def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) client_dir = client_id_dir(client_id) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) if not configuration.site_enable_jobs: output_objects.append({ 'object_type': 'error_text', 'text': '''Job execution is not enabled on this system''' }) return (output_objects, returnvalues.SYSTEM_ERROR) status = returnvalues.OK title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Job Manager' user_settings = title_entry.get('user_settings', {}) title_entry['style'] = css_tmpl(configuration, user_settings) csrf_map = {} method = 'post' limit = get_csrf_limit(configuration) for target_op in csrf_backends: csrf_map[target_op] = make_csrf_token(configuration, method, target_op, client_id, limit) (add_import, add_init, add_ready) = js_tmpl_parts(csrf_map) title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({'object_type': 'header', 'text': 'Job Manager'}) output_objects.append({ 'object_type': 'table_pager', 'entry_name': 'jobs', 'default_entries': default_pager_entries, 'form_append': pager_append() }) output_objects.append({'object_type': 'html_form', 'text': html_post()}) return (output_objects, status)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_menu=client_id) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) # output_objects.append({'object_type': 'header', 'text': 'Welcome to %s!' % # configuration.short_title}) # Generate and insert the page HTML title_entry = find_entry(output_objects, 'title') title_entry['text'] = '%s Home' % configuration.short_title # jquery support for AJAX saving (add_import, add_init, add_ready) = save_settings_js(configuration) add_init += ''' function addApp() { $("#app-nav-container").hide(); $("#add-app__window").show(); } function closeAddApp() { console.log("close add app"); $("#app-nav-container").show(); $("#add-app__window").hide(); } ''' add_ready += ''' load_tips("%s"); ''' % configuration.site_tips_snippet_url title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready html = html_tmpl(configuration, client_id, title_entry) output_objects.append({'object_type': 'html_form', 'text': html}) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_menu=False) logger = configuration.logger logger.debug('oiddiscover: %s' % user_arguments_dict) output_objects.append({'object_type': 'header', 'text': 'OpenID Discovery for %s' % configuration.short_title}) defaults = signature()[1] (validate_status, accepted) = validate_input(user_arguments_dict, defaults, output_objects, allow_rejects=False) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) # Force to raw file output unless something else is explicitly requested. # Relies on delay_format option in run_cgi_script_possibly_with_cert if not user_arguments_dict.get('output_format', []): user_arguments_dict['output_format'] = ['file'] discovery_doc = generate_openid_discovery_doc(configuration) output_objects.append({'object_type': 'text', 'text': 'Advertising valid OpenID endpoints:'}) # make sure we always have at least one output_format entry output_format = user_arguments_dict.get('output_format', []) + ['file'] if output_format[0] == 'file': headers = [('Content-Type', 'application/xrds+xml'), ('Content-Disposition', 'attachment; filename=oid.xrds'), ('Content-Length', '%s' % len(discovery_doc))] start_entry = find_entry(output_objects, 'start') start_entry['headers'] = headers # output discovery_doc as raw xrds doc in any case output_objects.append({'object_type': 'file_output', 'lines': [discovery_doc]}) else: output_objects.append({'object_type': 'binary', 'data': discovery_doc}) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] title_entry = find_entry(output_objects, 'title') label = "%s" % configuration.site_vgrid_label title_entry['text'] = '%s send request' % configuration.short_title output_objects.append({ 'object_type': 'header', 'text': '%s send request' % configuration.short_title }) (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) target_id = client_id vgrid_name = accepted['vgrid_name'][-1].strip() visible_user_names = accepted['cert_id'] visible_res_names = accepted['unique_resource_name'] request_type = accepted['request_type'][-1].strip().lower() request_text = accepted['request_text'][-1].strip() protocols = [proto.strip() for proto in accepted['protocol']] use_any = False if any_protocol in protocols: use_any = True protocols = configuration.notify_protocols protocols = [proto.lower() for proto in protocols] if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) valid_request_types = [ 'resourceowner', 'resourceaccept', 'resourcereject', 'vgridowner', 'vgridmember', 'vgridresource', 'vgridaccept', 'vgridreject', 'plain' ] if not request_type in valid_request_types: output_objects.append({ 'object_type': 'error_text', 'text': '%s is not a valid request_type (valid types: %s)!' % (request_type.lower(), valid_request_types) }) return (output_objects, returnvalues.CLIENT_ERROR) if not protocols: output_objects.append({ 'object_type': 'error_text', 'text': 'No protocol specified!' }) return (output_objects, returnvalues.CLIENT_ERROR) user_map = get_user_map(configuration) reply_to = user_map[client_id][USERID] # Try to point replies to client_id email client_email = extract_field(reply_to, 'email') if request_type == "plain": if not visible_user_names: output_objects.append({ 'object_type': 'error_text', 'text': 'No user ID specified!' }) return (output_objects, returnvalues.CLIENT_ERROR) user_id = visible_user_names[-1].strip() anon_map = anon_to_real_user_map(configuration) if user_id in anon_map: user_id = anon_map[user_id] if user_id not in user_map: output_objects.append({ 'object_type': 'error_text', 'text': 'No such user: %s' % user_id }) return (output_objects, returnvalues.CLIENT_ERROR) target_name = user_id user_dict = user_map[user_id] vgrid_access = user_vgrid_access(configuration, client_id) vgrids_allow_email = user_dict[CONF].get('VGRIDS_ALLOW_EMAIL', []) vgrids_allow_im = user_dict[CONF].get('VGRIDS_ALLOW_IM', []) if any_vgrid in vgrids_allow_email: email_vgrids = vgrid_access else: email_vgrids = set(vgrids_allow_email).intersection(vgrid_access) if any_vgrid in vgrids_allow_im: im_vgrids = vgrid_access else: im_vgrids = set(vgrids_allow_im).intersection(vgrid_access) if use_any: # Do not try disabled protocols if ANY was requested if not email_vgrids: protocols = [ proto for proto in protocols if proto not in email_keyword_list ] if not im_vgrids: protocols = [ proto for proto in protocols if proto in email_keyword_list ] if not email_vgrids and [ proto for proto in protocols if proto in email_keyword_list ]: output_objects.append({ 'object_type': 'error_text', 'text': 'You are not allowed to send emails to %s!' % user_id }) return (output_objects, returnvalues.CLIENT_ERROR) if not im_vgrids and [ proto for proto in protocols if proto not in email_keyword_list ]: output_objects.append({ 'object_type': 'error_text', 'text': 'You are not allowed to send instant messages to %s!' % user_id }) return (output_objects, returnvalues.CLIENT_ERROR) for proto in protocols: if not user_dict[CONF].get(proto.upper(), False): if use_any: # Remove missing protocols if ANY protocol was requested protocols = [i for i in protocols if i != proto] else: output_objects.append({ 'object_type': 'error_text', 'text': 'User %s does not accept %s messages!' % (user_id, proto) }) return (output_objects, returnvalues.CLIENT_ERROR) if not protocols: output_objects.append({ 'object_type': 'error_text', 'text': 'User %s does not accept requested protocol(s) messages!' % user_id }) return (output_objects, returnvalues.CLIENT_ERROR) target_list = [user_id] elif request_type in ["vgridaccept", "vgridreject"]: # Always allow accept messages but only between owners/members if not visible_user_names and not visible_res_names: output_objects.append({ 'object_type': 'error_text', 'text': 'No user or resource ID specified!' }) return (output_objects, returnvalues.CLIENT_ERROR) if not vgrid_name: output_objects.append({ 'object_type': 'error_text', 'text': 'No vgrid_name specified!' }) return (output_objects, returnvalues.CLIENT_ERROR) if vgrid_name.upper() == default_vgrid.upper(): output_objects.append({ 'object_type': 'error_text', 'text': 'No requests for %s are allowed!' % default_vgrid }) return (output_objects, returnvalues.CLIENT_ERROR) if not vgrid_is_owner(vgrid_name, client_id, configuration): output_objects.append({ 'object_type': 'error_text', 'text': 'You are not an owner of %s or a parent %s!' % (vgrid_name, label) }) return (output_objects, returnvalues.CLIENT_ERROR) # NOTE: we support exactly one vgrid but multiple users/resources here if visible_user_names: logger.info("setting user recipients: %s" % visible_user_names) target_list = [user_id.strip() for user_id in visible_user_names] elif visible_res_names: # vgrid resource accept - lookup and notify resource owners logger.info("setting res owner recipients: %s" % visible_res_names) target_list = [] for unique_resource_name in visible_res_names: logger.info("loading res owners for %s" % unique_resource_name) (load_status, res_owners) = resource_owners(configuration, unique_resource_name) if not load_status: output_objects.append({ 'object_type': 'error_text', 'text': 'Could not lookup owners of %s!' % unique_resource_name }) continue logger.info("adding res owners to recipients: %s" % res_owners) target_list += [user_id for user_id in res_owners] target_id = '%s %s owners' % (vgrid_name, label) target_name = vgrid_name elif request_type in ["resourceaccept", "resourcereject"]: # Always allow accept messages between actual resource owners if not visible_user_names: output_objects.append({ 'object_type': 'error_text', 'text': 'No user ID specified!' }) return (output_objects, returnvalues.CLIENT_ERROR) if not visible_res_names: output_objects.append({ 'object_type': 'error_text', 'text': 'No resource ID specified!' }) return (output_objects, returnvalues.CLIENT_ERROR) # NOTE: we support exactly one resource but multiple users here unique_resource_name = visible_res_names[-1].strip() target_name = unique_resource_name res_map = get_resource_map(configuration) if unique_resource_name not in res_map: output_objects.append({ 'object_type': 'error_text', 'text': 'No such resource: %s' % unique_resource_name }) return (output_objects, returnvalues.CLIENT_ERROR) owners_list = res_map[unique_resource_name][OWNERS] if not client_id in owners_list: output_objects.append({ 'object_type': 'error_text', 'text': 'You are not an owner of %s!' % unique_resource_name }) output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid resource %s message!' % request_type }) return (output_objects, returnvalues.CLIENT_ERROR) target_id = '%s resource owners' % unique_resource_name target_name = unique_resource_name target_list = [user_id.strip() for user_id in visible_user_names] elif request_type == "resourceowner": if not visible_res_names: output_objects.append({ 'object_type': 'error_text', 'text': 'No resource ID specified!' }) return (output_objects, returnvalues.CLIENT_ERROR) # NOTE: we support exactly one resource but multiple users here unique_resource_name = visible_res_names[-1].strip() anon_map = anon_to_real_res_map(configuration.resource_home) if unique_resource_name in anon_map: unique_resource_name = anon_map[unique_resource_name] target_name = unique_resource_name res_map = get_resource_map(configuration) if unique_resource_name not in res_map: output_objects.append({ 'object_type': 'error_text', 'text': 'No such resource: %s' % unique_resource_name }) return (output_objects, returnvalues.CLIENT_ERROR) target_list = res_map[unique_resource_name][OWNERS] if client_id in target_list: output_objects.append({ 'object_type': 'error_text', 'text': 'You are already an owner of %s!' % unique_resource_name }) return (output_objects, returnvalues.CLIENT_ERROR) request_dir = os.path.join(configuration.resource_home, unique_resource_name) access_request = { 'request_type': request_type, 'entity': client_id, 'target': unique_resource_name, 'request_text': request_text } if not save_access_request(configuration, request_dir, access_request): output_objects.append({ 'object_type': 'error_text', 'text': 'Could not save request - owners may still manually add you' }) return (output_objects, returnvalues.SYSTEM_ERROR) elif request_type in ["vgridmember", "vgridowner", "vgridresource"]: if not vgrid_name: output_objects.append({ 'object_type': 'error_text', 'text': 'No vgrid_name specified!' }) return (output_objects, returnvalues.CLIENT_ERROR) # default vgrid is read-only if vgrid_name.upper() == default_vgrid.upper(): output_objects.append({ 'object_type': 'error_text', 'text': 'No requests for %s are not allowed!' % default_vgrid }) return (output_objects, returnvalues.CLIENT_ERROR) # stop owner or member request if already an owner # and prevent repeated resource access requests if request_type == 'vgridresource': # NOTE: we support exactly one resource here unique_resource_name = visible_res_names[-1].strip() target_id = entity = unique_resource_name if vgrid_is_resource(vgrid_name, unique_resource_name, configuration): output_objects.append({ 'object_type': 'error_text', 'text': 'You already have access to %s or a parent %s.' % (vgrid_name, label) }) return (output_objects, returnvalues.CLIENT_ERROR) else: target_id = entity = client_id if vgrid_is_owner(vgrid_name, client_id, configuration): output_objects.append({ 'object_type': 'error_text', 'text': 'You are already an owner of %s or a parent %s!' % (vgrid_name, label) }) return (output_objects, returnvalues.CLIENT_ERROR) # only ownership requests are allowed for existing members if request_type == 'vgridmember': if vgrid_is_member(vgrid_name, client_id, configuration): output_objects.append({ 'object_type': 'error_text', 'text': 'You are already a member of %s or a parent %s.' % (vgrid_name, label) }) return (output_objects, returnvalues.CLIENT_ERROR) # Find all VGrid owners configured to receive notifications target_name = vgrid_name (settings_status, settings_dict) = vgrid_settings(vgrid_name, configuration, recursive=True, as_dict=True) if not settings_status: settings_dict = {} request_recipients = settings_dict.get('request_recipients', default_vgrid_settings_limit) # We load and use direct owners first if any - otherwise inherited owners_list = [] for inherited in (False, True): (owners_status, owners_list) = vgrid_owners(vgrid_name, configuration, recursive=inherited) if not owners_status: output_objects.append({ 'object_type': 'error_text', 'text': 'Failed to lookup owners for %s %s - sure it exists?' % (vgrid_name, label) }) return (output_objects, returnvalues.CLIENT_ERROR) elif owners_list: break if not owners_list: output_objects.append({ 'object_type': 'error_text', 'text': 'Failed to lookup owners for %s %s - sure it exists?' % (vgrid_name, label) }) return (output_objects, returnvalues.CLIENT_ERROR) # Now we have direct or inherited owners to notify target_list = owners_list[:request_recipients] request_dir = os.path.join(configuration.vgrid_home, vgrid_name) access_request = { 'request_type': request_type, 'entity': entity, 'target': vgrid_name, 'request_text': request_text } if not save_access_request(configuration, request_dir, access_request): output_objects.append({ 'object_type': 'error_text', 'text': 'Could not save request - owners may still manually add you' }) return (output_objects, returnvalues.SYSTEM_ERROR) else: output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid request type: %s' % request_type }) return (output_objects, returnvalues.CLIENT_ERROR) # Now send request to all targets in turn # TODO: inform requestor if no owners have mail/IM set in their settings logger.debug("sending notification to recipients: %s" % target_list) for target in target_list: if not target: logger.warning("skipping empty notify target: %s" % target_list) continue # USER_CERT entry is destination notify = [] for proto in protocols: notify.append('%s: SETTINGS' % proto) job_dict = { 'NOTIFY': notify, 'JOB_ID': 'NOJOBID', 'USER_CERT': target, 'EMAIL_SENDER': client_email } notifier = notify_user_thread( job_dict, [target_id, target_name, request_type, request_text, reply_to], 'SENDREQUEST', logger, '', configuration, ) # Try finishing delivery but do not block forever on one message notifier.join(30) output_objects.append({ 'object_type': 'text', 'text': 'Sent %s message to %d people' % (request_type, len(target_list)) }) im_notify_protocols = [ i for i in configuration.notify_protocols if i != 'email' ] if im_notify_protocols: enabled_notify = 'IM / email' else: enabled_notify = 'email' output_objects.append({ 'object_type': 'text', 'text': """Please make sure you have %s notifications configured on your Setings page if you expect a reply to this message""" % enabled_notify }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_menu=False) defaults = signature()[1] logger.debug('in extoidaction: %s' % user_arguments_dict) (validate_status, accepted) = validate_input(user_arguments_dict, defaults, output_objects, allow_rejects=False) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) # Unfortunately OpenID does not use POST # if not safe_handler(configuration, 'post', op_name, client_id, # get_csrf_limit(configuration), accepted): # output_objects.append( # {'object_type': 'error_text', 'text': '''Only accepting # CSRF-filtered POST requests to prevent unintended updates''' # }) # return (output_objects, returnvalues.CLIENT_ERROR) title_entry = find_entry(output_objects, 'title') title_entry[ 'text'] = '%s OpenID account sign up' % configuration.short_title title_entry['skipmenu'] = True output_objects.append({ 'object_type': 'header', 'text': '%s OpenID account sign up' % configuration.short_title }) admin_email = configuration.admin_email smtp_server = configuration.smtp_server user_pending = os.path.abspath(configuration.user_pending) # force name to capitalized form (henrik karlsen -> Henrik Karlsen) id_url = os.environ['REMOTE_USER'].strip() openid_prefix = configuration.user_ext_oid_provider.rstrip('/') + '/' raw_login = id_url.replace(openid_prefix, '') full_name = accepted['openid.sreg.full_name'][-1].strip().title() country = accepted['openid.sreg.country'][-1].strip().upper() state = accepted['state'][-1].strip().title() organization = accepted['openid.sreg.organization'][-1].strip() organizational_unit = accepted['openid.sreg.organizational_unit'][ -1].strip() locality = accepted['openid.sreg.locality'][-1].strip() # lower case email address email = accepted['openid.sreg.email'][-1].strip().lower() password = accepted['password'][-1] #verifypassword = accepted['verifypassword'][-1] # keep comment to a single line comment = accepted['comment'][-1].replace('\n', ' ') # single quotes break command line format - remove comment = comment.replace("'", ' ') accept_terms = (accepted['accept_terms'][-1].strip().lower() in ('1', 'o', 'y', 't', 'on', 'yes', 'true')) if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) if not accept_terms: output_objects.append({ 'object_type': 'error_text', 'text': 'You must accept the terms of use in sign up!' }) output_objects.append({ 'object_type': 'link', 'destination': 'javascript:history.back();', 'class': 'genericbutton', 'text': "Try again" }) return (output_objects, returnvalues.CLIENT_ERROR) user_dict = { 'full_name': full_name, 'organization': organization, 'organizational_unit': organizational_unit, 'locality': locality, 'state': state, 'country': country, 'email': email, 'password': password, 'comment': comment, 'expire': default_account_expire(configuration, 'oid'), 'openid_names': [raw_login], 'auth': ['extoid'], } fill_distinguished_name(user_dict) user_id = user_dict['distinguished_name'] if configuration.user_openid_providers and configuration.user_openid_alias: user_dict['openid_names'].append( user_dict[configuration.user_openid_alias]) req_path = None try: (os_fd, req_path) = tempfile.mkstemp(dir=user_pending) os.write(os_fd, dumps(user_dict)) os.close(os_fd) except Exception as err: logger.error('Failed to write OpenID account request to %s: %s' % (req_path, err)) output_objects.append({ 'object_type': 'error_text', 'text': '''Request could not be sent to site administrators. Please contact them manually on %s if this error persists.''' % admin_email }) return (output_objects, returnvalues.SYSTEM_ERROR) logger.info('Wrote OpenID account request to %s' % req_path) tmp_id = req_path.replace(user_pending, '') user_dict['tmp_id'] = tmp_id # TODO: remove cert generation or generate pw for it mig_user = os.environ.get('USER', 'mig') helper_commands = user_manage_commands(configuration, mig_user, req_path, user_id, user_dict, 'oid') user_dict.update(helper_commands) user_dict['site'] = configuration.short_title user_dict['vgrid_label'] = configuration.site_vgrid_label user_dict['vgridman_links'] = generate_https_urls( configuration, '%(auto_base)s/%(auto_bin)s/vgridman.py', {}) email_header = '%s OpenID request for %s' % \ (configuration.short_title, full_name) email_msg = """ Received an OpenID account sign up with user data * Full Name: %(full_name)s * Organization: %(organization)s * State: %(state)s * Country: %(country)s * Email: %(email)s * Comment: %(comment)s * Expire: %(expire)s Command to create user on %(site)s server: %(command_user_create)s Optional command to create matching certificate: %(command_cert_create)s Finally add the user %(distinguished_name)s to any relevant %(vgrid_label)ss using one of the management links: %(vgridman_links)s --- If user must be denied access or deleted at some point --- Command to reject user account request on %(site)s server: %(command_user_reject)s Remove the user %(distinguished_name)s from any relevant %(vgrid_label)ss using one of the management links: %(vgridman_links)s Optional command to revoke any user certificates: %(command_cert_revoke)s You need to copy the resulting signed certificate revocation list (crl.pem) to the web server(s) for the revocation to take effect. Command to suspend user on %(site)s server: %(command_user_suspend)s Command to delete user again on %(site)s server: %(command_user_delete)s --- """ % user_dict logger.info('Sending email: to: %s, header: %s, msg: %s, smtp_server: %s' % (admin_email, email_header, email_msg, smtp_server)) if not send_email(admin_email, email_header, email_msg, logger, configuration): output_objects.append({ 'object_type': 'error_text', 'text': '''An error occured trying to send the email requesting your new user account. Please email the site administrators (%s) manually and include the session ID: %s''' % (admin_email, tmp_id) }) return (output_objects, returnvalues.SYSTEM_ERROR) output_objects.append({ 'object_type': 'text', 'text': """Request sent to site administrators: Your user account will be created as soon as possible, so please be patient. Once handled an email will be sent to the account you have specified ('%s') with further information. In case of inquiries about this request, please email the site administrators (%s) and include the session ID: %s""" % (email, configuration.admin_email, tmp_id) }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] title_entry = find_entry(output_objects, 'title') label = "%s" % configuration.site_vgrid_label title_entry['text'] = "Administrate %s" % label # NOTE: Delay header entry here to include vgrid name (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) vgrid_name = accepted['vgrid_name'][-1] # prepare for confirm dialog, tablesort and toggling the views (css/js) # jquery support for tablesorter and confirmation on request and leave # requests table initially sorted by 0, 4, 3 (type first, then date and # with alphabetical client ID last) # sharelinks table initially sorted by 5, 4 reversed (active first and # in growing age) table_specs = [{ 'table_id': 'accessrequeststable', 'pager_id': 'accessrequests_pager', 'sort_order': '[[0,0],[4,0],[3,0]]' }, { 'table_id': 'sharelinkstable', 'pager_id': 'sharelinks_pager', 'sort_order': '[[5,1],[4,1]]' }] (add_import, add_init, add_ready) = man_base_js(configuration, table_specs, {'width': 600}) add_init += ''' var toggleHidden = function(classname) { // classname supposed to have a leading dot $(classname).toggleClass("hidden"); }; /* helpers for dynamic form input fields */ function onOwnerInputChange() { makeSpareFields("#dynownerspares", "cert_id"); } function onMemberInputChange() { makeSpareFields("#dynmemberspares", "cert_id"); } function onResourceInputChange() { makeSpareFields("#dynresourcespares", "unique_resource_name"); } ''' add_ready += ''' /* init add owners/member/resource forms with dynamic input fields */ onOwnerInputChange(); $("#dynownerspares").on("blur", "input[name=cert_id]", function(event) { //console.debug("in add owner blur handler"); onOwnerInputChange(); } ); onMemberInputChange(); $("#dynmemberspares").on("blur", "input[name=cert_id]", function(event) { //console.debug("in add member blur handler"); onMemberInputChange(); } );''' if configuration.site_enable_resources: add_ready += ''' onResourceInputChange(); $("#dynresourcespares").on("blur", "input[name=unique_resource_name]", function(event) { console.debug("in resource blur handler"); onResourceInputChange(); } ); ''' title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({ 'object_type': 'html_form', 'text': man_base_html(configuration) }) form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = { 'short_title': configuration.short_title, 'vgrid_label': label, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit } output_objects.append({ 'object_type': 'header', 'text': "Administrate '%s'" % vgrid_name }) if not vgrid_is_owner(vgrid_name, client_id, configuration): output_objects.append({ 'object_type': 'error_text', 'text': 'Only owners of %s can administrate it.' % vgrid_name }) target_op = "sendrequestaction" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) js_name = 'reqvgridowner%s' % hexlify(vgrid_name) helper = html_post_helper( js_name, '%s.py' % target_op, { 'vgrid_name': vgrid_name, 'request_type': 'vgridowner', 'request_text': '', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) output_objects.append({ 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s', '%s');" % (js_name, "Request ownership of " + vgrid_name + ":<br/>" + "\nPlease write a message to the owners below.", 'request_text'), 'class': 'addadminlink iconspace', 'title': 'Request ownership of %s' % vgrid_name, 'text': 'Apply to become an owner' }) return (output_objects, returnvalues.SYSTEM_ERROR) for (item, scr) in zip(['owner', 'member', 'resource'], ['vgridowner', 'vgridmember', 'vgridres']): if item == 'resource' and not configuration.site_enable_resources: continue output_objects.append({ 'object_type': 'sectionheader', 'text': "%ss" % item.title() }) (init_status, oobjs) = vgrid_add_remove_table(client_id, vgrid_name, item, scr, configuration) if not init_status: output_objects.extend(oobjs) return (output_objects, returnvalues.SYSTEM_ERROR) else: output_objects.append({ 'object_type': 'html_form', 'text': '<div class="div-%s">' % item }) output_objects.append({ 'object_type': 'link', 'destination': "javascript:toggleHidden('.div-%s');" % item, 'class': 'removeitemlink iconspace', 'title': 'Toggle view', 'text': 'Hide %ss' % item.title() }) output_objects.extend(oobjs) output_objects.append({ 'object_type': 'html_form', 'text': '</div><div class="hidden div-%s">' % item }) output_objects.append({ 'object_type': 'link', 'destination': "javascript:toggleHidden('.div-%s');" % item, 'class': 'additemlink iconspace', 'title': 'Toggle view', 'text': 'Show %ss' % item.title() }) output_objects.append({ 'object_type': 'html_form', 'text': '</div>' }) # Pending requests target_op = "addvgridowner" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper( "acceptvgridownerreq", "%s.py" % target_op, { 'vgrid_name': vgrid_name, 'cert_id': '__DYNAMIC__', 'request_name': '__DYNAMIC__', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) target_op = "addvgridmember" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper( "acceptvgridmemberreq", "%s.py" % target_op, { 'vgrid_name': vgrid_name, 'cert_id': '__DYNAMIC__', 'request_name': '__DYNAMIC__', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) target_op = "addvgridres" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper( "acceptvgridresourcereq", "%s.py" % target_op, { 'vgrid_name': vgrid_name, 'unique_resource_name': '__DYNAMIC__', 'request_name': '__DYNAMIC__', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) target_op = "rejectvgridreq" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper( "rejectvgridreq", "%s.py" % target_op, { 'vgrid_name': vgrid_name, 'request_name': '__DYNAMIC__', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) request_dir = os.path.join(configuration.vgrid_home, vgrid_name) request_list = [] for req_name in list_access_requests(configuration, request_dir): req = load_access_request(configuration, request_dir, req_name) if not req: continue if not req.get('request_type', None) in ["vgridowner", "vgridmember", "vgridresource"]: logger.error("unexpected request_type %(request_type)s" % req) continue request_item = build_accessrequestitem_object(configuration, req) # Convert filename with exotic chars into url-friendly pure hex version shared_args = {"request_name": hexlify(req["request_name"])} accept_args, reject_args = {}, {} accept_args.update(shared_args) reject_args.update(shared_args) if req['request_type'] == "vgridresource": accept_args["unique_resource_name"] = req["entity"] else: accept_args["cert_id"] = req["entity"] request_item['acceptrequestlink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s', %s, %s);" % ("accept%(request_type)sreq" % req, "Accept %(target)s %(request_type)s request from %(entity)s" % req, 'undefined', "{%s}" % ', '.join(["'%s': '%s'" % pair for pair in accept_args.items()])), 'class': 'addlink iconspace', 'title': 'Accept %(target)s %(request_type)s request from %(entity)s' % req, 'text': '' } request_item['rejectrequestlink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s', %s, %s);" % ("rejectvgridreq", "Reject %(target)s %(request_type)s request from %(entity)s" % req, 'undefined', "%s" % reject_args), 'class': 'removelink iconspace', 'title': 'Reject %(target)s %(request_type)s request from %(entity)s' % req, 'text': '' } request_list.append(request_item) output_objects.append({ 'object_type': 'sectionheader', 'text': "Pending Requests" }) output_objects.append({ 'object_type': 'table_pager', 'id_prefix': 'accessrequests_', 'entry_name': 'access requests', 'default_entries': default_pager_entries }) output_objects.append({ 'object_type': 'accessrequests', 'accessrequests': request_list }) # VGrid Share links # Table columns to skip skip_list = [ 'editsharelink', 'delsharelink', 'invites', 'expire', 'single_file' ] # NOTE: Inheritance is a bit tricky for sharelinks because parent shares # only have relevance if they actually share a path that is a prefix of # vgrid_name. (share_status, share_list) = vgrid_sharelinks(vgrid_name, configuration) sharelinks = [] if share_status: for share_dict in share_list: rel_path = share_dict['path'].strip(os.sep) parent_vgrids = vgrid_list_parents(vgrid_name, configuration) include_share = False # Direct sharelinks (careful not to greedy match A/B with A/BCD) if rel_path == vgrid_name or \ rel_path.startswith(vgrid_name+os.sep): include_share = True # Parent vgrid sharelinks that in effect also give access here for parent in parent_vgrids: if rel_path == parent: include_share = True if include_share: share_item = build_sharelinkitem_object( configuration, share_dict) sharelinks.append(share_item) else: logger.warning("failed to load vgrid sharelinks for %s: %s" % (vgrid_name, share_list)) output_objects.append({ 'object_type': 'sectionheader', 'text': "Share Links" }) output_objects.append({ 'object_type': 'html_form', 'text': '<p>Current share links in %s shared folder</p>' % vgrid_name }) output_objects.append({ 'object_type': 'table_pager', 'id_prefix': 'sharelinks_', 'entry_name': 'share links', 'default_entries': default_pager_entries }) output_objects.append({ 'object_type': 'sharelinks', 'sharelinks': sharelinks, 'skip_list': skip_list }) # VGrid settings output_objects.append({'object_type': 'sectionheader', 'text': "Settings"}) (direct_status, direct_dict) = vgrid_settings(vgrid_name, configuration, recursive=False, as_dict=True) if not direct_status or not direct_dict: direct_dict = {} (settings_status, settings_dict) = vgrid_settings(vgrid_name, configuration, recursive=True, as_dict=True) if not settings_status or not settings_dict: settings_dict = {} form_method = 'post' csrf_limit = get_csrf_limit(configuration) # Always set these values settings_dict.update({ 'vgrid_name': vgrid_name, 'vgrid_label': label, 'owners': keyword_owners, 'members': keyword_members, 'all': keyword_all, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit }) target_op = 'vgridsettings' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) settings_dict.update({'target_op': target_op, 'csrf_token': csrf_token}) settings_form = ''' <form method="%(form_method)s" action="%(target_op)s.py"> <fieldset> <legend>%(vgrid_label)s configuration</legend> <input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" /> <input type="hidden" name="vgrid_name" value="%(vgrid_name)s" /> ''' description = settings_dict.get('description', '') settings_form += ''' <h4>Public description</h4> <textarea class="fillwidth padspace" name="description" rows=10 >%s</textarea> ''' % description settings_form += '<br/>' settings_form += '''<p>All visibility options below can be set to owners, members or everyone and by default only owners can see participation. In effect setting visibility to <em>members</em> means that owners and members can see the corresponding participants. Similarly setting a visibility flag to <em>everyone</em> means that all %s users can see the participants.</p> ''' % configuration.short_title visibility_options = [("Owners are visible to", "visible_owners"), ("Members are visible to", "visible_members"), ("Resources are visible to", "visible_resources")] for (title, field) in visibility_options: settings_form += '<h4>%s</h4>' % title if direct_dict.get(field, False): choices = _valid_visible + _reset_choice else: choices = _valid_visible + _keep_choice for (key, val) in choices: checked = '' if settings_dict.get(field, keyword_owners) == val: checked = "checked" settings_form += ''' <input type="radio" name="%s" value="%s" %s/> %s ''' % (field, val, checked, key) settings_form += '<br/>' field = 'restrict_settings_adm' restrict_settings_adm = settings_dict.get(field, default_vgrid_settings_limit) if direct_dict.get(field, False): direct_note = _reset_note else: direct_note = _keep_note settings_form += ''' <h4>Restrict Settings</h4> Restrict changing of these settings to only the first <input type="number" name="restrict_settings_adm" min=0 max=999 minlength=1 maxlength=3 value=%d required /> owners %s. ''' % (restrict_settings_adm, direct_note) settings_form += '<br/>' field = 'restrict_owners_adm' restrict_owners_adm = settings_dict.get(field, default_vgrid_settings_limit) if direct_dict.get(field, False): direct_note = _reset_note else: direct_note = _keep_note settings_form += ''' <h4>Restrict Owner Administration</h4> Restrict administration of owners to only the first <input type="number" name="restrict_owners_adm" min=0 max=999 minlength=1 maxlength=3 value=%d required /> owners %s. ''' % (restrict_owners_adm, direct_note) settings_form += '<br/>' field = 'restrict_members_adm' restrict_members_adm = settings_dict.get(field, default_vgrid_settings_limit) if direct_dict.get(field, False): direct_note = _reset_note else: direct_note = _keep_note settings_form += ''' <h4>Restrict Member Administration</h4> Restrict administration of members to only the first <input type="number" name="restrict_members_adm" min=0 max=999 minlength=1 maxlength=3 value=%d required /> owners %s. ''' % (restrict_members_adm, direct_note) settings_form += '<br/>' field = 'restrict_resources_adm' restrict_resources_adm = settings_dict.get(field, default_vgrid_settings_limit) if direct_dict.get(field, False): direct_note = _reset_note else: direct_note = _keep_note settings_form += ''' <h4>Restrict Resource Administration</h4> Restrict administration of resources to only the first <input type="number" name="restrict_resources_adm" min=0 max=999 minlength=1 maxlength=3 value=%d required /> owners %s. ''' % (restrict_resources_adm, direct_note) settings_form += '<br/>' if vgrid_restrict_write_support(configuration): settings_form += '''<p>All write access options below can be set to owners, members or none. By default only owners can write web pages while owners and members can edit data in the shared folders. In effect setting write access to <em>members</em> means that owners and members have full access. Similarly setting a write access flag to <em>owners</em> means that only owners can modify the data, while members can only read and use it. Finally setting a write access flag to <em>none</em> means that neither owners nor members can modify the data there, effectively making it read-only. Some options are not yet supported and thus are disabled below. </p> ''' writable_options = [ ("Shared files write access", "write_shared_files", keyword_members), ("Private web page write access", "write_priv_web", keyword_owners), ("Public web page write access", "write_pub_web", keyword_owners), ] else: writable_options = [] for (title, field, default) in writable_options: settings_form += '<h4>%s</h4>' % title if direct_dict.get(field, False): choices = _valid_write_access + _reset_choice else: choices = _valid_write_access + _keep_choice for (key, val) in choices: disabled = '' # TODO: remove these artifical limits once we support changing # TODO: also add check for vgrid web reshare in sharelink then if field == 'write_shared_files' and val == keyword_owners: disabled = 'disabled' elif field == 'write_priv_web' and val in [ keyword_members, keyword_none ]: disabled = 'disabled' elif field == 'write_pub_web' and val in [ keyword_members, keyword_none ]: disabled = 'disabled' checked = '' if settings_dict.get(field, default) == val: checked = "checked" settings_form += ''' <input type="radio" name="%s" value="%s" %s %s /> %s ''' % (field, val, checked, disabled, key) settings_form += '<br/>' sharelink_options = [("Limit sharelink creation to", "create_sharelink")] for (title, field) in sharelink_options: settings_form += '<h4>%s</h4>' % title if direct_dict.get(field, False): choices = _valid_sharelink + _reset_choice else: choices = _valid_sharelink + _keep_choice for (key, val) in choices: checked = '' if settings_dict.get(field, keyword_owners) == val: checked = "checked" settings_form += ''' <input type="radio" name="%s" value="%s" %s/> %s ''' % (field, val, checked, key) settings_form += '<br/>' field = 'request_recipients' request_recipients = settings_dict.get(field, default_vgrid_settings_limit) if direct_dict.get(field, False): direct_note = _reset_note else: direct_note = _keep_note settings_form += ''' <h4>Request Recipients</h4> Notify only first <input type="number" name="request_recipients" min=0 max=999 minlength=1 maxlength=3 value=%d required /> owners about access requests %s. ''' % (request_recipients, direct_note) settings_form += '<br/>' bool_options = [ ("Hidden", "hidden"), ] for (title, field) in bool_options: settings_form += '<h4>%s</h4>' % title if direct_dict.get(field, False): choices = _valid_bool + _reset_choice else: choices = _valid_bool + _keep_choice for (key, val) in choices: checked, inherit_note = '', '' if settings_dict.get(field, False) == val: checked = "checked" if direct_dict.get(field, False) != \ settings_dict.get(field, False): inherit_note = ''' <span class="warningtext iconspace"> Forced by a parent %(vgrid_label)s. Please disable there first if you want to change the value here.</span>''' % settings_dict settings_form += ''' <input type="radio" name="%s" value="%s" %s /> %s ''' % (field, val, checked, key) settings_form += '%s<br/>' % inherit_note settings_form += '<br/>' settings_form += ''' <input type="submit" value="Save settings" /> </fieldset> </form> ''' output_objects.append({ 'object_type': 'html_form', 'text': settings_form % settings_dict }) # Checking/fixing of missing components output_objects.append({ 'object_type': 'sectionheader', 'text': "Repair/Add Components" }) target_op = 'updatevgrid' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) settings_dict.update({'target_op': target_op, 'csrf_token': csrf_token}) output_objects.append({ 'object_type': 'html_form', 'text': ''' <form method="%(form_method)s" action="%(target_op)s.py"> <input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" /> <input type="hidden" name="vgrid_name" value="%(vgrid_name)s" /> <input type="submit" value="Repair components" /> </form> ''' % settings_dict }) (owners_status, owners_direct) = vgrid_owners(vgrid_name, configuration, False) if not owners_status: logger.error("failed to load owners for %s: %s" % (vgrid_name, owners_direct)) return (output_objects, returnvalues.SYSTEM_ERROR) (members_status, members_direct) = vgrid_members(vgrid_name, configuration, False) if not members_status: logger.error("failed to load members for %s: %s" % (vgrid_name, members_direct)) return (output_objects, returnvalues.SYSTEM_ERROR) (resources_status, resources_direct) = vgrid_resources(vgrid_name, configuration, False) if not resources_status: logger.error("failed to load resources for %s: %s" % (vgrid_name, resources_direct)) return (output_objects, returnvalues.SYSTEM_ERROR) output_objects.append({ 'object_type': 'sectionheader', 'text': "Delete %s " % vgrid_name }) if len(owners_direct) > 1 or members_direct or resources_direct: output_objects.append({ 'object_type': 'html_form', 'text': ''' To delete <b>%(vgrid)s</b> first remove all resources, members and owners ending with yourself. ''' % { 'vgrid': vgrid_name } }) else: output_objects.append({ 'object_type': 'html_form', 'text': ''' <p>As the last owner you can leave and delete <b>%(vgrid)s</b> including all associated shared files and components.<br/> </p> <p class="warningtext"> You cannot undo such delete operations, so please use with great care! </p> ''' % { 'vgrid': vgrid_name } }) target_op = "rmvgridowner" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) js_name = 'rmlastvgridowner' helper = html_post_helper( js_name, '%s.py' % target_op, { 'vgrid_name': vgrid_name, 'cert_id': client_id, 'flags': 'f', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) output_objects.append({ 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s');" % (js_name, 'Really leave and delete %s?' % vgrid_name), 'class': 'removelink iconspace', 'title': 'Leave and delete %s' % vgrid_name, 'text': 'Leave and delete %s' % vgrid_name }) # Spacing output_objects.append({ 'object_type': 'html_form', 'text': ''' <div class="vertical-spacer"></div> ''' }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) flavor = accepted['flavor'][-1].strip() freeze_id = accepted['freeze_id'][-1].strip() if not flavor in freeze_flavors.keys(): output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid freeze flavor: %s' % flavor }) return (output_objects, returnvalues.CLIENT_ERROR) title = freeze_flavors[flavor]['adminfreeze_title'] output_objects.append({'object_type': 'header', 'text': title}) title_entry = find_entry(output_objects, 'title') title_entry['text'] = title if not configuration.site_enable_freeze: output_objects.append({ 'object_type': 'text', 'text': '''Freezing archives is disabled on this site. Please contact the site admins %s if you think it should be enabled. ''' % configuration.admin_email }) return (output_objects, returnvalues.OK) # Load existing freeze for stepwise construction if requested freeze_dict = {'ID': freeze_id, 'FLAVOR': flavor} if freeze_id != keyword_auto: (load_status, freeze_dict) = get_frozen_archive(client_id, freeze_id, configuration, checksum_list=[]) if not load_status: logger.error("%s: load failed for '%s': %s" % (op_name, freeze_id, brief_freeze(freeze_dict))) output_objects.append({ 'object_type': 'error_text', 'text': 'Could not read details for "%s"' % freeze_id }) return (output_objects, returnvalues.SYSTEM_ERROR) logger.debug("%s: loaded freeze: %s" % (op_name, brief_freeze(freeze_dict))) # Preserve already saved flavor flavor = freeze_dict.get('FLAVOR', 'freeze') freeze_state = freeze_dict.get('STATE', keyword_final) if freeze_state == keyword_final: logger.error("%s tried to edit finalized %s archive %s" % (client_id, flavor, freeze_id)) output_objects.append({ 'object_type': 'error_text', 'text': 'You cannot edit finalized %s archive %s' % (flavor, freeze_id) }) output_objects.append({ 'object_type': 'link', 'destination': 'showfreeze.py?freeze_id=%s;flavor=%s' % (freeze_id, flavor), 'class': 'viewarchivelink iconspace genericbutton', 'title': 'View details about your %s archive' % flavor, 'text': 'View details', }) return (output_objects, returnvalues.CLIENT_ERROR) elif freeze_state == keyword_updating: logger.error("%s tried to edit %s archive %s under update" % (client_id, flavor, freeze_id)) output_objects.append({ 'object_type': 'error_text', 'text': 'You cannot edit %s archive %s until active update completes' % (flavor, freeze_id) }) output_objects.append({ 'object_type': 'link', 'destination': 'showfreeze.py?freeze_id=%s;flavor=%s' % (freeze_id, flavor), 'class': 'viewarchivelink iconspace genericbutton', 'title': 'View details about your %s archive' % flavor, 'text': 'View details', }) return (output_objects, returnvalues.CLIENT_ERROR) form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = { 'flavor': flavor, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit } target_op = 'uploadchunked' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) lookup_map = { 'freeze_id': 'ID', 'freeze_name': 'NAME', 'freeze_author': 'AUTHOR', 'freeze_description': 'DESCRIPTION' } for (key, val) in lookup_map.items(): fill_helpers[key] = freeze_dict.get(val, '') fill_helpers['publish_value'] = 'no' if freeze_dict.get('PUBLISH', False): fill_helpers['publish_value'] = 'yes' # jquery fancy upload (add_import, add_init, add_ready) = fancy_upload_js(configuration, csrf_token=csrf_token) # We need filechooser deps and dynamic addition of copy/upload fields add_import += ''' <script type="text/javascript" src="/images/js/jquery.tablesorter.js"></script> <script type="text/javascript" src="/images/js/jquery.prettyprint.js"></script> <script type="text/javascript" src="/images/js/jquery.contextmenu.js"></script> <script type="text/javascript" src="/images/js/jquery.xbreadcrumbs.js"></script> <!-- The preview image plugin --> <script type="text/javascript" src="/images/js/preview.js"></script> <!-- The image manipulation CamanJS plugin used by the preview image plugin --> <script type="text/javascript" src="/images/lib/CamanJS/dist/caman.full.js"></script> <!-- The nouislider plugin used by the preview image plugin --> <script type="text/javascript" src="/images/lib/noUiSlider/jquery.nouislider.all.js"></script> ''' add_init += ''' Caman.DEBUG = false var copy_fields = 0; var upload_fields = 0; var open_file_chooser; var open_upload_dialog; /* default upload destination */ var remote_path = "%s"; var trash_linkname = "%s"; var copy_div_id = "copyfiles"; var upload_div_id = "uploadfiles"; /* for upload_callback */ var field_id, field_name, wrap_id, upload_path, on_remove; function add_copy() { var div_id = copy_div_id; var field_id = "freeze_copy_"+copy_fields; var field_name = "freeze_copy_"+copy_fields; var wrap_id = field_id+"_wrap"; var browse_id = field_id+"_browse"; copy_entry = "<span id=\'"+wrap_id+"\'>"; copy_entry += "<input type=\'button\' value=\'Remove\' "; copy_entry += " onClick=\'remove_field(\"+wrap_id+\");\'/>"; // add browse button to mimic upload field copy_entry += "<input type=\'button\' id=\'"+browse_id+"\' "; copy_entry += " value=\'Browse...\' />"; copy_entry += "<input type=\'text\' id=\'"+field_id+"\' "; copy_entry += " name=\'" + field_name + "\' size=80 /><br / >"; copy_entry += "</span>"; $("#"+div_id).append(copy_entry); $("#"+field_id).click(function() { open_file_chooser("Add file or directory (right click to select)", function(file) { $("#"+field_id).val(file); }); }); $("#"+browse_id).click(function() { $("#"+field_id).click(); }); $("#"+field_id).click(); copy_fields += 1; } function upload_callback() { var div_id = upload_div_id; console.log("in upload callback"); $(".uploadfileslist > tr > td > p.name > a").each( function(index) { console.log("callback for upload item no. "+index); upload_path = $(this).text(); if ($(this).attr("href") == "") { console.log("skipping empty (error) upload: "+upload_path); // Continue to next iteration on errors return true; } console.log("callback for upload path "+upload_path); field_id = "freeze_move_"+upload_fields; field_name = "freeze_move_"+upload_fields; wrap_id = field_id+"_wrap"; if ($("#"+div_id+" > span > input[value=\\""+upload_path+"\\"]").length) { console.log("skipping duplicate path: "+upload_path); // Continue to next iteration on errors return true; } else { console.log("adding new path: "+upload_path); } on_remove = ""; on_remove += "remove_field("+wrap_id+");"; on_remove += "$.fn.delete_upload(\\""+upload_path+"\\");"; upload_entry = "<span id=\'"+wrap_id+"\'>"; upload_entry += "<input type=\'button\' value=\'Remove\' "; upload_entry += " onClick=\'"+on_remove+"\'/>"; upload_entry += "<input type=\'text\' id=\'"+field_id+"\' "; upload_entry += " name=\'" + field_name + "\' size=50 "; upload_entry += "value=\\""+upload_path+"\\" /><br / >"; upload_entry += "</span>"; $("#"+div_id).append(upload_entry); console.log("callback added upload: "+upload_entry); upload_fields += 1; }); console.log("callback done"); } function add_upload() { openFancyUpload("Upload Files", upload_callback, "", remote_path, true, "", "%s"); } function remove_field(field_id) { $(field_id).remove(); } // init file chooser dialogs with directory selection support function init_dialogs() { open_file_chooser = mig_filechooser_init("fm_filechooser", function(file) { return; }, false, "/"); /* We reuse shared init function but use custom actual opener above to mangle resulting files into archive form. */ initFancyUpload(); /* Alias open_dialog to open_upload_dialog for clarity */ open_upload_dialog = open_dialog; $("#addfilebutton").click(function() { add_copy(); }); $("#adduploadbutton").click(function() { add_upload(); }); } function init_page() { init_dialogs(); } ''' % (upload_tmp_dir, trash_linkname, csrf_token) add_ready += ''' // do sequenced initialisation (separate function) init_page(); ''' # TODO: can we update style inline to avoid explicit themed_styles? title_entry['style'] = themed_styles( configuration, base=[ 'jquery.contextmenu.css', 'jquery.managers.contextmenu.css', 'jquery.xbreadcrumbs.css', 'jquery.fmbreadcrumbs.css', 'jquery.fileupload.css', 'jquery.fileupload-ui.css' ], skin=['fileupload-ui.custom.css', 'xbreadcrumbs.custom.css'], user_settings=title_entry.get('user_settings', {})) title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready if flavor == 'freeze': fill_helpers['freeze_name'] = fill_helpers.get('freeze_name', '') fill_helpers["archive_header"] = "Freeze Archive Files" fill_helpers["button_label"] = "Save and Preview" intro_text = """ Please enter your archive details below and select any files to be included in the archive. """ elif flavor == 'phd': fill_helpers['freeze_name'] = fill_helpers.get('freeze_name', '') fill_helpers[ "archive_header"] = "Thesis and Associated Files to Archive" fill_helpers["button_label"] = "Save and Preview" intro_text = """ Please enter your PhD details below and select any files associated with your thesis. """ elif flavor == 'backup': fill_helpers['freeze_name'] = fill_helpers.get('freeze_name', '') if not fill_helpers['freeze_name']: now = datetime.datetime.now().isoformat().replace(':', '') fill_helpers['freeze_name'] = 'backup-%s' % now fill_helpers["archive_header"] = "Files and folders to Archive" fill_helpers["button_label"] = "Save and Preview" intro_text = """ Please select the files and folders to backup below. """ else: output_objects.append({ 'object_type': 'error_text', 'text': "unknown flavor: %s" % flavor }) return (output_objects, returnvalues.SYSTEM_ERROR) # Only warn here if default state is final and persistent if freeze_flavors[flavor]['states'][0] == keyword_final and \ flavor in configuration.site_permanent_freeze: intro_text += """ <p class='warn_message'>Note that frozen archives <em>cannot</em> be changed after final creation and then they can only be manually removed by management, so please be careful when filling in the details. </p> """ fill_helpers["fancy_dialog"] = fancy_upload_html(configuration) files_form = """ <!-- and now this... we do not want to see it, except in a dialog: --> <div id='fm_filechooser' style='display:none'> <div class='tree-container container-fluid'> <div class='tree-row row'> <div class='tree-header col-3'></div> <div class='fm_path_breadcrumbs col-6'> <ul id='fm_xbreadcrumbs' class='xbreadcrumbs'><!-- dynamic --></ul> </div> <div class='fm_buttonbar col-3 d-none d-lg-block'> <ul id='fm_buttons' class='buttonbar'> <!-- dynamically modified by js to show optional buttons --> <li class='datatransfersbutton hidden' title='Manage Data Transfers'> </li> <li class='sharelinksbutton hidden' title='Manage Share Links'> </li> <li class='parentdirbutton' title='Open Parent Directory'> </li> <li class='refreshbutton' title='Refresh'> </li> </ul> </div> <div class='fm_buttonbar-big col-6 d-block d-lg-none hidden'> <ul id='fm_buttons' class='buttonbar'> <!-- dynamically modified by js to show optional buttons --> <li class='datatransfersbutton hidden' title='Manage Data Transfers'> </li> <li class='sharelinksbutton hidden' title='Manage Share Links'> </li> <li class='parentdirbutton' title='Open Parent Directory'> </li> <li class='refreshbutton' title='Refresh'> </li> </ul> </div> </div> </div> <div class='fm_addressbar'> <input type='hidden' value='/' name='fm_current_path' /> </div> <div class='fm_folders'> <ul class='jqueryFileTree'> <li class='directory expanded'> <a>...</a> </li> </ul> </div> <div class='fm_files'> <table id='fm_filelisting' style='font-size:13px; border-spacing=0;'> <thead> <tr> <th class='fm_name'>Name</th> <th class='fm_size'>Size</th> <th class='fm_type'>Type</th> <th class='fm_date'>Date Modified</th> <th class='fm_toolbox'>...</th> </tr> </thead> <tbody> <!-- this is a placeholder for contents: do not remove! --> </tbody> </table> </div> <div id='fm_statusbar' class='col-lg-12'> <div id='fm_statusprogress' class=' col-lg-3'> <div class='progress-label'>Loading...</div> </div> <div id='fm_options' class='col-lg-2'> <label id='fm_toggle_touchscreen' class='switch' for='fm_touchscreen' > <input id='fm_touchscreen' type='checkbox' /> <span class='slider round' title='all clicks trigger menu'></span> </label><span id='fm_touchscreen_label'>Touch mode</span> <label id='fm_toggle_dotfiles' class='switch'> <input id='fm_dotfiles' type='checkbox' /> <span class='slider round' title='Show hidden files and folders'></span> </label><span id='fm_dotfiles_label'>Hidden files</span> </div> <div id='fm_statusinfo' class='col-lg-9'> </div> </div> </div> <div id='cmd_dialog' title='Command output' style='display: none;'></div> %(fancy_dialog)s """ % fill_helpers target_op = 'createfreeze' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) freeze_form = """ <form enctype='multipart/form-data' method='%(form_method)s' action='%(target_op)s.py'> <input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' /> <input type='hidden' name='flavor' value='%(flavor)s' /> <input type='hidden' name='freeze_id' value='%(freeze_id)s' /> <b>Name:</b><br /> <input class='fillwidth padspace' type='text' name='freeze_name' value='%(freeze_name)s' autofocus required pattern='[a-zA-Z0-9_. -]+' title='unique name for the freeze archive. I.e. letters and digits separated only by spaces, underscores, periods and hyphens' /> """ if flavor != 'backup': # TODO: do these make sense to have here or just forced in backend? freeze_form += """ <input type='hidden' name='freeze_department' value='' /> <input type='hidden' name='freeze_organization' value='' /> <br><b>Author(s):</b><br /> <input class='fillwidth padspace' type='text' name='freeze_author' value='%(freeze_author)s' title='optional archive author(s) in case archive is created on behalf of one or more people' /> <br /><b>Description:</b><br /> <textarea class='fillwidth padspace' rows='20' name='freeze_description'>%(freeze_description)s</textarea> <br /> """ freeze_form += """ <br /> <div id='freezefiles'> <b>%(archive_header)s:</b><br/> """ freeze_form += """ <input type='button' id='addfilebutton' value='Add file/directory' /> """ if flavor != 'backup': freeze_form += """ <input type='button' id='adduploadbutton' value='Add upload' /> """ freeze_form += """ <div id='copyfiles'> <!-- Dynamically filled --> </div> """ if flavor != 'backup': freeze_form += """ <div id='uploadfiles'> <!-- Dynamically filled --> </div> """ freeze_form += """ </div> <br /> """ if flavor != 'backup': freeze_form += """ <div id='freezepublish'> <b>Make Dataset Publicly Available</b> """ for val in ('yes', 'no'): checked = '' if fill_helpers['publish_value'] == val: checked = 'checked="checked"' freeze_form += """ <input type='radio' name='freeze_publish' value='%s' %s />%s """ % (val, checked, val) freeze_form += """ </div> <br /> """ freeze_form += """ <input type='submit' value='%(button_label)s' /> </form> """ # TODO: consider in-lining showfreeze file table for direct modify instead # probably requires more AJAX handling of actions. # for rel_path in frozen_files: # freeze_form += """%s<br/>""" % rel_path output_objects.append({'object_type': 'html_form', 'text': intro_text}) output_objects.append({'object_type': 'html_form', 'text': files_form}) output_objects.append({ 'object_type': 'html_form', 'text': freeze_form % fill_helpers }) # Link to view if archive already exists if freeze_id != keyword_auto: frozen_files = [ i['name'] for i in freeze_dict.get('FILES', []) if i['name'] != public_archive_index ] # Info about contents and spacing before view button otherwise if frozen_files: output_objects.append({ 'object_type': 'html_form', 'text': """ <h3>Previously Added Files</h3> <p>There are already %d file(s) saved in the archive and you can view and manage those through the link below e.g. in case you change your mind about including any of them. </p>""" % len(frozen_files) }) else: output_objects.append({'object_type': 'text', 'text': ''}) output_objects.append({ 'object_type': 'link', 'destination': 'showfreeze.py?freeze_id=%s;flavor=%s' % (freeze_id, flavor), 'class': 'viewarchivelink iconspace genericbutton', 'title': 'View details about your %s archive' % flavor, 'text': 'View details', 'target': '_blank', }) # Spacing output_objects.append({ 'object_type': 'html_form', 'text': ''' <div class="vertical-spacer"></div> ''' }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_menu=False) client_dir = client_id_dir(client_id) defaults = signature()[1] (validate_status, accepted) = validate_input(user_arguments_dict, defaults, output_objects, allow_rejects=False) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) if not configuration.site_enable_openid or \ not 'migoid' in configuration.site_signup_methods: output_objects.append({ 'object_type': 'error_text', 'text': '''Local OpenID login is not enabled on this site''' }) return (output_objects, returnvalues.SYSTEM_ERROR) title_entry = find_entry(output_objects, 'title') title_entry['text'] = '%s OpenID account request' % \ configuration.short_title title_entry['skipmenu'] = True form_fields = [ 'full_name', 'organization', 'email', 'country', 'state', 'password', 'verifypassword', 'comment' ] title_entry['style']['advanced'] += account_css_helpers(configuration) add_import, add_init, add_ready = account_js_helpers( configuration, form_fields) title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready title_entry['script']['body'] = "class='staticpage'" header_entry = { 'object_type': 'header', 'text': '%s account request - with OpenID login' % configuration.short_title } output_objects.append(header_entry) output_objects.append({ 'object_type': 'html_form', 'text': ''' <div id="contextual_help"> </div> ''' }) # Please note that base_dir must end in slash to avoid access to other # user dirs when own name is a prefix of another user name base_dir = os.path.abspath( os.path.join(configuration.user_home, client_dir)) + os.sep user_fields = { 'full_name': '', 'organization': '', 'email': '', 'state': '', 'country': '', 'password': '', 'verifypassword': '', 'comment': '' } if not os.path.isdir(base_dir) and client_id: # Redirect to extcert page with certificate requirement but without # changing access method (CGI vs. WSGI). extcert_url = os.environ['REQUEST_URI'].replace('-sid', '-bin') extcert_url = os.path.join(os.path.dirname(extcert_url), 'extcert.py') extcert_link = { 'object_type': 'link', 'destination': extcert_url, 'text': 'Sign up with existing certificate (%s)' % client_id } output_objects.append({ 'object_type': 'warning', 'text': '''Apparently you already have a suitable %s certificate that you may sign up with:''' % configuration.short_title }) output_objects.append(extcert_link) output_objects.append({ 'object_type': 'warning', 'text': '''However, if you want a dedicated %s %s User OpenID you can still request one below:''' % (configuration.short_title, configuration.user_mig_oid_title) }) elif client_id: for entry in (title_entry, header_entry): entry['text'] = entry['text'].replace('request', 'request / renew') output_objects.append({ 'object_type': 'html_form', 'text': '''<p> Apparently you already have valid %s credentials, but if you want to add %s User OpenID access to the same account you can do so by posting the form below. Changing fields is <span class="warningtext"> not </span> supported, so all fields must remain unchanged for it to work. Otherwise it results in a request for a new account and OpenID without access to your old files, jobs and privileges. </p>''' % (configuration.short_title, configuration.user_mig_oid_title) }) user_fields.update(distinguished_name_to_user(client_id)) # Override with arg values if set for field in user_fields: if not field in accepted: continue override_val = accepted[field][-1].strip() if override_val: user_fields[field] = override_val user_fields = canonical_user(configuration, user_fields, user_fields.keys()) # Site policy dictates min length greater or equal than password_min_len policy_min_len, policy_min_classes = parse_password_policy(configuration) user_fields.update({ 'valid_name_chars': '%s (and common accents)' % html_escape(valid_name_chars), 'valid_password_chars': html_escape(valid_password_chars), 'password_min_len': max(policy_min_len, password_min_len), 'password_max_len': password_max_len, 'password_min_classes': max(policy_min_classes, 1), 'site': configuration.short_title }) form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = { 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit } target_op = 'reqoidaction' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) fill_helpers.update({'site_signup_hint': configuration.site_signup_hint}) # Write-protect ID fields if requested for field in cert_field_map: fill_helpers['readonly_%s' % field] = '' ro_fields = [i for i in accepted['ro_fields'] if i in cert_field_map] if keyword_auto in accepted['ro_fields']: ro_fields += [i for i in cert_field_map if not i in ro_fields] for field in ro_fields: fill_helpers['readonly_%s' % field] = 'readonly' fill_helpers.update(user_fields) html = """ <p class='sub-title'>Please enter your information in at least the <span class='highlight_required'>mandatory</span> fields below and press the Send button to submit the account request to the %(site)s administrators.</p> <p class='personal leftpad highlight_message'> IMPORTANT: we need to identify and notify you about login info, so please use a working Email address clearly affiliated with your Organization! </p> %(site_signup_hint)s <hr /> """ html += account_request_template(configuration, default_values=fill_helpers) # TODO: remove this legacy version? html += """ <div style="height: 0; visibility: hidden; display: none;"> <!--OLD FORM--> <form method='%(form_method)s' action='%(target_op)s.py' onSubmit='return validate_form();'> <input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' /> <table> <!-- NOTE: javascript support for unicode pattern matching is lacking so we only restrict e.g. Full Name to words separated by space here. The full check takes place in the backend, but users are better of with sane early warnings than the cryptic backend errors. --> <tr><td class='mandatory label'>Full name</td><td><input id='full_name_field' type=text name=cert_name value='%(full_name)s' required pattern='[^ ]+([ ][^ ]+)+' title='Your full name, i.e. two or more names separated by space' /></td><td class=fill_space><br /></td></tr> <tr><td class='mandatory label'>Email address</td><td><input id='email_field' type=email name=email value='%(email)s' required title='A valid email address that you read' /> </td><td class=fill_space><br /></td></tr> <tr><td class='mandatory label'>Organization</td><td><input id='organization_field' type=text name=org value='%(organization)s' required pattern='[^ ]+([ ][^ ]+)*' title='Name of your organisation: one or more abbreviations or words separated by space' /></td><td class=fill_space><br /></td></tr> <tr><td class='mandatory label'>Two letter country-code</td><td><input id='country_field' type=text name=country minlength=2 maxlength=2 value='%(country)s' required pattern='[A-Z]{2}' title='The two capital letters used to abbreviate your country' /></td><td class=fill_space><br /></td></tr> <tr><td class='optional label'>State</td><td><input id='state_field' type=text name=state value='%(state)s' pattern='([A-Z]{2})?' maxlength=2 title='Leave empty or enter the capital 2-letter abbreviation of your state if you are a US resident' /> </td><td class=fill_space><br /></td></tr> <tr><td class='mandatory label'>Password</td><td><input id='password_field' type=password name=password minlength=%(password_min_len)d maxlength=%(password_max_len)d value='%(password)s' required pattern='.{%(password_min_len)d,%(password_max_len)d}' title='Password of your choice, see help box for limitations' /> </td><td class=fill_space><br /></td></tr> <tr><td class='mandatory label'>Verify password</td><td><input id='verifypassword_field' type=password name=verifypassword minlength=%(password_min_len)d maxlength=%(password_max_len)d value='%(verifypassword)s' required pattern='.{%(password_min_len)d,%(password_max_len)d}' title='Repeat your chosen password' /></td><td class=fill_space><br /></td></tr> <!-- NOTE: we technically allow saving the password on scrambled form hide it by default --> <tr class='hidden'><td class='optional label'>Password recovery</td><td class=''><input id='passwordrecovery_checkbox' type=checkbox name=passwordrecovery></td><td class=fill_space><br/></td></tr> <tr><td class='optional label'>Optional comment or reason why you should<br />be granted a %(site)s account:</td><td><textarea id='comment_field' rows=4 name=comment title='A free-form comment where you can explain what you need the account for' ></textarea></td><td class=fill_space><br /></td></tr> <tr><td class='label'><!-- empty area --></td><td> <input id='submit_button' type=submit value=Send /></td><td class=fill_space><br/></td></tr> </table> </form> <hr /> <div class='warn_message'>Please note that if you enable password recovery your password will be saved on encoded format but recoverable by the %(site)s administrators</div> </div> <br /> <br /> <!-- Hidden help text --> <div id='help_text'> <div id='1full_name_help'>Your full name, restricted to the characters in '%(valid_name_chars)s'</div> <div id='1organization_help'>Organization name or acronym matching email</div> <div id='1email_help'>Email address associated with your organization if at all possible</div> <div id='1country_help'>Country code of your organization and on the form DE/DK/GB/US/.. , <a href='https://en.wikipedia.org/wiki/ISO_3166-1'>help</a></div> <div id='1state_help'>Optional 2-letter ANSI state code of your organization, please just leave empty unless it is in the US or similar, <a href='https://en.wikipedia.org/wiki/List_of_U.S._state_abbreviations'>help</a></div> <div id='1password_help'>Password is restricted to the characters:<br/><tt>%(valid_password_chars)s</tt><br/>Certain other complexity requirements apply for adequate strength. For example it must be %(password_min_len)s to %(password_max_len)s characters long and contain at least %(password_min_classes)d different character classes.</div> <div id='1verifypassword_help'>Please repeat password</div> <!--<div id='1comment_help'>Optional, but a short informative comment may help us verify your account needs and thus speed up our response. Typically the name of a local collaboration partner or project may be helpful.</div>--> </div> """ output_objects.append({ 'object_type': 'html_form', 'text': html % fill_helpers }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Dashboard' # jquery support for tablesorter and confirmation on "leave": add_import, add_init, add_ready = '', '', '' add_init += ''' function roundNumber(num, dec) { var result = Math.round(num*Math.pow(10,dec))/Math.pow(10,dec); return result; } ''' add_ready += ''' $("#jobs_stats").addClass("spinner iconleftpad"); $("#jobs_stats").html("Loading job stats..."); $("#res_stats").addClass("spinner iconleftpad"); $("#res_stats").html("Loading resource stats..."); $("#disk_stats").addClass("spinner iconleftpad"); $("#disk_stats").html("Loading disk stats..."); $("#cert_stats").addClass("spinner iconleftpad"); $("#cert_stats").html("Loading certificate information..."); /* Run certificate request in the background and handle as soon as results come in */ $.ajax({ url: "userstats.py?output_format=json;stats=certificate", type: "GET", dataType: "json", cache: false, success: function(jsonRes, textStatus) { var i = 0; var certificate = null; var renew_days = 30; var day_msecs = 24*60*60*1000; // Grab results from json response and place them in resource status. for(i=0; i<jsonRes.length; i++) { if (jsonRes[i].object_type == "user_stats") { certificate = jsonRes[i].certificate; $("#cert_stats").removeClass("spinner iconleftpad"); $("#cert_stats").empty(); if (certificate.expire == -1) { break; } var expire_date = new Date(certificate.expire); $("#cert_stats").append("Your user certificate expires on " + expire_date + "."); // Use date from time diff in ms to avoid calendar mangling var show_renew = new Date(expire_date.getTime() - renew_days*day_msecs); if(new Date().getTime() > show_renew.getTime()) { $("#cert_stats").addClass("warningtext"); $("#cert_stats").append(" <a class=\'certrenewlink iconspace\' href=\'reqcert.py\'>Renew certificate</a>."); } break; } } } }); /* Run jobs request in the background and handle as soon as results come in */ $.ajax({ url: "userstats.py?output_format=json;stats=jobs", type: "GET", dataType: "json", cache: false, success: function(jsonRes, textStatus) { var i = 0; var jobs = null; // Grab results from json response and place them in job status. for(i=0; i<jsonRes.length; i++) { if (jsonRes[i].object_type == "user_stats") { jobs = jsonRes[i].jobs; //alert("inspect stats result: " + jobs); $("#jobs_stats").removeClass("spinner iconleftpad"); $("#jobs_stats").empty(); $("#jobs_stats").append("You have submitted a total of " + jobs.total + " jobs: " + jobs.parse + " parse, " + jobs.queued + " queued, " + jobs.frozen + " frozen, " + jobs.executing + " executing, " + jobs.finished + " finished, " + jobs.retry + " retry, " + jobs.canceled + " canceled, " + jobs.expired + " expired and " + jobs.failed + " failed."); break; } } } }); /* Run resources request in the background and handle as soon as results come in */ $.ajax({ url: "userstats.py?output_format=json;stats=resources", type: "GET", dataType: "json", cache: false, success: function(jsonRes, textStatus) { var i = 0; var resources = null; // Grab results from json response and place them in resource status. for(i=0; i<jsonRes.length; i++) { if (jsonRes[i].object_type == "user_stats") { resources = jsonRes[i].resources; //alert("inspect resources stats result: " + resources); $("#res_stats").removeClass("spinner iconleftpad"); $("#res_stats").empty(); $("#res_stats").append(resources.resources + " resources providing " + resources.exes + " execution units in total allow execution of your jobs."); break; } } } }); /* Run disk request in the background and handle as soon as results come in */ $.ajax({ url:"userstats.py?output_format=json;stats=disk", type: "GET", dataType: "json", cache: false, success: function(jsonRes, textStatus) { var i = 0; var disk = null; // Grab results from json response and place them in resource status. for(i=0; i<jsonRes.length; i++) { if (jsonRes[i].object_type == "user_stats") { disk = jsonRes[i].disk; //alert("inspect disk stats result: " + disk); $("#disk_stats").removeClass("spinner iconleftpad"); $("#disk_stats").empty(); $("#disk_stats").append("Your own " + disk.own_files +" files and " + disk.own_directories + " directories take up " + roundNumber(disk.own_megabytes, 2) + " MB in total and you additionally share " + disk.vgrid_files + " files and " + disk.vgrid_directories + " directories of " + roundNumber(disk.vgrid_megabytes, 2) + " MB in total."); break; } } } }); ''' title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({'object_type': 'header', 'text': 'Dashboard'}) output_objects.append({ 'object_type': 'sectionheader', 'text': "Welcome to the %s" % configuration.site_title }) welcome_line = "Hi %s" % extract_field(client_id, "full_name") output_objects.append({'object_type': 'text', 'text': welcome_line}) dashboard_info = """ This is your private entry page or your dashboard where you can get a quick status overview and find pointers to help and documentation. When you are logged in with your user credentials/certificate, as you are now, you can navigate your pages using the menu on the left. """ % os.environ output_objects.append({'object_type': 'text', 'text': dashboard_info}) output_objects.append({ 'object_type': 'sectionheader', 'text': "Your Status" }) output_objects.append({ 'object_type': 'html_form', 'text': ''' <p> This is a general status overview for your Grid activities. Please note that some of the numbers are cached for a while to keep server load down. </p> <div id="jobs_stats"><!-- for jquery --></div><br /> <div id="res_stats"><!-- for jquery --></div><br /> <div id="disk_stats"><!-- for jquery --></div><br /> <div id="cert_stats"><!-- for jquery --></div><br /> <div id="cert_renew" class="hidden"><a href="reqcert.py">renew certificate</a> </div> ''' }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Documentation and Help' }) online_help = """ %s includes some built-in documentation like the """ % configuration.site_title output_objects.append({'object_type': 'text', 'text': online_help}) output_objects.append({ 'object_type': 'link', 'destination': 'docs.py', 'class': 'infolink iconspace', 'title': 'built-in documentation', 'text': 'Docs page' }) project_info = """ but additional help, background information and tutorials are available in the """ output_objects.append({'object_type': 'text', 'text': project_info}) output_objects.append({ 'object_type': 'link', 'destination': configuration.site_external_doc, 'class': 'urllink iconspace', 'title': 'external documentation', 'text': 'external %s documentation' % configuration.site_title }) output_objects.append({ 'object_type': 'sectionheader', 'text': "Personal Settings" }) settings_info = """ You can customize your personal pages by opening the Settings page from the navigation menu and entering personal preferences. In that way you can completely redecorate your interface and configure things like notification, profile visibility and remote file access. """ output_objects.append({'object_type': 'text', 'text': settings_info}) #env_info = """Env %s""" % os.environ #output_objects.append({'object_type': 'text', 'text': env_info}) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_menu=False) defaults = signature()[1] client_dir = client_id_dir(client_id) logger.debug('in peersaction: %s' % user_arguments_dict) (validate_status, accepted) = validate_input(user_arguments_dict, defaults, output_objects, allow_rejects=False) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Save Peers' output_objects.append({'object_type': 'header', 'text': 'Save Peers'}) admin_email = configuration.admin_email smtp_server = configuration.smtp_server user_pending = os.path.abspath(configuration.user_pending) user_map = get_full_user_map(configuration) user_dict = user_map.get(client_id, None) # Optional site-wide limitation of peers permission if not user_dict or \ not peers_permit_allowed(configuration, user_dict): logger.warning("user %s is not allowed to permit peers!" % client_id) output_objects.append({ 'object_type': 'error_text', 'text': 'Only privileged users can permit external peers!' }) return (output_objects, returnvalues.CLIENT_ERROR) action = accepted['action'][-1].strip() label = accepted['peers_label'][-1].strip() kind = accepted['peers_kind'][-1].strip() raw_expire = accepted['peers_expire'][-1].strip() peers_content = accepted['peers_content'] peers_format = accepted['peers_format'][-1].strip() peers_invite = accepted['peers_invite'][-1].strip() do_invite = (peers_invite.lower() in ['on', 'true', 'yes', '1']) try: expire = datetime.datetime.strptime(raw_expire, '%Y-%m-%d') if datetime.datetime.now() > expire: raise ValueError("specified expire value is in the past!") except Exception as exc: logger.error("expire %r could not be parsed into a (future) date" % raw_expire) output_objects.append({ 'object_type': 'text', 'text': 'No valid expire provided - using default: %d days' % default_expire_days }) expire = datetime.datetime.now() expire += datetime.timedelta(days=default_expire_days) expire = expire.date().isoformat() if not action in peer_actions: output_objects.append({ 'object_type': 'error_text', 'text': 'Unsupported peer action %r - only %s are allowed' % (action, ', '.join(peer_actions)) }) return (output_objects, returnvalues.CLIENT_ERROR) if not kind in peer_kinds: output_objects.append({ 'object_type': 'error_text', 'text': 'Unsupported peer kind %r - only %s are allowed' % (kind, ', '.join(peer_kinds)) }) return (output_objects, returnvalues.CLIENT_ERROR) # TODO: implement and enable more formats? if peers_format not in ("csvform", 'userid'): output_objects.append({ 'object_type': 'error_text', 'text': 'Only Import Peers is implemented so far!' }) return (output_objects, returnvalues.CLIENT_ERROR) peers_path = os.path.join(configuration.user_settings, client_dir, peers_filename) try: all_peers = load(peers_path) except Exception as exc: logger.warning("could not load peers from: %s" % exc) all_peers = {} # Extract peer(s) from request (peers, err) = parse_peers(configuration, peers_content, peers_format) if not err and not peers: err = ["No valid peers provided"] if err: output_objects.append({ 'object_type': 'error_text', 'text': 'Parsing failed: %s' % '.\n '.join(err) }) output_objects.append({ 'object_type': 'link', 'destination': 'peers.py', 'text': 'Back to peers' }) return (output_objects, returnvalues.CLIENT_ERROR) # NOTE: general cases of operation here: # * import multiple peers in one go (add new, update existing) # * add one or more new peers # * update one or more existing peers # * remove one or more existing peers # * accept one or more pending requests # * reject one or more pending requests # The kind and expire values are generally applied for all included peers. # NOTE: we check all peers before any action for user in peers: fill_distinguished_name(user) peer_id = user['distinguished_name'] cur_peer = all_peers.get(peer_id, {}) if 'add' == action and cur_peer: output_objects.append({ 'object_type': 'error_text', 'text': 'Peer %r already exists!' % peer_id }) return (output_objects, returnvalues.CLIENT_ERROR) elif 'update' == action and not cur_peer: output_objects.append({ 'object_type': 'error_text', 'text': 'Peer %r does not exists!' % peer_id }) return (output_objects, returnvalues.CLIENT_ERROR) elif 'remove' == action and not cur_peer: output_objects.append({ 'object_type': 'error_text', 'text': 'Peer %r does not exists!' % peer_id }) return (output_objects, returnvalues.CLIENT_ERROR) elif 'accept' == action and cur_peer: output_objects.append({ 'object_type': 'error_text', 'text': 'Peer %r already accepted!' % peer_id }) return (output_objects, returnvalues.CLIENT_ERROR) elif 'reject' == action and cur_peer: output_objects.append({ 'object_type': 'error_text', 'text': 'Peer %r already accepted!' % peer_id }) return (output_objects, returnvalues.CLIENT_ERROR) elif 'import' == action and cur_peer: # Only warn on import with existing match output_objects.append({ 'object_type': 'text', 'text': 'Updating existing peer %r' % peer_id }) # Now apply changes for user in peers: peer_id = user['distinguished_name'] cur_peer = all_peers.get(peer_id, {}) user.update({'label': label, 'kind': kind, 'expire': expire}) if 'add' == action: all_peers[peer_id] = user elif 'update' == action: all_peers[peer_id] = user elif 'remove' == action: del all_peers[peer_id] elif 'accept' == action: all_peers[peer_id] = user elif 'reject' == action: pass elif 'import' == action: all_peers[peer_id] = user logger.info("%s peer %s" % (action, peer_id)) try: dump(all_peers, peers_path) logger.debug('%s %s peers %s in %s' % (client_id, action, all_peers, peers_path)) output_objects.append({ 'object_type': 'text', 'text': "Completed %s peers" % action }) for user in peers: output_objects.append({ 'object_type': 'text', 'text': "%(distinguished_name)s" % user }) if action in ['import', 'add', 'update']: client_name = extract_field(client_id, 'full_name') client_email = extract_field(client_id, 'email') if do_invite: succeeded, failed = [], [] email_header = '%s Invitation' % configuration.short_title email_msg_template = """Hi %%s, This is an automatic email sent on behalf of %s who vouched for you to get a user account on %s. You can accept the invitation by going to %%s entering a password of your choice and submitting the form. If you do not want a user account you can safely ignore this email. We would be grateful if you report any abuse of the invitation system to the site administrators (%s). """ % (client_name, configuration.short_title, admin_email) for peer_user in peers: peer_name = peer_user['full_name'] peer_email = peer_user['email'] peer_url = os.path.join( configuration.migserver_https_sid_url, 'cgi-sid', 'reqoid.py') peer_req = {} for field in peers_fields: peer_req[field] = peer_user.get(field, '') peer_req['comment'] = 'Invited by %s (%s) for %s purposes' \ % (client_name, client_email, kind) # Mark ID fields as readonly in the form to limit errors peer_req['ro_fields'] = keyword_auto peer_url += '?%s' % urllib.urlencode(peer_req) email_msg = email_msg_template % (peer_name, peer_url) logger.info( 'Sending invitation: to: %s, header: %s, msg: %s, smtp_server: %s' % (peer_email, email_header, email_msg, smtp_server)) if send_email(peer_email, email_header, email_msg, logger, configuration): succeeded.append(peer_email) else: failed.append(peer_email) if failed: output_objects.append({ 'object_type': 'error_text', 'text': """An error occured trying to email the peer invitation to %s . Please inform the site admins (%s) if the problem persists. """ % (', '.join(failed), admin_email) }) if succeeded: output_objects.append({ 'object_type': 'text', 'text': """Sent invitation to %s with a link to a mostly pre-filled %s account request form with the exact ID fields you provided here.""" % (', '.join(succeeded), configuration.short_title) }) else: output_objects.append({ 'object_type': 'text', 'text': """Please tell your peers to request an account at %s with the exact ID fields you provided here and importantly mentioning the purpose and your email (%s) in the sign up Comment field. Alternatively you can use the invite button to send out an email with a link to a mostly prefilled request form.""" % (configuration.short_title, client_email) }) except Exception as exc: logger.error('Failed to save %s peers to %s: %s' % (client_id, peers_path, exc)) output_objects.append({ 'object_type': 'error_text', 'text': ''' Could not %s peers %r. Please contact the site admins on %s if this error persists. ''' % (action, label, admin_email) }) return (output_objects, returnvalues.SYSTEM_ERROR) if action in ["accept", "reject"]: changed = [(i['distinguished_name'], i) for i in peers] if not manage_pending_peers(configuration, client_id, "remove", changed): logger.warning('could not update pending peers for %s after %s' % (client_id, action)) logger.info('%s completed for %s peers for %s in %s' % (action, label, client_id, peers_path)) user_lines = [] pretty_peers = {'label': label, 'kind': kind, 'expire': expire} for user in peers: user_lines.append(user['distinguished_name']) pretty_peers['user_lines'] = '\n'.join(user_lines) email_header = '%s Peers %s' % (configuration.short_title, action) email_msg = """Received %s peers from %s """ % (action, client_id) email_msg += """ Kind: %(kind)s , Expire: %(expire)s, Label: %(label)s , Peers: %(user_lines)s """ % pretty_peers logger.info('Sending email: to: %s, header: %s, msg: %s, smtp_server: %s' % (admin_email, email_header, email_msg, smtp_server)) if not send_email(admin_email, email_header, email_msg, logger, configuration): output_objects.append({ 'object_type': 'error_text', 'text': ''' An error occured trying to send the email about your %s peers to the site administrators. Please manually inform them (%s) if the problem persists. ''' % (action, admin_email) }) return (output_objects, returnvalues.SYSTEM_ERROR) output_objects.append({ 'object_type': 'text', 'text': ''' Informed the site admins about your %s peers action to let them accept peer account requests you already validated.''' % action }) output_objects.append({ 'object_type': 'link', 'destination': 'peers.py', 'text': 'Back to peers' }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict, environ=None): """Main function used by front end""" if environ is None: environ = os.environ (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_menu=client_id) client_dir = client_id_dir(client_id) status = returnvalues.OK defaults = signature()[1] (validate_status, accepted) = validate_input( user_arguments_dict, defaults, output_objects, allow_rejects=False, # NOTE: path cannot use wildcards here typecheck_overrides={}, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) flags = ''.join(accepted['flags']) patterns = accepted['path'] current_dir = accepted['current_dir'][-1] share_id = accepted['share_id'][-1] if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) # Either authenticated user client_id set or sharelink ID if client_id: user_id = client_id target_dir = client_id_dir(client_id) base_dir = configuration.user_home id_query = '' page_title = 'Create User Directory' userstyle = True widgets = True elif share_id: try: (share_mode, _) = extract_mode_id(configuration, share_id) except ValueError as err: logger.error('%s called with invalid share_id %s: %s' % (op_name, share_id, err)) output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid sharelink ID: %s' % share_id }) return (output_objects, returnvalues.CLIENT_ERROR) # TODO: load and check sharelink pickle (currently requires client_id) user_id = 'anonymous user through share ID %s' % share_id if share_mode == 'read-only': logger.error('%s called without write access: %s' % (op_name, accepted)) output_objects.append({ 'object_type': 'error_text', 'text': 'No write access!' }) return (output_objects, returnvalues.CLIENT_ERROR) target_dir = os.path.join(share_mode, share_id) base_dir = configuration.sharelink_home id_query = '?share_id=%s' % share_id page_title = 'Create Shared Directory' userstyle = False widgets = False else: logger.error('%s called without proper auth: %s' % (op_name, accepted)) output_objects.append({ 'object_type': 'error_text', 'text': 'Authentication is missing!' }) return (output_objects, returnvalues.SYSTEM_ERROR) # Please note that base_dir must end in slash to avoid access to other # user dirs when own name is a prefix of another user name base_dir = os.path.abspath(os.path.join(base_dir, target_dir)) + os.sep title_entry = find_entry(output_objects, 'title') title_entry['text'] = page_title title_entry['skipwidgets'] = not widgets title_entry['skipuserstyle'] = not userstyle output_objects.append({'object_type': 'header', 'text': page_title}) # Input validation assures target_dir can't escape base_dir if not os.path.isdir(base_dir): output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid client/sharelink id!' }) return (output_objects, returnvalues.CLIENT_ERROR) if verbose(flags): for flag in flags: output_objects.append({ 'object_type': 'text', 'text': '%s using flag: %s' % (op_name, flag) }) for pattern in patterns: # Check directory traversal attempts before actual handling to avoid # leaking information about file system layout while allowing # consistent error messages # NB: Globbing disabled on purpose here unfiltered_match = [base_dir + os.sep + current_dir + os.sep + pattern] match = [] for server_path in unfiltered_match: # IMPORTANT: path must be expanded to abs for proper chrooting abs_path = os.path.abspath(server_path) if not valid_user_path(configuration, abs_path, base_dir, True): # out of bounds - save user warning for later to allow # partial match: # ../*/* is technically allowed to match own files. logger.warn('%s tried to %s %s restricted path! (%s)' % (client_id, op_name, abs_path, pattern)) continue match.append(abs_path) # Now actually treat list of allowed matchings and notify if no # (allowed) match if not match: output_objects.append({ 'object_type': 'error_text', 'text': "%s: cannot create directory '%s': Permission denied" % (op_name, pattern) }) status = returnvalues.CLIENT_ERROR for abs_path in match: relative_path = abs_path.replace(base_dir, '') if verbose(flags): output_objects.append({ 'object_type': 'file', 'name': relative_path }) if not parents(flags) and os.path.exists(abs_path): output_objects.append({ 'object_type': 'error_text', 'text': '%s: path exist!' % pattern }) status = returnvalues.CLIENT_ERROR continue if not check_write_access(abs_path, parent_dir=True): logger.warning('%s called without write access: %s' % (op_name, abs_path)) output_objects.append({ 'object_type': 'error_text', 'text': 'cannot create "%s": inside a read-only location!' % pattern }) status = returnvalues.CLIENT_ERROR continue try: gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'], 'created', [relative_path]) if parents(flags): if not os.path.isdir(abs_path): os.makedirs(abs_path) else: os.mkdir(abs_path) logger.info('%s %s done' % (op_name, abs_path)) except Exception as exc: if not isinstance(exc, GDPIOLogError): gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'], 'created', [relative_path], failed=True, details=exc) output_objects.append({ 'object_type': 'error_text', 'text': "%s: '%s' failed!" % (op_name, relative_path) }) logger.error("%s: failed on '%s': %s" % (op_name, relative_path, exc)) status = returnvalues.SYSTEM_ERROR continue output_objects.append({ 'object_type': 'text', 'text': "created directory %s" % (relative_path) }) if id_query: open_query = "%s;current_dir=%s" % (id_query, relative_path) else: open_query = "?current_dir=%s" % relative_path output_objects.append({ 'object_type': 'link', 'destination': 'ls.py%s' % open_query, 'text': 'Open %s' % relative_path }) output_objects.append({'object_type': 'text', 'text': ''}) output_objects.append({ 'object_type': 'link', 'destination': 'ls.py%s' % id_query, 'text': 'Return to files overview' }) return (output_objects, status)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) resource_list = accepted['unique_resource_name'] resource_id = resource_list.pop() if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append( {'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) res_dir = os.path.join(configuration.resource_home, resource_id) # Prevent unauthorized access (owner_status, owner_list) = resource_owners(configuration, resource_id) if not owner_status: output_objects.append( {'object_type': 'error_text', 'text' : "Could not look up '%s' owners - no such resource?" % resource_id }) return (output_objects, returnvalues.CLIENT_ERROR) elif client_id not in owner_list: logger.warning('user %s tried to delete resource "%s" not owned' % \ (client_id, resource_id)) output_objects.append({'object_type': 'error_text', 'text' : "You can't delete '%s' - you don't own it!" % resource_id}) output_objects.append({'object_type': 'link', 'destination': 'resman.py', 'class': 'infolink iconspace', 'title': 'Show resources', 'text': 'Show resources'}) return (output_objects, returnvalues.CLIENT_ERROR) # Locking the access to resources and vgrids. lock_path_vgrid = os.path.join(configuration.resource_home, "vgrid.lock") lock_handle_vgrid = open(lock_path_vgrid, 'a') fcntl.flock(lock_handle_vgrid.fileno(), fcntl.LOCK_EX) lock_path_res = os.path.join(configuration.resource_home, "resource.lock") lock_handle_res = open(lock_path_res, 'a') fcntl.flock(lock_handle_res.fileno(), fcntl.LOCK_EX) # Only resources that are down may be deleted. # A "FE.PGID" file with a PGID in the resource's home directory means that # the FE is running. pgid_path = os.path.join(res_dir, 'FE.PGID') fe_running = True try: # determine if fe runs by finding out if pgid is numerical pgid_file = open(pgid_path, 'r') fcntl.flock(pgid_file, fcntl.LOCK_EX) pgid = pgid_file.readline().strip() fcntl.flock(pgid_file, fcntl.LOCK_UN) pgid_file.close() if not pgid.isdigit(): raise Exception('FE already stopped') except: fe_running = False if fe_running: output_objects.append({'object_type': 'error_text', 'text' : "Can't delete the running resource %s!" % resource_id}) output_objects.append({'object_type': 'link', 'destination': 'resman.py', 'class': 'infolink iconspace', 'title': 'Show resources', 'text': 'Show resources'}) lock_handle_vgrid.close() lock_handle_res.close() return (output_objects, returnvalues.CLIENT_ERROR) # Deleting the resource files, but not the resource directory itself. # The resource directory is kept, to prevent hijacking of resource id's try: for name in os.listdir(res_dir): file_path = os.path.join(res_dir, name) if os.path.isfile(file_path): os.unlink(file_path) except Exception as err: output_objects.append({'object_type': 'error_text', 'text' : 'Deletion exception: ' + str(err)}) output_objects.append({'object_type': 'link', 'destination': 'resman.py', 'class': 'infolink iconspace', 'title': 'Show resources', 'text': 'Show resources'}) lock_handle_vgrid.close() lock_handle_res.close() return (output_objects, returnvalues.CLIENT_ERROR) # The resource has been deleted, and OK is returned. title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Resource Deletion' output_objects.append({'object_type': 'header', 'text' : 'Deleting resource'}) output_objects.append({'object_type': 'text', 'text' : 'Sucessfully deleted resource: ' + resource_id}) output_objects.append({'object_type': 'link', 'destination': 'resman.py', 'class': 'infolink iconspace', 'title': 'Show resources', 'text': 'Show resources'}) # Releasing locks lock_handle_vgrid.close() lock_handle_res.close() # Remove resource from resource and vgrid caches (after realeasing locks) unmap_resource(configuration, resource_id) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) hosturl = accepted['hosturl'][-1] hostidentifier = accepted['hostidentifier'][-1] resource_id = '%s.%s' % (hosturl, hostidentifier) extra_selects = 3 if not configuration.site_enable_resources: output_objects.append({ 'object_type': 'error_text', 'text': '''Resources are not enabled on this system''' }) return (output_objects, returnvalues.SYSTEM_ERROR) # Find allowed VGrids and Runtimeenvironments and add them to # configuration object for automated choice handling allowed_vgrids = [''] + res_vgrid_access(configuration, resource_id) allowed_vgrids.sort() configuration.vgrids = allowed_vgrids (re_status, allowed_run_envs) = list_runtime_environments(configuration) allowed_run_envs.sort() area_cols = 80 area_rows = 5 status = returnvalues.OK logger.info('Starting Resource edit GUI.') title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Resource Editor' output_objects.append({'object_type': 'header', 'text': 'Resource Editor'}) output_objects.append({ 'object_type': 'sectionheader', 'text': '%s Resource Editor' % configuration.short_title }) output_objects.append({ 'object_type': 'text', 'text': ''' Please fill in or edit the fields below to fit your %s resource reservation. Most fields will work with their default values. So if you are still in doubt after reading the help description, you can likely just leave the field alone.''' % configuration.short_title }) if hosturl and hostidentifier: conf = init_conf(configuration, hosturl, hostidentifier) if not conf: status = returnvalues.CLIENT_ERROR output_objects.append({ 'object_type': 'error_text', 'text': '''No such resource! (%s.%s)''' % (hosturl, hostidentifier) }) return (output_objects, status) else: conf = empty_resource_config(configuration) res_fields = resconfkeywords.get_resource_specs(configuration) exe_fields = resconfkeywords.get_exenode_specs(configuration) store_fields = resconfkeywords.get_storenode_specs(configuration) form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = { 'short_title': configuration.short_title, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit } target_op = 'reseditaction' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) output_objects.append({ 'object_type': 'html_form', 'text': """ <form method='%(form_method)s' action='%(target_op)s.py'> <input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' /> """ % fill_helpers }) # Resource overall fields output_objects.append({ 'object_type': 'sectionheader', 'text': "Main Resource Settings" }) output_objects.append({ 'object_type': 'text', 'text': """This section configures general options for the resource.""" }) (title, field) = ('Host FQDN', 'HOSTURL') if hosturl: try: hostip = conf.get('HOSTIP', socket.gethostbyname(hosturl)) except: hostip = '<unknown>' output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#res-%s'>help</a><br /> <input type='hidden' name='%s' value='%s' /> <input type='hidden' name='hostip' value='%s' /> %s <br /> <br />""" % (title, field, field, conf[field], hostip, conf[field]) }) else: output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#res-%s'>help</a><br /> <input class='fillwidth padspace' type='text' name='%s' size='%d' value='%s' required pattern='[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+' title='Fully qualified domain name or Internet IP address of the resource' /> <br /> <br />""" % (title, field, field, field_size(conf[field]), conf[field]) }) (title, field) = ('Host identifier', 'HOSTIDENTIFIER') if hostidentifier: output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#res-%s'>help</a><br /> <input type='hidden' name='%s' value='%s' /> %s <br /> <br />""" % (title, field, field, conf[field], conf[field]) }) (field, title) = 'frontendhome', 'Frontend Home Path' output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#%s'>help</a><br /> <input class='fillwidth padspace' type='text' name='%s' size='%d' value='%s' required pattern='[^ ]+' title='Absolute path to user home on the resource' /> <br /> <br />""" % (title, field, field, field_size(conf[field]), conf[field]) }) for (field, spec) in res_fields: title = spec['Title'] field_type = spec['Type'] if spec['Required']: required_str = 'required' else: required_str = '' if 'invisible' == spec['Editor']: continue elif 'input' == spec['Editor']: if spec['Type'] == 'int': input_str = """ <input class='fillwidth padspace' type='number' name='%s' size='%d' value='%s' min=0 pattern='[0-9]+' %s /> """ % (field, field_size(conf[field]), conf[field], required_str) else: input_str = """ <input class='fillwidth padspace' type='text' name='%s' size='%d' value='%s' %s /> """ % (field, field_size(conf[field]), conf[field], required_str) output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#res-%s'>help</a> <br /> %s<br /> <br />""" % (title, field, input_str) }) elif 'select' == spec['Editor']: choices = available_choices(configuration, client_id, resource_id, field, spec) res_value = conf[field] value_select = '' if field_type.startswith('multiple'): select_count = len(res_value) + extra_selects else: select_count = 1 res_value = [res_value] for i in range(select_count): value_select += "<select name='%s'>\n" % field for name in choices: selected = '' if i < len(res_value) and res_value[i] == name: selected = 'selected' display = "%s" % name if display == '': display = ' ' value_select += """<option %s value='%s'>%s</option>\n""" \ % (selected, name, display) value_select += """</select><br />\n""" output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#res-%s'>help</a><br /> %s <br />""" % (title, field, value_select) }) # Not all resource fields here map directly to keywords/specs input field (title, field) = ('Runtime Environments', 'RUNTIMEENVIRONMENT') re_list = conf[field] show = re_list + [('', []) for i in range(extra_selects)] re_select = "<input type='hidden' name='runtime_env_fields' value='%s'/>\n" \ % len(show) i = 0 for active in show: re_select += "<select name='runtimeenvironment%d'>\n" % i for name in allowed_run_envs + ['']: selected = '' if active[0] == name: selected = 'selected' display = "%s" % name if display == '': display = ' ' re_select += """<option %s value='%s'>%s</option>\n""" % \ (selected, name, display) re_select += """</select><br />\n""" values = '\n'.join(['%s=%s' % pair for pair in active[1]]) re_select += "<textarea class='fillwidth padspace' cols='%d' rows='%d' name='re_values%d'>%s</textarea><br />\n" % \ (area_cols, area_rows, i, values) i += 1 output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#res-%s'>help</a><br /> Please enter any required environment variable settings on the form NAME=VALUE in the box below each selected runtimeenvironment.<br /> %s <br />""" % (title, field, re_select) }) # Execution node fields output_objects.append({ 'object_type': 'sectionheader', 'text': "Execution nodes" }) output_objects.append({ 'object_type': 'text', 'text': """This section configures execution nodes on the resource.""" }) (field, title) = 'executionnodes', 'Execution Node(s)' output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#exe-%s'>help</a><br /> <input class='fillwidth padspace' type='text' name='exe-%s' size='%d' value='%s' /> <br /> <br />""" % (title, field, field, field_size( conf['all_exes'][field]), conf['all_exes'][field]) }) (field, title) = 'executionhome', 'Execution Home Path' output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#exe-%s'>help</a><br /> <input class='fillwidth padspace' type='text' name='exe-%s' size='%d' value='%s' /> <br /> <br />""" % (title, field, field, field_size( conf['all_exes'][field]), conf['all_exes'][field]) }) for (field, spec) in exe_fields: title = spec['Title'] field_type = spec['Type'] # We don't really have a good map of required fields here so disable required_str = '' if 'invisible' == spec['Editor']: continue elif 'input' == spec['Editor']: if spec['Type'] == 'int': input_str = """ <input class='fillwidth padspace' type='number' name='exe-%s' size='%d' value='%s' min=0 pattern='[0-9]+' %s /> """ % (field, field_size(conf['all_exes'][field]), conf['all_exes'][field], required_str) else: input_str = """ <input class='fillwidth padspace' type='text' name='exe-%s' size='%d' value='%s' %s /> """ % (field, field_size(conf['all_exes'][field]), conf['all_exes'][field], required_str) output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#exe-%s'>help</a> <br /> %s <br /> <br />""" % (title, field, input_str) }) elif 'select' == spec['Editor']: choices = available_choices(configuration, client_id, resource_id, field, spec) exe_value = conf['all_exes'][field] value_select = '' if field_type.startswith('multiple'): select_count = len(exe_value) + extra_selects else: select_count = 1 exe_value = [exe_value] for i in range(select_count): value_select += "<select name='exe-%s'>\n" % field for name in choices: selected = '' if i < len(exe_value) and exe_value[i] == name: selected = 'selected' display = "%s" % name if display == '': display = ' ' value_select += """<option %s value='%s'>%s</option>\n""" \ % (selected, name, display) value_select += """</select><br />\n""" output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#exe-%s'>help</a><br /> %s <br />""" % (title, field, value_select) }) # Storage node fields output_objects.append({ 'object_type': 'sectionheader', 'text': "Storage nodes" }) output_objects.append({ 'object_type': 'text', 'text': """This section configures storage nodes on the resource.""" }) (field, title) = 'storagenodes', 'Storage Node(s)' output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#store-%s'>help</a><br /> <input class='fillwidth padspace' type='text' name='store-%s' size='%d' value='%s' /> <br /> <br />""" % (title, field, field, field_size( conf['all_stores'][field]), conf['all_stores'][field]) }) (field, title) = 'storagehome', 'Storage Home Path' output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#store-%s'>help</a><br /> <input class='fillwidth padspace' type='text' name='store-%s' size='%d' value='%s' /> <br /> <br />""" % (title, field, field, field_size( conf['all_stores'][field]), conf['all_stores'][field]) }) for (field, spec) in store_fields: title = spec['Title'] field_type = spec['Type'] # We don't really have a good map of required fields here so disable required_str = '' if 'invisible' == spec['Editor']: continue elif 'input' == spec['Editor']: if spec['Type'] == 'int': input_str = """ <input class='fillwidth padspace' type='number' name='store-%s' size='%d' value='%s' min=0 pattern='[0-9]+' %s /> """ % (field, field_size(conf['all_stores'][field]), conf['all_stores'][field], required_str) else: input_str = """ <input class='fillwidth padspace' type='text' name='store-%s' size='%d' value='%s' %s /> """ % (field, field_size(conf['all_stores'][field]), conf['all_stores'][field], required_str) output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#store-%s'>help</a> <br /> %s <br /> <br />""" % (title, field, input_str) }) elif 'select' == spec['Editor']: choices = available_choices(configuration, client_id, resource_id, field, spec) store_value = conf['all_stores'][field] value_select = '' if field_type.startswith('multiple'): select_count = len(store_value) + extra_selects else: select_count = 1 store_value = [store_value] for i in range(select_count): value_select += "<select name='store-%s'>\n" % field for name in choices: selected = '' if i < len(store_value) and store_value[i] == name: selected = 'selected' display = "%s" % name if display == '': display = ' ' value_select += """<option %s value='%s'>%s</option>\n""" \ % (selected, name, display) value_select += """</select><br />\n""" output_objects.append({ 'object_type': 'html_form', 'text': """<br /> <b>%s:</b> <a class='infolink iconspace' href='resedithelp.py#store-%s'>help</a><br /> %s <br />""" % (title, field, value_select) }) output_objects.append({ 'object_type': 'html_form', 'text': """ <input type='submit' value='Save' /> </form> """ }) return (output_objects, status)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) client_dir = client_id_dir(client_id) valid_langs = {'sh': 'shell', 'python': 'python'} valid_flavors = {'user': '******', 'resource': 'vgridscriptgen'} defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) flags = ''.join(accepted['flags']) langs = accepted['lang'] flavor_list = accepted['flavor'] sh_cmd = accepted['sh_cmd'][-1] python_cmd = accepted['python_cmd'][-1] script_dir = accepted['script_dir'][-1] flavors = [] title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Script generator' output_objects.append( {'object_type': 'header', 'text': 'Script generator'}) status = returnvalues.OK # Please note that base_dir must end in slash to avoid access to other # user dirs when own name is a prefix of another user name base_dir = os.path.abspath(os.path.join(configuration.user_home, client_dir)) + os.sep if 'h' in flags: output_objects = usage(output_objects, valid_langs, valid_flavors) return (output_objects, status) if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append( {'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) # Filter out any invalid flavors to avoid illegal filenames, etc. for f in flavor_list: if f in valid_flavors.keys(): flavors.append(f) # Default to user scripts if not flavors: if flavor_list: output_objects.append({'object_type': 'text', 'text': 'No valid flavors specified - falling back to user scripts' }) flavors = ['user'] if not langs or keyword_all in langs: # Add new languages here languages = [(userscriptgen.sh_lang, sh_cmd, userscriptgen.sh_ext), (userscriptgen.python_lang, python_cmd, userscriptgen.python_ext)] else: languages = [] # check arguments for lang in langs: if lang == 'sh': interpreter = sh_cmd extension = userscriptgen.sh_ext elif lang == 'python': interpreter = python_cmd extension = userscriptgen.python_ext else: output_objects.append({'object_type': 'warning', 'text': 'Unknown script language: %s - ignoring!' % lang}) continue languages.append((lang, interpreter, extension)) if not languages: output_objects.append({'object_type': 'error_text', 'text': 'No valid languages specified - aborting script generation' }) return (output_objects, returnvalues.CLIENT_ERROR) for flavor in flavors: if not script_dir or script_dir == keyword_auto: # Generate scripts in a "unique" destination directory # gmtime([seconds]) -> (tm_year, tm_mon, tm_day, tm_hour, tm_min, # tm_sec, tm_wday, tm_yday, tm_isdst) now = time.gmtime() timestamp = '%.2d%.2d%.2d-%.2d%.2d%.2d' % ( now[2], now[1], now[0], now[3], now[4], now[5], ) script_dir = '%s-%s-scripts-%s' % (configuration.short_title, flavor, timestamp) else: # Avoid problems from especially trailing slash (zip recursion) script_dir = script_dir.strip(os.sep) # IMPORTANT: path must be expanded to abs for proper chrooting abs_dir = os.path.abspath(os.path.join(base_dir, script_dir)) if not valid_user_path(configuration, abs_dir, base_dir, True): # out of bounds output_objects.append({'object_type': 'error_text', 'text': "You're not allowed to work in %s!" % script_dir}) logger.warning('%s tried to %s restricted path %s ! (%s)' % (client_id, op_name, abs_dir, script_dir)) return (output_objects, returnvalues.CLIENT_ERROR) if not os.path.isdir(abs_dir): try: os.mkdir(abs_dir) except Exception as exc: output_objects.append({'object_type': 'error_text', 'text': 'Failed to create destination directory (%s) - aborting script generation' % exc}) return (output_objects, returnvalues.SYSTEM_ERROR) for (lang, _, _) in languages: output_objects.append({'object_type': 'text', 'text': 'Generating %s %s scripts in the %s subdirectory of your %s home directory' % (lang, flavor, script_dir, configuration.short_title)}) logger.debug('generate %s scripts in %s' % (flavor, abs_dir)) # Generate all scripts if flavor == 'user': for op in userscriptgen.script_ops: generator = 'userscriptgen.generate_%s' % op eval(generator)(configuration, languages, abs_dir) if userscriptgen.shared_lib: userscriptgen.generate_lib(configuration, userscriptgen.script_ops, languages, abs_dir) if userscriptgen.test_script: userscriptgen.generate_test(configuration, languages, abs_dir) elif flavor == 'resource': for op in vgridscriptgen.script_ops_single_arg: vgridscriptgen.generate_single_argument(configuration, op[0], op[1], languages, abs_dir) for op in vgridscriptgen.script_ops_single_upload_arg: vgridscriptgen.generate_single_argument_upload(configuration, op[0], op[1], op[2], languages, abs_dir) for op in vgridscriptgen.script_ops_two_args: vgridscriptgen.generate_two_arguments(configuration, op[0], op[1], op[2], languages, abs_dir) for op in vgridscriptgen.script_ops_ten_args: vgridscriptgen.generate_ten_arguments(configuration, op[0], op[1], op[2], op[3], op[4], op[5], op[6], op[7], op[8], op[9], op[10], languages, abs_dir) else: output_objects.append( {'object_type': 'warning_text', 'text': 'Unknown flavor: %s' % flavor}) continue # Always include license conditions file userscriptgen.write_license(configuration, abs_dir) output_objects.append({'object_type': 'text', 'text': '... Done' }) output_objects.append({'object_type': 'text', 'text': '%s %s scripts are now available in your %s home directory:' % (configuration.short_title, flavor, configuration.short_title)}) output_objects.append({'object_type': 'link', 'text': 'View directory', 'destination': 'fileman.py?path=%s/' % script_dir}) # Create zip from generated dir output_objects.append({'object_type': 'text', 'text': 'Generating zip archive of the %s %s scripts' % (configuration.short_title, flavor)}) script_zip = script_dir + '.zip' dest_zip = '%s%s' % (base_dir, script_zip) logger.debug('packing generated scripts from %s in %s' % (abs_dir, dest_zip)) # Force compression zip_file = zipfile.ZipFile(dest_zip, 'w', zipfile.ZIP_DEFLATED) # Directory write is not supported - add each file manually for script in os.listdir(abs_dir): zip_file.write(abs_dir + os.sep + script, script_dir + os.sep + script) # Preserve executable flag in accordance with: # http://mail.python.org/pipermail/pythonmac-sig/2005-March/013491.html for zinfo in zip_file.filelist: zinfo.create_system = 3 zip_file.close() # Verify CRC zip_file = zipfile.ZipFile(dest_zip, 'r') err = zip_file.testzip() zip_file.close() if err: output_objects.append({'object_type': 'error_text', 'text': 'Zip file integrity check failed! (%s)' % err}) status = returnvalues.SYSTEM_ERROR continue output_objects.append({'object_type': 'text', 'text': '... Done' }) output_objects.append({'object_type': 'text', 'text': 'Zip archive of the %s %s scripts are now available in your %s home directory' % (configuration.short_title, flavor, configuration.short_title)}) output_objects.append({'object_type': 'link', 'text': 'Download zip archive %s' % script_zip, 'destination': os.path.join('..', client_dir, script_zip)}) output_objects.append({'object_type': 'upgrade_info', 'text': ''' You can upgrade from an existing user scripts folder with the commands:''', 'commands': ["./migget.sh '%s' ../" % script_zip, "cd ..", "unzip '%s'" % script_zip, "cd '%s'" % script_dir] }) return (output_objects, status)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] title_entry = find_entry(output_objects, 'title') label = "%s" % configuration.site_vgrid_label title_entry['text'] = "Add %s Resource" % label output_objects.append({ 'object_type': 'header', 'text': 'Add %s Resource(s)' % label }) status = returnvalues.OK (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) vgrid_name = accepted['vgrid_name'][-1].strip() res_id_list = accepted['unique_resource_name'] request_name = unhexlify(accepted['request_name'][-1]) rank_list = accepted['rank'] + ['' for _ in res_id_list] if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) user_map = get_full_user_map(configuration) user_dict = user_map.get(client_id, None) # Optional site-wide limitation of manage vgrid permission if not user_dict or \ not vgrid_manage_allowed(configuration, user_dict): logger.warning("user %s is not allowed to manage vgrids!" % client_id) output_objects.append({ 'object_type': 'error_text', 'text': 'Only privileged users can manage %ss' % label }) return (output_objects, returnvalues.CLIENT_ERROR) # make sure vgrid settings allow this owner to edit resources (allow_status, allow_msg) = allow_resources_adm(configuration, vgrid_name, client_id) if not allow_status: output_objects.append({'object_type': 'error_text', 'text': allow_msg}) return (output_objects, returnvalues.CLIENT_ERROR) res_id_added = [] for (res_id, rank_str) in zip(res_id_list, rank_list): unique_resource_name = res_id.lower().strip() try: rank = int(rank_str) except ValueError: rank = None # Validity of user and vgrid names is checked in this init function so # no need to worry about illegal directory traversal through variables (ret_val, msg, ret_variables) = \ init_vgrid_script_add_rem(vgrid_name, client_id, unique_resource_name, 'resource', configuration) if not ret_val: output_objects.append({'object_type': 'error_text', 'text': msg}) status = returnvalues.CLIENT_ERROR continue elif msg: # In case of warnings, msg is non-empty while ret_val remains True output_objects.append({'object_type': 'warning', 'text': msg}) # don't add if already in vgrid or parent vgrid unless rank is given if rank is None and vgrid_is_resource(vgrid_name, unique_resource_name, configuration): output_objects.append({ 'object_type': 'error_text', 'text': '%s is already a resource in the %s' % (unique_resource_name, label) }) status = returnvalues.CLIENT_ERROR continue # don't add if already in subvgrid (list_status, subvgrids) = vgrid_list_subvgrids(vgrid_name, configuration) if not list_status: output_objects.append({ 'object_type': 'error_text', 'text': 'Error getting list of sub%ss: %s' % (label, subvgrids) }) status = returnvalues.SYSTEM_ERROR continue skip_entity = False for subvgrid in subvgrids: if vgrid_is_resource(subvgrid, unique_resource_name, configuration, recursive=False): output_objects.append({ 'object_type': 'error_text', 'text': '''%(res_name)s is already in a sub-%(vgrid_label)s (%(subvgrid)s). Please remove the resource from the sub-%(vgrid_label)s and try again''' % { 'res_name': unique_resource_name, 'subvgrid': subvgrid, 'vgrid_label': label } }) status = returnvalues.CLIENT_ERROR skip_entity = True break if skip_entity: continue # Check if only rank change was requested and apply if so if rank is not None: (add_status, add_msg) = vgrid_add_resources(configuration, vgrid_name, [unique_resource_name], rank=rank) if not add_status: output_objects.append({ 'object_type': 'error_text', 'text': add_msg }) status = returnvalues.SYSTEM_ERROR else: output_objects.append({ 'object_type': 'text', 'text': 'changed %s to resource %d' % (res_id, rank) }) # No further action after rank change as everything else exists continue # Getting here means res_id is neither resource of any parent or # sub-vgrids. # Please note that base_dir must end in slash to avoid access to other # vgrid dirs when own name is a prefix of another name base_dir = os.path.abspath(configuration.vgrid_home + os.sep + vgrid_name) + os.sep resources_file = base_dir + 'resources' # Add to list and pickle (add_status, add_msg) = vgrid_add_resources(configuration, vgrid_name, [unique_resource_name]) if not add_status: output_objects.append({ 'object_type': 'error_text', 'text': '%s' % add_msg }) status = returnvalues.SYSTEM_ERROR continue res_id_added.append(unique_resource_name) if request_name: request_dir = os.path.join(configuration.vgrid_home, vgrid_name) if not delete_access_request(configuration, request_dir, request_name): logger.error("failed to delete res request for %s in %s" % (vgrid_name, request_name)) output_objects.append({ 'object_type': 'error_text', 'text': 'Failed to remove saved request for %s in %s!' % (vgrid_name, request_name) }) if res_id_added: output_objects.append({ 'object_type': 'html_form', 'text': 'New resource(s)<br />%s<br />successfully added to %s %s!' '' % ('<br />'.join(res_id_added), vgrid_name, label) }) res_id_fields = '' for res_id in res_id_added: res_id_fields += """ <input type=hidden name=unique_resource_name value='%s' />""" % res_id form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = { 'vgrid_name': vgrid_name, 'unique_resource_name': unique_resource_name, 'protocol': any_protocol, 'short_title': configuration.short_title, 'vgrid_label': label, 'res_id_fields': res_id_fields, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit } target_op = 'sendrequestaction' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) output_objects.append({ 'object_type': 'html_form', 'text': """ <form method='%(form_method)s' action='%(target_op)s.py'> <input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' /> <input type=hidden name=request_type value='vgridaccept' /> <input type=hidden name=vgrid_name value='%(vgrid_name)s' /> %(res_id_fields)s <input type=hidden name=protocol value='%(protocol)s' /> <table> <tr> <td class='title'>Custom message to resource owners</td> </tr><tr> <td><textarea name=request_text cols=72 rows=10> We have granted your %(unique_resource_name)s resource access to our %(vgrid_name)s %(vgrid_label)s. You can assign it to accept jobs from the %(vgrid_name)s %(vgrid_label)s from your Resources page on %(short_title)s. Regards, the %(vgrid_name)s %(vgrid_label)s owners </textarea></td> </tr> <tr> <td><input type='submit' value='Inform owners' /></td> </tr> </table> </form> <br /> """ % fill_helpers }) output_objects.append({ 'object_type': 'link', 'destination': 'adminvgrid.py?vgrid_name=%s' % vgrid_name, 'text': 'Back to administration for %s' % vgrid_name }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Frozen Archives' (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) operation = accepted['operation'][-1] caching = (accepted['caching'][-1].lower() in ('true', 'yes')) if not configuration.site_enable_freeze: output_objects.append({ 'object_type': 'text', 'text': '''Freezing archives is disabled on this site. Please contact the site admins %s if you think it should be enabled. ''' % configuration.admin_email }) return (output_objects, returnvalues.OK) if not operation in allowed_operations: output_objects.append({ 'object_type': 'text', 'text': '''Operation must be one of %s.''' % ', '.join(allowed_operations) }) return (output_objects, returnvalues.OK) logger.info("%s %s begin for %s" % (op_name, operation, client_id)) if operation in show_operations: # jquery support for tablesorter and confirmation on delete # table initially sorted by col. 5 (State), 3 (Created date), 2 (name) if client_id in configuration.site_freeze_admins: permanent_flavors = [] else: permanent_flavors = configuration.site_permanent_freeze # NOTE: We distinguish between caching on page load and forced refresh refresh_helper = 'ajax_freezedb(%s, "%s", %%s)' # NOTE: must insert permanent_flavors list as string here refresh_call = refresh_helper % (str(permanent_flavors), keyword_final) table_spec = { 'table_id': 'frozenarchivetable', 'sort_order': '[[5,1],[3,1],[2,0]]', 'refresh_call': refresh_call % 'false' } (add_import, add_init, add_ready) = man_base_js(configuration, [table_spec]) if operation == "show": add_ready += '%s;' % (refresh_call % 'true') title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({ 'object_type': 'html_form', 'text': man_base_html(configuration) }) output_objects.append({ 'object_type': 'header', 'text': 'Frozen Archives' }) output_objects.append({ 'object_type': 'text', 'text': '''Frozen archives are write-once collections of files used e.g. in relation to conference paper submissions. Please note that local policies may prevent users from deleting frozen archives without explicit acceptance from the management. ''' }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Existing frozen archives' }) # Helper form for removes form_method = 'post' csrf_limit = get_csrf_limit(configuration) target_op = 'deletefreeze' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper( 'delfreeze', '%s.py' % target_op, { 'freeze_id': '__DYNAMIC__', 'flavor': '__DYNAMIC__', 'target': TARGET_ARCHIVE, csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) output_objects.append({ 'object_type': 'table_pager', 'entry_name': 'frozen archives', 'default_entries': default_pager_entries }) frozenarchives, pending_updates = [], False if operation in list_operations: logger.info("list frozen archives with caching %s" % caching) # NOTE: we do NOT enforce creator match here as edituser can't update # without breaking any published archives (list_status, ret) = list_frozen_archives(configuration, client_id, strict_owner=False, caching=caching) if not list_status: logger.error("%s: failed for '%s': %s" % (op_name, client_id, ret)) output_objects.append({'object_type': 'error_text', 'text': ret}) return (output_objects, returnvalues.SYSTEM_ERROR) # NOTE: use simple pending check if caching to avoid lock during update if caching: pending_updates = pending_archives_update(configuration, client_id) else: pending_updates = False if pending_updates: logger.debug("found pending cache updates: %s" % pending_updates) else: logger.debug("no pending cache updates") logger.debug("%s %s: building list of archives" % (op_name, operation)) for freeze_id in ret: # TODO: add file count to meta and switch here # (load_status, freeze_dict) = get_frozen_meta(client_id, freeze_id, # configuration) (load_status, freeze_dict) = get_frozen_archive(client_id, freeze_id, configuration, checksum_list=[], caching=caching) if not load_status: logger.error("%s: load failed for '%s': %s" % (op_name, freeze_id, freeze_dict)) output_objects.append({ 'object_type': 'error_text', 'text': 'Could not read details for "%s"' % freeze_id }) return (output_objects, returnvalues.SYSTEM_ERROR) freeze_item = build_freezeitem_object(configuration, freeze_dict, summary=True) freeze_id = freeze_item['id'] flavor = freeze_item.get('flavor', 'freeze') # Users may view all their archives freeze_item['viewfreezelink'] = { 'object_type': 'link', 'destination': "showfreeze.py?freeze_id=%s;flavor=%s" % (freeze_id, flavor), 'class': 'infolink iconspace', 'title': 'View frozen archive %s' % freeze_id, 'text': '' } # Users may edit pending archives if freeze_item['state'] != keyword_final: freeze_item['editfreezelink'] = { 'object_type': 'link', 'destination': "adminfreeze.py?freeze_id=%s" % freeze_id, 'class': 'adminlink iconspace', 'title': 'Edit archive %s' % freeze_id, 'text': '' } # Users may delete pending or non permanent archives. # Freeze admins may delete all their own archives. if freeze_item['state'] != keyword_final or \ flavor not in configuration.site_permanent_freeze or \ client_id in configuration.site_freeze_admins: freeze_item['delfreezelink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s', %s, %s);" % ('delfreeze', 'Really remove %s?' % freeze_id, 'undefined', "{freeze_id: '%s', flavor: '%s'}" % (freeze_id, flavor)), 'class': 'removelink iconspace', 'title': 'Remove %s' % freeze_id, 'text': '' } frozenarchives.append(freeze_item) logger.debug("%s %s: inserting list of %d archives" % (op_name, operation, len(frozenarchives))) output_objects.append({ 'object_type': 'frozenarchives', 'frozenarchives': frozenarchives, 'pending_updates': pending_updates }) if operation in show_operations: output_objects.append({ 'object_type': 'sectionheader', 'text': 'Additional Frozen Archives' }) output_objects.append({ 'object_type': 'text', 'text': """ You can create frozen snapshots/archives of particular subsets of your data in order to make sure a verbatim copy is preserved. The freeze archive method includes support for persistent publishing, so that you can e.g. reference your data in publications. Backup archives can be used as a basic backup mechanism, so that you can manually recover from any erroneous file removals.""" }) output_objects.append({ 'object_type': 'html_form', 'text': """<p> Choose one of the archive methods below to make a manual archive: </p> <p>""" }) output_objects.append({ 'object_type': 'link', 'destination': 'adminfreeze.py?flavor=freeze', 'class': 'addlink iconspace', 'title': 'Make a new freeze archive of e.g. ' 'research data to be published', 'text': 'Create a new freeze archive' }) output_objects.append({'object_type': 'html_form', 'text': '</p><p>'}) output_objects.append({ 'object_type': 'link', 'destination': 'adminfreeze.py?flavor=backup', 'class': 'addlink iconspace', 'title': 'Make a new backup archive of %s data' % configuration.short_title, 'text': 'Create a new backup archive' }) output_objects.append({ 'object_type': 'html_form', 'text': "<br/><br/></p>" }) if configuration.site_enable_duplicati: output_objects.append({ 'object_type': 'text', 'text': ''' Alternatively you can use Duplicati for traditional incremental backup/restore with optional encryption of all your backup contents.''' }) output_objects.append({ 'object_type': 'html_form', 'text': """ <p>For further details please refer to the """ }) output_objects.append({ 'object_type': 'link', 'destination': 'setup.py?topic=duplicati', 'class': '', 'title': 'Open Duplicati settings', 'text': 'Duplicati Settings' }) output_objects.append({ 'object_type': 'html_form', 'text': """ and the %s documentation.<br/><br/></p>""" % configuration.short_title }) if configuration.site_enable_seafile: output_objects.append({ 'object_type': 'text', 'text': ''' We recommend our Seafile sync solution for any small or medium sized data sets, for which you want automatic file versioning and easy roll-back support.''' }) output_objects.append({ 'object_type': 'html_form', 'text': """ <p>For further details please refer to the """ }) output_objects.append({ 'object_type': 'link', 'destination': 'setup.py?topic=seafile', 'class': '', 'title': 'Open Seafile settings', 'text': 'Seafile Settings' }) output_objects.append({ 'object_type': 'html_form', 'text': """ and the %s documentation.</p>""" % configuration.short_title }) logger.info("%s %s end for %s" % (op_name, operation, client_id)) return (output_objects, returnvalues.OK)
def validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects, require_user=True, filter_values=None, environ=None, typecheck_overrides={}, ): """A wrapper used by most back end functionality - redirects to sign up if client_id is missing. The optional typecheck_overrides dictionary is passed directly to the base validate_input and can be used to loosen input validation. Please refer to the validate_input doc. """ logger = configuration.logger if environ is None: environ = os.environ creds_error = '' pending_expire, account_expire = True, 0 account_accessible, account_status = True, 'active' user_dict = None if not client_id: creds_error = "Invalid or missing user credentials" elif require_user and not is_user(client_id, configuration.mig_server_home): creds_error = "No such user (%s)" % client_id else: (account_accessible, account_status, _) = check_account_status(configuration, client_id) if not account_accessible: creds_error = "User account is %s!" % account_status else: # Attempt auto renew if past or close to the time account expires (pending_expire, account_expire, _) = check_update_account_expire(configuration, client_id, environ) if not pending_expire: creds_error = "User account expired!" # NOTE: users with a certificate but without an account can use extcert. # Expired users can still log out or use their login to access the # (unprivileged) account request pages to renew their account with # auto-fill of fields. if creds_error and not os.path.basename(requested_page()) in \ ['logout.py', 'autologout.py', 'reqoid.py', 'reqcert.py', 'extcert.py']: # Simple init to get page preamble even where initialize_main_variables # was called with most things disabled because no or limited direct # output was expected. title = find_entry(output_objects, 'title') if not title: output_objects.append( make_title_entry('Account Error', skipmenu=True, skipwidgets=True, skipuserstyle=True, skipuserprofile=True)) else: title['text'] = 'Account Error' output_objects.append(make_header_entry('Account Error')) output_objects.append({ 'object_type': 'error_text', 'text': creds_error }) if configuration.site_enable_gdp: main_url = get_site_base_url(configuration) output_objects.append({ 'object_type': 'text', 'text': '''Apparently you do not have access to this page, please return to:''' }) output_objects.append({ 'object_type': 'link', 'text': main_url, 'destination': main_url }) else: # Redirect to sign-up cert page trying to guess relevant choices signup_url = os.path.join(configuration.migserver_https_sid_url, 'cgi-sid', 'signup.py') signup_query = '' if not client_id: output_objects.append({ 'object_type': 'text', 'text': '''Apparently you do not already have access to %s, but you can sign up:''' % configuration.short_title }) output_objects.append({ 'object_type': 'link', 'text': '%s sign up page' % configuration.short_title, 'destination': signup_url + signup_query }) output_objects.append({ 'object_type': 'text', 'text': '''If you already signed up and received a user certificate you probably just need to import it in your browser.''' }) else: if not account_accessible: output_objects.append({ 'object_type': 'text', 'text': '''Please contact the %s admins about access: %s''' % (configuration.short_title, configuration.admin_email) }) elif not pending_expire: output_objects.append({ 'object_type': 'text', 'text': '''You probably just need to renew %s account access by repeating the steps on the''' % configuration.short_title }) else: output_objects.append({ 'object_type': 'text', 'text': '''Apparently you already have suitable credentials and just need to sign up for a local %s account on the''' % configuration.short_title }) base_url = extract_base_url(configuration, environ) if base_url == configuration.migserver_https_ext_cert_url and \ 'extcert' in configuration.site_login_methods: signup_query = '?show=extcert' elif base_url in (configuration.migserver_https_ext_oid_url, configuration.migserver_https_mig_oid_url): # Force logout/expire session cookie here to support signup (oid_db, identity) = extract_client_openid(configuration, environ, lookup_dn=False) if oid_db and identity: logger.info("openid expire user %s in %s" % (identity, oid_db)) (success, _) = expire_oid_sessions(configuration, oid_db, identity) if oid_db == auth_openid_ext_db and \ 'extoid' in configuration.site_signup_methods: signup_query = '?show=extoid' else: logger.error("unknown migoid client_id %s on %s" % (client_id, base_url)) else: logger.warning("unexpected client_id %s on %s" % (client_id, base_url)) output_objects.append({ 'object_type': 'link', 'text': '%s sign up page' % configuration.short_title, 'destination': signup_url + signup_query }) return (False, output_objects) (status, retval) = validate_input(user_arguments_dict, defaults, output_objects, allow_rejects, filter_values, typecheck_overrides=typecheck_overrides) return (status, retval)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) client_dir = client_id_dir(client_id) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) logger.debug("User: %s executing %s", client_id, op_name) if not configuration.site_enable_cloud: output_objects.append( {'object_type': 'error_text', 'text': 'The cloud service is not enabled on the system'}) return (output_objects, returnvalues.SYSTEM_ERROR) status = returnvalues.OK user_map = get_full_user_map(configuration) user_dict = user_map.get(client_id, None) # Optional limitation of cloud access permission if not user_dict or not cloud_access_allowed(configuration, user_dict): output_objects.append( {'object_type': 'error_text', 'text': "You don't have permission to access the cloud facilities on " "this site"}) return (output_objects, returnvalues.CLIENT_ERROR) services = configuration.cloud_services # Show cloud services menu (add_import, add_init, add_ready) = man_base_js(configuration, []) add_init += ''' function get_instance_id() { console.log("in get_instance_id"); console.log("found val: "+$("#select-instance-id").val()); return $("#select-instance-id").val(); } function get_instance_label() { console.log("in get_instance_label"); console.log("found val: "+$("#select-instance-id > option:selected").text()); return $("#select-instance-id > option:selected").text(); } ''' add_ready += ''' /* NOTE: requires managers CSS fix for proper tab bar height */ $(".cloud-tabs").tabs(); ''' title_entry = find_entry(output_objects, 'title') title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({'object_type': 'html_form', 'text': man_base_html(configuration)}) output_objects.append({'object_type': 'header', 'text': 'Select a Cloud Service'}) fill_helpers = { 'cloud_tabs': ''.join(['<li><a href="#%s-tab">%s</a></li>' % (service['service_name'], service['service_title']) for service in services]) } output_objects.append({'object_type': 'html_form', 'text': ''' <div id="wrap-tabs" class="cloud-tabs"> <ul> %(cloud_tabs)s </ul> ''' % fill_helpers}) form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = {'site': configuration.short_title, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit} target_op = 'reqcloudservice' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) action_list = [('start', 'Start'), ('stop', 'Stop'), ('softrestart', 'Soft boot'), ('hardrestart', 'Hard boot'), ('status', 'Status'), # NOTE: expose console on status page #('webaccess', 'Console'), ('updatekeys', 'Set keys on'), ('create', 'Create'), ('delete', 'Delete')] # Delete instance form helper shared for all cloud services helper = html_post_helper("%s" % target_op, '%s.py' % target_op, {'instance_id': '__DYNAMIC__', 'service': '__DYNAMIC__', 'action': 'delete', csrf_field: csrf_token}) output_objects.append({'object_type': 'html_form', 'text': helper}) for service in services: logger.debug("service: %s" % service) cloud_id = service['service_name'] cloud_title = service['service_title'] rules_of_conduct = service['service_rules_of_conduct'] cloud_flavor = service.get("service_provider_flavor", "openstack") output_objects.append({'object_type': 'html_form', 'text': ''' <div id="%s-tab"> ''' % cloud_id}) if service['service_desc']: output_objects.append({'object_type': 'sectionheader', 'text': 'Service Description'}) output_objects.append({'object_type': 'html_form', 'text': ''' <div class="cloud-description"> <span>%s</span> </div> ''' % service['service_desc']}) output_objects.append({'object_type': 'html_form', 'text': ''' <br/> '''}) if not check_cloud_available(configuration, client_id, cloud_id, cloud_flavor): logger.error("Failed to connect to cloud: %s" % cloud_id) output_objects.append( {'object_type': 'error_text', 'text': 'The %s cloud service is currently unavailable' % \ cloud_title}) output_objects.append({'object_type': 'html_form', 'text': ''' </div> '''}) status = returnvalues.SYSTEM_ERROR continue # Lookup user-specific allowed images (colon-separated image names) allowed_images = allowed_cloud_images(configuration, client_id, cloud_id, cloud_flavor) if not allowed_images: output_objects.append({ 'object_type': 'error_text', 'text': "No valid instance images for %s" % cloud_title}) output_objects.append({'object_type': 'html_form', 'text': ''' </div> '''}) continue fill_helpers.update({'cloud_id': cloud_id, 'cloud_title': cloud_title, 'target_op': target_op, 'rules_of_conduct': rules_of_conduct}) delete_html = "" # Manage existing instances saved_instances = cloud_load_instance(configuration, client_id, cloud_id, keyword_all) saved_fields = ['INSTANCE_IMAGE'] instance_fields = ['public_fqdn', 'status'] status_map = status_all_cloud_instances( configuration, client_id, cloud_id, cloud_flavor, saved_instances.keys(), instance_fields) # TODO: halfwidth styling does not really work on select elements delete_html += """ <div class='cloud-instance-delete fillwidth'> <h3>Permanently delete a %(cloud_title)s cloud instance</h3> <form class='delete-cloud-instance' target='#'> <p class='cloud-instance-input fillwidth'> <label class='fieldlabel halfwidth'>Instance</label> <span class='halfwidth'> <select id='select-instance-id' class='styled-select html-select halfwidth padspace' name='instance_id'> """ % fill_helpers output_objects.append({'object_type': 'html_form', 'text': """ <div class='cloud-management fillwidth'> <h3>Manage %(cloud_title)s instances</h3> <br/> <div class='cloud-instance-grid'> <div class='cloud-instance-grid-left'> <label class='fieldlabel fieldheader'>Name</label> </div> <div class='cloud-instance-grid-middle'> <label class='fieldlabel fieldheader'>Instance Details</label> </div> <div class='cloud-instance-grid-right'> <label class='fieldlabel fieldheader'>Actions</label> </div> """ % fill_helpers}) for (instance_id, instance_dict) in saved_instances.items(): instance_label = instance_dict.get('INSTANCE_LABEL', instance_id) logger.debug("Management entries for %s %s cloud instance %s" % (client_id, cloud_id, instance_id)) instance_html = """ <div class='cloud-instance-grid-left'> <label class='fieldlabel'>%s</label> </div> <div class='cloud-instance-grid-middle'> """ % instance_label for field in saved_fields: field_val = saved_instances[instance_id].get(field, "-") if field == 'INSTANCE_IMAGE': for (img_name, _, img_alias) in allowed_images: if img_name == field_val: field_val = img_alias instance_html += """ <span class='fieldstatus entry leftpad'>%s</span> """ % field_val for field in instance_fields: field_val = status_map[instance_id].get(field, "-") instance_html += """ <span class='fieldstatus entry leftpad'>%s</span> """ % field_val instance_html += """ </div> <div class='cloud-instance-grid-right'> """ output_objects.append({'object_type': 'html_form', 'text': instance_html}) for (action, title) in action_list: if action in cloud_edit_actions: continue query = 'action=%s;service=%s;instance_id=%s' % \ (action, cloud_id, instance_id) url = 'reqcloudservice.py?%s' % query #output_service = { # 'object_type': 'service', # 'name': "%s" % title, # 'targetlink': url #} #output_objects.append(output_service) output_objects.append({ 'object_type': 'link', 'destination': url, 'text': title, 'class': 'ui-button', 'title': '%s %s' % (title, instance_label)}) output_objects.append({'object_type': 'html_form', 'text': """ </div> """}) delete_html += """<option value='%s'>%s</option> """ % (instance_id, instance_label) output_objects.append({'object_type': 'html_form', 'text': """ </div> </div> """}) delete_html += """ </select> </span> </p> <p class='fillwidth'> <input type='submit' value='Delete Instance' onClick='javascript:confirmDialog(%(target_op)s, \"Really permanently delete your %(cloud_title)s \"+get_instance_label()+\" instance including all local data?\", undefined, {instance_id: get_instance_id(), service: \"%(cloud_id)s\"}); return false;' /> </p> </form> </div> """ % fill_helpers # Create new instance create_html = """ <div class='cloud-instance-create fillwidth'> <h3>Create a new %(cloud_title)s cloud instance</h3> <form class='create_cloud_instance' method='%(form_method)s' action='%(target_op)s.py'> <input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' /> <input type='hidden' name='service' value='%(cloud_id)s' /> <input type='hidden' name='action' value='create' /> <p class='cloud-instance-input fillwidth'> <label class='fieldlabel halfwidth'>Label</label> <span class='halfwidth'> <input class='halfwidth padspace' type='text' name='instance_label' value='' /> </span> </p> <p class='cloud-instance-input fillwidth'> <label class='fieldlabel halfwidth'>Image</label> <span class='halfwidth'> <select class='styled-select html-select halfwidth padspace' name='instance_image'> """ for (image_name, _, image_alias) in allowed_images: create_html += """<option value='%s'>%s</option> """ % (image_name, image_alias) create_html += """ </select> </span> </p> <p class='cloud-instance-input fillwidth'> <label class='fieldlabel halfwidth'> Accept <a href='%(rules_of_conduct)s'>Cloud Rules of Conduct</a> </label> <span class='halfwidth'> <label class='switch'> <input type='checkbox' mandatory name='accept_terms'> <span class='slider round'></span></label> </span> </p> <p class='fillwidth'> <input type='submit' value='Create Instance' /> </p> </form> </div> """ output_objects.append({'object_type': 'html_form', 'text': create_html % fill_helpers}) if saved_instances: output_objects.append({'object_type': 'html_form', 'text': delete_html % fill_helpers}) output_objects.append({'object_type': 'html_form', 'text': ''' </div> '''}) output_objects.append({'object_type': 'html_form', 'text': ''' </div> '''}) return (output_objects, status)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) client_dir = client_id_dir(client_id) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) action = accepted['action'][-1] transfer_id = accepted['transfer_id'][-1] protocol = accepted['protocol'][-1] fqdn = accepted['fqdn'][-1] port = accepted['port'][-1] src_list = accepted['transfer_src'] dst = accepted['transfer_dst'][-1] username = accepted['username'][-1] password = accepted['transfer_pw'][-1] key_id = accepted['key_id'][-1] # Skip empty exclude entries as they break backend calls exclude_list = [i for i in accepted['exclude'] if i] notify = accepted['notify'][-1] compress = accepted['compress'][-1] flags = accepted['flags'] anon_checked, pw_checked, key_checked = '', '', '' if username: if key_id: key_checked = 'checked' init_login = "******" else: pw_checked = 'checked' init_login = "******" else: anon_checked = 'checked' init_login = "******" use_compress = False if compress.lower() in ("true", "1", "yes", "on"): use_compress = True title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Background Data Transfers' title_entry['container_class'] = 'fillwidth', # jquery support for tablesorter and confirmation on delete/redo: # datatransfer and key tables initially sorted by 0 (id) */ datatransfer_spec = { 'table_id': 'datatransferstable', 'pager_id': 'datatransfers_pager', 'sort_order': '[[0,0]]' } transferkey_spec = { 'table_id': 'transferkeystable', 'pager_id': 'transferkeys_pager', 'sort_order': '[[0,0]]' } (add_import, add_init, add_ready) = man_base_js(configuration, [datatransfer_spec, transferkey_spec]) add_init += ''' var fields = 0; var max_fields = 20; var src_input = "<label for=\'transfer_src\'>Source path(s)</label>"; src_input += "<input id=\'src_FIELD\' type=text size=60 name=transfer_src value=\'PATH\' title=\'relative source path: local for exports and remote for imports\' />"; src_input += "<input id=\'src_file_FIELD\' type=radio onclick=\'setSrcDir(FIELD, false);\' checked />Source file"; src_input += "<input id=\'src_dir_FIELD\' type=radio onclick=\'setSrcDir(FIELD, true);\' />Source directory (recursive)"; src_input += "<br />"; var exclude_input = "<label for=\'exclude\'>Exclude path(s)</label>"; exclude_input += "<input type=text size=60 name=exclude value=\'PATH\' title=\'relative path or regular expression to exclude\' />"; exclude_input += "<br />"; function addSource(path, is_dir) { if (path === undefined) { path = ""; } if (is_dir === undefined) { is_dir = false; } if (fields < max_fields) { $("#srcfields").append(src_input.replace(/FIELD/g, fields).replace(/PATH/g, path)); setSrcDir(fields, is_dir); fields += 1; } else { alert("Maximum " + max_fields + " source fields allowed!"); } } function addExclude(path) { if (path === undefined) { path = ""; } $("#excludefields").append(exclude_input.replace(/PATH/g, path)); } function setDir(target, field_no, is_dir) { var id_prefix = "#"+target+"_"; var input_id = id_prefix+field_no; var file_id = id_prefix+"file_"+field_no; var dir_id = id_prefix+"dir_"+field_no; var value = $(input_id).val(); $(file_id).prop("checked", ""); $(dir_id).prop("checked", ""); if (is_dir) { $(dir_id).prop("checked", "checked"); if(value.substr(-1) != "/") { value += "/"; } } else { $(file_id).prop("checked", "checked"); if(value.substr(-1) == "/") { value = value.substr(0, value.length - 1); } } $(input_id).val(value); return false; } function setSrcDir(field_no, is_dir) { return setDir("src", field_no, is_dir); } function setDstDir(field_no, is_dir) { return setDir("dst", field_no, is_dir); } function refreshSrcDir(field_no) { var dir_id = "#src_dir_"+field_no; var is_dir = $(dir_id).prop("checked"); return setSrcDir(field_no, is_dir); } function refreshDstDir(field_no) { var dir_id = "#dst_dir_"+field_no; var is_dir = $(dir_id).prop("checked"); return setDstDir(field_no, is_dir); } function setDefaultPort() { port_map = {"http": 80, "https": 443, "sftp": 22, "scp": 22, "ftp": 21, "ftps": 21, "webdav": 80, "webdavs": 443, "rsyncssh": 22, "rsyncd": 873}; var protocol = $("#protocol_select").val(); var port = port_map[protocol]; if (port != undefined) { $("#port_input").val(port); } else { alert("no default port provided for "+protocol); } } function beforeSubmit() { for(var i=0; i < fields; i++) { refreshSrcDir(i); } refreshDstDir(0); // Proceed with submit return true; } function doSubmit() { $("#submit-request-transfer").click(); } function enableLogin(method) { $("#anonymous_choice").prop("checked", ""); $("#userpassword_choice").prop("checked", ""); $("#userkey_choice").prop("checked", ""); $("#username").prop("disabled", false); $("#password").prop("disabled", true); $("#key").prop("disabled", true); $("#login_fields").show(); $("#password_entry").hide(); $("#key_entry").hide(); if (method == "password") { $("#userpassword_choice").prop("checked", "checked"); $("#password").prop("disabled", false); $("#password_entry").show(); } else if (method == "key") { $("#userkey_choice").prop("checked", "checked"); $("#key").prop("disabled", false); $("#key_entry").show(); } else { $("#anonymous_choice").prop("checked", "checked"); $("#username").prop("disabled", true); $("#login_fields").hide(); } } ''' # Mangle ready handling to begin with dynamic init and end with tab init pre_ready = ''' enableLogin("%s"); ''' % init_login for src in src_list or ['']: pre_ready += ''' addSource("%s", %s); ''' % (src, ("%s" % src.endswith('/')).lower()) for exclude in exclude_list or ['']: pre_ready += ''' addExclude("%s"); ''' % exclude add_ready = ''' %s %s /* NOTE: requires managers CSS fix for proper tab bar height */ $(".datatransfer-tabs").tabs(); $("#logarea").scrollTop($("#logarea")[0].scrollHeight); ''' % (pre_ready, add_ready) title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({ 'object_type': 'html_form', 'text': man_base_html(configuration) }) output_objects.append({ 'object_type': 'header', 'text': 'Manage background data transfers' }) if not configuration.site_enable_transfers: output_objects.append({ 'object_type': 'text', 'text': '''Backgroung data transfers are disabled on this site. Please contact the site admins %s if you think they should be enabled. ''' % configuration.admin_email }) return (output_objects, returnvalues.OK) logger.info('datatransfer %s from %s' % (action, client_id)) if not action in valid_actions: output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid action "%s" (supported: %s)' % (action, ', '.join(valid_actions)) }) return (output_objects, returnvalues.CLIENT_ERROR) if action in post_actions: if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) (load_status, transfer_map) = load_data_transfers(configuration, client_id) if not load_status: transfer_map = {} restrict_list = [] for from_fqdn in configuration.site_transfers_from: restrict_list += [from_fqdn, socket.gethostbyname(from_fqdn)] restrict_str = 'from="%s",no-pty,' % ','.join(restrict_list) restrict_str += 'no-port-forwarding,no-agent-forwarding,no-X11-forwarding' restrict_template = ''' As usual it is a good security measure to prepend a <em>from</em> restriction when you know the key will only be used from a single location.<br/> In this case the keys will only ever be used from %s and will not need much else, so the public key can be inserted in your authorized_keys file as: <br/> <p> <textarea class="publickey" rows="5" readonly="readonly">%s %%s</textarea> </p> ''' % (configuration.short_title, restrict_str) form_method = 'post' csrf_limit = get_csrf_limit(configuration) target_op = 'datatransfer' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) if action in get_actions: datatransfers = [] for (saved_id, transfer_dict) in transfer_map.items(): transfer_item = build_transferitem_object(configuration, transfer_dict) transfer_item['status'] = transfer_item.get('status', 'NEW') data_url = '' # NOTE: we need to urlencode any exotic chars in paths here if transfer_item['action'] == 'import': enc_path = quote(("%(dst)s" % transfer_item)) data_url = "fileman.py?path=%s" % enc_path elif transfer_item['action'] == 'export': enc_paths = [quote(i) for i in transfer_item['src']] data_url = "fileman.py?path=" + ';path='.join(enc_paths) if data_url: transfer_item['viewdatalink'] = { 'object_type': 'link', 'destination': data_url, 'class': 'viewlink iconspace', 'title': 'View local component of %s' % saved_id, 'text': '' } transfer_item['viewoutputlink'] = { 'object_type': 'link', 'destination': "fileman.py?path=transfer_output/%s/" % saved_id, 'class': 'infolink iconspace', 'title': 'View status files for %s' % saved_id, 'text': '' } # Edit is just a call to self with fillimport set args = [('action', 'fill%(action)s' % transfer_dict), ('key_id', '%(key)s' % transfer_dict), ('transfer_dst', '%(dst)s' % transfer_dict)] for src in transfer_dict['src']: args.append(('transfer_src', src)) for exclude in transfer_dict.get('exclude', []): args.append(('exclude', exclude)) for field in edit_fields: val = transfer_dict.get(field, '') args.append((field, val)) transfer_args = urlencode(args, True) transfer_item['edittransferlink'] = { 'object_type': 'link', 'destination': "%s.py?%s" % (target_op, transfer_args), 'class': 'editlink iconspace', 'title': 'Edit or duplicate transfer %s' % saved_id, 'text': '' } js_name = 'delete%s' % hexlify(saved_id) helper = html_post_helper( js_name, '%s.py' % target_op, { 'transfer_id': saved_id, 'action': 'deltransfer', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) transfer_item['deltransferlink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s');" % (js_name, 'Really remove %s?' % saved_id), 'class': 'removelink iconspace', 'title': 'Remove %s' % saved_id, 'text': '' } js_name = 'redo%s' % hexlify(saved_id) helper = html_post_helper( js_name, '%s.py' % target_op, { 'transfer_id': saved_id, 'action': 'redotransfer', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) transfer_item['redotransferlink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s');" % (js_name, 'Really reschedule %s?' % saved_id), 'class': 'refreshlink iconspace', 'title': 'Reschedule %s' % saved_id, 'text': '' } datatransfers.append(transfer_item) #logger.debug("found datatransfers: %s" % datatransfers) log_path = os.path.join(configuration.user_home, client_id_dir(client_id), "transfer_output", configuration.site_transfer_log) show_lines = 40 log_lines = read_tail(log_path, show_lines, logger) available_keys = load_user_keys(configuration, client_id) if available_keys: key_note = '' else: key_note = '''No keys available - you can add a key for use in transfers below.''' if action.endswith('import'): transfer_action = 'import' elif action.endswith('export'): transfer_action = 'export' else: transfer_action = 'unknown' import_checked, export_checked = 'checked', '' toggle_quiet, scroll_to_create = '', '' if action in ['fillimport', 'fillexport']: if quiet(flags): toggle_quiet = ''' <script> $("#wrap-tabs").hide(); $("#quiet-mode-content").show(); </script> ''' scroll_to_create = ''' <script> $("html, body").animate({ scrollTop: $("#createtransfer").offset().top }, 2000); </script> ''' if action == 'fillimport': import_checked = 'checked' elif action == 'fillexport': export_checked = 'checked' import_checked = '' fill_helpers = { 'import_checked': import_checked, 'export_checked': export_checked, 'anon_checked': anon_checked, 'pw_checked': pw_checked, 'key_checked': key_checked, 'transfer_id': transfer_id, 'protocol': protocol, 'fqdn': fqdn, 'port': port, 'username': username, 'password': password, 'key_id': key_id, 'transfer_src_string': ', '.join(src_list), 'transfer_src': src_list, 'transfer_dst': dst, 'exclude': exclude_list, 'compress': use_compress, 'notify': notify, 'toggle_quiet': toggle_quiet, 'scroll_to_create': scroll_to_create, 'transfer_action': transfer_action, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit, 'target_op': target_op, 'csrf_token': csrf_token } # Make page with manage transfers tab and manage keys tab output_objects.append({ 'object_type': 'html_form', 'text': ''' <div id="quiet-mode-content" class="hidden"> <p> Accept data %(transfer_action)s of %(transfer_src_string)s from %(protocol)s://%(fqdn)s:%(port)s/ into %(transfer_dst)s ? </p> <p> <input type=button onClick="doSubmit();" value="Accept %(transfer_action)s" /> </p> </div> <div id="wrap-tabs" class="datatransfer-tabs"> <ul> <li><a href="#transfer-tab">Manage Data Transfers</a></li> <li><a href="#keys-tab">Manage Transfer Keys</a></li> </ul> ''' % fill_helpers }) # Display external transfers, log and form to add new ones output_objects.append({ 'object_type': 'html_form', 'text': ''' <div id="transfer-tab"> ''' }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'External Data Transfers' }) output_objects.append({ 'object_type': 'table_pager', 'id_prefix': 'datatransfers_', 'entry_name': 'transfers', 'default_entries': default_pager_entries }) output_objects.append({ 'object_type': 'datatransfers', 'datatransfers': datatransfers }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Latest Transfer Results' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' <textarea id="logarea" class="fillwidth" rows=5 readonly="readonly">%s</textarea> ''' % (''.join(log_lines)) }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Create External Data Transfer' }) transfer_html = ''' <table class="addexttransfer"> <tr><td> Fill in the import/export data transfer details below to request a new background data transfer task.<br/> Source must be a path without wildcard characters and it must be specifically pointed out if the src is a directory. In that case recursive transfer will automatically be used and otherwise the src is considered a single file, so it will fail if that is not the case.<br/> Destination is a single location directory to transfer the data to. It is considered in relation to your user home for <em>import</em> requests. Source is similarly considered in relation to your user home in <em>export</em> requests.<br/> Destination is a always handled as a directory path to transfer source files into.<br/> <form method="%(form_method)s" action="%(target_op)s.py" onSubmit="return beforeSubmit();"> <input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" /> <fieldset id="transferbox"> <table id="createtransfer" class="addexttransfer"> <tr><td> <label for="action">Action</label> <input type=radio name=action %(import_checked)s value="import" />import data <input type=radio name=action %(export_checked)s value="export" />export data </td></tr> <tr><td> <label for="transfer_id">Optional Transfer ID / Name </label> <input type=text size=60 name=transfer_id value="%(transfer_id)s" pattern="[a-zA-Z0-9._-]*" title="Optional ID string containing only ASCII letters and digits possibly with separators like hyphen, underscore and period" /> </td></tr> <tr><td> <label for="protocol">Protocol</label> <select id="protocol_select" class="protocol-select themed-select html-select" name="protocol" onblur="setDefaultPort();"> ''' # select requested protocol for (key, val) in valid_proto: if protocol == key: selected = 'selected' else: selected = '' transfer_html += '<option %s value="%s">%s</option>' % \ (selected, key, val) transfer_html += ''' </select> </td></tr> <tr><td> <label for="fqdn">Host and port</label> <input type=text size=37 name=fqdn value="%(fqdn)s" required pattern="[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+" title="A fully qualified domain name or Internet IP address for the remote location"/> <input id="port_input" type=number step=1 min=1 max=65535 name=port value="%(port)s" required /> </td></tr> <tr><td> <label for="">Login method</label> <input id="anonymous_choice" type=radio %(anon_checked)s onclick="enableLogin(\'anonymous\');" /> anonymous access <input id="userpassword_choice" type=radio %(pw_checked)s onclick="enableLogin(\'password\');" /> login with password <input id="userkey_choice" type=radio %(key_checked)s onclick="enableLogin(\'key\');" /> login with key </td></tr> <tr id="login_fields" style="display: none;"><td> <label for="username">Username</label> <input id="username" type=text size=60 name=username value="%(username)s" pattern="[a-zA-Z0-9._-]*" title="Optional username used to login on the remote site, if required" /> <br/> <span id="password_entry"> <label for="transfer_pw">Password</label> <input id="password" type=password size=60 name=transfer_pw value="" /> </span> <span id="key_entry"> <label for="key_id">Key</label> <select id="key" class="key-select themed-select html-select" name=key_id /> ''' # select requested key for key_dict in available_keys: if key_dict['key_id'] == key_id: selected = 'selected' else: selected = '' transfer_html += '<option %s value="%s">%s</option>' % \ (selected, key_dict['key_id'], key_dict['key_id']) selected = '' transfer_html += ''' </select> %s ''' % key_note transfer_html += ''' </span> </td></tr> <tr><td> <div id="srcfields"> <!-- NOTE: automatically filled by addSource function --> </div> <input id="addsrcbutton" type="button" onclick="addSource(); return false;" value="Add another source field" /> </td></tr> <tr><td> <label for="transfer_dst">Destination path</label> <input id=\'dst_0\' type=text size=60 name=transfer_dst value="%(transfer_dst)s" required title="relative destination path: local for imports and remote for exports" /> <input id=\'dst_dir_0\' type=radio checked />Destination directory <input id=\'dst_file_0\' type=radio disabled />Destination file<br /> </td></tr> <tr><td> <div id="excludefields"> <!-- NOTE: automatically filled by addExclude function --> </div> <input id="addexcludebutton" type="button" onclick="addExclude(); return false;" value="Add another exclude field" /> </td></tr> <tr><td> <label for="compress">Enable compression (leave unset except for <em>slow</em> sites)</label> <input type=checkbox name=compress> </td></tr> <tr><td> <label for="notify">Optional notify on completion (e.g. email address)</label> <input type=text size=60 name=notify value=\'%(notify)s\'> </td></tr> <tr><td> <span> <input id="submit-request-transfer" type=submit value="Request transfer" /> <input type=reset value="Clear" /> </span> </td></tr> </table> </fieldset> </form> </td> </tr> </table> %(toggle_quiet)s %(scroll_to_create)s ''' output_objects.append({ 'object_type': 'html_form', 'text': transfer_html % fill_helpers }) output_objects.append({ 'object_type': 'html_form', 'text': ''' </div> ''' }) # Display key management output_objects.append({ 'object_type': 'html_form', 'text': ''' <div id="keys-tab"> ''' }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Manage Data Transfer Keys' }) key_html = ''' <form method="%(form_method)s" action="%(target_op)s.py"> <input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" /> <table class="managetransferkeys"> <tr><td> ''' transferkeys = [] for key_dict in available_keys: key_item = build_keyitem_object(configuration, key_dict) saved_id = key_item['key_id'] js_name = 'delete%s' % hexlify(saved_id) helper = html_post_helper(js_name, '%s.py' % target_op, { 'key_id': saved_id, 'action': 'delkey', csrf_field: csrf_token }) output_objects.append({'object_type': 'html_form', 'text': helper}) key_item['delkeylink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s');" % (js_name, 'Really remove %s?' % saved_id), 'class': 'removelink iconspace', 'title': 'Remove %s' % saved_id, 'text': '' } transferkeys.append(key_item) output_objects.append({ 'object_type': 'table_pager', 'id_prefix': 'transferkeys_', 'entry_name': 'keys', 'default_entries': default_pager_entries }) output_objects.append({ 'object_type': 'transferkeys', 'transferkeys': transferkeys }) key_html += ''' Please copy the public key to your ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 file on systems where you want to login with the corresponding key.<br/> %s </td></tr> <tr><td> Select a name below to create a new key for use in future transfers. The key is generated and stored in a private storage area on %s, so that only the transfer service can access and use it for your transfers. </td></tr> <tr><td> <input type=hidden name=action value="generatekey" /> Key name:<br/> <input type=text size=60 name=key_id value="" required pattern="[a-zA-Z0-9._-]+" title="internal name for the key when used in transfers. I.e. letters and digits separated only by underscores, periods and hyphens" /> <br/> <input type=submit value="Generate key" /> </td></tr> </table> </form> ''' % (restrict_template % 'ssh-rsa AAAAB3NzaC...', configuration.short_title) output_objects.append({ 'object_type': 'html_form', 'text': key_html % fill_helpers }) output_objects.append({ 'object_type': 'html_form', 'text': ''' </div> ''' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' </div> ''' }) return (output_objects, returnvalues.OK) elif action in transfer_actions: # NOTE: all path validation is done at run-time in grid_transfers transfer_dict = transfer_map.get(transfer_id, {}) if action == 'deltransfer': if transfer_dict is None: output_objects.append({ 'object_type': 'error_text', 'text': 'existing transfer_id is required for delete' }) return (output_objects, returnvalues.CLIENT_ERROR) (save_status, _) = delete_data_transfer(configuration, client_id, transfer_id, transfer_map) desc = "delete" elif action == 'redotransfer': if transfer_dict is None: output_objects.append({ 'object_type': 'error_text', 'text': 'existing transfer_id is required for reschedule' }) return (output_objects, returnvalues.CLIENT_ERROR) transfer_dict['status'] = 'NEW' (save_status, _) = update_data_transfer(configuration, client_id, transfer_dict, transfer_map) desc = "reschedule" else: if not fqdn: output_objects.append({ 'object_type': 'error_text', 'text': 'No host address provided!' }) return (output_objects, returnvalues.CLIENT_ERROR) if not [src for src in src_list if src] or not dst: output_objects.append({ 'object_type': 'error_text', 'text': 'transfer_src and transfer_dst parameters ' 'required for all data transfers!' }) return (output_objects, returnvalues.CLIENT_ERROR) if protocol == "rsyncssh" and not key_id: output_objects.append({ 'object_type': 'error_text', 'text': 'RSYNC over SSH is only supported with key!' }) return (output_objects, returnvalues.CLIENT_ERROR) if not password and not key_id and protocol in warn_anon: output_objects.append({ 'object_type': 'warning', 'text': ''' %s transfers usually require explicit authentication with your credentials. Proceeding as requested with anonymous login, but the transfer is likely to fail.''' % valid_proto_map[protocol] }) if key_id and protocol in warn_key: output_objects.append({ 'object_type': 'warning', 'text': ''' %s transfers usually only support authentication with username and password rather than key. Proceeding as requested, but the transfer is likely to fail if it really requires login.''' % valid_proto_map[protocol] }) # Make pseudo-unique ID based on msec time since epoch if not given if not transfer_id: transfer_id = "transfer-%d" % (time.time() * 1000) if transfer_dict: desc = "update" else: desc = "create" if password: # We don't want to store password in plain text on disk password_digest = make_digest('datatransfer', client_id, password, configuration.site_digest_salt) else: password_digest = '' transfer_dict.update({ 'transfer_id': transfer_id, 'action': action, 'protocol': protocol, 'fqdn': fqdn, 'port': port, 'username': username, 'password_digest': password_digest, 'key': key_id, 'src': src_list, 'dst': dst, 'exclude': exclude_list, 'compress': use_compress, 'notify': notify, 'status': 'NEW' }) (save_status, _) = create_data_transfer(configuration, client_id, transfer_dict, transfer_map) if not save_status: output_objects.append({ 'object_type': 'error_text', 'text': 'Error in %s data transfer %s: ' % (desc, transfer_id) + 'save updated transfers failed!' }) return (output_objects, returnvalues.CLIENT_ERROR) output_objects.append({ 'object_type': 'text', 'text': '%sd transfer request %s.' % (desc.title(), transfer_id) }) if action != 'deltransfer': output_objects.append({ 'object_type': 'link', 'destination': "fileman.py?path=transfer_output/%s/" % transfer_id, 'title': 'Transfer status and output', 'text': 'Transfer status and output folder' }) output_objects.append({ 'object_type': 'text', 'text': ''' Please note that the status files only appear after the transfer starts, so it may be empty now. ''' }) logger.debug('datatransfer %s from %s done: %s' % (action, client_id, transfer_dict)) elif action in key_actions: if action == 'generatekey': (gen_status, pub) = generate_user_key(configuration, client_id, key_id) if gen_status: output_objects.append({ 'object_type': 'html_form', 'text': ''' Generated new key with name %s and associated public key:<br/> <textarea class="publickey" rows="5" readonly="readonly">%s</textarea> <p> Please copy it to your ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 file on the host(s) where you want to use this key for background transfer login. <br/> %s </p> ''' % (key_id, pub, restrict_template % pub) }) else: output_objects.append({ 'object_type': 'error_text', 'text': ''' Key generation for name %s failed with error: %s''' % (key_id, pub) }) return (output_objects, returnvalues.CLIENT_ERROR) elif action == 'delkey': pubkey = '[unknown]' available_keys = load_user_keys(configuration, client_id) for key_dict in available_keys: if key_dict['key_id'] == key_id: pubkey = key_dict.get('public_key', pubkey) (del_status, msg) = delete_user_key(configuration, client_id, key_id) if del_status: output_objects.append({ 'object_type': 'html_form', 'text': ''' <p> Deleted the key "%s" and the associated public key:<br/> </p> <textarea class="publickey" rows="5" readonly="readonly">%s</textarea> <p> You will no longer be able to use it in your data transfers and can safely remove the public key from your ~/.ssh/authorized_keys* files on any hosts where you may have previously added it. </p> ''' % (key_id, pubkey) }) else: output_objects.append({ 'object_type': 'error_text', 'text': ''' Key removal for name %s failed with error: %s''' % (key_id, msg) }) return (output_objects, returnvalues.CLIENT_ERROR) else: output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid data transfer action: %s' % action }) return (output_objects, returnvalues.CLIENT_ERROR) output_objects.append({ 'object_type': 'link', 'destination': 'datatransfer.py', 'text': 'Return to data transfers overview' }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) unique_res_names = accepted['unique_resource_name'] if not configuration.site_enable_resources: output_objects.append({ 'object_type': 'error_text', 'text': '''Resources are not enabled on this system''' }) return (output_objects, returnvalues.SYSTEM_ERROR) # prepare for confirm dialog, tablesort and toggling the views (css/js) title_entry = find_entry(output_objects, 'title') title_entry['text'] = "Resource Administration" # jquery support for tablesorter and confirmation on request and leave # requests table initially sorted by 4, 3 (date first and with alphabetical # client ID) table_specs = [{ 'table_id': 'accessrequeststable', 'pager_id': 'accessrequests_pager', 'sort_order': '[[4,0],[3,0]]' }] (add_import, add_init, add_ready) = man_base_js(configuration, table_specs, {'width': 600}) add_init += ''' var toggleHidden = function(classname) { // classname supposed to have a leading dot $(classname).toggleClass("hidden"); }; /* helper for dynamic form input fields */ function onOwnerInputChange() { makeSpareFields("#dynownerspares", "cert_id"); } ''' add_ready += ''' /* init add owners form with dynamic input fields */ onOwnerInputChange(); $("#dynownerspares").on("blur", "input[name=cert_id]", function(event) { //console.debug("in add owner blur handler"); onOwnerInputChange(); } ); ''' title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({ 'object_type': 'html_form', 'text': man_base_html(configuration) }) form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = { 'short_title': configuration.short_title, 'vgrid_label': configuration.site_vgrid_label, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit } (re_stat, re_list) = list_runtime_environments(configuration) if not re_stat: logger.warning('Failed to load list of runtime environments') output_objects.append({ 'object_type': 'error_text', 'text': 'Error getting list of runtime environments' }) return (output_objects, returnvalues.SYSTEM_ERROR) output_objects.append({'object_type': 'header', 'text': 'Manage Resource'}) output_objects.append({ 'object_type': 'sectionheader', 'text': '%(short_title)s Resources Owned' % fill_helpers }) quick_links = [{ 'object_type': 'text', 'text': 'Quick links to all your resources and individual management' }] quick_links.append({ 'object_type': 'html_form', 'text': '<div class="hidden quicklinks">' }) quick_links.append({ 'object_type': 'link', 'destination': "javascript:toggleHidden('.quicklinks');", 'class': 'removeitemlink iconspace', 'title': 'Toggle view', 'text': 'Hide quick links' }) quick_links.append({'object_type': 'text', 'text': ''}) quick_res = {} quick_links_index = len(output_objects) output_objects.append({'object_type': 'sectionheader', 'text': ''}) owned = 0 res_map = get_resource_map(configuration) for unique_resource_name in res_map.keys(): if sandbox_resource(unique_resource_name): continue owner_list = res_map[unique_resource_name][OWNERS] resource_config = res_map[unique_resource_name][CONF] visible_res_name = res_map[unique_resource_name][RESID] if client_id in owner_list: quick_res[unique_resource_name] = { 'object_type': 'multilinkline', 'links': [{ 'object_type': 'link', 'destination': '?unique_resource_name=%s' % unique_resource_name, 'class': 'adminlink iconspace', 'title': 'Manage %s' % unique_resource_name, 'text': 'Manage %s' % unique_resource_name, }, { 'object_type': 'link', 'destination': 'viewres.py?unique_resource_name=%s' % visible_res_name, 'class': 'infolink iconspace', 'title': 'View %s' % unique_resource_name, 'text': 'View %s' % unique_resource_name, }] } if unique_resource_name in unique_res_names: raw_conf_file = os.path.join(configuration.resource_home, unique_resource_name, 'config.MiG') try: filehandle = open(raw_conf_file, 'r') raw_conf = filehandle.readlines() filehandle.close() except: raw_conf = [''] res_html = display_resource(client_id, unique_resource_name, raw_conf, resource_config, owner_list, re_list, configuration, fill_helpers) output_objects.append({ 'object_type': 'html_form', 'text': res_html }) # Pending requests target_op = "addresowner" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper( target_op, "%s.py" % target_op, { 'unique_resource_name': unique_resource_name, 'cert_id': '__DYNAMIC__', 'request_name': '__DYNAMIC__', csrf_field: csrf_token }) output_objects.append({ 'object_type': 'html_form', 'text': helper }) target_op = "rejectresreq" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper( target_op, "%s.py" % target_op, { 'unique_resource_name': unique_resource_name, 'request_name': '__DYNAMIC__', csrf_field: csrf_token }) output_objects.append({ 'object_type': 'html_form', 'text': helper }) request_dir = os.path.join(configuration.resource_home, unique_resource_name) request_list = [] for req_name in list_access_requests(configuration, request_dir): req = load_access_request(configuration, request_dir, req_name) if not req: continue if req.get('request_type', None) != "resourceowner": logger.error( "unexpected request_type %(request_type)s" % req) continue request_item = build_accessrequestitem_object( configuration, req) # Convert filename with exotic chars into url-friendly pure hex version shared_args = { "unique_resource_name": unique_resource_name, "request_name": hexlify(req["request_name"]) } accept_args, reject_args = {}, {} accept_args.update(shared_args) reject_args.update(shared_args) if req['request_type'] == "resourceowner": accept_args["cert_id"] = req["entity"] request_item['acceptrequestlink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s', %s, %s);" % ("addresowner", "Accept %(target)s %(request_type)s request from %(entity)s" % req, 'undefined', "{%s}" % ', '.join([ "'%s': '%s'" % pair for pair in accept_args.items() ])), 'class': 'addlink iconspace', 'title': 'Accept %(target)s %(request_type)s request from %(entity)s' % req, 'text': '' } request_item['rejectrequestlink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s', %s, %s);" % ("rejectresreq", "Reject %(target)s %(request_type)s request from %(entity)s" % req, 'undefined', "%s" % reject_args), 'class': 'removelink iconspace', 'title': 'Reject %(target)s %(request_type)s request from %(entity)s' % req, 'text': '' } request_list.append(request_item) output_objects.append({ 'object_type': 'sectionheader', 'text': "Pending Requests" }) output_objects.append({ 'object_type': 'table_pager', 'id_prefix': 'accessrequests_', 'entry_name': 'access requests', 'default_entries': default_pager_entries }) output_objects.append({ 'object_type': 'accessrequests', 'accessrequests': request_list }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Retire resource' }) output_objects.append({ 'object_type': 'text', 'text': ''' Use the link below to permanently remove the resource from the grid after stopping all units and the front end. ''' }) target_op = "delres" csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) js_name = 'delres%s' % hexlify(unique_resource_name) helper = html_post_helper( js_name, '%s.py' % target_op, { 'unique_resource_name': unique_resource_name, csrf_field: csrf_token }) output_objects.append({ 'object_type': 'html_form', 'text': helper }) output_objects.append({ 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s');" % (js_name, 'Really delete %s? (fails if it is busy)' % unique_resource_name), 'class': 'removelink iconspace', 'title': 'Delete %s' % unique_resource_name, 'text': 'Delete %s' % unique_resource_name }) owned += 1 if owned == 0: output_objects.append({ 'object_type': 'text', 'text': 'You are not listed as owner of any resources!' }) else: sorted_links = quick_res.items() sorted_links.sort() for (res_id, link_obj) in sorted_links: quick_links.append(link_obj) # add new line quick_links.append({'object_type': 'text', 'text': ''}) quick_links.append({ 'object_type': 'html_form', 'text': '</div><div class="quicklinks">' }) quick_links.append({ 'object_type': 'link', 'destination': "javascript:toggleHidden('.quicklinks');", 'class': 'additemlink iconspace', 'title': 'Toggle view', 'text': 'Show quick links' }) quick_links.append({'object_type': 'html_form', 'text': '</div>'}) output_objects = output_objects[:quick_links_index]\ + quick_links + output_objects[quick_links_index:] return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) status = returnvalues.OK defaults = signature()[1] title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Resource management' (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) show_sandboxes = (accepted['show_sandboxes'][-1] != 'false') operation = accepted['operation'][-1] caching = (accepted['caching'][-1].lower() in ('true', 'yes')) if not configuration.site_enable_resources: output_objects.append({'object_type': 'error_text', 'text': '''Resources are not enabled on this system'''}) return (output_objects, returnvalues.SYSTEM_ERROR) if not operation in allowed_operations: output_objects.append({'object_type': 'text', 'text': '''Operation must be one of %s.''' % ', '.join(allowed_operations)}) return (output_objects, returnvalues.OK) logger.info("%s %s begin for %s" % (op_name, operation, client_id)) pending_updates = False if operation in show_operations: # jquery support for tablesorter and confirmation on delete # table initially sorted by col. 1 (admin), then 0 (name) # NOTE: We distinguish between caching on page load and forced refresh refresh_call = 'ajax_resman(%s)' table_spec = {'table_id': 'resourcetable', 'sort_order': '[[1,0],[0,0]]', 'refresh_call': refresh_call % 'false'} (add_import, add_init, add_ready) = man_base_js(configuration, [table_spec]) if operation == "show": add_ready += '%s;' % refresh_call % 'true' title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({'object_type': 'html_form', 'text': man_base_html(configuration)}) output_objects.append({'object_type': 'header', 'text': 'Available Resources'}) output_objects.append({'object_type': 'sectionheader', 'text': 'Resources available on this server'}) output_objects.append({'object_type': 'text', 'text': ''' All available resources are listed below with overall hardware specifications. Any resources that you own will have a administration icon that you can click to open resource management. ''' }) # Helper forms for requests and removes form_method = 'post' csrf_limit = get_csrf_limit(configuration) target_op = 'sendrequestaction' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper('reqresowner', '%s.py' % target_op, {'unique_resource_name': '__DYNAMIC__', 'request_type': 'resourceowner', 'request_text': '', csrf_field: csrf_token}) output_objects.append({'object_type': 'html_form', 'text': helper}) target_op = 'rmresowner' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) helper = html_post_helper('rmresowner', '%s.py' % target_op, {'unique_resource_name': '__DYNAMIC__', 'cert_id': client_id, csrf_field: csrf_token}) output_objects.append({'object_type': 'html_form', 'text': helper}) output_objects.append({'object_type': 'table_pager', 'entry_name': 'resources', 'default_entries': default_pager_entries}) resources = [] if operation in list_operations: logger.info("get vgrid and resource map with caching %s" % caching) visible_res_confs = user_visible_res_confs(configuration, client_id, caching) res_map = get_resource_map(configuration, caching) anon_map = anon_to_real_res_map(configuration.resource_home) # NOTE: use simple pending check if caching to avoid lock during update if caching: pending_updates = pending_vgrids_update(configuration) or \ pending_resources_update(configuration) else: pending_updates = False if pending_updates: logger.debug("found pending cache updates: %s" % pending_updates) else: logger.debug("no pending cache updates") # Iterate through resources and show management for each one requested fields = ['PUBLICNAME', 'NODECOUNT', 'CPUCOUNT', 'MEMORY', 'DISK', 'ARCHITECTURE', 'SANDBOX', 'RUNTIMEENVIRONMENT'] # NOTE: only resources that user is allowed to access are listed. # Resource with neither exes nor stores are not shown to anyone # but the owners. Similarly resources are not shown if all # resource units solely participate in VGrids, which the user # can't access. for visible_res_name in visible_res_confs.keys(): unique_resource_name = visible_res_name if visible_res_name in anon_map.keys(): unique_resource_name = anon_map[visible_res_name] if not show_sandboxes and sandbox_resource(unique_resource_name): continue res_obj = {'object_type': 'resource', 'name': visible_res_name} # NOTE: res may not yet have been added to res_map here if not res_map.get(unique_resource_name, None): logger.info("skip %s not yet in resource map" % unique_resource_name) continue if client_id in res_map[unique_resource_name][OWNERS]: # Admin of resource when owner res_obj['resownerlink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s', %s, %s);" % ('rmresowner', 'Really leave %s owners?' % unique_resource_name, 'undefined', "{unique_resource_name: '%s'}" % unique_resource_name), 'class': 'removelink iconspace', 'title': 'Leave %s owners' % unique_resource_name, 'text': ''} res_obj['resdetailslink'] = { 'object_type': 'link', 'destination': 'resadmin.py?unique_resource_name=%s' % unique_resource_name, 'class': 'adminlink iconspace', 'title': 'Administrate %s' % unique_resource_name, 'text': ''} else: # link to become owner res_obj['resownerlink'] = { 'object_type': 'link', 'destination': "javascript: confirmDialog(%s, '%s', '%s', %s);" % ('reqresowner', "Request ownership of " + visible_res_name + ":<br/>" + "\nPlease write a message to the owners (field below).", 'request_text', "{unique_resource_name: '%s'}" % visible_res_name), 'class': 'addlink iconspace', 'title': 'Request ownership of %s' % visible_res_name, 'text': ''} res_obj['resdetailslink'] = { 'object_type': 'link', 'destination': 'viewres.py?unique_resource_name=%s' % visible_res_name, 'class': 'infolink iconspace', 'title': 'View detailed %s specs' % visible_res_name, 'text': ''} # fields for everyone: public status for name in fields: res_obj[name] = res_map[unique_resource_name][CONF].get(name, '') # Use runtimeenvironment names instead of actual definitions res_obj['RUNTIMEENVIRONMENT'] = [i[0] for i in res_obj['RUNTIMEENVIRONMENT']] res_obj['RUNTIMEENVIRONMENT'].sort() resources.append(res_obj) if operation == "show": # insert dummy placeholder to build table res_obj = {'object_type': 'resource', 'name': ''} resources.append(res_obj) output_objects.append({'object_type': 'resource_list', 'pending_updates': pending_updates, 'resources': resources}) if operation in show_operations: if configuration.site_enable_sandboxes: if show_sandboxes: output_objects.append({'object_type': 'link', 'destination': '?show_sandboxes=false', 'class': 'removeitemlink iconspace', 'title': 'Hide sandbox resources', 'text': 'Exclude sandbox resources', }) else: output_objects.append({'object_type': 'link', 'destination': '?show_sandboxes=true', 'class': 'additemlink iconspace', 'title': 'Show sandbox resources', 'text': 'Include sandbox resources', }) output_objects.append( {'object_type': 'sectionheader', 'text': 'Resource Status'}) output_objects.append({'object_type': 'text', 'text': ''' Live resource status is available in the resource monitor page with all %s/resources you can access ''' % configuration.site_vgrid_label}) output_objects.append({ 'object_type': 'link', 'destination': 'showvgridmonitor.py?vgrid_name=ALL', 'class': 'monitorlink iconspace', 'title': 'Show monitor with all resources you can access', 'text': 'Global resource monitor', }) output_objects.append({'object_type': 'sectionheader', 'text': 'Additional Resources'}) output_objects.append({ 'object_type': 'text', 'text': 'You can sign up spare or dedicated resources to the grid below.' }) output_objects.append({'object_type': 'link', 'destination': 'resedit.py', 'class': 'addlink iconspace', 'title': 'Show sandbox resources', 'text': 'Create a new %s resource' % configuration.short_title, }) output_objects.append({'object_type': 'sectionheader', 'text': ''}) if configuration.site_enable_sandboxes: output_objects.append({ 'object_type': 'link', 'destination': 'ssslogin.py', 'class': 'adminlink iconspace', 'title': 'Administrate and monitor your sandbox resources', 'text': 'Administrate %s sandbox resources' % configuration.short_title}) output_objects.append({'object_type': 'sectionheader', 'text': ''}) output_objects.append({ 'object_type': 'link', 'destination': 'oneclick.py', 'class': 'sandboxlink iconspace', 'title': 'Run a One-click resource in your browser', 'text': 'Use this computer as One-click %s resource' % configuration.short_title}) logger.info("%s %s end for %s" % (op_name, operation, client_id)) return (output_objects, status)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) status = returnvalues.OK defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) if not configuration.site_enable_jobs: output_objects.append({ 'object_type': 'error_text', 'text': '''Job execution is not enabled on this system''' }) return (output_objects, returnvalues.SYSTEM_ERROR) title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Manage jobs' output_objects.append({'object_type': 'header', 'text': 'Manage Jobs'}) output_objects.append({ 'object_type': 'sectionheader', 'text': 'View status of all submitted jobs' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' <form method="get" action="jobstatus.py"> Sort by modification time: <input type="radio" name="flags" value="sv" />yes <input type="radio" name="flags" checked="checked" value="vi" />no<br /> <input type="hidden" name="job_id" value="*" /> <input type="hidden" name="output_format" value="html" /> <input type="submit" value="Show All" /> </form> ''' }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'View status of individual jobs' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' Filter job IDs (* and ? wildcards are supported)<br /> <form method="get" action="jobstatus.py"> Job ID: <input type="text" name="job_id" value="*" size="30" /><br /> Show only <input type="text" name="max_jobs" size="6" value=5 /> first matching jobs<br /> Sort by modification time: <input type="radio" name="flags" checked="checked" value="vsi" />yes <input type="radio" name="flags" value="vi" />no<br /> <input type="hidden" name="output_format" value="html" /> <input type="submit" value="Show" /> </form> ''' }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Resubmit job' }) form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = { 'short_title': configuration.short_title, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit } target_op = 'resubmit' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) output_objects.append({ 'object_type': 'html_form', 'text': ''' <form method="%(form_method)s" action="%(target_op)s.py"> <input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" /> Job ID: <input type="text" name="job_id" size="30" /><br /> <input type="hidden" name="output_format" value="html" /> <input type="submit" value="Submit" /> </form> ''' % fill_helpers }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Freeze pending job' }) target_op = 'jobaction' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) output_objects.append({ 'object_type': 'html_form', 'text': ''' <form method="%(form_method)s" action="%(target_op)s.py"> <input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" /> Job ID: <input type="text" name="job_id" size="30" /><br /> <input type="hidden" name="action" value="freeze" /> <input type="hidden" name="output_format" value="html" /> <input type="submit" value="Freeze job" /> </form> ''' % fill_helpers }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Thaw frozen job' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' <form method="%(form_method)s" action="%(target_op)s.py"> <input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" /> Job ID: <input type="text" name="job_id" size="30" /><br /> <input type="hidden" name="action" value="thaw" /> <input type="hidden" name="output_format" value="html" /> <input type="submit" value="Thaw job" /> </form> ''' % fill_helpers }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Cancel pending or executing job' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' <form method="%(form_method)s" action="%(target_op)s.py"> <input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" /> Job ID: <input type="text" name="job_id" size="30" /><br /> <input type="hidden" name="action" value="cancel" /> <input type="hidden" name="output_format" value="html" /> <input type="submit" value="Cancel job" /> </form> ''' % fill_helpers }) output_objects.append({ 'object_type': 'sectionheader', 'text': 'Request live I/O' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' <form method="get" action="liveio.py"> Job ID: <input type="text" name="job_id" size="30" /><br /> <input type="hidden" name="output_format" value="html" /> <input type="submit" value="Request" /> </form> <br /> ''' }) return (output_objects, status)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_menu=False) defaults = signature()[1] (validate_status, accepted) = validate_input(user_arguments_dict, defaults, output_objects, allow_rejects=False) if not validate_status: logger.warning('%s invalid input: %s' % (op_name, accepted)) return (accepted, returnvalues.CLIENT_ERROR) if not configuration.site_enable_openid or \ not 'migoid' in configuration.site_signup_methods: output_objects.append({ 'object_type': 'error_text', 'text': '''Local OpenID login is not enabled on this site''' }) return (output_objects, returnvalues.SYSTEM_ERROR) title_entry = find_entry(output_objects, 'title') title_entry['text'] = '%s OpenID account request' % \ configuration.short_title title_entry['skipmenu'] = True output_objects.append({ 'object_type': 'header', 'text': '%s OpenID account request' % configuration.short_title }) admin_email = configuration.admin_email smtp_server = configuration.smtp_server user_pending = os.path.abspath(configuration.user_pending) # TODO: switch to canonical_user fra mig.shared.base instead? # force name to capitalized form (henrik karlsen -> Henrik Karlsen) # please note that we get utf8 coded bytes here and title() treats such # chars as word termination. Temporarily force to unicode. raw_name = accepted['cert_name'][-1].strip() try: cert_name = force_utf8(force_unicode(raw_name).title()) except Exception: cert_name = raw_name.title() country = accepted['country'][-1].strip().upper() state = accepted['state'][-1].strip().upper() org = accepted['org'][-1].strip() # lower case email address email = accepted['email'][-1].strip().lower() password = accepted['password'][-1] verifypassword = accepted['verifypassword'][-1] # The checkbox typically returns value 'on' if selected passwordrecovery = (accepted['passwordrecovery'][-1].strip().lower() in ('1', 'o', 'y', 't', 'on', 'yes', 'true')) # keep comment to a single line comment = accepted['comment'][-1].replace('\n', ' ') # single quotes break command line format - remove comment = comment.replace("'", ' ') accept_terms = (accepted['accept_terms'][-1].strip().lower() in ('1', 'o', 'y', 't', 'on', 'yes', 'true')) if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) if not accept_terms: output_objects.append({ 'object_type': 'error_text', 'text': 'You must accept the terms of use in sign up!' }) output_objects.append({ 'object_type': 'link', 'destination': 'javascript:history.back();', 'class': 'genericbutton', 'text': "Try again" }) return (output_objects, returnvalues.CLIENT_ERROR) if password != verifypassword: output_objects.append({ 'object_type': 'error_text', 'text': 'Password and verify password are not identical!' }) output_objects.append({ 'object_type': 'link', 'destination': 'javascript:history.back();', 'class': 'genericbutton', 'text': "Try again" }) return (output_objects, returnvalues.CLIENT_ERROR) try: assure_password_strength(configuration, password) except Exception as exc: logger.warning( "%s invalid password for '%s' (policy %s): %s" % (op_name, cert_name, configuration.site_password_policy, exc)) output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid password requested: %s.' % exc }) output_objects.append({ 'object_type': 'link', 'destination': 'javascript:history.back();', 'class': 'genericbutton', 'text': "Try again" }) return (output_objects, returnvalues.CLIENT_ERROR) if not existing_country_code(country, configuration): output_objects.append({ 'object_type': 'error_text', 'text': '''Illegal country code: Please read and follow the instructions shown in the help bubble when filling the country field on the request page! Specifically if you are from the U.K. you need to use GB as country code in line with the ISO-3166 standard. ''' }) output_objects.append({ 'object_type': 'link', 'destination': 'javascript:history.back();', 'class': 'genericbutton', 'text': "Try again" }) return (output_objects, returnvalues.CLIENT_ERROR) # TODO: move this check to conf? if not forced_org_email_match(org, email, configuration): output_objects.append({ 'object_type': 'error_text', 'text': '''Illegal email and organization combination: Please read and follow the instructions in red on the request page! If you are a student with only a @*.ku.dk address please just use KU as organization. As long as you state that you want the account for course purposes in the comment field, you will be given access to the necessary resources anyway. ''' }) output_objects.append({ 'object_type': 'link', 'destination': 'javascript:history.back();', 'class': 'genericbutton', 'text': "Try again" }) return (output_objects, returnvalues.CLIENT_ERROR) # NOTE: we save password on scrambled form only if explicitly requested if passwordrecovery: logger.info('saving %s scrambled password to enable recovery' % email) scrambled_pw = scramble_password(configuration.site_password_salt, password) else: logger.info('only saving %s password hash' % email) scrambled_pw = '' user_dict = { 'full_name': cert_name, 'organization': org, 'state': state, 'country': country, 'email': email, 'comment': comment, 'password': scrambled_pw, 'password_hash': make_hash(password), 'expire': default_account_expire(configuration, 'oid'), 'openid_names': [], 'auth': ['migoid'], } fill_distinguished_name(user_dict) user_id = user_dict['distinguished_name'] user_dict['authorized'] = (user_id == client_id) if configuration.user_openid_providers and configuration.user_openid_alias: user_dict['openid_names'] += \ [user_dict[configuration.user_openid_alias]] logger.info('got account request from reqoid: %s' % user_dict) # For testing only if cert_name.upper().find('DO NOT SEND') != -1: output_objects.append({ 'object_type': 'text', 'text': "Test request ignored!" }) return (output_objects, returnvalues.OK) req_path = None try: (os_fd, req_path) = tempfile.mkstemp(dir=user_pending) os.write(os_fd, dumps(user_dict)) os.close(os_fd) except Exception as err: logger.error('Failed to write OpenID account request to %s: %s' % (req_path, err)) output_objects.append({ 'object_type': 'error_text', 'text': '''Request could not be sent to site administrators. Please contact them manually on %s if this error persists.''' % admin_email }) return (output_objects, returnvalues.SYSTEM_ERROR) logger.info('Wrote OpenID account request to %s' % req_path) tmp_id = os.path.basename(req_path) user_dict['tmp_id'] = tmp_id mig_user = os.environ.get('USER', 'mig') helper_commands = user_manage_commands(configuration, mig_user, req_path, user_id, user_dict, 'oid') user_dict.update(helper_commands) user_dict['site'] = configuration.short_title user_dict['vgrid_label'] = configuration.site_vgrid_label user_dict['vgridman_links'] = generate_https_urls( configuration, '%(auto_base)s/%(auto_bin)s/vgridman.py', {}) email_header = '%s OpenID request for %s' % \ (configuration.short_title, cert_name) email_msg = \ """ Received an OpenID request with account data * Full Name: %(full_name)s * Organization: %(organization)s * State: %(state)s * Country: %(country)s * Email: %(email)s * Comment: %(comment)s * Expire: %(expire)s Command to create user on %(site)s server: %(command_user_create)s Command to inform user and %(site)s admins: %(command_user_notify)s Optional command to create matching certificate: %(command_cert_create)s Finally add the user %(distinguished_name)s to any relevant %(vgrid_label)ss using one of the management links: %(vgridman_links)s --- If user must be denied access or deleted at some point --- Command to reject user account request on %(site)s server: %(command_user_reject)s Remove the user %(distinguished_name)s from any relevant %(vgrid_label)ss using one of the management links: %(vgridman_links)s Optional command to revoke any matching user certificate: %(command_cert_revoke)s You need to copy the resulting signed certificate revocation list (crl.pem) to the web server(s) for the revocation to take effect. Command to suspend user on %(site)s server: %(command_user_suspend)s Command to delete user again on %(site)s server: %(command_user_delete)s --- """ % user_dict logger.info('Sending email: to: %s, header: %s, msg: %s, smtp_server: %s' % (admin_email, email_header, email_msg, smtp_server)) if not send_email(admin_email, email_header, email_msg, logger, configuration): output_objects.append({ 'object_type': 'error_text', 'text': '''An error occured trying to send the email requesting the site administrators to create a new OpenID and account. Please email them (%s) manually and include the session ID: %s''' % (admin_email, tmp_id) }) return (output_objects, returnvalues.SYSTEM_ERROR) output_objects.append({ 'object_type': 'text', 'text': """Request sent to site administrators: Your OpenID account request will be verified and handled as soon as possible, so please be patient. Once handled an email will be sent to the account you have specified ('%s') with further information. In case of inquiries about this request, please email the site administrators (%s) and include the session ID: %s""" % (email, configuration.admin_email, tmp_id) }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) client_dir = client_id_dir(client_id) defaults = signature()[1] title_entry = find_entry(output_objects, 'title') label = "%s" % configuration.site_vgrid_label title_entry['text'] = "Add/Update %s Trigger" % label output_objects.append({ 'object_type': 'header', 'text': 'Add/Update %s Trigger' % label }) (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, typecheck_overrides={'path': valid_path_pattern}, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) # NOTE: strip leftmost slashes from all fields used in file paths to avoid # interference with os.path.join calls. Furthermore we strip and normalize # the path variable first to make sure it does not point outside the vgrid. # In practice any such directory traversal attempts will generally be moot # since the grid_events daemon only starts a listener for each top-level # vgrid and in there only reacts to events that match trigger rules from # that particular vgrid. Thus only subvgrid access to parent vgrids might # be a concern and still of limited consequence. # NOTE: merge multi args into one string and split again to get flat array rule_id = accepted['rule_id'][-1].strip() vgrid_name = accepted['vgrid_name'][-1].strip().lstrip(os.sep) path = os.path.normpath(accepted['path'][-1].strip()).lstrip(os.sep) changes = [i.strip() for i in ' '.join(accepted['changes']).split()] action = accepted['action'][-1].strip() arguments = [ i.strip() for i in shlex.split(' '.join(accepted['arguments'])) ] rate_limit = accepted['rate_limit'][-1].strip() settle_time = accepted['settle_time'][-1].strip() match_files = accepted['match_files'][-1].strip() == 'True' match_dirs = accepted['match_dirs'][-1].strip() == 'True' match_recursive = accepted['match_recursive'][-1].strip() == 'True' rank_str = accepted['rank'][-1] try: rank = int(rank_str) except ValueError: rank = None logger.debug("addvgridtrigger with args: %s" % user_arguments_dict) if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) # Please note that base_dir must end in slash to avoid access to other # user dirs when own name is a prefix of another user name base_dir = os.path.abspath( os.path.join(configuration.user_home, client_dir)) + os.sep # we just use a high res timestamp as automatic rule_id if rule_id == keyword_auto: rule_id = "%d" % (time.time() * 1E8) if action == keyword_auto: action = valid_trigger_actions[0] if any_state in changes: changes = valid_trigger_changes logger.info("addvgridtrigger %s" % vgrid_name) # Validity of user and vgrid names is checked in this init function so # no need to worry about illegal directory traversal through variables (ret_val, msg, ret_variables) = \ init_vgrid_script_add_rem(vgrid_name, client_id, rule_id, 'trigger', configuration) if not ret_val: output_objects.append({'object_type': 'error_text', 'text': msg}) return (output_objects, returnvalues.CLIENT_ERROR) elif msg: # In case of warnings, msg is non-empty while ret_val remains True output_objects.append({'object_type': 'warning', 'text': msg}) # if we get here user is either vgrid owner or allowed to add rule # don't add if already in vgrid or parent vgrid - but update if owner update_id = None if vgrid_is_trigger(vgrid_name, rule_id, configuration): if vgrid_is_trigger_owner(vgrid_name, rule_id, client_id, configuration): update_id = 'rule_id' else: output_objects.append({ 'object_type': 'error_text', 'text': '%s is already a trigger owned by somebody else in the %s' % (rule_id, label) }) return (output_objects, returnvalues.CLIENT_ERROR) # don't add if already in subvgrid (list_status, subvgrids) = vgrid_list_subvgrids(vgrid_name, configuration) if not list_status: output_objects.append({ 'object_type': 'error_text', 'text': 'Error getting list of sub%ss: %s' % (label, subvgrids) }) return (output_objects, returnvalues.SYSTEM_ERROR) for subvgrid in subvgrids: if vgrid_is_trigger(subvgrid, rule_id, configuration, recursive=False): output_objects.append({ 'object_type': 'error_text', 'text': '''%(rule_id)s is already in a sub-%(vgrid_label)s (%(subvgrid)s). Please remove the trigger from the sub-%(vgrid_label)s and try again''' % { 'rule_id': rule_id, 'subvgrid': subvgrid, 'vgrid_label': label } }) return (output_objects, returnvalues.CLIENT_ERROR) if not action in valid_trigger_actions: output_objects.append({ 'object_type': 'error_text', 'text': "invalid action value %s" % action }) return (output_objects, returnvalues.CLIENT_ERROR) if keyword_all in changes: changes = valid_trigger_changes for change in changes: if not change in valid_trigger_changes: output_objects.append({ 'object_type': 'error_text', 'text': "found invalid change value %s" % change }) return (output_objects, returnvalues.CLIENT_ERROR) # Check if we should load saved trigger for rank change or update rule_dict = None if rank is not None or update_id is not None: (load_status, all_triggers) = vgrid_triggers(vgrid_name, configuration) if not load_status: output_objects.append({ 'object_type': 'error_text', 'text': 'Failed to load triggers for %s: %s' % (vgrid_name, all_triggers) }) return (output_objects, returnvalues.SYSTEM_ERROR) for saved_dict in all_triggers: if saved_dict['rule_id'] == rule_id: rule_dict = saved_dict break if rule_dict is None: output_objects.append({ 'object_type': 'error_text', 'text': 'No such trigger %s for %s: %s' % (rule_id, vgrid_name, all_triggers) }) return (output_objects, returnvalues.CLIENT_ERROR) elif not path: # New trigger with missing path output_objects.append({ 'object_type': 'error_text', 'text': '''Either path or rank must be set.''' }) return (output_objects, returnvalues.CLIENT_ERROR) elif action == "submit" and not arguments: # New submit trigger with missing mrsl arguments output_objects.append({ 'object_type': 'error_text', 'text': '''Submit triggers must give a job description file path as argument.''' }) return (output_objects, returnvalues.CLIENT_ERROR) # Handle create and update (i.e. new, update all or just refresh mRSL) if rank is None: # IMPORTANT: we save the job template contents to avoid potential abuse # Otherwise someone else in the VGrid could tamper with the template # and make the next trigger execute arbitrary code on behalf of the # rule owner. templates = [] # Merge current and saved values req_dict = { 'rule_id': rule_id, 'vgrid_name': vgrid_name, 'path': path, 'changes': changes, 'run_as': client_id, 'action': action, 'arguments': arguments, 'rate_limit': rate_limit, 'settle_time': settle_time, 'match_files': match_files, 'match_dirs': match_dirs, 'match_recursive': match_recursive, 'templates': templates } if rule_dict is None: rule_dict = req_dict else: for field in user_arguments_dict: if field in req_dict: rule_dict[field] = req_dict[field] # Now refresh template contents if rule_dict['action'] == "submit": for rel_path in rule_dict['arguments']: # IMPORTANT: path must be expanded to abs for proper chrooting abs_path = os.path.abspath(os.path.join(base_dir, rel_path)) try: if not valid_user_path(configuration, abs_path, base_dir, True): logger.warning( '%s tried to %s restricted path %s ! (%s)' % (client_id, op_name, abs_path, rel_path)) raise ValueError('invalid submit path argument: %s' % rel_path) temp_fd = open(abs_path) templates.append(temp_fd.read()) temp_fd.close() except Exception as err: logger.error("read submit argument file failed: %s" % err) output_objects.append({ 'object_type': 'error_text', 'text': 'failed to read submit argument file "%s"' % rel_path }) return (output_objects, returnvalues.CLIENT_ERROR) # Save updated template contents here rule_dict['templates'] = templates # Add to list and pickle (add_status, add_msg) = vgrid_add_triggers(configuration, vgrid_name, [rule_dict], update_id, rank) if not add_status: logger.error('%s failed to add/update trigger: %s' % (client_id, add_msg)) output_objects.append({ 'object_type': 'error_text', 'text': '%s' % add_msg }) return (output_objects, returnvalues.SYSTEM_ERROR) if rank is not None: logger.info('%s moved trigger %s to %d' % (client_id, rule_id, rank)) output_objects.append({ 'object_type': 'text', 'text': 'moved %s trigger %s to position %d' % (vgrid_name, rule_id, rank) }) elif update_id: logger.info('%s updated trigger: %s' % (client_id, rule_dict)) output_objects.append({ 'object_type': 'text', 'text': 'Existing trigger %s successfully updated in %s %s!' % (rule_id, vgrid_name, label) }) else: logger.info('%s added new trigger: %s' % (client_id, rule_dict)) output_objects.append({ 'object_type': 'text', 'text': 'New trigger %s successfully added to %s %s!' % (rule_id, vgrid_name, label) }) output_objects.append({ 'object_type': 'link', 'destination': 'vgridworkflows.py?vgrid_name=%s' % vgrid_name, 'text': 'Back to workflows for %s' % vgrid_name }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] title_entry = find_entry(output_objects, 'title') label = "%s" % configuration.site_vgrid_label title_entry['text'] = "Reject %s Request" % label output_objects.append({ 'object_type': 'header', 'text': 'Reject %s Request' % label }) (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) vgrid_name = accepted['vgrid_name'][-1].strip() request_name = unhexlify(accepted['request_name'][-1]) if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) # Validity of user and vgrid names is checked in this init function so # no need to worry about illegal directory traversal through variables (ret_val, msg, ret_variables) = \ init_vgrid_script_add_rem(vgrid_name, client_id, request_name, 'request', configuration) if not ret_val: output_objects.append({'object_type': 'error_text', 'text': msg}) return (output_objects, returnvalues.CLIENT_ERROR) elif msg: # In case of warnings, msg is non-empty while ret_val remains True output_objects.append({'object_type': 'warning', 'text': msg}) if request_name: request_dir = os.path.join(configuration.vgrid_home, vgrid_name) req = load_access_request(configuration, request_dir, request_name) if not req or not delete_access_request(configuration, request_dir, request_name): logger.error("failed to delete owner request for %s in %s" % \ (vgrid_name, request_name)) output_objects.append({ 'object_type': 'error_text', 'text': 'Failed to remove saved vgrid request for %s in %s!'\ % (vgrid_name, request_name)}) return (output_objects, returnvalues.CLIENT_ERROR) output_objects.append({ 'object_type': 'text', 'text': ''' Deleted %(request_type)s access request to %(target)s for %(entity)s . ''' % req }) if req['request_type'] == 'vgridresource': id_field = "unique_resource_name" else: id_field = "cert_id" form_method = 'post' csrf_limit = get_csrf_limit(configuration) fill_helpers = { 'protocol': any_protocol, 'id_field': id_field, 'vgrid_label': label, 'form_method': form_method, 'csrf_field': csrf_field, 'csrf_limit': csrf_limit } fill_helpers.update(req) target_op = 'sendrequestaction' csrf_token = make_csrf_token(configuration, form_method, target_op, client_id, csrf_limit) fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token}) output_objects.append({ 'object_type': 'html_form', 'text': """ <p> You can use the reply form below if you want to additionally send an explanation for rejecting the request. </p> <form method='%(form_method)s' action='%(target_op)s.py'> <input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' /> <input type=hidden name=request_type value='vgridreject' /> <input type=hidden name=vgrid_name value='%(target)s' /> <input type=hidden name=%(id_field)s value='%(entity)s' /> <input type=hidden name=protocol value='%(protocol)s' /> <table> <tr> <td class='title'>Optional reject message to requestor(s)</td> </tr><tr> <td><textarea name=request_text cols=72 rows=10> We have decided to reject your %(request_type)s request to our %(target)s %(vgrid_label)s. Regards, the %(target)s %(vgrid_label)s owners </textarea></td> </tr> <tr> <td><input type='submit' value='Inform requestor(s)' /></td> </tr> </table> </form> <br /> """ % fill_helpers }) output_objects.append({ 'object_type': 'link', 'destination': 'adminvgrid.py?vgrid_name=%s' % vgrid_name, 'text': 'Back to administration for %s' % vgrid_name }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) title_entry = find_entry(output_objects, 'title') title_entry['text'] = 'Delete runtime environment' output_objects.append({ 'object_type': 'header', 'text': 'Delete runtime environment' }) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) re_name = accepted['re_name'][-1] if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) if not valid_dir_input(configuration.re_home, re_name): logger.warning( "possible illegal directory traversal attempt re_name '%s'" % re_name) output_objects.append({ 'object_type': 'error_text', 'text': 'Illegal runtime environment name: "%s"' % re_name }) return (output_objects, returnvalues.CLIENT_ERROR) # Check whether re_name represents a runtime environment if not is_runtime_environment(re_name, configuration): output_objects.append({ 'object_type': 'error_text', 'text': "No such runtime environment: '%s'" % re_name }) return (output_objects, returnvalues.CLIENT_ERROR) (re_dict, load_msg) = get_re_dict(re_name, configuration) if not re_dict: output_objects.append({ 'object_type': 'error_text', 'text': 'Could not read runtime environment details for %s: %s' % (re_name, load_msg) }) return (output_objects, returnvalues.SYSTEM_ERROR) # Make sure the runtime environment belongs to the user trying to delete it if client_id != re_dict['CREATOR']: output_objects.append({'object_type': 'error_text', 'text': \ 'You are not the owner of runtime environment "%s"' % re_name}) return (output_objects, returnvalues.CLIENT_ERROR) # Prevent delete if the runtime environment is used by any resources actives = resources_using_re(configuration, re_name) # If the runtime environment is active, an error message is printed, along # with a list of the resources using the runtime environment if actives: output_objects.append({ 'object_type': 'error_text', 'text': "Can't delete runtime environment '%s' in use by resources:" % re_name }) output_objects.append({'object_type': 'list', 'list': actives}) output_objects.append({ 'object_type': 'link', 'destination': 'redb.py', 'class': 'infolink iconspace', 'title': 'Show runtime environments', 'text': 'Show runtime environments' }) return (output_objects, returnvalues.CLIENT_ERROR) # Delete the runtime environment (del_status, msg) = delete_runtimeenv(re_name, configuration) # If something goes wrong when trying to delete runtime environment # re_name, an error is displayed. if not del_status: output_objects.append({ 'object_type': 'error_text', 'text': 'Could not remove %s runtime environment: %s' % (re_name, msg) }) return (output_objects, returnvalues.SYSTEM_ERROR) # If deletion of runtime environment re_name is successful, we just # return OK else: output_objects.append({ 'object_type': 'text', 'text': 'Successfully deleted runtime environment: "%s"' % re_name }) output_objects.append({ 'object_type': 'link', 'destination': 'redb.py', 'class': 'infolink iconspace', 'title': 'Show runtime environments', 'text': 'Show runtime environments' }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) client_dir = client_id_dir(client_id) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, # NOTE: path cannot use wildcards here typecheck_overrides={}, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) status = returnvalues.OK chroot = '' if configuration.site_enable_gdp: chroot = get_project_from_client_id(configuration, client_id) all_paths = accepted['path'] entry_path = all_paths[-1] title_entry = find_entry(output_objects, 'title') user_settings = title_entry.get('user_settings', {}) title_entry['text'] = 'File Manager' title_entry['style'] = css_tmpl(configuration, user_settings) legacy_buttons = False if legacy_user_interface(configuration, user_settings): legacy_buttons = True logger.debug("enable legacy buttons") if configuration.site_enable_jobs and \ 'submitjob' in extract_menu(configuration, title_entry): enable_submit = 'true' else: enable_submit = 'false' csrf_map = {} method = 'post' limit = get_csrf_limit(configuration) for target_op in csrf_backends: csrf_map[target_op] = make_csrf_token(configuration, method, target_op, client_id, limit) (add_import, add_init, add_ready) = js_tmpl_parts(configuration, entry_path, enable_submit, str(configuration.site_enable_preview), legacy_buttons, csrf_map, chroot) title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready title_entry['container_class'] = 'fillwidth', output_objects.append({ 'object_type': 'header', 'class': 'fileman-title', 'text': 'File Manager' }) output_objects.append({ 'object_type': 'html_form', 'text': html_tmpl(configuration, client_id, title_entry, csrf_map, chroot) }) if len(all_paths) > 1: output_objects.append({ 'object_type': 'sectionheader', 'text': 'All requested paths:' }) for path in all_paths: output_objects.append({ 'object_type': 'link', 'text': path, 'destination': 'fileman.py?path=%s' % path }) output_objects.append({'object_type': 'text', 'text': ''}) return (output_objects, status)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) logger.debug("User: %s executing %s", client_id, op_name) if not configuration.site_enable_jupyter: output_objects.append({ 'object_type': 'error_text', 'text': 'The Jupyter service is not enabled on the system' }) return (output_objects, returnvalues.SYSTEM_ERROR) if not configuration.site_enable_sftp_subsys and not \ configuration.site_enable_sftp: output_objects.append({ 'object_type': 'error_text', 'text': 'The required sftp service is not enabled on the system' }) return (output_objects, returnvalues.SYSTEM_ERROR) services = [{ 'object_type': 'service', 'name': options['service_name'], 'description': options.get('service_desc', '') } for options in configuration.jupyter_services] # Show jupyter services menu (add_import, add_init, add_ready) = man_base_js(configuration, []) add_ready += ''' /* NOTE: requires managers CSS fix for proper tab bar height */ $(".jupyter-tabs").tabs(); ''' title_entry = find_entry(output_objects, 'title') title_entry['script']['advanced'] += add_import title_entry['script']['init'] += add_init title_entry['script']['ready'] += add_ready output_objects.append({ 'object_type': 'header', 'text': 'Select a Jupyter Service' }) fill_helpers = { 'jupyter_tabs': ''.join([ '<li><a href="#%s-tab">%s</a></li>' % (service['name'], service['name']) for service in services ]) } output_objects.append({ 'object_type': 'html_form', 'text': ''' <div id="wrap-tabs" class="jupyter-tabs"> <ul> %(jupyter_tabs)s </ul> ''' % fill_helpers }) for service in services: output_objects.append({ 'object_type': 'html_form', 'text': ''' <div id="%s-tab"> ''' % (service['name']) }) if service['description']: output_objects.append({ 'object_type': 'sectionheader', 'text': 'Service Description' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' <div class="jupyter-description"> <p>%s</p> </div> ''' % service['description'] }) output_objects.append({ 'object_type': 'html_form', 'text': ''' <br/> ''' }) output_service = { 'object_type': 'service', 'name': "Start %s" % service['name'], 'targetlink': 'reqjupyterservice.py?service=%s' % service['name'] } output_objects.append(output_service) output_objects.append({ 'object_type': 'html_form', 'text': ''' </div> ''' }) output_objects.append({ 'object_type': 'html_form', 'text': ''' </div> </div> ''' }) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False) defaults = signature()[1] title_entry = find_entry(output_objects, 'title') label = "%s" % configuration.site_vgrid_label title_entry['text'] = "Remove %s Trigger" % label output_objects.append({'object_type': 'header', 'text' : 'Remove %s Trigger' % label}) (validate_status, accepted) = validate_input_and_cert( user_arguments_dict, defaults, output_objects, client_id, configuration, allow_rejects=False, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) vgrid_name = accepted['vgrid_name'][-1] rule_id = accepted['rule_id'][-1] if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append( {'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) logger.info("rmvgridtrigger %s %s" % (vgrid_name, rule_id)) # Validity of user and vgrid names is checked in this init function so # no need to worry about illegal directory traversal through variables (ret_val, msg, ret_variables) = \ init_vgrid_script_add_rem(vgrid_name, client_id, rule_id, 'trigger', configuration) if not ret_val: output_objects.append({'object_type': 'error_text', 'text': msg}) return (output_objects, returnvalues.CLIENT_ERROR) elif msg: # In case of warnings, msg is non-empty while ret_val remains True output_objects.append({'object_type': 'warning', 'text': msg}) # if we get here user is either vgrid owner or has rule ownership # can't remove if not a participant if not vgrid_is_trigger(vgrid_name, rule_id, configuration, recursive=False): output_objects.append({'object_type': 'error_text', 'text': '%s is not a trigger in %s %s.' % \ (rule_id, vgrid_name, label)}) return (output_objects, returnvalues.CLIENT_ERROR) # remove (rm_status, rm_msg) = vgrid_remove_triggers(configuration, vgrid_name, [rule_id]) if not rm_status: logger.error('%s failed to remove trigger: %s' % (client_id, rm_msg)) output_objects.append({'object_type': 'error_text', 'text': rm_msg}) output_objects.append({'object_type': 'error_text', 'text': '''%(rule_id)s might be listed as a trigger of this %(vgrid_label)s because it is a trigger of a parent %(vgrid_label)s. Removal must be performed from the most significant %(vgrid_label)s possible.''' % {'rule_id': rule_id, 'vgrid_label': label}}) return (output_objects, returnvalues.SYSTEM_ERROR) logger.info('%s removed trigger: %s' % (client_id, rule_id)) output_objects.append({'object_type': 'text', 'text': 'Trigger %s successfully removed from %s %s!' % (rule_id, vgrid_name, label)}) output_objects.append({'object_type': 'link', 'destination': 'vgridworkflows.py?vgrid_name=%s' % vgrid_name, 'text': 'Back to workflows for %s' % vgrid_name}) return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict, environ=None): """Main function used by front end""" if environ is None: environ = os.environ (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_menu=client_id) client_dir = client_id_dir(client_id) status = returnvalues.OK defaults = signature()[1] (validate_status, accepted) = validate_input( user_arguments_dict, defaults, output_objects, allow_rejects=False, # NOTE: path can use wildcards typecheck_overrides={'path': valid_path_pattern}, ) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) flags = ''.join(accepted['flags']) pattern_list = accepted['path'] iosessionid = accepted['iosessionid'][-1] share_id = accepted['share_id'][-1] if not safe_handler(configuration, 'post', op_name, client_id, get_csrf_limit(configuration), accepted): output_objects.append({ 'object_type': 'error_text', 'text': '''Only accepting CSRF-filtered POST requests to prevent unintended updates''' }) return (output_objects, returnvalues.CLIENT_ERROR) # Either authenticated user client_id set or sharelink ID if client_id: user_id = client_id target_dir = client_id_dir(client_id) base_dir = configuration.user_home id_query = '' page_title = 'Remove User File' if force(flags): rm_helper = delete_path else: rm_helper = remove_path userstyle = True widgets = True elif share_id: try: (share_mode, _) = extract_mode_id(configuration, share_id) except ValueError as err: logger.error('%s called with invalid share_id %s: %s' % (op_name, share_id, err)) output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid sharelink ID: %s' % share_id }) return (output_objects, returnvalues.CLIENT_ERROR) # TODO: load and check sharelink pickle (currently requires client_id) user_id = 'anonymous user through share ID %s' % share_id if share_mode == 'read-only': logger.error('%s called without write access: %s' % (op_name, accepted)) output_objects.append({ 'object_type': 'error_text', 'text': 'No write access!' }) return (output_objects, returnvalues.CLIENT_ERROR) target_dir = os.path.join(share_mode, share_id) base_dir = configuration.sharelink_home id_query = '?share_id=%s' % share_id page_title = 'Remove Shared File' rm_helper = delete_path userstyle = False widgets = False elif iosessionid.strip() and iosessionid.isalnum(): user_id = iosessionid base_dir = configuration.webserver_home target_dir = iosessionid page_title = 'Remove Session File' rm_helper = delete_path userstyle = False widgets = False else: logger.error('%s called without proper auth: %s' % (op_name, accepted)) output_objects.append({ 'object_type': 'error_text', 'text': 'Authentication is missing!' }) return (output_objects, returnvalues.SYSTEM_ERROR) # Please note that base_dir must end in slash to avoid access to other # user dirs when own name is a prefix of another user name base_dir = os.path.abspath(os.path.join(base_dir, target_dir)) + os.sep title_entry = find_entry(output_objects, 'title') title_entry['text'] = page_title title_entry['skipwidgets'] = not widgets title_entry['skipuserstyle'] = not userstyle output_objects.append({'object_type': 'header', 'text': page_title}) logger.debug("%s: with paths: %s" % (op_name, pattern_list)) # Input validation assures target_dir can't escape base_dir if not os.path.isdir(base_dir): output_objects.append({ 'object_type': 'error_text', 'text': 'Invalid client/sharelink/session id!' }) logger.warning('%s used %s with invalid base dir: %s' % (user_id, op_name, base_dir)) return (output_objects, returnvalues.CLIENT_ERROR) if verbose(flags): for flag in flags: output_objects.append({ 'object_type': 'text', 'text': '%s using flag: %s' % (op_name, flag) }) for pattern in pattern_list: # Check directory traversal attempts before actual handling to avoid # leaking information about file system layout while allowing # consistent error messages unfiltered_match = glob.glob(base_dir + pattern) match = [] for server_path in unfiltered_match: # IMPORTANT: path must be expanded to abs for proper chrooting abs_path = os.path.abspath(server_path) if not valid_user_path(configuration, abs_path, base_dir, True): # out of bounds - save user warning for later to allow # partial match: # ../*/* is technically allowed to match own files. logger.warning('%s tried to %s restricted path %s ! ( %s)' % (client_id, op_name, abs_path, pattern)) continue match.append(abs_path) # Now actually treat list of allowed matchings and notify if no # (allowed) match if not match: logger.warning("%s: no matching paths: %s" % (op_name, pattern_list)) output_objects.append({ 'object_type': 'file_not_found', 'name': pattern }) status = returnvalues.FILE_NOT_FOUND for abs_path in match: real_path = os.path.realpath(abs_path) relative_path = abs_path.replace(base_dir, '') if verbose(flags): output_objects.append({ 'object_type': 'file', 'name': relative_path }) # Make it harder to accidentially delete too much - e.g. do not # delete VGrid files without explicit selection of subdir contents if abs_path == os.path.abspath(base_dir): logger.error("%s: refusing rm home dir: %s" % (op_name, abs_path)) output_objects.append({ 'object_type': 'warning', 'text': "You're not allowed to delete your entire home directory!" }) status = returnvalues.CLIENT_ERROR continue # Generally refuse handling symlinks including root vgrid shares elif os.path.islink(abs_path): logger.error("%s: refusing rm link: %s" % (op_name, abs_path)) output_objects.append({ 'object_type': 'warning', 'text': """ You're not allowed to delete entire special folders like %s shares and %s """ % (configuration.site_vgrid_label, trash_linkname) }) status = returnvalues.CLIENT_ERROR continue # Additionally refuse operations on inherited subvgrid share roots elif in_vgrid_share(configuration, abs_path) == relative_path: output_objects.append({ 'object_type': 'warning', 'text': """You're not allowed to remove entire %s shared folders!""" % configuration.site_vgrid_label }) status = returnvalues.CLIENT_ERROR continue elif os.path.isdir(abs_path) and not recursive(flags): logger.error("%s: non-recursive call on dir '%s'" % (op_name, abs_path)) output_objects.append({ 'object_type': 'error_text', 'text': "cannot remove '%s': is a direcory" % relative_path }) status = returnvalues.CLIENT_ERROR continue trash_base = get_trash_location(configuration, abs_path) if not trash_base and not force(flags): logger.error("%s: no trash for dir '%s'" % (op_name, abs_path)) output_objects.append({ 'object_type': 'error_text', 'text': "No trash enabled for '%s' - read-only?" % relative_path }) status = returnvalues.CLIENT_ERROR continue try: if rm_helper == remove_path and \ os.path.commonprefix([real_path, trash_base]) \ == trash_base: logger.warning("%s: already in trash: '%s'" % (op_name, real_path)) output_objects.append({ 'object_type': 'error_text', 'text': """ '%s' is already in trash - no action: use force flag to permanently delete""" % relative_path }) status = returnvalues.CLIENT_ERROR continue except Exception as err: logger.error("%s: check trash failed: %s" % (op_name, err)) continue if not check_write_access(abs_path): logger.warning('%s called without write access: %s' % (op_name, abs_path)) output_objects.append({ 'object_type': 'error_text', 'text': 'cannot remove "%s": inside a read-only location!' % pattern }) status = returnvalues.CLIENT_ERROR continue # TODO: limit delete in vgrid share trash to vgrid owners / conf? # ... malicious members can still e.g. truncate all files. # we could consider removing write bit on move to trash. # TODO: user setting to switch on/off trash? # TODO: add direct delete checkbox in fileman move to trash dialog? # TODO: add empty trash option for Trash? # TODO: user settings to define read-only and auto-expire in trash? # TODO: add trash support for sftp/ftps/webdavs? gdp_iolog_action = 'deleted' gdp_iolog_paths = [relative_path] if rm_helper == remove_path: gdp_iolog_action = 'moved' trash_base_path = \ get_trash_location(configuration, abs_path, True) trash_relative_path = \ trash_base_path.replace(configuration.user_home, '') trash_relative_path = \ trash_relative_path.replace( configuration.vgrid_files_home, '') gdp_iolog_paths.append(trash_relative_path) try: gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'], gdp_iolog_action, gdp_iolog_paths) gdp_iolog_status = True except GDPIOLogError as exc: gdp_iolog_status = False rm_err = [str(exc)] rm_status = False if gdp_iolog_status: (rm_status, rm_err) = rm_helper(configuration, abs_path) if not rm_status or not gdp_iolog_status: if gdp_iolog_status: gdp_iolog(configuration, client_id, environ['REMOTE_ADDR'], gdp_iolog_action, gdp_iolog_paths, failed=True, details=rm_err) logger.error("%s: failed on '%s': %s" % (op_name, abs_path, ', '.join(rm_err))) output_objects.append({ 'object_type': 'error_text', 'text': "remove '%s' failed: %s" % (relative_path, '. '.join(rm_err)) }) status = returnvalues.SYSTEM_ERROR continue logger.info("%s: successfully (re)moved %s" % (op_name, abs_path)) output_objects.append({ 'object_type': 'text', 'text': "removed %s" % (relative_path) }) output_objects.append({ 'object_type': 'link', 'destination': 'ls.py%s' % id_query, 'text': 'Return to files overview' }) return (output_objects, status)