def user_put(org_id, user_id):
org = Organization(org_id)
user = org.get_user(user_id)
name = flask.request.json['name']
name = ''.join(x for x in name if x.isalnum() or x in NAME_SAFE_CHARS)
user.rename(name)
return utils.jsonify({})
def user_put(org_id, user_id):
org = Organization(org_id)
user = org.get_user(user_id)
name = flask.request.json['name']
name = ''.join(x for x in name if x.isalnum() or x in NAME_SAFE_CHARS)
user.rename(name)
return utils.jsonify({})
def user_post(org_id):
org = Organization(org_id)
name = flask.request.json['name']
name = ''.join(x for x in name if x.isalnum() or x in NAME_SAFE_CHARS)
user = org.new_user(CERT_CLIENT, name)
return utils.jsonify({})
def user_post(org_id):
org = Organization(org_id)
name = flask.request.json['name']
name = ''.join(x for x in name if x.isalnum() or x in NAME_SAFE_CHARS)
user = org.new_user(CERT_CLIENT, name)
return utils.jsonify({})
def user_get(org_id):
org = Organization(org_id)
org_servers = org.get_servers()
users = []
users_dict = {}
users_sort = []
clients = {}
for server in org_servers:
server_clients = server.get_clients()
for client_id in server_clients:
client = server_clients[client_id]
if client_id not in clients:
clients[client_id] = []
clients[client_id].append(client['virt_address'])
for user in org.get_users():
name_id = '%s_%s' % (user.name, user.id)
users_sort.append(name_id)
users_dict[name_id] = {
'id': user.id,
'organization': org.id,
'name': user.name,
'type': user.type,
'status': True if user.id in clients else False,
'virt_addresses': clients[user.id] if user.id in clients else [],
}
for name_id in sorted(users_sort):
users.append(users_dict[name_id])
return utils.jsonify(users)
def org_get(org_id=None):
if org_id:
return utils.jsonify(Organization.get_org(id=org_id).dict())
else:
orgs = []
for org in Organization.iter_orgs():
orgs.append(org.dict())
return utils.jsonify(orgs)
def _get_key_inline(org_id, user_id):
org = Organization(org_id)
user = org.get_user(user_id)
archive = user.build_key_inline()
response = flask.Response(response=archive, mimetype='application/octet-stream' )
response.headers.add('Content-Disposition', 'inline; filename="%s.ovpn"' % user.name)
return response
def user_delete(org_id, user_id):
org = Organization(org_id)
user = org.get_user(user_id)
user_id = user.id
user.remove()
for server in org.get_servers():
server_clients = server.get_clients()
if user_id in server_clients:
server.restart()
return utils.jsonify({})
def _get_key_archive(org_id, user_id):
org = Organization(org_id)
user = org.get_user(user_id)
archive_temp_path = user.build_key_archive()
with open(archive_temp_path, "r") as archive_file:
response = flask.Response(response=archive_file.read(), mimetype="application/x-tar")
response.headers.add("Content-Disposition", 'inline; filename="%s.tar"' % user.name)
os.remove(archive_temp_path)
return response
def _get_key_inline(org_id, user_id):
org = Organization(org_id)
user = org.get_user(user_id)
archive = user.build_key_inline()
response = flask.Response(response=archive,
mimetype='application/octet-stream')
response.headers.add('Content-Disposition',
'inline; filename="%s.ovpn"' % user.name)
return response
def _get_key_archive(org_id, user_id):
org = Organization(org_id)
user = org.get_user(user_id)
archive_temp_path = user.build_key_archive()
with open(archive_temp_path, 'r') as archive_file:
response = flask.Response(response=archive_file.read(),
mimetype='application/x-tar')
response.headers.add('Content-Disposition',
'inline; filename="%s.tar"' % user.name)
os.remove(archive_temp_path)
return response
def user_put(org_id, user_id):
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
name = utils.filter_str(flask.request.json['name'])
user.rename(name)
return utils.jsonify(user.dict())
def user_post(org_id):
org = Organization.get_org(id=org_id)
users = []
if isinstance(flask.request.json, list):
users_data = flask.request.json
else:
users_data = [flask.request.json]
for user_data in users_data:
name = utils.filter_str(user_data['name'])
email = utils.filter_str(user_data.get('email'))
user = org.new_user(type=CERT_CLIENT, name=name, email=email)
disabled = user_data.get('disabled')
if disabled is not None:
user.disabled = disabled
user.commit()
users.append(user.dict())
Event(type=ORGS_UPDATED)
Event(type=USERS_UPDATED, resource_id=org.id)
Event(type=SERVERS_UPDATED)
if isinstance(flask.request.json, list):
LogEntry(message='Created %s new users.' % len(flask.request.json))
return utils.jsonify(users)
else:
LogEntry(message='Created new user "%s".' % users[0]['name'])
return utils.jsonify(users[0])
def user_otp_secret_put(org_id, user_id):
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
user.generate_otp_secret()
user.commit()
Event(type=USERS_UPDATED, resource_id=org.id)
return utils.jsonify(user.dict())
def status_get():
orgs_count = 0
servers_count = 0
servers_online_count = 0
clients_count = 0
for server in Server.iter_servers():
servers_count += 1
if server.status:
servers_online_count += 1
clients_count += len(server.clients)
user_count = 0
for org in Organization.iter_orgs():
orgs_count += 1
user_count += org.user_count
local_networks = utils.get_local_networks()
return utils.jsonify({
'org_count': orgs_count,
'users_online': clients_count,
'user_count': user_count,
'servers_online': servers_online_count,
'server_count': servers_count,
'server_version': __version__,
'public_ip': app_server.public_ip,
'local_networks': local_networks,
})
def status_get():
orgs = Organization.get_orgs()
orgs_count = len(orgs)
servers_count = 0
servers_online_count = 0
clients_count = 0
for server in Server.get_servers():
servers_count += 1
if server.status:
servers_online_count += 1
clients_count += len(server.get_clients())
users_count = 0
for org in orgs:
for user in org.get_users():
if user.type != CERT_CLIENT:
continue
users_count += 1
if not app_server.public_ip:
app_server.load_public_ip()
return utils.jsonify({
'orgs_available': orgs_count,
'orgs_total': orgs_count,
'users_online': clients_count,
'users_total': users_count,
'servers_online': servers_online_count,
'servers_total': servers_count,
'server_version': __version__,
'public_ip': app_server.public_ip,
})
def user_key_link_get(org_id, user_id):
org = Organization.get_org(id=org_id)
key_id = uuid.uuid4().hex
view_id = None
uri_id = None
for i in xrange(2):
for i in xrange(2048):
temp_id = ''.join(random.sample(SHORT_URL_CHARS, SHORT_URL_LEN))
if not view_id:
if not cache_db.exists(_get_view_key(temp_id)):
view_id = temp_id
break
else:
if not cache_db.exists(_get_uri_key(temp_id)):
uri_id = temp_id
break
if not view_id and not uri_id:
raise KeyLinkError('Failed to generate random id')
cache_db.expire(_get_key_key(key_id), KEY_LINK_TIMEOUT)
cache_db.dict_set(_get_key_key(key_id), 'org_id', org_id)
cache_db.dict_set(_get_key_key(key_id), 'user_id', user_id)
cache_db.dict_set(_get_key_key(key_id), 'view_id', view_id)
cache_db.dict_set(_get_key_key(key_id), 'uri_id', uri_id)
conf_urls = []
if app_server.inline_certs:
for server in org.iter_servers():
conf_id = uuid.uuid4().hex
cache_db.expire(_get_conf_key(conf_id), KEY_LINK_TIMEOUT)
cache_db.dict_set(_get_conf_key(conf_id), 'org_id', org_id)
cache_db.dict_set(_get_conf_key(conf_id), 'user_id', user_id)
cache_db.dict_set(_get_conf_key(conf_id), 'server_id', server.id)
conf_urls.append({
'id': conf_id,
'server_name': server.name,
'url': '/key/%s.ovpn' % conf_id,
})
cache_db.expire(_get_view_key(view_id), KEY_LINK_TIMEOUT)
cache_db.dict_set(_get_view_key(view_id), 'org_id', org_id)
cache_db.dict_set(_get_view_key(view_id), 'user_id', user_id)
cache_db.dict_set(_get_view_key(view_id), 'key_id', key_id)
cache_db.dict_set(_get_view_key(view_id), 'uri_id', uri_id)
cache_db.dict_set(_get_view_key(view_id),
'conf_urls', json.dumps(conf_urls))
cache_db.expire(_get_uri_key(uri_id), KEY_LINK_TIMEOUT)
cache_db.dict_set(_get_uri_key(uri_id), 'org_id', org_id)
cache_db.dict_set(_get_uri_key(uri_id), 'user_id', user_id)
return utils.jsonify({
'id': key_id,
'key_url': '/key/%s.tar' % key_id,
'view_url': '/k/%s' % view_id,
'uri_url': '/ku/%s' % uri_id,
})
def user_get(org_id, user_id=None, page=None):
org = Organization.get_org(id=org_id)
if user_id:
return utils.jsonify(org.get_user(user_id).dict())
else:
page = flask.request.args.get('page', None)
page = int(page) if page else page
search = flask.request.args.get('search', None)
limit = int(flask.request.args.get('limit', USER_PAGE_COUNT))
otp_auth = False
search_more = True
server_count = 0
clients = {}
for server in org.iter_servers():
server_count += 1
if server.otp_auth:
otp_auth = True
server_clients = server.clients
for client_id in server_clients:
client = server_clients[client_id]
if client_id not in clients:
clients[client_id] = {}
clients[client_id][server.id] = client
users = []
for user in org.iter_users(page=page, prefix=search,
prefix_limit=limit):
if user is None:
search_more = False
break
is_client = user.id in clients
user_dict = user.dict()
user_dict['status'] = True if is_client else False
user_dict['otp_auth'] = otp_auth
user_dict['servers'] = clients[user.id] if is_client else {}
users.append(user_dict)
if page is not None:
return utils.jsonify({
'page': page,
'page_total': org.page_total,
'server_count': server_count,
'users': users,
})
elif search is not None:
return utils.jsonify({
'search': search,
'search_more': search_more,
'search_limit': limit,
'search_count': org.get_last_prefix_count(),
'search_time': round((time.time() - flask.g.start), 4),
'server_count': server_count,
'users': users,
})
else:
return utils.jsonify(users)
def user_put(org_id, user_id):
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
name = flask.request.json.get('name')
if name:
name = utils.filter_str(name)
if 'email' in flask.request.json:
email = flask.request.json['email']
if email:
user.email = utils.filter_str(email)
else:
user.email = None
disabled = flask.request.json.get('disabled')
if disabled is not None:
user.disabled = disabled
if name:
user.rename(name)
else:
user.commit()
Event(type=USERS_UPDATED, resource_id=user.org.id)
if disabled:
if user.type == CERT_CLIENT:
LogEntry(message='Disabled user "%s".' % user.name)
for server in org.iter_servers():
server_clients = server.clients
if user_id in server_clients:
server.restart()
elif disabled == False and user.type == CERT_CLIENT:
LogEntry(message='Enabled user "%s".' % user.name)
send_key_email = flask.request.json.get('send_key_email')
if send_key_email and user.email:
try:
user.send_key_email(send_key_email)
except EmailNotConfiguredError:
return utils.jsonify({
'error': EMAIL_NOT_CONFIGURED,
'error_msg': EMAIL_NOT_CONFIGURED_MSG,
}, 400)
except EmailFromInvalid:
return utils.jsonify({
'error': EMAIL_FROM_INVALID,
'error_msg': EMAIL_FROM_INVALID_MSG,
}, 400)
except EmailApiKeyInvalid:
return utils.jsonify({
'error': EMAIL_API_KEY_INVALID,
'error_msg': EMAIL_API_KEY_INVALID_MSG,
}, 400)
return utils.jsonify(user.dict())
def _get_key_archive(org_id, user_id):
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
key_archive = user.build_key_archive()
response = flask.Response(response=key_archive,
mimetype='application/octet-stream')
response.headers.add('Content-Disposition',
'attachment; filename="%s.tar"' % user.name)
return response
def _get_key_archive(org_id, user_id):
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
archive_temp_path = user.build_key_archive()
try:
with open(archive_temp_path, 'r') as archive_file:
response = flask.Response(response=archive_file.read(),
mimetype='application/octet-stream')
response.headers.add('Content-Disposition',
'attachment; filename="%s.tar"' % user.name)
finally:
user.clean_key_archive()
return response
def user_post(org_id):
org = Organization.get_org(id=org_id)
name = utils.filter_str(flask.request.json["name"])
email = None
if "email" in flask.request.json:
email = utils.filter_str(flask.request.json["email"])
user = org.new_user(type=CERT_CLIENT, name=name, email=email)
disabled = flask.request.json.get("disabled")
if disabled is not None:
user.disabled = disabled
user.commit()
return utils.jsonify(user.dict())
def server_org_delete(server_id, org_id):
server = Server.get_server(id=server_id)
org = Organization.get_org(id=org_id)
if server.status:
return utils.jsonify({
'error': SERVER_NOT_OFFLINE,
'error_msg': SERVER_NOT_OFFLINE_DETACH_ORG_MSG,
}, 400)
server.remove_org(org)
server.commit()
Event(type=SERVERS_UPDATED)
Event(type=SERVER_ORGS_UPDATED, resource_id=server.id)
Event(type=USERS_UPDATED, resource_id=org.id)
return utils.jsonify({})
def user_get(org_id):
org = Organization(org_id)
otp_auth = False
users = []
users_dict = {}
users_sort = []
clients = {}
for server in org.get_servers():
if server.otp_auth:
otp_auth = True
server_clients = server.get_clients()
for client_id in server_clients:
client = server_clients[client_id]
if client_id not in clients:
clients[client_id] = {}
clients[client_id][server.id] = client
for user in org.get_users():
name_id = "%s_%s" % (user.name, user.id)
users_sort.append(name_id)
users_dict[name_id] = {
"id": user.id,
"organization": org.id,
"name": user.name,
"type": user.type,
"status": True if user.id in clients else False,
"otp_auth": otp_auth,
"otp_secret": user.otp_secret,
"servers": clients[user.id] if user.id in clients else {},
}
for name_id in sorted(users_sort):
users.append(users_dict[name_id])
return utils.jsonify(users)
def user_get(org_id):
org = Organization(org_id)
otp_auth = False
users = []
users_dict = {}
users_sort = []
clients = {}
for server in org.get_servers():
if server.otp_auth:
otp_auth = True
server_clients = server.get_clients()
for client_id in server_clients:
client = server_clients[client_id]
if client_id not in clients:
clients[client_id] = {}
clients[client_id][server.id] = client
for user in org.get_users():
name_id = '%s_%s' % (user.name, user.id)
users_sort.append(name_id)
users_dict[name_id] = {
'id': user.id,
'organization': org.id,
'name': user.name,
'type': user.type,
'status': True if user.id in clients else False,
'otp_auth': otp_auth,
'otp_secret': user.otp_secret,
'servers': clients[user.id] if user.id in clients else {},
}
for name_id in sorted(users_sort):
users.append(users_dict[name_id])
return utils.jsonify(users)
def user_get(org_id):
org = Organization(org_id)
otp_auth = False
users = []
users_dict = {}
users_sort = []
clients = {}
for server in org.get_servers():
if server.otp_auth:
otp_auth = True
server_clients = server.get_clients()
for client_id in server_clients:
client = server_clients[client_id]
if client_id not in clients:
clients[client_id] = {}
clients[client_id][server.id] = client
for user in org.get_users():
name_id = '%s_%s' % (user.name, user.id)
users_sort.append(name_id)
users_dict[name_id] = {
'id': user.id,
'organization': org.id,
'name': user.name,
'type': user.type,
'status': True if user.id in clients else False,
'otp_auth': otp_auth,
'otp_secret': user.otp_secret,
'servers': clients[user.id] if user.id in clients else {},
}
for name_id in sorted(users_sort):
users.append(users_dict[name_id])
return utils.jsonify(users)
def org_get():
orgs = []
orgs_dict = {}
orgs_sort = []
for org in Organization.get_orgs():
name_id = '%s_%s' % (org.name, org.id)
orgs_sort.append(name_id)
orgs_dict[name_id] = {
'id': org.id,
'name': org.name,
}
for name_id in sorted(orgs_sort):
orgs.append(orgs_dict[name_id])
return utils.jsonify(orgs)
def user_delete(org_id, user_id):
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
name = user.name
user.remove()
Event(type=ORGS_UPDATED)
Event(type=USERS_UPDATED, resource_id=org.id)
for server in org.iter_servers():
server_clients = server.clients
if user_id in server_clients:
server.restart()
LogEntry(message='Deleted user "%s".' % name)
return utils.jsonify({})
def server_org_put(server_id, org_id):
server = Server.get_server(id=server_id)
org = Organization.get_org(id=org_id)
if server.status:
return utils.jsonify({
'error': SERVER_NOT_OFFLINE,
'error_msg': SERVER_NOT_OFFLINE_ATTACH_ORG_MSG,
}, 400)
server.add_org(org)
server.commit()
Event(type=SERVERS_UPDATED)
Event(type=SERVER_ORGS_UPDATED, resource_id=server.id)
Event(type=USERS_UPDATED, resource_id=org.id)
return utils.jsonify({
'id': org.id,
'server': server.id,
'name': org.name,
})
def user_uri_key_page_get(uri_id):
org_id = cache_db.dict_get(_get_uri_key(uri_id), 'org_id')
user_id = cache_db.dict_get(_get_uri_key(uri_id), 'user_id')
# Check for expire
if not cache_db.exists(_get_uri_key(uri_id)):
time.sleep(RATE_LIMIT_SLEEP)
return flask.abort(404)
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
keys = {}
for server in org.iter_servers():
key = user.build_key_conf(server.id)
keys[key['name']] = key['conf']
return utils.jsonify(keys)
def user_linked_key_page_get(view_id):
view_id_key = 'view_token-%s' % view_id
org_id = cache_db.dict_get(view_id_key, 'org_id')
user_id = cache_db.dict_get(view_id_key, 'user_id')
key_id = cache_db.dict_get(view_id_key, 'key_id')
conf_urls = cache_db.dict_get(view_id_key, 'conf_urls')
if conf_urls:
conf_urls = json.loads(conf_urls)
# Check for expire
if not cache_db.exists(view_id_key):
time.sleep(RATE_LIMIT_SLEEP)
return flask.abort(404)
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
key_page = StaticFile(app_server.www_path, KEY_INDEX_NAME,
cache=False).data
key_page = key_page.replace('<%= user_name %>', '%s - %s' % (
org.name, user.name))
key_page = key_page.replace('<%= user_key_url %>', '/key/%s.tar' % (
key_id))
if org.otp_auth:
key_page = key_page.replace('<%= user_otp_key %>', user.otp_secret)
key_page = key_page.replace('<%= user_otp_url %>',
'otpauth://totp/%s@%s?secret=%s' % (
user.name, org.name, user.otp_secret))
else:
key_page = key_page.replace('<%= user_otp_key %>', '')
key_page = key_page.replace('<%= user_otp_url %>', '')
key_page = key_page.replace('<%= view_id %>', view_id)
conf_links = ''
for conf_url in conf_urls:
conf_links += '<a class="sm" title="Download Mobile Key" ' + \
'href="%s">Download Mobile Key (%s)</a><br>\n' % (
conf_url['url'], conf_url['server_name'])
key_page = key_page.replace('<%= conf_links %>', conf_links)
return key_page
def user_linked_key_conf_get(conf_id):
org_id = cache_db.dict_get(_get_conf_key(conf_id), 'org_id')
user_id = cache_db.dict_get(_get_conf_key(conf_id), 'user_id')
server_id = cache_db.dict_get(_get_conf_key(conf_id), 'server_id')
# Check for expire
if not cache_db.exists(_get_conf_key(conf_id)):
time.sleep(RATE_LIMIT_SLEEP)
return flask.abort(404)
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
key_conf = user.build_key_conf(server_id)
response = flask.Response(response=key_conf['conf'],
mimetype='application/octet-stream')
response.headers.add('Content-Disposition',
'attachment; filename="%s"' % key_conf['name'])
return response
def status_get():
orgs_count = 0
servers_count = 0
servers_online_count = 0
clients_count = 0
for server in Server.iter_servers():
servers_count += 1
if server.status:
servers_online_count += 1
clients_count += len(server.clients)
user_count = 0
for org in Organization.iter_orgs():
orgs_count += 1
user_count += org.user_count
local_networks = utils.get_local_networks()
if app_server.openssl_heartbleed:
notification = 'You are running an outdated version of openssl ' + \
'containting the heartbleed bug. This could allow an attacker ' + \
'to compromise your server. Please upgrade your openssl ' + \
'package and restart the pritunl service.'
else:
notification = app_server.notification
return utils.jsonify({
'org_count': orgs_count,
'users_online': clients_count,
'user_count': user_count,
'servers_online': servers_online_count,
'server_count': servers_count,
'server_version': __version__,
'public_ip': app_server.public_ip,
'local_networks': local_networks,
'notification': notification,
})
def user_put(org_id, user_id):
org = Organization.get_org(id=org_id)
user = org.get_user(user_id)
name = flask.request.json.get("name")
if name:
name = utils.filter_str(name)
if "email" in flask.request.json:
email = flask.request.json["email"]
if email:
user.email = utils.filter_str(email)
else:
user.email = None
disabled = flask.request.json.get("disabled")
if disabled is not None:
user.disabled = disabled
if name:
user.rename(name)
else:
user.commit()
Event(type=USERS_UPDATED, resource_id=user.org.id)
if disabled:
if user.type == CERT_CLIENT:
LogEntry(message='Disabled user "%s".' % user.name)
for server in org.iter_servers():
server_clients = server.clients
if user_id in server_clients:
server.restart()
elif disabled == False and user.type == CERT_CLIENT:
LogEntry(message='Enabled user "%s".' % user.name)
return utils.jsonify(user.dict())
def user_delete(org_id, user_id):
org = Organization(org_id)
user = org.get_user(user_id)
user.remove()
return utils.jsonify({})
def user_key_link_get(org_id, user_id):
org = Organization.get_org(id=org_id)
return utils.jsonify(org.create_user_key_link(user_id))
def org_post():
name = flask.request.json['name']
name = ''.join(x for x in name if x.isalnum() or x in NAME_SAFE_CHARS)
org = Organization(name=name)
return utils.jsonify({})
def org_delete(org_id):
org = Organization(org_id)
org.remove()
return utils.jsonify({})
