def urls(): u = [] for component in list(): try: __import__(component) u.append(url(r'^%s/' % component, include('%s.urls' % component))) except Exception, e: logger.error("Cannot load component ({}): {}".format(component, e)) else: logger.info("Loaded component {}".format(component))
def logout_user(request): # check that we're indeed logged in if not request.user.is_authenticated(): return HttpResponseRedirect('/') logger.info("LOGGING OUT") # log user activity activity.user.logout(request) logout(request) return HttpResponseRedirect('/')
def get(self, request): authority_contacts = {} authority = {'authority_hrn': 'fed4fire.upmc'} if request.user.is_authenticated(): user_local_query = Query().get('local:user').select( 'config').filter_by('email', '==', str(self.request.user)) user_local_details = execute_query(self.request, user_local_query) user_authority = json.loads( user_local_details[0]['config']).get('authority') logger.info( "**************________ management about = {}".format( user_authority)) # XXX Should be done using Metadata # select column.name from local:object where table=='authority' authority_query = Query().get('authority').select( 'authority_hrn', 'name', 'address', 'enabled', 'description', 'scientific', 'city', 'name', 'url', 'country', 'enabled', 'longitude', 'tech', 'latitude', 'pi_users', 'onelab_membership', 'postcode').filter_by('authority_hrn', '==', user_authority) authority_details = execute_query(self.request, authority_query) if authority_details: authority = authority_details[0] if 'scientific' in authority and authority[ 'scientific'] is not None: authority_contacts['scientific'] = [ x.strip()[1:-1] for x in authority['scientific'][1:-1].split(',') ] if 'technical' in authority and authority[ 'technical'] is not None: authority_contacts['technical'] = [ x.strip()[1:-1] for x in authority['tech'][1:-1].split(',') ] if 'legal' in authority and authority['legal'] is not None: authority_contacts['legal'] = [ x.strip().replace('"', '') for x in authority['legal'][1:-1].split(',') ] else: authority_contacts = None authority = None return render_to_response(self.template, { 'theme': self.theme, 'authority': authority, 'authority_contacts': authority_contacts }, context_instance=RequestContext(request))
def tab_view (request): logger.info("request {}".format(request.__class__)) logger.info("{}".format(request)) prelude=Prelude( js_files='js/bootstrap.js', css_files='css/bootstrap.css') tab_env = {'title':'Page for playing with Tabs', 'topmenu_items': topmenu_items('tab',request), 'username':the_user (request), 'lorem': lorem, } tab_env.update (prelude.prelude_env()) return render_to_response ('view-tab.html', tab_env, context_instance=RequestContext(request))
def get_context_data(self, **kwargs): pi = "" # We might have slices on different registries with different user accounts # We note that this portal could be specific to a given registry, to which we register users, but i'm not sure that simplifies things # Different registries mean different identities, unless we identify via SFA HRN or have associated the user email to a single hrn #messages.info(self.request, 'You have logged in') page = Page(self.request) ctx_my_authorities = {} ctx_delegation_authorities = {} ctx_sub_authorities = {} dest = {} # The user need to be logged in if the_user(self.request): # Who can a PI validate: # His own authorities + those he has credentials for. # In MySlice we need to look at credentials also. # XXX This will have to be asynchroneous. Need to implement barriers, # for now it will be sufficient to have it working statically # get user_id to later on query accounts # XXX Having real query plan on local tables would simplify all this # XXX $user_email is still not available for local tables #user_query = Query().get('local:user').filter_by('email', '==', '$user_email').select('user_id') user_query = Query().get('local:user').filter_by( 'email', '==', the_user(self.request)).select('user_id') user, = execute_query(self.request, user_query) user_id = user['user_id'] # Query manifold to learn about available SFA platforms for more information # In general we will at least have the portal # For now we are considering all registries all_authorities = [] platform_ids = [] sfa_platforms_query = Query().get('local:platform').filter_by( 'gateway_type', '==', 'sfa').select('platform_id', 'platform', 'auth_type') sfa_platforms = execute_query(self.request, sfa_platforms_query) for sfa_platform in sfa_platforms: logger.info("SFA PLATFORM > {}".format( sfa_platform['platform'])) if not 'auth_type' in sfa_platform: continue auth = sfa_platform['auth_type'] if not auth in all_authorities: all_authorities.append(auth) platform_ids.append(sfa_platform['platform_id']) logger.warning("W: Hardcoding platform myslice") # There has been a tweak on how new platforms are referencing a # so-called 'myslice' platform for storing authentication tokens. # XXX This has to be removed in final versions. myslice_platforms_query = Query().get('local:platform').filter_by( 'platform', '==', 'myslice').select('platform_id') myslice_platforms = execute_query(self.request, myslice_platforms_query) if myslice_platforms: myslice_platform, = myslice_platforms platform_ids.append(myslice_platform['platform_id']) # We can check on which the user has authoritity credentials = PI rights credential_authorities = set() credential_authorities_expired = set() # User account on these registries user_accounts_query = Query.get('local:account').filter_by( 'user_id', '==', user_id).filter_by('platform_id', 'included', platform_ids).select('auth_type', 'config') user_accounts = execute_query(self.request, user_accounts_query) #print "=" * 80 #print user_accounts #print "=" * 80 for user_account in user_accounts: logger.debug("USER ACCOUNT {}".format(user_account)) if user_account['auth_type'] == 'reference': continue # we hardcoded the myslice platform... config = json.loads(user_account['config']) creds = [] logger.debug("CONFIG KEYS {}".format(config.keys())) if 'authority_credentials' in config: logger.debug("*** AC {}".format( config['authority_credentials'].keys())) for authority_hrn, credential in config[ 'authority_credentials'].items(): #if credential is not expired: credential_authorities.add(authority_hrn) #else # credential_authorities_expired.add(authority_hrn) if 'delegated_authority_credentials' in config: logger.debug("*** DAC {}".format( config['delegated_authority_credentials'].keys())) for authority_hrn, credential in config[ 'delegated_authority_credentials'].items(): #if credential is not expired: credential_authorities.add(authority_hrn) #else # credential_authorities_expired.add(authority_hrn) logger.debug( 'credential_authorities = {}'.format(credential_authorities)) logger.debug('credential_authorities_expired = {}'.format( credential_authorities_expired)) # # Using cache manifold-tables to get the list of authorities faster # all_authorities_query = Query.get('authority').select('name', 'authority_hrn') # all_authorities = execute_query(self.request, all_authorities_query) # ** Where am I a PI ** # For this we need to ask SFA (of all authorities) = PI function pi_authorities_query = Query.get('myslice:user').filter_by( 'user_hrn', '==', '$user_hrn').select('pi_authorities') pi_authorities_tmp = execute_query(self.request, pi_authorities_query) pi_authorities = set() try: for pa in pi_authorities_tmp: pi_authorities |= set(pa['pi_authorities']) except Exception as e: logger.error('No pi_authorities') # TODO: exception if no parent_authority # try: # for pa in pi_authorities_tmp: # pi_authorities |= set(pa['pi_authorities']) # except: # # include all sub-authorities of the PI # # if PI on ple, include all sub-auths ple.upmc, ple.inria and so on... # pi_subauthorities = set() # for authority in all_authorities: # authority_hrn = authority['authority_hrn'] # for my_authority in pi_authorities: # if authority_hrn.startswith(my_authority) and authority_hrn not in pi_subauthorities: # pi_subauthorities.add(authority_hrn) #print "pi_authorities =", pi_authorities #print "pi_subauthorities =", pi_subauthorities # My authorities + I have a credential pi_credential_authorities = pi_authorities & credential_authorities pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired pi_expired_credential_authorities = pi_authorities & credential_authorities_expired # Authorities I've been delegated PI rights pi_delegation_credential_authorities = credential_authorities - pi_authorities pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities #print "pi_credential_authorities =", pi_credential_authorities #print "pi_no_credential_authorities =", pi_no_credential_authorities #print "pi_expired_credential_authorities =", pi_expired_credential_authorities #print "pi_delegation_credential_authorities = ", pi_delegation_credential_authorities #print "pi_delegation_expired_authorities = ", pi_delegation_expired_authorities # Summary intermediary pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities #print "--" #print "pi_my_authorities = ", pi_my_authorities #print "pi_delegation_authorities = ", pi_delegation_authorities #print "pi_subauthorities = ", pi_subauthorities # Summary all queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities #print "----" #print "queried_pending_authorities = ", queried_pending_authorities # iterate on the requests and check if the authority matches a prefix startswith an authority on which the user is PI requests = get_requests() # requests = get_requests(queried_pending_authorities) for request in requests: auth_hrn = request['authority_hrn'] for my_auth in pi_my_authorities: if auth_hrn.startswith(my_auth): dest = ctx_my_authorities request['allowed'] = 'allowed' for my_auth in pi_delegation_authorities: if auth_hrn.startswith(my_auth): dest = ctx_delegation_authorities request['allowed'] = 'allowed' if auth_hrn in pi_expired_credential_authorities: request['allowed'] = 'expired' if 'allowed' not in request: request['allowed'] = 'denied' #print "authority for this request", auth_hrn # if auth_hrn in pi_my_authorities: # dest = ctx_my_authorities # # # define the css class # if auth_hrn in pi_credential_authorities: # request['allowed'] = 'allowed' # elif auth_hrn in pi_expired_credential_authorities: # request['allowed'] = 'expired' # else: # pi_no_credential_authorities # request['allowed'] = 'denied' # # elif auth_hrn in pi_delegation_authorities: # dest = ctx_delegation_authorities # # if auth_hrn in pi_delegation_credential_authorities: # request['allowed'] = 'allowed' # else: # pi_delegation_expired_authorities # request['allowed'] = 'expired' # # elif auth_hrn in pi_subauthorities: # dest = ctx_sub_authorities # # if auth_hrn in pi_subauthorities: # request['allowed'] = 'allowed' # else: # pi_delegation_expired_authorities # request['allowed'] = 'denied' # # else: # continue if not auth_hrn in dest: dest[auth_hrn] = [] dest[auth_hrn].append(request) context = super(ValidatePendingView, self).get_context_data(**kwargs) logger.debug("testing") logger.debug(ctx_my_authorities) context['my_authorities'] = ctx_my_authorities context['sub_authorities'] = ctx_sub_authorities context['delegation_authorities'] = ctx_delegation_authorities # XXX This is repeated in all pages # more general variables expected in the template context['title'] = 'Test view that combines various plugins' # the menu items on the top context['topmenu_items'] = topmenu_items_live('Validation', page) # so we can sho who is logged context['username'] = the_user(self.request) context['pi'] = "is_pi" context['theme'] = self.theme context['section'] = "Requests" # XXX We need to prepare the page for queries #context.update(page.prelude_env()) return context
def handle_request(self, wsgi_request, method): errors = [] authority_hrn = None authority_name = None #errors.append(wsgi_request.POST) user_hrn = self.getUserHrn(wsgi_request) user_email = self.getUserEmail(wsgi_request) authorities = getAuthorities(wsgi_request) user_authority = self.getUserAuthority(wsgi_request) # getting the org from authority #for authority in authorities: # if authority['authority_hrn'] == user_authority: # authority_name = authority['name'] if method == 'POST': project_name = wsgi_request.POST.get('project_name', '') if not project_name or len(project_name) == 0: errors.append('Project name can\'t be empty') # accept only lowercase names project_name = project_name.lower() if 'join' in wsgi_request.POST: post = { 'user_hrn': user_hrn, 'email': user_email, 'project_name': project_name, 'authority_hrn': project_name, } else: post = { 'user_hrn': user_hrn, 'email': user_email, 'authority_hrn': wsgi_request.POST.get('authority_name', ''), 'project_name': project_name, 'purpose': wsgi_request.POST.get('purpose', ''), 'url': wsgi_request.POST.get('url', ''), } # for new projects max project_name length is 10 if (len(post['project_name']) > 10): errors.append( 'Project name can be maximum 10 characters long') #if (post['authority_hrn'] is None or post['authority_hrn'] == ''): # errors.append('Organization is mandatory') if post['purpose'] is None or post['purpose'] == '': errors.append('Project purpose is mandatory') if re.search(r'^[A-Za-z0-9_]*$', post['project_name']) is None: errors.append( 'Project name may contain only letters, numbers, and underscore.' ) # What kind of project name is valid? if post['project_name'] is None or post['project_name'] == '': errors.append('Project name is mandatory') if not errors: logger.info("is_pi on auth_hrn = {}".format(user_authority)) if is_pi(wsgi_request, user_hrn, post['authority_hrn']): # PIs can directly create/join project in their own authority... if 'join' in wsgi_request.POST: # join existing project authority_add_pis(wsgi_request, post['project_name'], user_hrn) else: # Create project hrn = post['authority_hrn'] + '.' + post['project_name'] sfa_add_authority(wsgi_request, {'authority_hrn': hrn}) authority_add_pis(wsgi_request, hrn, user_hrn) self.template_name = 'project-request-done-view.html' else: # Otherwise a wsgi_request is sent to the PI if 'join' in wsgi_request.POST: create_pending_join(wsgi_request, post) else: create_pending_project(wsgi_request, post) self.template_name = 'project-request-ack-view.html' # retrieves the pending projects creation list pending_projects = PendingProject.objects.all().filter( user_hrn=user_hrn) # retrieves the pending join a project list pending_join_projects = PendingJoin.objects.all().filter( user_hrn=user_hrn) root_authority = user_authority.split('.', 1)[0] env = { 'errors': errors, 'username': wsgi_request.user, 'theme': self.theme, 'authorities': authorities, 'authority_hrn': user_authority, 'root_authority_hrn': root_authority, 'pending_projects': pending_projects, 'pending_join_projects': pending_join_projects, } return render(wsgi_request, self.template, env)
def __init__ (self, query=None, **settings): Plugin.__init__ (self, **settings) self.query=query self.query_uuid = query.query_uuid if query else None logger.info("called univbris topo plugin")
def get_context_data(self, **kwargs): # We might have slices on different registries with different user accounts # We note that this portal could be specific to a given registry, to which we register users, but i'm not sure that simplifies things # Different registries mean different identities, unless we identify via SFA HRN or have associated the user email to a single hrn #messages.info(self.request, 'You have logged in') page = Page(self.request) logger.info("Dashboard page") # Slow... #slice_query = Query().get('slice').filter_by('user.user_hrn', 'contains', user_hrn).select('slice_hrn') testbed_query = Query().get('network').select('network_hrn', 'platform', 'version') # DEMO GEC18 Query only PLE # user_query = Query().get('local:user').select('config','email') # user_details = execute_query(self.request, user_query) # not always found in user_details... # config={} # for user_detail in user_details: # #email = user_detail['email'] # if user_detail['config']: # config = json.loads(user_detail['config']) # user_detail['authority'] = config.get('authority',"Unknown Authority") # # print user_detail # if user_detail['authority'] is not None: # sub_authority = user_detail['authority'].split('.') # root_authority = sub_authority[0] # slice_query = Query().get(root_authority+':user').filter_by('user_hrn', '==', '$user_hrn').select('user_hrn', 'slice.slice_hrn') # else: logger.debug("SLICE QUERY") logger.debug("-" * 80) slice_query = Query().get('myslice:user').filter_by( 'user_hrn', '==', '$user_hrn').select('slices.slice_hrn') page.enqueue_query(slice_query) page.enqueue_query(testbed_query) slicelist = SliceList( page=page, title="slices", warning_msg="<a href='../slice_request'>Request Slice</a>", query=slice_query, ) testbedlist = TestbedList( page=page, title="testbeds", query=testbed_query, ) context = super(DashboardView, self).get_context_data(**kwargs) context['person'] = self.request.user context['testbeds'] = testbedlist.render(self.request) context['slices'] = slicelist.render(self.request) # XXX This is repeated in all pages # more general variables expected in the template context['title'] = 'Dashboard' # the menu items on the top context['topmenu_items'] = topmenu_items_live('Dashboard', page) # so we can sho who is logged context['username'] = the_user(self.request) context['theme'] = self.theme page.expose_js_metadata() # the page header and other stuff context.update(page.prelude_env()) return context
def logWrite(request, action, message, objects=None): if not apikey: logger.info("===============>> activity: no apikey") return if not secret: logger.info("===============>> activity: no secret") return timestamp = time.mktime(datetime.datetime.today().timetuple()) ip = getClientIp(request) log = { "timestamp": timestamp, "client_ip": ip, "host": request.get_host(), "referrer": request.META.get('HTTP_REFERER'), "user": request.user.username, "action": action, "message": message, "apikey": apikey, "signature": sign(secret, "%s%s%s%s" % (timestamp, ip, request.user, action)), "slice": None, "resource": None, "resource_type": None, "facility": None, "testbed": None, } if objects is not None: for o in objects: if (o in log): log[o] = objects[o] try: result = urllib2.urlopen(server, urllib.urlencode(log)) logger.info("===============>> activity: {} <{}> {}".format( action, request.user, message)) content = result.read() #checking for not sent data and sending it (50% probability) if random.randint(0, 100) < 50: logCheck() except urllib2.URLError as e: logger.error( "===============>> activity: connection to {} impossible, could not log action" .format(server)) logger.error(e.strerror) dbfile = ''.join( [os.path.dirname(os.path.abspath(__file__)), "/errors.db"]) logger.error("===============>> activity: database path: " + dbfile) conn = None try: conn = lite.connect(dbfile) cur = conn.cursor() cur.execute("""INSERT INTO logs(log) values('%s')""" % json.dumps(log)) conn.commit() except lite.Error, e: # this means that writing log into db also failed :( # Last chance to preserve log is to send it to system syslog # however there is no mechanism to pull it from this log - just manually. logger.error('[activity] Error while inserting into sql db: %s' % str(e.args)) logger.error("[activity] data to send: '%s'" % json.dumps(log)) if conn: conn.close()
def get_context_data(self, **kwargs): ctx_my_authorities = {} ctx_delegation_authorities = {} ctx_sub_authorities = {} dest = {} # The user need to be logged in if (self.request.user): user_query = Query().get('local:user').filter_by( 'email', '==', self.request.user.email).select('user_id') user, = execute_query(self.request, user_query) user_id = user['user_id'] # Query manifold to learn about available SFA platforms for more information # In general we will at least have the portal # For now we are considering all registries all_authorities = [] platform_ids = [] sfa_platforms_query = Query().get('local:platform').filter_by( 'gateway_type', '==', 'sfa').select('platform_id', 'platform', 'auth_type') sfa_platforms = execute_query(self.request, sfa_platforms_query) for sfa_platform in sfa_platforms: logger.info("SFA PLATFORM > {}".format( sfa_platform['platform'])) if not 'auth_type' in sfa_platform: continue auth = sfa_platform['auth_type'] if not auth in all_authorities: all_authorities.append(auth) platform_ids.append(sfa_platform['platform_id']) logger.warning("W: Hardcoding platform myslice") # There has been a tweak on how new platforms are referencing a # so-called 'myslice' platform for storing authentication tokens. # XXX This has to be removed in final versions. myslice_platforms_query = Query().get('local:platform').filter_by( 'platform', '==', 'myslice').select('platform_id') myslice_platforms = execute_query(self.request, myslice_platforms_query) if myslice_platforms: myslice_platform, = myslice_platforms platform_ids.append(myslice_platform['platform_id']) # We can check on which the user has authoritity credentials = PI rights credential_authorities = set() credential_authorities_expired = set() # User account on these registries user_accounts_query = Query.get('local:account').filter_by( 'user_id', '==', user_id).filter_by('platform_id', 'included', platform_ids).select('auth_type', 'config') user_accounts = execute_query(self.request, user_accounts_query) for user_account in user_accounts: if user_account['auth_type'] == 'reference': continue # we hardcoded the myslice platform... config = json.loads(user_account['config']) creds = [] if 'authority_credentials' in config: for authority_hrn, credential in config[ 'authority_credentials'].items(): credential_authorities.add(authority_hrn) if 'delegated_authority_credentials' in config: for authority_hrn, credential in config[ 'delegated_authority_credentials'].items(): credential_authorities.add(authority_hrn) # CACHE PB with fields page = Page(self.request) metadata = page.get_metadata() user_md = metadata.details_by_object('user') user_fields = [column['name'] for column in user_md['column']] # ** Where am I a PI ** # For this we need to ask SFA (of all authorities) = PI function pi_authorities_query = Query.get('myslice:user').filter_by( 'user_hrn', '==', '$user_hrn').select(user_fields) pi_authorities_tmp = execute_query(self.request, pi_authorities_query) pi_authorities = set() try: for pa in pi_authorities_tmp: pi_authorities |= set(pa['pi_authorities']) except Exception as e: logger.error('No pi_authorities') pi_credential_authorities = pi_authorities & credential_authorities pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired pi_expired_credential_authorities = pi_authorities & credential_authorities_expired # Authorities I've been delegated PI rights pi_delegation_credential_authorities = credential_authorities - pi_authorities pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities # Summary intermediary pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities # Summary all queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities # iterate on the requests and check if the authority matches a prefix # startswith an authority on which the user is PI if len(pi_my_authorities) > 0: requests = get_requests(pi_my_authorities) else: requests = get_requests() for r in requests: auth_hrn = r['authority_hrn'] for my_auth in pi_my_authorities: if auth_hrn.startswith(my_auth): dest = ctx_my_authorities r['allowed'] = 'allowed' #for my_auth in pi_delegation_authorities: # if auth_hrn.startswith(my_auth): # dest = ctx_delegation_authorities # r['allowed'] = 'allowed' if auth_hrn in pi_expired_credential_authorities: r['allowed'] = 'expired' if 'allowed' not in r: ## TEMP FIX for allowing new authority registration #r['allowed'] = 'denied' r['allowed'] = 'allowed' if not auth_hrn in dest: dest[auth_hrn] = [] dest[auth_hrn].append(r) # env = {} # env['my_authorities'] = ctx_my_authorities # env['sub_authorities'] = ctx_sub_authorities # env['delegation_authorities'] = ctx_delegation_authorities # # # XXX This is repeated in all pages # # more general variables expected in the template # # the menu items on the top # #env['topmenu_items'] = topmenu_items_live('Validation', page) # # so we can sho who is logged # env['username'] = request.user # env['pi'] = "is_pi" # env['theme'] = self.theme # env['section'] = "Requests" context = super(ManagementRequestsView, self).get_context_data(**kwargs) context['my_authorities'] = ctx_my_authorities context['sub_authorities'] = ctx_sub_authorities context['delegation_authorities'] = ctx_delegation_authorities # XXX This is repeated in all pages # more general variables expected in the template context['title'] = 'Test view that combines various plugins' # the menu items on the top #context['topmenu_items'] = topmenu_items_live('Validation', page) # so we can sho who is logged context['username'] = self.request.user context['pi'] = "is_pi" context['theme'] = self.theme context['section'] = "Requests" # XXX We need to prepare the page for queries #context.update(page.prelude_env()) return context