def user_login(self, user):
"""
Called immediately after a user authenticates successfully. Saves
session information in the user's directory. Expects *user* to be a
dict containing a 'upn' value representing the username or
userPrincipalName. e.g. 'user@REALM' or just 'someuser'. Any additional
values will be attached to the user object/cookie.
"""
logging.debug("user_login(%s)" % user['upn'])
user.update(additional_attributes(user))
# Make a directory to store this user's settings/files/logs/etc
user_dir = os.path.join(self.settings['user_dir'], user['upn'])
if not os.path.exists(user_dir):
logging.info(_("Creating user directory: %s" % user_dir))
mkdir_p(user_dir)
os.chmod(user_dir, 0o700)
session_file = os.path.join(user_dir, 'session')
session_file_exists = os.path.exists(session_file)
if session_file_exists:
session_data = open(session_file).read()
try:
session_info = tornado.escape.json_decode(session_data)
except ValueError: # Something wrong with the file
session_file_exists = False # Overwrite it below
if not session_file_exists:
with open(session_file, 'w') as f:
# Save it so we can keep track across multiple clients
session_info = {
'session': generate_session_id(),
}
session_info.update(user)
session_info_json = tornado.escape.json_encode(session_info)
f.write(session_info_json)
self.set_secure_cookie(
"gateone_user", tornado.escape.json_encode(session_info))
def create_user_ssh_dir(self):
"""
To be called by the 'Auth' hook that gets called after the user is done
authenticating, ensures that the `<user's dir>/ssh` directory exists.
"""
self.ssh_log.debug("create_user_ssh_dir()")
user = self.current_user['upn']
users_dir = os.path.join(self.ws.settings['user_dir'], user) # "User's dir"
ssh_dir = os.path.join(users_dir, '.ssh')
try:
mkdir_p(ssh_dir)
except OSError as e:
self.ssh_log.error(_("Error creating user's ssh directory: %s\n" % e))
def create_user_ssh_dir(self):
"""
To be called by the 'Auth' hook that gets called after the user is done
authenticating, ensures that the `<user's dir>/ssh` directory exists.
"""
self.ssh_log.debug("create_user_ssh_dir()")
user = self.current_user['upn']
users_dir = os.path.join(self.ws.settings['user_dir'], user) # "User's dir"
ssh_dir = os.path.join(users_dir, '.ssh')
try:
mkdir_p(ssh_dir)
except OSError as e:
self.ssh_log.error(_("Error creating user's ssh directory: %s\n" % e))
def user_login(self, user):
"""
Called immediately after a user authenticates successfully. Saves
session information in the user's directory. Expects *user* to be a
dict containing a 'upn' value representing the username or
userPrincipalName. e.g. 'user@REALM' or just 'someuser'.
Any additional values will be attached to the user object/cookie.
"""
logging.debug("user_login(%s)" % user['upn'])
user.update(additional_attributes(user))
# Make a directory to store this user's settings/files/logs/etc
try:
# NOTE: These bytes checks are for Python 2
# (not needed in Python 3)
upn = user['upn']
if isinstance(user['upn'], bytes):
upn = user['upn'].decode('utf-8')
user_dir = os.path.join(self.settings['user_dir'], upn)
if isinstance(user_dir, bytes):
user_dir = user_dir.decode('utf-8')
if not os.path.exists(user_dir):
logging.info(_("Creating user directory: %s" % user_dir))
mkdir_p(user_dir)
os.chmod(user_dir, 0o700)
except UnicodeEncodeError:
logging.error(
_("You're trying to use non-ASCII user information on a system "
"that has the locale set to ASCII (or similar). Please change"
"your system's locale to something that supports Unicode "
"characters. "))
return
session_file = os.path.join(user_dir, 'session')
session_file_exists = os.path.exists(session_file)
if session_file_exists:
session_data = open(session_file).read()
try:
session_info = tornado.escape.json_decode(session_data)
except ValueError:
# Something wrong with the file, overwrite it below
session_file_exists = False
if not session_file_exists:
with open(session_file, 'w') as f:
# Save it so we can keep track across multiple clients
session_info = {
'session': generate_session_id(),
}
session_info.update(user)
session_info_json = tornado.escape.json_encode(session_info)
f.write(session_info_json)
self.set_secure_cookie("gateone_user",
tornado.escape.json_encode(session_info))
def user_login(self, user):
"""
Called immediately after a user authenticates successfully. Saves
session information in the user's directory. Expects *user* to be a
dict containing a 'upn' value representing the username or
userPrincipalName. e.g. 'user@REALM' or just 'someuser'. Any additional
values will be attached to the user object/cookie.
"""
logging.debug("user_login(%s)" % user['upn'])
user.update(additional_attributes(user))
# Make a directory to store this user's settings/files/logs/etc
try:
# NOTE: These bytes checks are for Python 2 (not needed in Python 3)
upn = user['upn']
if isinstance(user['upn'], bytes):
upn = user['upn'].decode('utf-8')
user_dir = os.path.join(self.settings['user_dir'], upn)
if isinstance(user_dir, bytes):
user_dir = user_dir.decode('utf-8')
if not os.path.exists(user_dir):
logging.info(_("Creating user directory: %s" % user_dir))
mkdir_p(user_dir)
os.chmod(user_dir, 0o700)
except UnicodeEncodeError:
logging.error(_(
"You're trying to use non-ASCII user information on a system "
"that has the locale set to ASCII (or similar). Please change"
"your system's locale to something that supports Unicode "
"characters. "))
return
session_file = os.path.join(user_dir, 'session')
session_file_exists = os.path.exists(session_file)
if session_file_exists:
session_data = open(session_file).read()
try:
session_info = tornado.escape.json_decode(session_data)
except ValueError: # Something wrong with the file
session_file_exists = False # Overwrite it below
if not session_file_exists:
with open(session_file, 'w') as f:
# Save it so we can keep track across multiple clients
session_info = {
'session': generate_session_id(),
}
session_info.update(user)
session_info_json = tornado.escape.json_encode(session_info)
f.write(session_info_json)
self.set_secure_cookie(
"gateone_user", tornado.escape.json_encode(session_info))
def user_login(self, user):
"""
This is an override of BaseAuthHandler since anonymous auth is special.
Generates a unique session ID for this user and saves it in a browser
cookie. This is to ensure that anonymous users can't access each
other's sessions.
"""
logging.debug("NullAuthHandler.user_login(%s)" % user["upn"])
# Make a directory to store this user's settings/files/logs/etc
user_dir = os.path.join(self.settings["user_dir"], user["upn"])
if not os.path.exists(user_dir):
logging.info(_("Creating user directory: %s" % user_dir))
mkdir_p(user_dir)
os.chmod(user_dir, 0o700)
session_info = {"session": generate_session_id()}
session_info.update(user)
self.set_secure_cookie("gateone_user", tornado.escape.json_encode(session_info))
def user_login(self, user):
"""
This is an override of BaseAuthHandler since anonymous auth is special.
Generates a unique session ID for this user and saves it in a browser
cookie. This is to ensure that anonymous users can't access each
other's sessions.
"""
logging.debug("NullAuthHandler.user_login(%s)" % user['upn'])
# Make a directory to store this user's settings/files/logs/etc
user_dir = os.path.join(self.settings['user_dir'], user['upn'])
if not os.path.exists(user_dir):
logging.info(_("Creating user directory: %s" % user_dir))
mkdir_p(user_dir)
os.chmod(user_dir, 0o700)
session_info = {'session': generate_session_id()}
session_info.update(user)
self.set_secure_cookie("gateone_user",
tornado.escape.json_encode(session_info))
def save_known_hosts(self, known_hosts):
"""
Attached to the (server-side) `terminal:ssh_save_known_hosts` WebSocket
action; saves the given *known_hosts* (string) to the user's known_hosts
file.
"""
user = self.current_user["upn"]
ssh_log.debug("known_hosts updated by %s" % user)
users_dir = os.path.join(self.settings["user_dir"], user) # "User's dir"
users_ssh_dir = os.path.join(users_dir, ".ssh")
if not os.path.isdir(users_ssh_dir): # Make .ssh dir if not present
mkdir_p(users_ssh_dir)
os.chmod(users_ssh_dir, 0o700)
kh_path = os.path.join(users_ssh_dir, "known_hosts")
try:
with io.open(kh_path, "wb") as f:
f.write(known_hosts)
except Exception as e:
error_msg = _("Exception trying to save known_hosts file: %s" % e)
ssh_log.error(error_msg)
self.write_message(
_("An error was encountered trying to save the known_hosts file. " "See server logs for details.")
)