID_DOMAIN_NAME')
else:
domains = [domains]
try:
qr = self.conn.select(
'dbmail_alias_domains',
vars={
'domains': domains,
},
where='target_domain IN $domains',
)
if namesOnly is True:
target_domains = {}
for r in qr:
target_domain = web.safestr(r.target_domain)
if target_domain in target_domains:
target_domains[target_domain] += [
web.safestr(r.alias_domain)
]
else:
target_domains[target_domain] = [
web.safestr(r.alias_domain)
]
return (True, target_domains)
else:
return (True, list(qr))
except Exception, e:
return (False, str(e))
def sendmail(self, to, msg, cc=None):
cc = cc or []
subject = msg.subject.strip()
body = web.safestr(msg).strip()
if config.get('dummy_sendmail'):
print >> web.debug, 'To:', to
print >> web.debug, 'From:', config.from_address
print >> web.debug, 'Subject:', subject
print >> web.debug
print >> web.debug, body
else:
web.sendmail(config.from_address, to, subject=subject, message=body, cc=cc)
def get_language_maps() -> Dict:
# Get available languages file.
rootdir = os.path.abspath(os.path.dirname(__file__)) + "/../"
available_langs = [
web.safestr(os.path.basename(v))
for v in glob.glob(rootdir + "i18n/[a-z][a-z]_[A-Z][A-Z]")
if os.path.basename(v) in l10n.langmaps
]
available_langs += [
web.safestr(os.path.basename(v))
for v in glob.glob(rootdir + "i18n/[a-z][a-z]")
if os.path.basename(v) in l10n.langmaps
]
# Get language maps.
languagemaps = {}
for i in available_langs:
if i in l10n.langmaps:
languagemaps.update({i: l10n.langmaps[i]})
return languagemaps
def make_index(dump_file):
"""Make index with "path", "title", "created" and "last_modified" columns."""
for type, key, revision, timestamp, json_data in read_tsv(dump_file):
data = json.loads(json_data)
if type in ("/type/edition", "/type/work"):
title = data.get("title", "untitled")
path = key + "/" + urlsafe(title)
elif type == "/type/author":
title = data.get("name", "unnamed")
path = key + "/" + urlsafe(title)
else:
title = data.get("title", key)
path = key
title = title.replace("\t", " ")
if "created" in data:
created = data["created"]["value"]
else:
created = "-"
print("\t".join([web.safestr(path), web.safestr(title), created, timestamp]))
def enableOrDisableAccount(self, domains, action, attr='accountStatus',):
if domains is None or len(domains) == 0:
return (False, 'NO_DOMAIN_SELECTED')
result = {}
connutils = connUtils.Utils()
for domain in domains:
self.domain = web.safestr(domain)
self.dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain')
if self.dn[0] is False:
return self.dn
try:
connutils.enableOrDisableAccount(
domain=self.domain,
account=self.domain,
dn=self.dn,
action=web.safestr(action).strip().lower(),
accountTypeInLogger='domain',
)
except ldap.LDAPError, e:
result[self.domain] = str(e)
def GET(self, domain='', cur_page=1):
domain = web.safestr(domain).split('/', 1)[0]
cur_page = int(cur_page)
if not iredutils.is_domain(domain):
raise web.seeother('/domains?msg=INVALID_DOMAIN_NAME')
if cur_page == 0:
cur_page = 1
i = web.input()
domainLib = domainlib.Domain()
result = domainLib.listAccounts(attrs=[
'domainName',
'accountStatus',
])
if result[0] is True:
allDomains = result[1]
else:
return result
userLib = user.User()
result = userLib.listAccounts(domain=domain)
if result[0] is True:
connutils = connUtils.Utils()
sl = connutils.getSizelimitFromAccountLists(
result[1],
curPage=cur_page,
sizelimit=settings.PAGE_SIZE_LIMIT,
accountType='user',
domain=domain,
)
accountList = sl.get('accountList', [])
if cur_page > sl.get('totalPages'):
cur_page = sl.get('totalPages')
return web.render(
'ldap/user/list.html',
cur_page=cur_page,
total=sl.get('totalAccounts'),
users=accountList,
cur_domain=domain,
allDomains=allDomains,
accountUsedQuota={},
msg=i.get('msg'),
)
else:
raise web.seeother('/domains?msg=%s' % web.urlquote(result[1]))
def GET(self, profile_type, domain):
form = web.input()
domain = web.safestr(domain).lower()
_wrap = LDAPWrap()
conn = _wrap.conn
qr = ldap_lib_domain.get_profile(domain=domain, conn=conn)
if not qr[0]:
raise web.seeother('/domains?msg=' + web.urlquote(qr[1]))
domain_profile = qr[1]['ldif']
r = ldap_lib_domain.list_accounts(attributes=['domainName'], conn=conn)
if r[0] is True:
all_domains = r[1]
else:
return r
domain_account_settings = ldaputils.get_account_setting_from_profile(
domain_profile)
(min_passwd_length,
max_passwd_length) = ldap_lib_general.get_domain_password_lengths(
domain=domain,
account_settings=domain_account_settings,
fallback_to_global_settings=False)
# Get settings from db.
_settings = iredutils.get_settings_from_db(
params=['min_passwd_length', 'max_passwd_length'])
global_min_passwd_length = _settings['min_passwd_length']
global_max_passwd_length = _settings['max_passwd_length']
return web.render(
'ldap/domain/profile.html',
cur_domain=domain,
allDomains=all_domains,
domain_account_settings=domain_account_settings,
profile=domain_profile,
profile_type=profile_type,
global_min_passwd_length=global_min_passwd_length,
global_max_passwd_length=global_max_passwd_length,
min_passwd_length=min_passwd_length,
max_passwd_length=max_passwd_length,
timezones=TIMEZONES,
default_mta_transport=settings.default_mta_transport,
languagemaps=iredutils.get_language_maps(),
msg=form.get('msg', None),
)
