def before_request(): """ This is executed before the request """ update_config_object() request.all_data = get_all_params(request.values, request.data) request.User = get_user_from_param(request.all_data) privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \ request.host # Create a policy_object, that reads the database audit settings # and contains the complete policy definition during the request. # This audit_object can be used in the postpolicy and prepolicy and it # can be passed to the innerpolicies. g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) g.event_config = EventConfiguration() # access_route contains the ip addresses of all clients, hops and proxies. g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT)) g.audit_object.log({"success": False, "action_detail": "", "client": g.client_ip, "client_user_agent": request.user_agent.browser, "privacyidea_server": privacyidea_server, "action": "{0!s} {1!s}".format(request.method, request.url_rule), "info": ""})
def before_request(): """ This is executed before the request """ ensure_no_config_object() request.all_data = get_all_params(request.values, request.data) # get additional request information such as parameters in the # call path from the view_args request.all_data.update(request.view_args) request.User = get_user_from_param(request.all_data) privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \ request.host # Create a policy_object, that reads the database audit settings # and contains the complete policy definition during the request. # This audit_object can be used in the postpolicy and prepolicy and it # can be passed to the innerpolicies. g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config, g.startdate) g.event_config = EventConfiguration() # access_route contains the ip addresses of all clients, hops and proxies. g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT)) # Save the HTTP header in the localproxy object g.request_headers = request.headers g.serial = getParam(request.all_data, "serial", default=None) g.audit_object.log({"success": False, "action_detail": "", "client": g.client_ip, "client_user_agent": request.user_agent.browser, "privacyidea_server": privacyidea_server, "action": "{0!s} {1!s}".format(request.method, request.url_rule), "info": ""})
def before_request(): """ This is executed before the request """ ensure_no_config_object() request.all_data = get_all_params(request.values, request.data) privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \ request.host g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) g.event_config = EventConfiguration() # access_route contains the ip adresses of all clients, hops and proxies. g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT)) g.audit_object.log({ "success": False, "client": g.client_ip, "client_user_agent": request.user_agent.browser, "privacyidea_server": privacyidea_server, "action": "{0!s} {1!s}".format(request.method, request.url_rule), "action_detail": "", "info": "" })
def before_request(): """ This is executed before the request """ request.all_data = get_all_params(request.values, request.data) privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \ request.host # Create a policy_object, that reads the database audit settings # and contains the complete policy definition during the request. # This audit_object can be used in the postpolicy and prepolicy and it # can be passed to the innerpolicies. g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) # access_route contains the ip adresses of all clients, hops and proxies. g.client_ip = request.access_route[0] if request.access_route else \ request.remote_addr g.audit_object.log({ "success": False, "action_detail": "", "client": g.client_ip, "client_user_agent": request.user_agent.browser, "privacyidea_server": privacyidea_server, "action": "{0!s} {1!s}".format(request.method, request.url_rule), "info": "" })
def sign_response(request, response): """ This decorator is used to sign the response. It adds the nonce from the request, if it exist and adds the nonce and the signature to the response. .. note:: This only works for JSON responses. So if we fail to decode the JSON, we just pass on. The usual way to use it is, to wrap the after_request, so that we can also sign errors. @postrequest(sign_response, request=request) def after_request(response): :param request: The Request object :param response: The Response object """ if current_app.config.get("PI_NO_RESPONSE_SIGN"): return response priv_file_name = current_app.config.get("PI_AUDIT_KEY_PRIVATE") try: with open(priv_file_name, 'rb') as priv_file: priv_key = priv_file.read() sign_object = Sign(priv_key, public_key=None) except (IOError, ValueError, TypeError) as e: log.info('Could not load private key from ' 'file {0!s}: {1!r}!'.format(priv_file_name, e)) log.debug(traceback.format_exc()) return response request.all_data = get_all_params(request.values, request.data) # response can be either a Response object or a Tuple (Response, ErrorID) response_value = 200 response_is_tuple = False if type(response).__name__ == "tuple": response_is_tuple = True response_value = response[1] response_object = response[0] else: response_object = response try: content = json.loads(response_object.data) nonce = request.all_data.get("nonce") if nonce: content["nonce"] = nonce content["signature"] = sign_object.sign( json.dumps(content, sort_keys=True)) response_object.data = json.dumps(content) except ValueError: # The response.data is no JSON (but CSV or policy export) # We do no signing in this case. log.info("We only sign JSON response data.") if response_is_tuple: resp = (response_object, response_value) else: resp = response_object return resp
def before_request(): """ This is executed before the request """ ensure_no_config_object() request.all_data = get_all_params(request) privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \ request.host # Create a policy_object, that reads the database audit settings # and contains the complete policy definition during the request. # This audit_object can be used in the postpolicy and prepolicy and it # can be passed to the innerpolicies. g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) # access_route contains the ip adresses of all clients, hops and proxies. g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT)) g.serial = getParam(request.all_data, "serial") or None g.audit_object.log({ "success": False, "action_detail": "", "client": g.client_ip, "client_user_agent": request.user_agent.browser, "privacyidea_server": privacyidea_server, "action": "{0!s} {1!s}".format(request.method, request.url_rule), "info": "" })
def before_request(): """ This is executed before the request """ ensure_no_config_object() request.all_data = get_all_params(request.values, request.data) privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \ request.host g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) g.event_config = EventConfiguration() # access_route contains the ip adresses of all clients, hops and proxies. g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT)) g.audit_object.log({"success": False, "client": g.client_ip, "client_user_agent": request.user_agent.browser, "privacyidea_server": privacyidea_server, "action": "{0!s} {1!s}".format(request.method, request.url_rule), "action_detail": "", "info": ""}) username = getParam(request.all_data, "username") if username: # We only fill request.User, if we really have a username. # On endpoints like /auth/rights, this is not available loginname, realm = split_user(username) # overwrite the split realm if we have a realm parameter. Default back to default_realm realm = getParam(request.all_data, "realm", default=realm) or realm or get_default_realm() # Prefill the request.User. This is used by some pre-event handlers request.User = User(loginname, realm)
def sign_response(request, response): """ This decorator is used to sign the response. It adds the nonce from the request, if it exist and adds the nonce and the signature to the response. .. note:: This only works for JSON responses. So if we fail to decode the JSON, we just pass on. The usual way to use it is, to wrap the after_request, so that we can also sign errors. @postrequest(sign_response, request=request) def after_request(response): :param request: The Request object :param response: The Response object """ if current_app.config.get("PI_NO_RESPONSE_SIGN"): return response priv_file_name = current_app.config.get("PI_AUDIT_KEY_PRIVATE") try: with open(priv_file_name, 'rb') as priv_file: priv_key = priv_file.read() sign_object = Sign(priv_key, public_key=None) except (IOError, ValueError, TypeError) as e: log.info('Could not load private key from ' 'file {0!s}: {1!r}!'.format(priv_file_name, e)) log.debug(traceback.format_exc()) return response request.all_data = get_all_params(request.values, request.data) # response can be either a Response object or a Tuple (Response, ErrorID) response_value = 200 response_is_tuple = False if type(response).__name__ == "tuple": response_is_tuple = True response_value = response[1] response_object = response[0] else: response_object = response try: content = json.loads(response_object.data) nonce = request.all_data.get("nonce") if nonce: content["nonce"] = nonce content["signature"] = sign_object.sign(json.dumps(content, sort_keys=True)) response_object.data = json.dumps(content) except ValueError: # The response.data is no JSON (but CSV or policy export) # We do no signing in this case. log.info("We only sign JSON response data.") if response_is_tuple: resp = (response_object, response_value) else: resp = response_object return resp
def before_request(): """ This is executed before the request """ # remove session from param and gather all parameters, either # from the Form data or from JSON in the request body. request.all_data = get_all_params(request.values, request.data) # Verify the authtoken! authtoken = request.all_data.get("authtoken") r = verify_auth_token(authtoken, ["user", "admin"]) request.PI_username = r.get("username") request.PI_realm = r.get("realm") request.PI_role = r.get("role")
def sign_response(request, response): """ This decorator is used to sign the response. It adds the nonce from the request, if it exist and adds the nonce and the signature to the response. .. note:: This only works for JSON responses. So if we fail to decode the JSON, we just pass on. The usual way to use it is, to wrap the after_request, so that we can also sign errors. @postrequest(sign_response, request=request) def after_request(response): :param request: The Request object :param response: The Response object """ if current_app.config.get("PI_NO_RESPONSE_SIGN"): return response priv_file = current_app.config.get("PI_AUDIT_KEY_PRIVATE") pub_file = current_app.config.get("PI_AUDIT_KEY_PUBLIC") sign_object = Sign(priv_file, pub_file) request.all_data = get_all_params(request.values, request.data) # response can be either a Response object or a Tuple (Response, ErrorID) response_value = 200 response_is_tuple = False if type(response).__name__ == "tuple": response_is_tuple = True response_value = response[1] response_object = response[0] else: response_object = response try: content = json.loads(response_object.data) nonce = request.all_data.get("nonce") if nonce: content["nonce"] = nonce content["signature"] = sign_object.sign(json.dumps(content)) response_object.data = json.dumps(content) except ValueError: # The response.data is no JSON (but CSV or policy export) # We do no signing in this case. log.info("We only sign JSON response data.") if response_is_tuple: resp = (response_object, response_value) else: resp = response_object return resp
def before_request(): """ This is executed before the request """ request.all_data = get_all_params(request.values, request.data) # Create a policy_object, that reads the database audit settings # and contains the complete policy definition during the request. # This audit_object can be used in the postpolicy and prepolicy and it # can be passed to the innerpolicies. g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) g.audit_object.log({"success": False, "action_detail": "", "client": request.remote_addr, "client_user_agent": request.user_agent.browser, "privacyidea_server": request.host, "action": "%s %s" % (request.method, request.url_rule), "info": ""})
def before_request(): """ This is executed before the request """ request.all_data = get_all_params(request.values, request.data) # Create a policy_object, that reads the database audit settings # and contains the complete policy definition during the request. # This audit_object can be used in the postpolicy and prepolicy and it # can be passed to the innerpolicies. g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) g.audit_object.log({ "success": False, "action_detail": "", "client": request.remote_addr, "client_user_agent": request.user_agent.browser, "privacyidea_server": request.host, "action": "%s %s" % (request.method, request.url_rule), "info": "" })
def before_request(): """ This is executed before the request """ update_config_object() request.all_data = get_all_params(request.values, request.data) privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \ request.host g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) g.event_config = EventConfiguration() # access_route contains the ip adresses of all clients, hops and proxies. g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT)) g.audit_object.log({"success": False, "client": g.client_ip, "client_user_agent": request.user_agent.browser, "privacyidea_server": privacyidea_server, "action": "{0!s} {1!s}".format(request.method, request.url_rule), "action_detail": "", "info": ""})
def before_request(): """ This is executed before the request """ request.all_data = get_all_params(request.values, request.data) privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \ request.host # Create a policy_object, that reads the database audit settings # and contains the complete policy definition during the request. # This audit_object can be used in the postpolicy and prepolicy and it # can be passed to the innerpolicies. g.policy_object = PolicyClass() g.audit_object = getAudit(current_app.config) # We can add logic to use X-Forwarded-For g.client_ip = request.remote_addr g.audit_object.log({"success": False, "action_detail": "", "client": g.client_ip, "client_user_agent": request.user_agent.browser, "privacyidea_server": privacyidea_server, "action": "{0!s} {1!s}".format(request.method, request.url_rule), "info": ""})