Esempio n. 1
0
def admin_delete(admin_id):
    if settings.app.demo_mode:
        return utils.demo_blocked()

    if not flask.g.administrator.super_user:
        return utils.jsonify(
            {
                'error': REQUIRES_SUPER_USER,
                'error_msg': REQUIRES_SUPER_USER_MSG,
            }, 400)

    admin = auth.get_by_id(admin_id)
    remote_addr = utils.get_remote_addr()

    if admin.super_user and auth.super_user_count() < 2:
        return utils.jsonify({
            'error': NO_ADMINS,
            'error_msg': NO_ADMINS_MSG,
        }, 400)

    journal.entry(
        journal.ADMIN_DELETE,
        admin.journal_data,
        event_long='Administrator deleted',
        remote_addr=remote_addr,
    )

    admin.remove()
    event.Event(type=ADMINS_UPDATED)

    return utils.jsonify({})
Esempio n. 2
0
def admin_get(admin_id=None):
    if settings.app.demo_mode:
        resp = utils.demo_get_cache()
        if resp:
            return utils.jsonify(resp)

    if not flask.g.administrator.super_user:
        return utils.jsonify(
            {
                'error': REQUIRES_SUPER_USER,
                'error_msg': REQUIRES_SUPER_USER_MSG,
            }, 400)

    if admin_id:
        return utils.jsonify(auth.get_by_id(admin_id).dict())

    admins = []

    for admin in auth.iter_admins():
        admin = admin.dict()
        admin['audit'] = settings.app.auditing == ALL
        admins.append(admin)

    if settings.app.demo_mode:
        utils.demo_set_cache(admins)
    return utils.jsonify(admins)
Esempio n. 3
0
def admin_get(admin_id=None):
    if settings.app.demo_mode:
        resp = utils.demo_get_cache()
        if resp:
            return utils.jsonify(resp)

    if not flask.g.administrator.super_user:
            return utils.jsonify({
                'error': REQUIRES_SUPER_USER,
                'error_msg': REQUIRES_SUPER_USER_MSG,
            }, 400)

    if admin_id:
        return utils.jsonify(auth.get_by_id(admin_id).dict())

    admins = []

    for admin in auth.iter_admins():
        admin = admin.dict()
        admin['audit'] = settings.app.auditing == ALL
        admins.append(admin)

    if settings.app.demo_mode:
        utils.demo_set_cache(admins)
    return utils.jsonify(admins)
Esempio n. 4
0
def admin_delete(admin_id):
    if settings.app.demo_mode:
        return utils.demo_blocked()

    if not flask.g.administrator.super_user:
        return utils.jsonify({
            'error': REQUIRES_SUPER_USER,
            'error_msg': REQUIRES_SUPER_USER_MSG,
        }, 400)

    admin = auth.get_by_id(admin_id)
    remote_addr = utils.get_remote_addr()

    if admin.super_user and auth.super_user_count() < 2:
        return utils.jsonify({
            'error': NO_ADMINS,
            'error_msg': NO_ADMINS_MSG,
        }, 400)

    journal.entry(
        journal.ADMIN_DELETE,
        admin.journal_data,
        event_long='Administrator deleted',
        remote_addr=remote_addr,
    )

    admin.remove()
    event.Event(type=ADMINS_UPDATED)

    return utils.jsonify({})
Esempio n. 5
0
def admin_audit_get(admin_id):
    if not flask.g.administrator.super_user:
        return utils.jsonify({
            'error': REQUIRES_SUPER_USER,
            'error_msg': REQUIRES_SUPER_USER_MSG,
        }, 400)

    admin = auth.get_by_id(admin_id)
    return utils.jsonify(admin.get_audit_events())
Esempio n. 6
0
def admin_get(admin_id=None):
    if admin_id:
        return utils.jsonify(auth.get_by_id(admin_id).dict())

    admins = []

    for admin in auth.iter_admins():
        admins.append(admin.dict())

    return utils.jsonify(admins)
Esempio n. 7
0
def admin_get(admin_id=None):
    if not flask.g.administrator.super_user:
        return utils.jsonify({"error": REQUIRES_SUPER_USER, "error_msg": REQUIRES_SUPER_USER_MSG}, 400)

    if admin_id:
        return utils.jsonify(auth.get_by_id(admin_id).dict())

    admins = []

    for admin in auth.iter_admins():
        admins.append(admin.dict())

    return utils.jsonify(admins)
Esempio n. 8
0
def admin_get(admin_id=None):
    if not flask.g.administrator.super_user:
            return utils.jsonify({
                'error': REQUIRES_SUPER_USER,
                'error_msg': REQUIRES_SUPER_USER_MSG,
            }, 400)

    if admin_id:
        return utils.jsonify(auth.get_by_id(admin_id).dict())

    admins = []

    for admin in auth.iter_admins():
        admins.append(admin.dict())

    return utils.jsonify(admins)
Esempio n. 9
0
def admin_delete(admin_id):
    if settings.app.demo_mode:
        return utils.demo_blocked()

    if not flask.g.administrator.super_user:
        return utils.jsonify({"error": REQUIRES_SUPER_USER, "error_msg": REQUIRES_SUPER_USER_MSG}, 400)

    admin = auth.get_by_id(admin_id)

    if admin.super_user and auth.super_user_count() < 2:
        return utils.jsonify({"error": NO_ADMINS, "error_msg": NO_ADMINS_MSG}, 400)

    admin.remove()

    event.Event(type=ADMINS_UPDATED)

    return utils.jsonify({})
Esempio n. 10
0
def admin_audit_get(admin_id):
    if settings.app.demo_mode:
        resp = utils.demo_get_cache()
        if resp:
            return utils.jsonify(resp)

    if not flask.g.administrator.super_user:
        return utils.jsonify({
            'error': REQUIRES_SUPER_USER,
            'error_msg': REQUIRES_SUPER_USER_MSG,
        }, 400)

    admin = auth.get_by_id(admin_id)

    resp = admin.get_audit_events()
    if settings.app.demo_mode:
        utils.demo_set_cache(resp)
    return utils.jsonify(resp)
Esempio n. 11
0
def admin_audit_get(admin_id):
    if settings.app.demo_mode:
        resp = utils.demo_get_cache()
        if resp:
            return utils.jsonify(resp)

    if not flask.g.administrator.super_user:
        return utils.jsonify(
            {
                'error': REQUIRES_SUPER_USER,
                'error_msg': REQUIRES_SUPER_USER_MSG,
            }, 400)

    admin = auth.get_by_id(admin_id)

    resp = admin.get_audit_events()
    if settings.app.demo_mode:
        utils.demo_set_cache(resp)
    return utils.jsonify(resp)
Esempio n. 12
0
def admin_delete(admin_id):
    if settings.app.demo_mode:
        return utils.demo_blocked()

    if not flask.g.administrator.super_user:
        return utils.jsonify(
            {
                'error': REQUIRES_SUPER_USER,
                'error_msg': REQUIRES_SUPER_USER_MSG,
            }, 400)

    admin = auth.get_by_id(admin_id)

    if admin.super_user and auth.super_user_count() < 2:
        return utils.jsonify({
            'error': NO_ADMINS,
            'error_msg': NO_ADMINS_MSG,
        }, 400)

    admin.remove()
    event.Event(type=ADMINS_UPDATED)

    return utils.jsonify({})
Esempio n. 13
0
def admin_put(admin_id):
    if settings.app.demo_mode:
        return utils.demo_blocked()

    if not flask.g.administrator.super_user:
        return utils.jsonify({
            'error': REQUIRES_SUPER_USER,
            'error_msg': REQUIRES_SUPER_USER_MSG,
        }, 400)

    admin = auth.get_by_id(admin_id)

    if 'username' in flask.request.json:
        username = utils.filter_str(flask.request.json['username']) or \
            'undefined'
        if username:
            username = username.lower()

        if username != admin.username:
            admin.audit_event('admin_updated',
                'Administrator username changed',
                remote_addr=utils.get_remote_addr(),
            )

        admin.username = username

    if 'password' in flask.request.json and flask.request.json['password']:
        password = flask.request.json['password']

        if password != admin.password:
            admin.audit_event('admin_updated',
                'Administrator password changed',
                remote_addr=utils.get_remote_addr(),
            )

        admin.password = password

    super_user = flask.request.json.get('super_user')
    if super_user is not None:
        if super_user != admin.super_user:
            if not super_user and auth.super_user_count() < 2:
                return utils.jsonify({
                    'error': NO_SUPER_USERS,
                    'error_msg': NO_SUPER_USERS_MSG,
                }, 400)

            admin.audit_event('admin_updated',
                'Administrator super user %s' % (
                    'disabled' if super_user else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.super_user = super_user

    auth_api = flask.request.json.get('auth_api')
    if auth_api is not None:
        if auth_api != admin.auth_api:
            if not auth_api:
                admin.token = None
                admin.secret = None
            elif not admin.token or not admin.secret:
                admin.generate_token()
                admin.generate_secret()

            admin.audit_event('admin_updated',
                'Administrator token authentication %s' % (
                    'disabled' if auth_api else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.auth_api = auth_api

    if 'token' in flask.request.json and flask.request.json['token']:
        admin.generate_token()
        admin.audit_event('admin_updated',
            'Administrator api token changed',
            remote_addr=utils.get_remote_addr(),
        )

    if 'secret' in flask.request.json and flask.request.json['secret']:
        admin.generate_secret()
        admin.audit_event('admin_updated',
            'Administrator api secret changed',
            remote_addr=utils.get_remote_addr(),
        )

    disabled = flask.request.json.get('disabled')
    if disabled is not None:
        if disabled != admin.disabled:
            if disabled and admin.super_user and auth.super_user_count() < 2:
                return utils.jsonify({
                    'error': NO_ADMINS_ENABLED,
                    'error_msg': NO_ADMINS_ENABLED_MSG,
                }, 400)

            admin.audit_event('admin_updated',
                'Administrator %s' % ('disabled' if disabled else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.disabled = disabled

    otp_auth = flask.request.json.get('otp_auth')
    if otp_auth is not None:
        if otp_auth != admin.otp_auth:
            if not otp_auth:
                admin.otp_secret = None
            elif not admin.otp_secret:
                admin.generate_otp_secret()

            admin.audit_event('admin_updated',
                'Administrator two-step authentication %s' % (
                    'disabled' if otp_auth else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.otp_auth = otp_auth

    otp_secret = flask.request.json.get('otp_secret')
    if otp_secret == True:
        admin.audit_event('admin_updated',
            'Administrator two-factor authentication secret reset',
            remote_addr=utils.get_remote_addr(),
        )
        admin.generate_otp_secret()

    try:
        admin.commit()
    except pymongo.errors.DuplicateKeyError:
        return utils.jsonify({
            'error': ADMIN_USERNAME_EXISTS,
            'error_msg': ADMIN_USERNAME_EXISTS_MSG,
        }, 400)

    event.Event(type=ADMINS_UPDATED)

    return utils.jsonify(admin.dict())
Esempio n. 14
0
def admin_audit_get(admin_id):
    admin = auth.get_by_id(admin_id)
    return utils.jsonify(admin.get_audit_events())
Esempio n. 15
0
def admin_put(admin_id):
    if settings.app.demo_mode:
        return utils.demo_blocked()

    if not flask.g.administrator.super_user:
        return utils.jsonify(
            {
                'error': REQUIRES_SUPER_USER,
                'error_msg': REQUIRES_SUPER_USER_MSG,
            }, 400)

    admin = auth.get_by_id(admin_id)

    if 'username' in flask.request.json:
        username = utils.filter_str(flask.request.json['username']) or \
            'undefined'
        if username:
            username = username.lower()

        if username != admin.username:
            admin.audit_event(
                'admin_updated',
                'Administrator username changed',
                remote_addr=utils.get_remote_addr(),
            )

        admin.username = username

    if 'password' in flask.request.json and flask.request.json['password']:
        password = flask.request.json['password']

        if password != admin.password:
            admin.audit_event(
                'admin_updated',
                'Administrator password changed',
                remote_addr=utils.get_remote_addr(),
            )

        admin.password = password

    if 'yubikey_id' in flask.request.json:
        yubikey_id = flask.request.json['yubikey_id'] or None

        if yubikey_id != admin.yubikey_id:
            admin.audit_event(
                'admin_updated',
                'Administrator YubiKey ID changed',
                remote_addr=utils.get_remote_addr(),
            )

        admin.yubikey_id = yubikey_id[:12] if yubikey_id else None

    super_user = flask.request.json.get('super_user')
    if super_user is not None:
        if super_user != admin.super_user:
            if not super_user and auth.super_user_count() < 2:
                return utils.jsonify(
                    {
                        'error': NO_SUPER_USERS,
                        'error_msg': NO_SUPER_USERS_MSG,
                    }, 400)

            admin.audit_event(
                'admin_updated',
                'Administrator super user %s' %
                ('disabled' if super_user else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.super_user = super_user

    auth_api = flask.request.json.get('auth_api')
    if auth_api is not None:
        if auth_api != admin.auth_api:
            if not auth_api:
                admin.token = None
                admin.secret = None
            elif not admin.token or not admin.secret:
                admin.generate_token()
                admin.generate_secret()

            admin.audit_event(
                'admin_updated',
                'Administrator token authentication %s' %
                ('disabled' if auth_api else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.auth_api = auth_api

    if 'token' in flask.request.json and flask.request.json['token']:
        admin.generate_token()
        admin.audit_event(
            'admin_updated',
            'Administrator api token changed',
            remote_addr=utils.get_remote_addr(),
        )

    if 'secret' in flask.request.json and flask.request.json['secret']:
        admin.generate_secret()
        admin.audit_event(
            'admin_updated',
            'Administrator api secret changed',
            remote_addr=utils.get_remote_addr(),
        )

    disabled = flask.request.json.get('disabled')
    if disabled is not None:
        if disabled != admin.disabled:
            if disabled and admin.super_user and auth.super_user_count() < 2:
                return utils.jsonify(
                    {
                        'error': NO_ADMINS_ENABLED,
                        'error_msg': NO_ADMINS_ENABLED_MSG,
                    }, 400)

            admin.audit_event(
                'admin_updated',
                'Administrator %s' % ('disabled' if disabled else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.disabled = disabled

    otp_auth = flask.request.json.get('otp_auth')
    if otp_auth is not None:
        if otp_auth != admin.otp_auth:
            if not otp_auth:
                admin.otp_secret = None
            elif not admin.otp_secret:
                admin.generate_otp_secret()

            admin.audit_event(
                'admin_updated',
                'Administrator two-step authentication %s' %
                ('disabled' if otp_auth else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.otp_auth = otp_auth

    otp_secret = flask.request.json.get('otp_secret')
    if otp_secret == True:
        admin.audit_event(
            'admin_updated',
            'Administrator two-factor authentication secret reset',
            remote_addr=utils.get_remote_addr(),
        )
        admin.generate_otp_secret()

    try:
        admin.commit()
    except pymongo.errors.DuplicateKeyError:
        return utils.jsonify(
            {
                'error': ADMIN_USERNAME_EXISTS,
                'error_msg': ADMIN_USERNAME_EXISTS_MSG,
            }, 400)

    event.Event(type=ADMINS_UPDATED)

    return utils.jsonify(admin.dict())
Esempio n. 16
0
def admin_put(admin_id):
    admin = auth.get_by_id(admin_id)

    if 'username' in flask.request.json:
        username = utils.filter_str(flask.request.json['username']) or None

        if username != admin.username:
            admin.audit_event('admin_updated',
                'Administrator username changed',
                remote_addr=utils.get_remote_addr(),
            )

        admin.username = username

    if 'password' in flask.request.json:
        password = flask.request.json['password']

        if password != admin.password:
            admin.audit_event('admin_updated',
                'Administrator password changed',
                remote_addr=utils.get_remote_addr(),
            )

        admin.password = password

    if 'token' in flask.request.json and flask.request.json['token']:
        admin.generate_token()
        admin.audit_event('admin_updated',
            'Administrator api token changed',
            remote_addr=utils.get_remote_addr(),
        )

    if 'secret' in flask.request.json and flask.request.json['secret']:
        admin.generate_secret()
        admin.audit_event('admin_updated',
            'Administrator api secret changed',
            remote_addr=utils.get_remote_addr(),
        )

    disabled = flask.request.json.get('disabled')
    if disabled is not None:
        if disabled != admin.disabled:
            admin.audit_event('admin_updated',
                'Administrator %s' % ('disabled' if disabled else 'enabled'),
                remote_addr=utils.get_remote_addr(),
            )

        admin.disabled = disabled

    otp_secret = flask.request.json.get('otp_secret')
    if otp_secret == True:
        admin.audit_event('admin_updated',
            'Administrator two-factor authentication secret reset',
            remote_addr=utils.get_remote_addr(),
        )
        admin.generate_otp_secret()

    admin.commit()
    event.Event(type=ADMINS_UPDATED)

    return utils.jsonify(admin.dict())
Esempio n. 17
0
def admin_audit_get(admin_id):
    if not flask.g.administrator.super_user:
        return utils.jsonify({"error": REQUIRES_SUPER_USER, "error_msg": REQUIRES_SUPER_USER_MSG}, 400)

    admin = auth.get_by_id(admin_id)
    return utils.jsonify(admin.get_audit_events())
Esempio n. 18
0
def admin_put(admin_id):
    if settings.app.demo_mode:
        return utils.demo_blocked()

    if not flask.g.administrator.super_user:
        return utils.jsonify({"error": REQUIRES_SUPER_USER, "error_msg": REQUIRES_SUPER_USER_MSG}, 400)

    admin = auth.get_by_id(admin_id)

    if "username" in flask.request.json:
        username = utils.filter_str(flask.request.json["username"]) or None

        if username != admin.username:
            admin.audit_event("admin_updated", "Administrator username changed", remote_addr=utils.get_remote_addr())

        admin.username = username

    if "password" in flask.request.json and flask.request.json["password"]:
        password = flask.request.json["password"]

        if password != admin.password:
            admin.audit_event("admin_updated", "Administrator password changed", remote_addr=utils.get_remote_addr())

        admin.password = password

    super_user = flask.request.json.get("super_user")
    if super_user is not None:
        if super_user != admin.super_user:
            if not super_user and auth.super_user_count() < 2:
                return utils.jsonify({"error": NO_SUPER_USERS, "error_msg": NO_SUPER_USERS_MSG}, 400)

            admin.audit_event(
                "admin_updated",
                "Administrator super user %s" % ("disabled" if super_user else "enabled"),
                remote_addr=utils.get_remote_addr(),
            )

        admin.super_user = super_user

    auth_api = flask.request.json.get("auth_api")
    if auth_api is not None:
        if auth_api != admin.auth_api:
            if not auth_api:
                admin.token = None
                admin.secret = None
            elif not admin.token or not admin.secret:
                admin.generate_token()
                admin.generate_secret()

            admin.audit_event(
                "admin_updated",
                "Administrator token authentication %s" % ("disabled" if auth_api else "enabled"),
                remote_addr=utils.get_remote_addr(),
            )

        admin.auth_api = auth_api

    if "token" in flask.request.json and flask.request.json["token"]:
        admin.generate_token()
        admin.audit_event("admin_updated", "Administrator api token changed", remote_addr=utils.get_remote_addr())

    if "secret" in flask.request.json and flask.request.json["secret"]:
        admin.generate_secret()
        admin.audit_event("admin_updated", "Administrator api secret changed", remote_addr=utils.get_remote_addr())

    disabled = flask.request.json.get("disabled")
    if disabled is not None:
        if disabled != admin.disabled:
            if disabled and admin.super_user and auth.super_user_count() < 2:
                return utils.jsonify({"error": NO_ADMINS_ENABLED, "error_msg": NO_ADMINS_ENABLED_MSG}, 400)

            admin.audit_event(
                "admin_updated",
                "Administrator %s" % ("disabled" if disabled else "enabled"),
                remote_addr=utils.get_remote_addr(),
            )

        admin.disabled = disabled

    otp_auth = flask.request.json.get("otp_auth")
    if otp_auth is not None:
        if otp_auth != admin.otp_auth:
            if not otp_auth:
                admin.otp_secret = None
            elif not admin.otp_secret:
                admin.generate_otp_secret()

            admin.audit_event(
                "admin_updated",
                "Administrator two-step authentication %s" % ("disabled" if otp_auth else "enabled"),
                remote_addr=utils.get_remote_addr(),
            )

        admin.otp_auth = otp_auth

    otp_secret = flask.request.json.get("otp_secret")
    if otp_secret == True:
        admin.audit_event(
            "admin_updated", "Administrator two-factor authentication secret reset", remote_addr=utils.get_remote_addr()
        )
        admin.generate_otp_secret()

    try:
        admin.commit()
    except pymongo.errors.DuplicateKeyError:
        return utils.jsonify({"error": ADMIN_USERNAME_EXISTS, "error_msg": ADMIN_USERNAME_EXISTS_MSG}, 400)

    event.Event(type=ADMINS_UPDATED)

    return utils.jsonify(admin.dict())