def __after__(self): c.audit['administrator'] = getUserFromRequest(request).get("login") if 'serial' in self.request_params: serial = self.request_params['serial'] c.audit['serial'] = serial c.audit['token_type'] = getTokenType(serial) audit.log(c.audit)
def __after__(self): if c.audit["action"] in ["manage/tokenview_flexi", "manage/userview_flexi"]: c.audit["administrator"] = getUserFromRequest(request).get("login") if request.params.has_key("serial"): c.audit["serial"] = request.params["serial"] c.audit["token_type"] = getTokenType(request.params["serial"]) audit.log(c.audit)
def __after__(self): if c.audit['action'] in [ 'manage/tokenview_flexi', 'manage/userview_flexi' ]: c.audit['administrator'] = getUserFromRequest(request).get("login") if request.params.has_key('serial'): c.audit['serial'] = request.params['serial'] c.audit['token_type'] = getTokenType(request.params['serial']) audit.log(c.audit)
def __call__(self, environ, start_response): '''Invoke the Controller''' # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] # we add a unique request id to the request enviroment # so we can trace individual requests in the logging environ['REQUEST_ID'] = str(uuid4()) environ['REQUEST_START_TIMESTAMP'] = datetime.now() with request_context_safety(): try: self._parse_request_params(request) except UnicodeDecodeError as exx: # we supress Exception here as it will be handled in the # controller which will return corresponding response log.warning('Failed to access request parameters: %r' % exx) self.create_context(request, environ) try: try: user_desc = getUserFromRequest(request) self.base_auth_user = user_desc.get('login', '') except UnicodeDecodeError as exx: # we supress Exception here as it will be handled in the # controller which will return corresponding response log.warning('Failed to identify user due to %r' % exx) ret = WSGIController.__call__(self, environ, start_response) log.debug("Request reply: %r", ret) finally: meta.Session.remove() # free the lock on the scurityPovider if any if self.sep: self.sep.dropSecurityModule() closeResolvers() # hint for the garbage collector to make the dishes data_objects = [ "resolvers_loaded", "resolver_clazzes", "linotpConfig", "audit", "hsm" ] for data_obj in data_objects: if hasattr(c, data_obj): data = getattr(c, data_obj) del data log_request_timedelta(log) return ret
def __after__(self): if c.audit['action'] in ['manage/tokenview_flexi', 'manage/userview_flexi' ]: c.audit['administrator'] = getUserFromRequest(request).get("login") if 'serial' in self.request_params: serial = self.request_params['serial'] c.audit['serial'] = serial c.audit['token_type'] = getTokenType(serial) c.audit['action_detail'] += linotp.lib.audit.base.get_token_num_info() audit.log(c.audit)
def __after__(response): ''' __after__ is called after every action :param response: the previously created response - for modification :return: return the response ''' g.audit['administrator'] = getUserFromRequest(request).get("login") current_app.audit_obj.log(g.audit) return response
def test_JWT_authentifictaion(app): authUser = User( login="******", realm="def_realm", resolver_config_identifier="def_resolver", ) with patch("linotp.lib.user.request_context") as mocked_request_context: mocked_request_context.get.return_value = authUser user = getUserFromRequest() assert user.login == "JWT_AUTHENTICATED_USER"
def login(self): """ Render the Manage-UI login page """ user = getUserFromRequest() if user: # user is authenticated, no login required. return redirect(url_for(".index")) c.debug = current_app.config["DEBUG"] return render("manage/login.mako")
def test_empty_auth(app): authUser = User( login="", realm="", resolver_config_identifier="", ) with patch("linotp.lib.user.request_context") as mocked_request_context: mocked_request_context.get.return_value = authUser user = getUserFromRequest() assert user.login == ""
def __after__(response): """ __after__ is called after every action :param response: the previously created response - for modification :return: return the response """ g.audit["administrator"] = getUserFromRequest() current_app.audit_obj.log(g.audit) return response
def __after__(response): ''' __after__ is called after every action :param response: the previously created response - for modification :return: return the response ''' audit = config.get('audit') c.audit['administrator'] = getUserFromRequest(request).get("login") audit.log(c.audit) return response
def __call__(self, environ, start_response): '''Invoke the Controller''' # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] path = "" with request_context_safety(): self.create_context(request) try: if environ: path = environ.get("PATH_INFO", "") or "" try: user_desc = getUserFromRequest(request) self.base_auth_user = user_desc.get('login', '') except UnicodeDecodeError as exx: # we supress Exception here as it will be handled in the # controller which will return corresponding response log.info('Failed to identify user due to %r' % exx) log.debug("request %r" % path) ret = WSGIController.__call__(self, environ, start_response) log.debug("reply %r" % ret) finally: meta.Session.remove() # free the lock on the scurityPovider if any if self.sep: self.sep.dropSecurityModule() closeResolvers() # hint for the garbage collector to make the dishes data_objects = [ "resolvers_loaded", "resolver_types", "resolver_clazzes", "linotpConfig", "audit", "hsm" ] for data_obj in data_objects: if hasattr(c, data_obj): data = getattr(c, data_obj) del data log.debug("request %r done!" % path) return ret
def __after__(self, action): """ """ try: c.audit['administrator'] = getUserFromRequest(request).get('login') audit.log(c.audit) Session.commit() return request except Exception as exception: log.exception(exception) Session.rollback() return sendError(response, exception, context='after') finally: Session.close()
def __after__(response): """ __after__ is called after every action :param response: the previously created response - for modification :return: return the response """ g.audit["administrator"] = getUserFromRequest() if "serial" in request.params: serial = request.params["serial"] g.audit["serial"] = serial g.audit["token_type"] = getTokenType(serial) current_app.audit_obj.log(g.audit) return response
def setPassword(self): """ abilty to set password in managed / admin_user resolver """ try: old_pw = self.request_params["old_password"] new_pw = self.request_params["new_password"] authenticated_user = getUserFromRequest() username = authenticated_user.login if not username: raise Exception("Missing authenticated user!") sql_url = db.engine.url # -------------------------------------------------------------- -- # the set password handling: # any error will raise an excecption which will be displayed # to the user g.audit["administrator"] = username g.audit["info"] = "setPassword" set_pw_handler = SetPasswordHandler(DataBaseContext(sql_url)) set_pw_handler.set_password(username, old_password=old_pw, new_password=new_pw) g.audit["success"] = True return sendResult( response, obj=True, opt={"detail": ("password updated for %r" % username)}, ) except Exception as exx: g.audit["success"] = False log.error(exx) db.session.rollback() return sendError(response, exx)
def __call__(self, environ, start_response): '''Invoke the Controller''' # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] path = "" with request_context_safety(): self.create_context(request) try: if environ: path = environ.get("PATH_INFO", "") or "" try: user_desc = getUserFromRequest(request) self.base_auth_user = user_desc.get('login', '') except UnicodeDecodeError as exx: # we supress Exception here as it will be handled in the # controller which will return corresponding response log.info('Failed to identify user due to %r' % exx) log.debug("request %r" % path) ret = WSGIController.__call__(self, environ, start_response) log.debug("reply %r" % ret) finally: meta.Session.remove() # free the lock on the scurityPovider if any if self.sep: self.sep.dropSecurityModule() closeResolvers() # hint for the garbage collector to make the dishes data_objects = ["resolvers_loaded", "resolver_types", "resolver_clazzes", "linotpConfig", "audit", "hsm"] for data_obj in data_objects: if hasattr(c, data_obj): data = getattr(c, data_obj) del data log.debug("request %r done!" % path) return ret
def __after__(response): """ __after__ is called after every action :param response: the previously created response - for modification :return: return the response """ try: g.audit["administrator"] = getUserFromRequest() current_app.audit_obj.log(g.audit) db.session.commit() # FIXME: may not be needed return response except Exception as exception: log.error(exception) db.session.rollback() return sendError(response, exception, context="after")
def __after__(self, action): """ """ params = {} try: params.update(request.params) c.audit['administrator'] = getUserFromRequest(request).get('login') audit.log(c.audit) Session.commit() return request except Exception as exception: log.exception(exception) Session.rollback() return sendError(response, exception, context='after') finally: Session.close() log.debug('[__after__] done')
def __after__(self, action): ''' ''' try: c.audit['administrator'] = getUserFromRequest(request).get("login") c.audit['serial'] = self.request_params.get('serial') audit.log(c.audit) Session.commit() return request except Exception as e: log.exception( "[__after__] unable to create a session cookie: %r" % e) Session.rollback() return sendError(response, e, context='after') finally: Session.close()
def logout(self): """Logs a user out by obliterating their JWT access token cookies. NOTE: We may wish to block further use of the access token in question in case the user has saved a copy somewhere. See the Flask-JWT-Extended docs for ideas about how to do this. """ auth_user = getUserFromRequest() response = sendResult( None, True, opt={"message": f"Logout successful for {auth_user}"}) unset_jwt_cookies(response) # jti: jwt unique identifier raw_jwt = get_raw_jwt() jti = raw_jwt["jti"] expires_at = get_raw_jwt()["exp"] expires_in = int(expires_at - datetime.now().timestamp()) current_app.jwt_blocklist.add_item(jti, expiry=expires_in) return response
def __after__(response): ''' __after__ is called after every action :param response: the previously created response - for modification :return: return the response ''' if c.audit['action'] in ['manage/tokenview_flexi', 'manage/userview_flexi' ]: c.audit['administrator'] = getUserFromRequest(request).get("login") if 'serial' in request.params: serial = request.params['serial'] c.audit['serial'] = serial c.audit['token_type'] = getTokenType(serial) c.audit['action_detail'] += linotp.lib.audit.base.get_token_num_info() audit = config.get('audit') audit.log(c.audit) return response
def __after__(response): ''' __after__ is called after every action :param response: the previously created response - for modification :return: return the response ''' try: g.audit['administrator'] = getUserFromRequest(request).get("login") g.audit['serial'] = request.params.get('serial') current_app.audit_obj.log(g.audit) db.session.commit() return response except Exception as e: log.exception("[__after__] unable to create a session cookie: %r" % e) db.session.rollback() return sendError(response, e, context='after')
def __after__(response): ''' __after__ is called after every action :param response: the previously created response - for modification :return: return the response ''' try: g.audit['administrator'] = getUserFromRequest(request).get('login') current_app.audit_obj.log(g.audit) db.session.commit() return response except Exception as exception: log.exception(exception) db.session.rollback() return sendError(response, exception, context='after') finally: db.session.close()
def __after__(response): """ __after__ is called after every action :param response: the previously created response - for modification :return: return the response """ if g.audit["action"] in [ "manage/tokenview_flexi", "manage/userview_flexi", ]: g.audit["administrator"] = getUserFromRequest() if "serial" in request.params: serial = request.params["serial"] g.audit["serial"] = serial g.audit["token_type"] = getTokenType(serial) g.audit[ "action_detail" ] += linotp.lib.audit.base.get_token_num_info() current_app.audit_obj.log(g.audit) return response
def __after__(response): ''' __after__ is called after every action :param response: the previously created response - for modification :return: return the response ''' audit = config.get('audit') try: c.audit['administrator'] = getUserFromRequest(request).get('login') audit.log(c.audit) Session.commit() return response except Exception as exception: log.exception(exception) Session.rollback() return sendError(response, exception, context='after') finally: Session.close()
def __after__(self): c.audit['administrator'] = getUserFromRequest(request).get("login") audit.log(c.audit)
def index(self): """ This is the main function of the management web UI """ try: c.debug = asbool(config.get("debug", False)) c.title = "LinOTP Management" admin_user = getUserFromRequest(request) if admin_user.has_key("login"): c.admin = admin_user["login"] log.debug("[index] importers: %s" % IMPORT_TEXT) c.importers = IMPORT_TEXT c.help_url = config.get("help_url") ## add render info for token type config confs = _getTokenTypeConfig("config") token_config_tab = {} token_config_div = {} for conf in confs: tab = "" div = "" try: # loc = conf +'_token_settings' tab = confs.get(conf).get("title") # tab = '<li ><a href=#'+loc+'>'+tab+'</a></li>' div = confs.get(conf).get("html") # div = +div+'</div>' except Exception as e: log.debug("[index] no config info for token type %s (%r)" % (conf, e)) if tab is not None and div is not None and len(tab) > 0 and len(div) > 0: token_config_tab[conf] = tab token_config_div[conf] = div c.token_config_tab = token_config_tab c.token_config_div = token_config_div ## add the enrollment fragments from the token definition ## tab: <option value="ocra">${_("OCRA - challenge/response Token")}</option> ## div: "<div id='"+ tt + "'>"+enroll+"</div>" enrolls = _getTokenTypeConfig("init") token_enroll_tab = {} token_enroll_div = {} for conf in enrolls: tab = "" div = "" try: tab = enrolls.get(conf).get("title") div = enrolls.get(conf).get("html") except Exception as e: log.debug("[index] no enrollment info for token type %s (%r)" % (conf, e)) if tab is not None and div is not None and len(tab) > 0 and len(div) > 0: token_enroll_tab[conf] = tab token_enroll_div[conf] = div c.token_enroll_tab = token_enroll_tab c.token_enroll_div = token_enroll_div c.tokentypes = _getTokenTypes() http_host = request.environ.get("HTTP_HOST") url_scheme = request.environ.get("wsgi.url_scheme") c.logout_url = "%s://log-me-out:fake@%s/manage/logout" % (url_scheme, http_host) Session.commit() ren = render("/manage/manage-base.mako") return ren except PolicyException as pe: log.error("[index] Error during checking policies: %r" % pe) log.error("[index] %s" % traceback.format_exc()) Session.rollback() return sendError(response, unicode(pe), 1) except Exception as ex: log.error("[index] failed! %r" % ex) log.error("[index] %s" % traceback.format_exc()) Session.rollback() return sendError(response, ex) finally: Session.close() log.debug("[index] done")
def create_context(self, request): """ create the request context for all controllers """ linotp_config = getLinotpConfig() self.request_context = {} self.request_context['Config'] = linotp_config self.request_context['Policies'] = getPolicies(config=linotp_config) self.request_context['translate'] = translate request_params = {} try: request_params.update(request.params) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) self.request_context['Params'] = request_params authUser = None try: authUser = getUserFromRequest(request) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) self.request_context['AuthUser'] = authUser requestUser = None try: requestUser = getUserFromParam(request_params, True) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) self.request_context['RequestUser'] = requestUser client = None try: client = get_client(request=request) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) self.request_context['Client'] = client self.request_context['audit'] = {} defaultRealm = "" try: defaultRealm = getDefaultRealm(linotp_config) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) self.request_context['defaultRealm'] = defaultRealm realms = None try: realms = getRealms(context=self.request_context) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) self.request_context['Realms'] = realms return
def __after__(self): c.audit["administrator"] = getUserFromRequest(request).get("login") audit.log(c.audit) return response
def create_context(self, request): """ create the request context for all controllers """ linotp_config = getLinotpConfig() request_context['Config'] = linotp_config request_context['Policies'] = getPolicies() request_context['translate'] = translate initResolvers() request_params = {} try: request_params.update(request.params) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) request_context['Params'] = request_params authUser = None try: authUser = getUserFromRequest(request) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) request_context['AuthUser'] = authUser requestUser = None try: requestUser = getUserFromParam(request_params, True) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) request_context['RequestUser'] = requestUser client = None try: client = get_client(request=request) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) request_context['Client'] = client request_context['Audit'] = Audit request_context['audit'] = Audit.initialize(request, client=client) defaultRealm = "" try: defaultRealm = getDefaultRealm(linotp_config) except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) request_context['defaultRealm'] = defaultRealm realms = None try: realms = getRealms() except UnicodeDecodeError as exx: log.error("Faild to decode request parameters %r" % exx) request_context['Realms'] = realms request_context['hsm'] = None if hasattr(self, "hsm"): request_context['hsm'] = self.hsm # copy some system entries from pylons syskeys = { "radius.nas_identifier": "LinOTP", "radius.dictfile": "/etc/linotp2/dictionary" } sysconfig = {} for key, default in syskeys.items(): try: sysconfig[key] = config.get(key, default) except: log.info('no sytem config entry %s' % key) request_context['SystemConfig'] = sysconfig
def __after__(self): c.audit["administrator"] = getUserFromRequest(request).get("login") if request.params.has_key("serial"): c.audit["serial"] = request.params["serial"] c.audit["token_type"] = getTokenType(request.params["serial"]) audit.log(c.audit)
def __after__(self): c.audit['administrator'] = getUserFromRequest(request).get("login") if request.params.has_key('serial'): c.audit['serial'] = request.params['serial'] c.audit['token_type'] = getTokenType(request.params['serial']) audit.log(c.audit)
def run_and_assert(self, request): authentification = getUserFromRequest(request) self.assertEqual(authentification['login'], self.login, 'Input was: %r' % request.environ) return authentification
def test_empty_auth(self): request = self.Request({}) authentification = getUserFromRequest(request) self.assertEqual(authentification['login'], '', 'Input was empty')
def index(self): ''' This is the main function of the management web UI ''' try: c.debug = asbool(config.get('debug', False)) c.title = "LinOTP Management" admin_user = getUserFromRequest(request) if admin_user.has_key('login'): # Get a list of their allowed admin realms. # Set their current realm to the first one in the list. c.login = admin_user['login'] realms = getAdminRealms(c.login) if (realms): c.realm = realms[0] else: realm = getDefaultRealm() c.admin = "%s@%s" % (c.login, c.realm) log.debug("[index] importers: %s" % IMPORT_TEXT) c.importers = IMPORT_TEXT c.help_url = config.get('help_url') ## add render info for token type config confs = _getTokenTypeConfig('config') token_config_tab = {} token_config_div = {} for conf in confs: tab = '' div = '' try: #loc = conf +'_token_settings' tab = confs.get(conf).get('title') #tab = '<li ><a href=#'+loc+'>'+tab+'</a></li>' div = confs.get(conf).get('html') #div = +div+'</div>' except Exception as e: log.debug('[index] no config info for token type %s (%r)' % (conf, e)) if tab is not None and div is not None and len(tab) > 0 and len(div) > 0: token_config_tab[conf] = tab token_config_div[conf] = div c.token_config_tab = token_config_tab c.token_config_div = token_config_div ## add the enrollment fragments from the token definition ## tab: <option value="ocra">${_("OCRA - challenge/response Token")}</option> ## div: "<div id='"+ tt + "'>"+enroll+"</div>" enrolls = _getTokenTypeConfig('init') token_enroll_tab = {} token_enroll_div = {} for conf in enrolls: tab = '' div = '' try: tab = enrolls.get(conf).get('title') div = enrolls.get(conf).get('html') except Exception as e: log.debug('[index] no enrollment info for token type %s (%r)' % (conf, e)) if tab is not None and div is not None and len(tab) > 0 and len(div) > 0: token_enroll_tab[conf] = tab token_enroll_div[conf] = div c.token_enroll_tab = token_enroll_tab c.token_enroll_div = token_enroll_div c.tokentypes = _getTokenTypes() http_host = request.environ.get("HTTP_HOST") url_scheme = request.environ.get("wsgi.url_scheme") # Use WebAuth to logout instead of Apache. c.logout_url = "%s://%s/account/logout" % (url_scheme, http_host) Session.commit() ren = render('/manage/manage-base.mako') return ren except PolicyException as pe: log.error("[index] Error during checking policies: %r" % pe) log.error("[index] %s" % traceback.format_exc()) Session.rollback() return sendError(response, unicode(pe), 1) except Exception as ex: log.error("[index] failed! %r" % ex) log.error("[index] %s" % traceback.format_exc()) Session.rollback() return sendError(response, ex) finally: Session.close() log.debug('[index] done')
def index(self): ''' This is the main function of the management web UI ''' try: c.debug = asbool(config.get('debug', False)) c.title = "LinOTP Management" admin_user = getUserFromRequest(request) if admin_user.has_key('login'): c.admin = admin_user['login'] log.debug("[index] importers: %s" % IMPORT_TEXT) c.importers = IMPORT_TEXT c.help_url = config.get('help_url') # -------------------------------------------------------------- -- # check for support of setting admin password c.admin_can_change_password = False if ('linotpadmin.user' in config and 'linotpadmin.password' in config): c.admin_can_change_password = True # -------------------------------------------------------------- -- # add render info for token type config confs = _getTokenTypeConfig('config') token_config_tab = {} token_config_div = {} for conf in confs: tab = '' div = '' try: # loc = conf +'_token_settings' tab = confs.get(conf).get('title') # tab = '<li ><a href=#'+loc+'>'+tab+'</a></li>' div = confs.get(conf).get('html') # div = +div+'</div>' except Exception as e: log.debug('[index] no config info for token type %s (%r)' % (conf, e)) if tab is not None and div is not None and len(tab) > 0 and len(div) > 0: token_config_tab[conf] = tab token_config_div[conf] = div c.token_config_tab = token_config_tab c.token_config_div = token_config_div # add the enrollment fragments from the token definition # tab: <option value="ocra">${_("OCRA - challenge/response Token")}</option> # div: "<div id='"+ tt + "'>"+enroll+"</div>" enrolls = _getTokenTypeConfig('init') token_enroll_tab = {} token_enroll_div = {} for conf in enrolls: tab = '' div = '' try: tab = enrolls.get(conf).get('title') div = enrolls.get(conf).get('html') except Exception as e: log.debug('[index] no enrollment info for token type %s (%r)' % (conf, e)) if tab is not None and div is not None and len(tab) > 0 and len(div) > 0: token_enroll_tab[conf] = tab token_enroll_div[conf] = div c.token_enroll_tab = token_enroll_tab c.token_enroll_div = token_enroll_div c.tokentypes = _getTokenTypes() # Use HTTP_X_FORWARDED_HOST in preference to HTTP_HOST # in case we're running behind a reverse proxy http_host = request.environ.get("HTTP_X_FORWARDED_HOST", '') if not http_host: http_host = request.environ.get("HTTP_HOST") url_scheme = request.environ.get("wsgi.url_scheme") c.logout_url = "%s://log-me-out:fake@%s/manage/logout" % (url_scheme, http_host) Session.commit() ren = render('/manage/manage-base.mako') return ren except PolicyException as pe: log.exception("[index] Error during checking policies: %r" % pe) Session.rollback() return sendError(response, unicode(pe), 1) except Exception as ex: log.exception("[index] failed! %r" % ex) Session.rollback() return sendError(response, ex) finally: Session.close()