def tacacs_authentication(self, user, name, password): if not hasattr(env, "tacacs_client"): env.log("error", "TACACS+ authentication failed: no server configured") return False success = env.tacacs_client.authenticate(name, password).valid return {"name": name, "is_admin": True} if success else False
def ldap_authentication(self, user, name, password): if not hasattr(env, "ldap_server"): env.log("error", "LDAP authentication failed: no server configured") return False user = f"uid={name},dc=example,dc=com" success = Connection(env.ldap_server, user=user, password=password).bind() return {"name": name, "is_admin": True} if success else False
def register_plugins(self): for plugin, settings in vs.plugins_settings.items(): try: module = import_module(f"eNMS.plugins.{plugin}") module.Plugin(self, controller, db, vs, env, **settings) except Exception: env.log( "error", f"Could not import plugin '{plugin}':\n{format_exc()}") continue info(f"Loading plugin: {settings['name']}")
def decorated_function(*args, **kwargs): remote_address = request.environ["REMOTE_ADDR"] client_address = request.environ.get("HTTP_X_FORWARDED_FOR", remote_address) rest_request = request.path.startswith("/rest/") endpoint = "/".join(request.path.split("/")[:2 + rest_request]) request_property = f"{request.method.lower()}_requests" endpoint_rbac = vs.rbac[request_property].get(endpoint) if not current_user.is_authenticated: login_user(db.get_user("admin")) username = getattr(current_user, "name", "Unknown") if not endpoint_rbac: status_code = 404 else: try: result = function(*args, **kwargs) status_code = 200 except (db.rbac_error, Forbidden): status_code = 403 except NotFound: status_code = 404 except Exception: status_code, traceback = 500, format_exc() log = (f"USER: {username} ({client_address}) - " f"{request.method} {request.path} ({status_code})") if status_code == 500: log += f"\n{traceback}" env.log(Server.status_log_level[status_code], log, change_log=False) if status_code == 200: return result elif endpoint == "/login" or request.method == "GET" and not rest_request: if (not current_user.is_authenticated and not rest_request and endpoint != "/login"): url = url_for("blueprint.route", page="login", next_url=request.url) return redirect(login_url(url)) next_url = request.args.get("next_url") login_link = login_url( url_for("blueprint.route", page="login", next_url=next_url)) return ( render_template("error.html", error=status_code, login_url=login_link), status_code, ) else: error_message = Server.status_error_message[status_code] alert = f"Error {status_code} - {error_message}" return jsonify({"alert": alert}), status_code
def test_create_logs(user_client): number_of_logs = len(db.fetch_all("changelog")) for i in range(10): env.log("warning", str(i)) db.session.commit() assert len(db.fetch_all("changelog")) == number_of_logs + 11
def logout(): logout_log = f"USER '{current_user.name}' logged out" logout_user() env.log("info", logout_log, logger="security") return redirect(url_for("blueprint.route", page="login"))