def _display_host(self): if os.environ.get('WERKZEUG_RUN_MAIN') != 'true': display_hostname = self.host != '*' and self.host or 'localhost' if ':' in display_hostname: display_hostname = '[%s]' % display_hostname proto = 'https' if self.ssl_context else 'http' console.info(' * Running on {0}://{1}:{2}'.format(proto, display_hostname, self.port)) if self.evalex_whitelist: console.info(' * Werkzeug debugger console on {0}://{1}:{2}/console'.format(proto, display_hostname, self.port)) if self.evalex_whitelist is True: # explicitly check against True! console.warning(' * Werkzeug debugger console is available to all clients')
def user_revoke(user_id): """Revokes administration rights from a given user""" avatar = AvatarHolder().getById(user_id) if avatar is None: error("The user does not exists") return print_user_info(avatar) if not avatar.isAdmin(): warning("This user does not have administration rights") return if prompt_bool(cformat("%{yellow}Revoke administration rights from this user?")): admin_list = HelperMaKaCInfo.getMaKaCInfoInstance().getAdminList() admin_list.revoke(avatar) success("Administration rights revoked successfully")
def user_revoke(user_id): """Revokes administration rights from a given user""" user = User.get(user_id) if user is None: error("This user does not exist") return print_user_info(user) if not user.is_admin: warning("This user does not have administration rights") return if prompt_bool(cformat("%{yellow}Revoke administration rights from this user?")): user.is_admin = False transaction.commit() success("Administration rights revoked successfully")
def user_grant(user_id): """Grants administration rights to a given user""" user = User.get(user_id) if user is None: error("This user does not exist") return print_user_info(user) if user.is_admin: warning("This user already has administration rights") return if prompt_bool(cformat("%{yellow}Grant administration rights to this user?")): user.is_admin = True transaction.commit() success("Administration rights granted successfully")
def user_grant(user_id): """Grants administration rights to a given user""" avatar = AvatarHolder().getById(user_id) if avatar is None: error("The user does not exists") return print_user_info(avatar) if avatar.isAdmin(): warning("This user already has administration rights") return if prompt_bool(cformat("%{yellow}Grant administration rights to this user?")): admin_list = HelperMaKaCInfo.getMaKaCInfoInstance().getAdminList() admin_list.grant(avatar) avatar.activateAccount() success("Administration rights granted successfully")
def start_web_server(app, host='localhost', port=0, with_ssl=False, keep_base_url=True, ssl_cert=None, ssl_key=None, reload_on_change=False, enable_evalex=False, evalex_from=None, quiet=False): config = Config.getInstance() # Let Indico know that we are using the embedded server. This causes it to re-raise exceptions so they # end up in the Werkzeug debugger. config._configVars['EmbeddedWebserver'] = True # We obviously do not have X-Sendfile or X-Accel-Redirect support in the embedded server config._configVars['StaticFileMethod'] = None # Get appropriate base url and defaults base_url = config.getBaseSecureURL() if with_ssl else config.getBaseURL() if not base_url: base_url = config.getBaseURL() or 'http://localhost' if with_ssl: port = 443 console.warning(' * You should set {0}; retrieving host information from {1}'.format( 'BaseSecureURL' if with_ssl else 'BaseURL', base_url) ) default_port = 443 if with_ssl else 80 url_data = urlparse.urlparse(base_url) # commandline data has priority, fallback to data from base url (or default in case of port) host = host or url_data.netloc.partition(':')[0] requested_port = used_port = port or url_data.port or default_port # Don't let people bind on a port they cannot use. if used_port < 1024 and not _can_bind_port(used_port): used_port += 8000 console.warning(' * You cannot open a socket on port {}, using {} instead.'.format(requested_port, used_port)) # By default we update the base URL with the actual host/port. The user has the option to # disable this though in case he wants different values, e.g. to use iptables to make his # development server available via port 443 while listening on a non-privileged port: # iptables -t nat -A PREROUTING -d YOURIP/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-port 8443 if not keep_base_url: scheme = 'https' if with_ssl else 'http' netloc = host if used_port != default_port: netloc += ':%d' % used_port base_url = '{0}://{1}{2}'.format(scheme, netloc, url_data.path) # However, if we had to change the port to avoid a permission issue we always rewrite BaseURL. # In this case it is somewhat safe to assume that the user is not actually trying to use the iptables hack # mentioned above but simply did not consider using a non-privileged port. elif requested_port != used_port: netloc = '{0}:{1}'.format(url_data.netloc.partition(':')[0], used_port) base_url = '{0}://{1}{2}'.format(url_data.scheme, netloc, url_data.path) # If we need to perform internal requests for some reason we want to use the true host:port server_netloc = '{0}:{1}'.format(host, port) if port != default_port else host config._configVars['EmbeddedWebserverBaseURL'] = urlparse.urlunsplit( urlparse.urlsplit(base_url)._replace(netloc=server_netloc)) # We update both BaseURL and BaseSecureURL to something that actually works. # In case of SSL-only we need both URLs to be set to the same SSL url to prevent some stuff being "loaded" # from an URL that is not available. # In case of not using SSL we clear the BaseSecureURL so the user does not need to update the config during # development if he needs to disable SSL for some reason. if with_ssl: config._configVars['BaseURL'] = base_url config._configVars['BaseSecureURL'] = base_url else: config._configVars['BaseURL'] = base_url config._configVars['BaseSecureURL'] = '' config._deriveOptions() if not enable_evalex: evalex_whitelist = False elif evalex_from: evalex_whitelist = evalex_from else: evalex_whitelist = True console.info(' * Using BaseURL {0}'.format(base_url)) app.wsgi_app = make_indico_dispatcher(app.wsgi_app) app.wsgi_app = SharedDataMiddleware(app.wsgi_app, { '/htmlcov': os.path.join(app.root_path, '..', 'htmlcov') }, cache=False) QuietWSGIRequestHandler.INDICO_URL_PREFIX = url_data.path.rstrip('/') server = WerkzeugServer(app, host, used_port, reload_on_change=reload_on_change, evalex_whitelist=evalex_whitelist, enable_ssl=with_ssl, ssl_cert=ssl_cert, ssl_key=ssl_key, quiet=quiet) signal.signal(signal.SIGINT, _sigint) server.run()
def start_web_server(host='localhost', port=0, with_ssl=False, keep_base_url=True, ssl_cert=None, ssl_key=None, reload_on_change=False): """ Sets up a Werkzeug-based web server based on the parameters provided """ config = Config.getInstance() # Let Indico know that we are using the embedded server. This causes it to re-raise exceptions so they # end up in the Werkzeug debugger. config._configVars['EmbeddedWebserver'] = True # Get appropriate base url and defaults base_url = config.getBaseSecureURL() if with_ssl else config.getBaseURL() if not base_url: base_url = config.getBaseURL() or 'http://localhost' if with_ssl: port = 443 console.warning(' * You should set {0}; retrieving host information from {1}'.format( 'BaseSecureURL' if with_ssl else 'BaseURL', base_url)) default_port = 443 if with_ssl else 80 url_data = urlparse.urlparse(base_url) # commandline data has priority, fallback to data from base url (or default in case of port) host = host or url_data.netloc.partition(':')[0] requested_port = used_port = port or url_data.port or default_port # Don't let people bind on a port they cannot use. if used_port < 1024 and not _can_bind_port(used_port): used_port += 8000 console.warning(' * You cannot open a socket on port {0}, using {1} instead.'.format(requested_port, used_port)) # By default we update the base URL with the actual host/port. The user has the option to # disable this though in case he wants different values, e.g. to use iptables to make his # development server available via port 443 while listening on a non-privileged port: # iptables -t nat -A PREROUTING -d YOURIP/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-port 8443 if not keep_base_url: scheme = 'https' if with_ssl else 'http' netloc = host if used_port != default_port: netloc += ':%d' % used_port base_url = '{0}://{1}{2}'.format(scheme, netloc, url_data.path) # However, if we had to change the port to avoid a permission issue we always rewrite BaseURL. # In this case it is somewhat safe to assume that the user is not actually trying to use the iptables hack # mentioned above but simply did not consider using a non-privileged port. elif requested_port != used_port: netloc = '{0}:{1}'.format(url_data.netloc.partition(':')[0], used_port) base_url = '{0}://{1}{2}' % (url_data.scheme, netloc, url_data.path) # We update both BaseURL and BaseSecureURL to something that actually works. # In case of SSL-only we need both URLs to be set to the same SSL url to prevent some stuff being "loaded" # from an URL that is not available. # In case of not using SSL we clear the BaseSecureURL so the user does not need to update the config during # development if he needs to disable SSL for some reason. if with_ssl: config._configVars['BaseURL'] = base_url config._configVars['BaseSecureURL'] = base_url else: config._configVars['BaseURL'] = base_url config._configVars['BaseSecureURL'] = '' config._deriveOptions() console.info(' * Using BaseURL {0}'.format(base_url)) server = WerkzeugServer(host, used_port, reload_on_change=reload_on_change, enable_ssl=with_ssl, ssl_cert=ssl_cert, ssl_key=ssl_key) signal.signal(signal.SIGINT, _sigint) server.run()
def start_web_server(app, host='localhost', port=0, with_ssl=False, keep_base_url=True, ssl_cert=None, ssl_key=None, reload_on_change=False, enable_evalex=False, evalex_from=None, quiet=False): config = Config.getInstance() # Let Indico know that we are using the embedded server. This causes it to re-raise exceptions so they # end up in the Werkzeug debugger. config._configVars['EmbeddedWebserver'] = True # We obviously do not have X-Sendfile or X-Accel-Redirect support in the embedded server config._configVars['StaticFileMethod'] = None # Get appropriate base url and defaults base_url = config.getBaseSecureURL() if with_ssl else config.getBaseURL() if not base_url: base_url = config.getBaseURL() or 'http://localhost' if with_ssl: port = 443 console.warning( ' * You should set {0}; retrieving host information from {1}'. format('BaseSecureURL' if with_ssl else 'BaseURL', base_url)) default_port = 443 if with_ssl else 80 url_data = urlparse.urlparse(base_url) # commandline data has priority, fallback to data from base url (or default in case of port) host = host or url_data.netloc.partition(':')[0] requested_port = used_port = port or url_data.port or default_port # Don't let people bind on a port they cannot use. if used_port < 1024 and not _can_bind_port(used_port): used_port += 8000 console.warning( ' * You cannot open a socket on port {}, using {} instead.'.format( requested_port, used_port)) # By default we update the base URL with the actual host/port. The user has the option to # disable this though in case he wants different values, e.g. to use iptables to make his # development server available via port 443 while listening on a non-privileged port: # iptables -t nat -A PREROUTING -d YOURIP/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-port 8443 if not keep_base_url: scheme = 'https' if with_ssl else 'http' netloc = host if used_port != default_port: netloc += ':%d' % used_port base_url = '{0}://{1}{2}'.format(scheme, netloc, url_data.path) # However, if we had to change the port to avoid a permission issue we always rewrite BaseURL. # In this case it is somewhat safe to assume that the user is not actually trying to use the iptables hack # mentioned above but simply did not consider using a non-privileged port. elif requested_port != used_port: netloc = '{0}:{1}'.format(url_data.netloc.partition(':')[0], used_port) base_url = '{0}://{1}{2}'.format(url_data.scheme, netloc, url_data.path) # We update both BaseURL and BaseSecureURL to something that actually works. # In case of SSL-only we need both URLs to be set to the same SSL url to prevent some stuff being "loaded" # from an URL that is not available. # In case of not using SSL we clear the BaseSecureURL so the user does not need to update the config during # development if he needs to disable SSL for some reason. if with_ssl: config._configVars['BaseURL'] = base_url config._configVars['BaseSecureURL'] = base_url else: config._configVars['BaseURL'] = base_url config._configVars['BaseSecureURL'] = '' config._deriveOptions() if not enable_evalex: evalex_whitelist = False elif evalex_from: evalex_whitelist = evalex_from else: evalex_whitelist = True console.info(' * Using BaseURL {0}'.format(base_url)) app.wsgi_app = make_indico_dispatcher(app.wsgi_app) app.wsgi_app = SharedDataMiddleware( app.wsgi_app, {'/htmlcov': os.path.join(app.root_path, '..', 'htmlcov')}, cache=False) QuietWSGIRequestHandler.INDICO_URL_PREFIX = url_data.path.rstrip('/') server = WerkzeugServer(app, host, used_port, reload_on_change=reload_on_change, evalex_whitelist=evalex_whitelist, enable_ssl=with_ssl, ssl_cert=ssl_cert, ssl_key=ssl_key, quiet=quiet) signal.signal(signal.SIGINT, _sigint) server.run()