def before_request():
"""
This is executed before the request
"""
update_config_object()
request.all_data = get_all_params(request.values, request.data)
request.User = get_user_from_param(request.all_data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip addresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT))
g.audit_object.log({"success": False,
"action_detail": "",
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"info": ""})
def before_request():
"""
This is executed before the request
"""
ensure_no_config_object()
request.all_data = get_all_params(request.values, request.data)
# get additional request information such as parameters in the
# call path from the view_args
request.all_data.update(request.view_args)
request.User = get_user_from_param(request.all_data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config, g.startdate)
g.event_config = EventConfiguration()
# access_route contains the ip addresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request, get_from_config(SYSCONF.OVERRIDECLIENT))
# Save the HTTP header in the localproxy object
g.request_headers = request.headers
g.serial = getParam(request.all_data, "serial", default=None)
g.audit_object.log({"success": False,
"action_detail": "",
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"info": ""})
def before_request():
"""
This is executed before the request
"""
ensure_no_config_object()
request.all_data = get_all_params(request.values, request.data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
g.audit_object.log({
"success":
False,
"client":
g.client_ip,
"client_user_agent":
request.user_agent.browser,
"privacyidea_server":
privacyidea_server,
"action":
"{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail":
"",
"info":
""
})
def before_request():
"""
This is executed before the request
"""
request.all_data = get_all_params(request.values, request.data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = request.access_route[0] if request.access_route else \
request.remote_addr
g.audit_object.log({
"success":
False,
"action_detail":
"",
"client":
g.client_ip,
"client_user_agent":
request.user_agent.browser,
"privacyidea_server":
privacyidea_server,
"action":
"{0!s} {1!s}".format(request.method, request.url_rule),
"info":
""
})
def sign_response(request, response):
"""
This decorator is used to sign the response. It adds the nonce from the
request, if it exist and adds the nonce and the signature to the response.
.. note:: This only works for JSON responses. So if we fail to decode the
JSON, we just pass on.
The usual way to use it is, to wrap the after_request, so that we can also
sign errors.
@postrequest(sign_response, request=request)
def after_request(response):
:param request: The Request object
:param response: The Response object
"""
if current_app.config.get("PI_NO_RESPONSE_SIGN"):
return response
priv_file_name = current_app.config.get("PI_AUDIT_KEY_PRIVATE")
try:
with open(priv_file_name, 'rb') as priv_file:
priv_key = priv_file.read()
sign_object = Sign(priv_key, public_key=None)
except (IOError, ValueError, TypeError) as e:
log.info('Could not load private key from '
'file {0!s}: {1!r}!'.format(priv_file_name, e))
log.debug(traceback.format_exc())
return response
request.all_data = get_all_params(request.values, request.data)
# response can be either a Response object or a Tuple (Response, ErrorID)
response_value = 200
response_is_tuple = False
if type(response).__name__ == "tuple":
response_is_tuple = True
response_value = response[1]
response_object = response[0]
else:
response_object = response
try:
content = json.loads(response_object.data)
nonce = request.all_data.get("nonce")
if nonce:
content["nonce"] = nonce
content["signature"] = sign_object.sign(
json.dumps(content, sort_keys=True))
response_object.data = json.dumps(content)
except ValueError:
# The response.data is no JSON (but CSV or policy export)
# We do no signing in this case.
log.info("We only sign JSON response data.")
if response_is_tuple:
resp = (response_object, response_value)
else:
resp = response_object
return resp
def before_request():
"""
This is executed before the request
"""
ensure_no_config_object()
request.all_data = get_all_params(request)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
g.serial = getParam(request.all_data, "serial") or None
g.audit_object.log({
"success":
False,
"action_detail":
"",
"client":
g.client_ip,
"client_user_agent":
request.user_agent.browser,
"privacyidea_server":
privacyidea_server,
"action":
"{0!s} {1!s}".format(request.method, request.url_rule),
"info":
""
})
def before_request():
"""
This is executed before the request
"""
ensure_no_config_object()
request.all_data = get_all_params(request.values, request.data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
g.audit_object.log({"success": False,
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail": "",
"info": ""})
username = getParam(request.all_data, "username")
if username:
# We only fill request.User, if we really have a username.
# On endpoints like /auth/rights, this is not available
loginname, realm = split_user(username)
# overwrite the split realm if we have a realm parameter. Default back to default_realm
realm = getParam(request.all_data, "realm", default=realm) or realm or get_default_realm()
# Prefill the request.User. This is used by some pre-event handlers
request.User = User(loginname, realm)
def sign_response(request, response):
"""
This decorator is used to sign the response. It adds the nonce from the
request, if it exist and adds the nonce and the signature to the response.
.. note:: This only works for JSON responses. So if we fail to decode the
JSON, we just pass on.
The usual way to use it is, to wrap the after_request, so that we can also
sign errors.
@postrequest(sign_response, request=request)
def after_request(response):
:param request: The Request object
:param response: The Response object
"""
if current_app.config.get("PI_NO_RESPONSE_SIGN"):
return response
priv_file_name = current_app.config.get("PI_AUDIT_KEY_PRIVATE")
try:
with open(priv_file_name, 'rb') as priv_file:
priv_key = priv_file.read()
sign_object = Sign(priv_key, public_key=None)
except (IOError, ValueError, TypeError) as e:
log.info('Could not load private key from '
'file {0!s}: {1!r}!'.format(priv_file_name, e))
log.debug(traceback.format_exc())
return response
request.all_data = get_all_params(request.values, request.data)
# response can be either a Response object or a Tuple (Response, ErrorID)
response_value = 200
response_is_tuple = False
if type(response).__name__ == "tuple":
response_is_tuple = True
response_value = response[1]
response_object = response[0]
else:
response_object = response
try:
content = json.loads(response_object.data)
nonce = request.all_data.get("nonce")
if nonce:
content["nonce"] = nonce
content["signature"] = sign_object.sign(json.dumps(content, sort_keys=True))
response_object.data = json.dumps(content)
except ValueError:
# The response.data is no JSON (but CSV or policy export)
# We do no signing in this case.
log.info("We only sign JSON response data.")
if response_is_tuple:
resp = (response_object, response_value)
else:
resp = response_object
return resp
def before_request():
"""
This is executed before the request
"""
# remove session from param and gather all parameters, either
# from the Form data or from JSON in the request body.
request.all_data = get_all_params(request.values, request.data)
# Verify the authtoken!
authtoken = request.all_data.get("authtoken")
r = verify_auth_token(authtoken, ["user", "admin"])
request.PI_username = r.get("username")
request.PI_realm = r.get("realm")
request.PI_role = r.get("role")
def before_request():
"""
This is executed before the request
"""
# remove session from param and gather all parameters, either
# from the Form data or from JSON in the request body.
request.all_data = get_all_params(request.values, request.data)
# Verify the authtoken!
authtoken = request.all_data.get("authtoken")
r = verify_auth_token(authtoken, ["user", "admin"])
request.PI_username = r.get("username")
request.PI_realm = r.get("realm")
request.PI_role = r.get("role")
def sign_response(request, response):
"""
This decorator is used to sign the response. It adds the nonce from the
request, if it exist and adds the nonce and the signature to the response.
.. note:: This only works for JSON responses. So if we fail to decode the
JSON, we just pass on.
The usual way to use it is, to wrap the after_request, so that we can also
sign errors.
@postrequest(sign_response, request=request)
def after_request(response):
:param request: The Request object
:param response: The Response object
"""
if current_app.config.get("PI_NO_RESPONSE_SIGN"):
return response
priv_file = current_app.config.get("PI_AUDIT_KEY_PRIVATE")
pub_file = current_app.config.get("PI_AUDIT_KEY_PUBLIC")
sign_object = Sign(priv_file, pub_file)
request.all_data = get_all_params(request.values, request.data)
# response can be either a Response object or a Tuple (Response, ErrorID)
response_value = 200
response_is_tuple = False
if type(response).__name__ == "tuple":
response_is_tuple = True
response_value = response[1]
response_object = response[0]
else:
response_object = response
try:
content = json.loads(response_object.data)
nonce = request.all_data.get("nonce")
if nonce:
content["nonce"] = nonce
content["signature"] = sign_object.sign(json.dumps(content))
response_object.data = json.dumps(content)
except ValueError:
# The response.data is no JSON (but CSV or policy export)
# We do no signing in this case.
log.info("We only sign JSON response data.")
if response_is_tuple:
resp = (response_object, response_value)
else:
resp = response_object
return resp
def sign_response(request, response):
"""
This decorator is used to sign the response. It adds the nonce from the
request, if it exist and adds the nonce and the signature to the response.
.. note:: This only works for JSON responses. So if we fail to decode the
JSON, we just pass on.
The usual way to use it is, to wrap the after_request, so that we can also
sign errors.
@postrequest(sign_response, request=request)
def after_request(response):
:param request: The Request object
:param response: The Response object
"""
if current_app.config.get("PI_NO_RESPONSE_SIGN"):
return response
priv_file = current_app.config.get("PI_AUDIT_KEY_PRIVATE")
pub_file = current_app.config.get("PI_AUDIT_KEY_PUBLIC")
sign_object = Sign(priv_file, pub_file)
request.all_data = get_all_params(request.values, request.data)
# response can be either a Response object or a Tuple (Response, ErrorID)
response_value = 200
response_is_tuple = False
if type(response).__name__ == "tuple":
response_is_tuple = True
response_value = response[1]
response_object = response[0]
else:
response_object = response
try:
content = json.loads(response_object.data)
nonce = request.all_data.get("nonce")
if nonce:
content["nonce"] = nonce
content["signature"] = sign_object.sign(json.dumps(content))
response_object.data = json.dumps(content)
except ValueError:
# The response.data is no JSON (but CSV or policy export)
# We do no signing in this case.
log.info("We only sign JSON response data.")
if response_is_tuple:
resp = (response_object, response_value)
else:
resp = response_object
return resp
def before_request():
"""
This is executed before the request
"""
request.all_data = get_all_params(request.values, request.data)
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.audit_object.log({"success": False,
"action_detail": "",
"client": request.remote_addr,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": request.host,
"action": "%s %s" % (request.method, request.url_rule),
"info": ""})
def before_request():
"""
This is executed before the request
"""
request.all_data = get_all_params(request.values, request.data)
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.audit_object.log({
"success": False,
"action_detail": "",
"client": request.remote_addr,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": request.host,
"action": "%s %s" % (request.method, request.url_rule),
"info": ""
})
def before_request():
"""
This is executed before the request
"""
update_config_object()
request.all_data = get_all_params(request.values, request.data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
g.audit_object.log({"success": False,
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail": "",
"info": ""})
def before_request():
"""
This is executed before the request
"""
request.all_data = get_all_params(request.values, request.data)
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Create a policy_object, that reads the database audit settings
# and contains the complete policy definition during the request.
# This audit_object can be used in the postpolicy and prepolicy and it
# can be passed to the innerpolicies.
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
# We can add logic to use X-Forwarded-For
g.client_ip = request.remote_addr
g.audit_object.log({"success": False,
"action_detail": "",
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"info": ""})
