def logout(self, redirect_uri=None):
"""
Logout a connected user, remove the desktop
only if anonymous remove all homedir data
remove all cookies (by setting empty value)
Args:
redirect_uri (str): redirect uri
Returns:
JSON Results
"""
bReturn = None
args = cherrypy.request.json
if services.auth.isidentified:
user = services.auth.user
auth = services.auth.auth
# remove the pod/container
if oc.od.composer.removedesktop(auth, user, args) is False:
bReturn = Results.error( message='removedesktop failed' )
# Always remove all http cookies
services.auth.logout()
bReturn = Results.success()
else:
bReturn = Results.error( message='invalid user credentials' )
return bReturn
def listenable(self):
logger.debug('')
try:
(auth, user ) = self.validate_env()
except Exception as e:
logger.error( e )
return Results.error( message=str(e) )
try:
name=auth.data.get('domain')
except Exception:
message='only activedirectory printer are supported'
logger.error( message )
return Results.error(message=message)
printerenabledlist = []
provider=services.auth.findprovider( name )
printerctl = self.createprinterctl( auth, user )
for printername in printerctl.list():
if printername not in settings.printercupsembeddedList:
printercn = printerctl.describe(printername).get('Description')
if printercn:
printerfilter = '(cn=' + printercn + ')'
logger.debug('filter %s', printerfilter)
# run query to ldap server
printerentry=provider.listprinter( printerfilter )
if len(printerentry) == 1: # Only one printer should be found
printerenabledlist.append(printerentry[0])
return Results.success(result=printerenabledlist)
def get(self):
# Check auth
try:
(auth, user ) = self.validate_env()
except Exception as e:
self.logger.error( e )
return Results.error( message=str(e) )
arguments = cherrypy.request.json
if type(arguments) is not dict :
return Results.error( message='invalid parameters' )
userid = user.userid
value = None
key = arguments.get('key')
if all([userid, key]):
self.logger.debug('getstoredvalue userid:%s key:%s', str(userid), str(key) )
value = services.datastore.getstoredvalue(userid, key)
if value is None:
return Results.error('value not found: userid = %s, key = %s' % (userid,key), 404)
return Results.success(result=value)
def ocrun(self):
logger.debug('')
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
args = cherrypy.request.json
if type(args) is not dict:
return Results.error(message='invalid parameters')
# appname must exists
appname = args.get('image')
if type(appname) is not str:
return Results.error('Missing parameter image')
# add lang to user dict
self.LocaleSettingsLanguage(user)
try:
result = oc.od.composer.openapp(auth, user, args)
except Exception as e:
return Results.error(str(e))
return Results.success(result=result)
def rtp_stream(self, action=lambda x: x):
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
if not settings.webrtc_enable:
return Results.error(
message='WebRTC is disabled in configuration file')
if services.webrtc is None:
return Results.error(message='no WebRTC configuration found')
appname = None
args = cherrypy.request.json
if type(args) is dict:
appname = args.get('app')
desktop = oc.od.composer.finddesktop_quiet(authinfo=auth,
userinfo=user,
appname=appname)
if desktop is None:
return Results.error(message='desktop not found')
try:
stream = action(desktop.name)
except Exception as e:
return Results.error('webrtc stream failed ' + str(e))
return Results.success(result=stream)
def launchmetappli(self):
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
if type(cherrypy.request.json) is not dict:
return Results.error(message='invalid parameters')
args = cherrypy.request.json.copy()
appname = args.get('app')
appargs = args.get('args')
querystring = args.get('querystring')
if not appname:
return Results.error('Missing parameters app')
# decode appargs URL decode string
if type(appargs) is str:
args['args'] = urllib.parse.unquote(appargs)
if querystring:
datadict = urllib.parse.parse_qs(querystring)
keyname = datadict.get('keyname')
metadata = datadict.get('metadata')
if type(keyname) is list and len(keyname) > 0:
keyname = keyname[0]
if type(metadata) is list and len(metadata) > 0:
metadata = metadata[0]
# check if metadata is an encrypted metadata
if type(keyname) is str and type(metadata) is str:
if len(keyname) > 0 and len(metadata) > 0:
# keyname exists and execmetadata exists
metadata = services.keymanager.decode(keyname=keyname,
enc_data=metadata)
if metadata is None:
return Results.error(
message='invalid encrypted execmetadata parameters'
)
args['metadata'] = metadata
logger.info('Metappli : %s %s', str(appname), str(appargs))
preferednodehostname = cherrypy.request.headers.get(
'Prefered-Nodename')
self.logger.debug(
'cherrypy.request.headers.get(Prefered-Nodename) = %s ',
str(preferednodehostname))
# add lang to user dict
self.LocaleSettingsLanguage(user)
return self._launchdesktop(preferednodehostname, auth, user, args)
def getlogs(self):
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
logs = oc.od.composer.logdesktop(auth, user)
if logs:
return Results.success(result=logs)
return Results.error('failed to read log')
def listcontainer(self):
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
result = oc.od.composer.listContainerApp(auth, user)
if type(result) is list:
return Results.success(result=result)
return Results.error('failed to read container list')
def setacl(self):
# Check auth
try:
(auth, user ) = self.validate_env()
except Exception as e:
self.logger.error( e )
return Results.error( message=str(e) )
arguments = cherrypy.request.json
if type(arguments) is not dict:
return Results.error('bad request invalid parameters')
return self._addtocollection('acl', arguments.get('key', None), arguments.get('value', None))
def _getcollection(self, dbname, key):
value = None
if all([dbname, key]):
value = services.datastore.getcollection(dbname, key)
if value is None:
return Results.error('key:%s not found' % key, 404)
return Results.success(result=value)
def destroy_stream(self):
logger.debug('')
if services.webrtc is None:
return Results.error(
message='WebRTC is disabled in configuration file')
else:
return self.rtp_stream(services.webrtc.destroy_stream)
def list(self):
logger.info('')
try:
(auth, user ) = self.validate_env()
except Exception as e:
logger.error( e )
return Results.error( message=str(e) )
printers = []
logger.debug('self.getclientlocation')
location = self.getclientlocation( auth )
if type(location) is oc.od.locator.ODLocation and \
location.resolved and location.site :
logger.debug('location is resolved')
# find the auth provider
logger.debug('looking for the auth provider')
provider=services.auth.findprovider( name=auth.data.get('domain') )
# build the ldap filter
logger.debug('build the ldap filter')
sitefilter = '(location=' + location.site + '*)'
logger.debug('ldap filter %s', sitefilter)
# run query to ldap server
printers=provider.listprinter( sitefilter )
else:
# return empty data, location is not found
# we do know where the user is and
# we can not query the activedirectory to find printers
pass
return Results.success(result=printers)
def collection(self, key):
# Check auth
try:
(auth, user ) = self.validate_env()
except Exception as e:
self.logger.error( e )
return Results.error( message=str(e) )
userid = user.userid
if type(key) is not str:
return Results.error('bad request invalid parameters')
# only 'loginHistory' or 'callHistory' is allowed
if key not in ['loginHistory', 'callHistory']:
return Results.error('denied key value')
return self._getcollection(userid, key)
def get_stream(self):
logger.debug('')
if services.webrtc is None:
return Results.error(
message='WebRTC is disabled in configuration file')
else:
# get_stream create or get a previous created stream
return self.rtp_stream(services.webrtc.get_stream)
def getacl(self):
# Check auth
try:
(auth, user ) = self.validate_env()
except Exception as e:
self.logger.error( e )
return Results.error( message=str(e) )
return self._getcollection('acl', cherrypy.request.json.get('key'))
def refreshtoken(self):
if services.auth.isidentified:
user = services.auth.user
auth = services.auth.auth
expire_in = oc.od.settings.jwt_config_user.get('exp')
services.auth.update_token( auth=auth, user=user, roles=None, expire_in=expire_in )
services.accounting.accountex('login', 'refreshtoken')
return Results.success("Authentication successful", {'expire_in': expire_in } )
return Results.error(message='Invalid user')
def removedesktop(self, auth, user, args):
services.accounting.accountex('desktop', 'remove')
logger.debug('')
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
return oc.od.composer.removedesktop(auth, user, args)
def removecontainer(self):
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
args = cherrypy.request.json
if type(args) is not dict:
return Results.error(message='invalid parameters')
containerid = args.get('containerid')
if type(containerid) is not str:
return Results.error(message='invalid parameter containerid')
result = oc.od.composer.removeContainerApp(auth, user, containerid)
if result is not None:
return Results.success(result=result)
return Results.error('failed to remove container')
def remove(self):
#
# get the printername json paramater
printername = cherrypy.request.json.get('printerName')
if type(printername) is not str or len(printername)<1:
raise WebAppError('Invalid argument: printerName')
try:
(auth, user ) = self.validate_env()
except Exception as e:
logger.error( e )
return Results.error( message=str(e) )
try:
domain=auth.data.get('domain')
except Exception:
return Results.error(message='only activedirectory printers are supported')
# Do not trust user inpout
# Only trust LDAP data
# Run a secure query to ldap to check that printer exists
# value is escaped in list_ldap_printer
printers = self.list_ldap_printer( attribut='printerName', value=printername, domain=domain)
if type(printers) is not list: # Only one printer should be found
return Results.error(message='Printer not found')
if len(printers) != 1: # Only one printer should be found
return Results.error(message='Printer not found or too much data found')
printer = printers[0]
try:
trustedprintername = printer.get('printerName')
logger.debug( 'removing printer name found in directory %s', trustedprintername )
self.createprinterctl( auth, user ).remove( trustedprintername )
except Exception as e:
logger.error( e )
return Results.error( message=str(e) )
return Results.success()
def getlocation(self):
logger.debug('')
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error( e )
return Results.error( message=str(e) )
location = oc.od.user.getlocation( auth )
return Results.success(result=location)
def refreshdesktoptoken(self):
logger.debug('')
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
appname = None
args = cherrypy.request.json
if type(args) is dict:
appname = args.get('app')
preferednodehostname = services.auth.user.get('nodehostname')
if preferednodehostname is None:
self.logger.debug('services.auth.nodehostname is None')
preferednodehostname = cherrypy.request.headers.get(
'Prefered-Nodename')
desktop = oc.od.composer.finddesktop_quiet(authinfo=auth,
userinfo=user,
appname=appname)
if desktop is None:
return Results.error('refreshdesktoptoken failed')
# This case should only exist if a desktop is running twice on the same host
# twice mode standalone in docker mode and kubernetes mode
if desktop.internaluri is None:
return Results.error(
'refreshdesktoptoken Desktop internaluri is None, unreachable')
# build new jwtdesktop
jwtdesktoptoken = services.jwtdesktop.encode(desktop.internaluri)
logger.info('jwttoken is %s -> %s ', desktop.internaluri,
jwtdesktoptoken)
return Results.success(
result={
'authorization': jwtdesktoptoken, # desktop.ipAddr
'expire_in': services.jwtdesktop.exp()
})
def getcollection(self):
# Check auth
try:
(auth, user ) = self.validate_env()
except Exception as e:
self.logger.error( e )
return Results.error( message=str(e) )
userid = user.userid
arguments = cherrypy.request.json
if type(arguments) is not dict:
return Results.error('bad request invalid parameters')
key = arguments.get('key')
# only 'loginHistory' or 'callHistory' is allowed
if key not in ['loginHistory', 'callHistory']:
return Results.error('denied key value')
return self._getcollection(userid, key)
def deleteacl(self):
# Check auth
try:
(auth, user ) = self.validate_env()
except Exception as e:
self.logger.error( e )
return Results.error( message=str(e) )
arguments = cherrypy.request.json
if type(arguments) is not dict:
return Results.error('bad request invalid parameters')
dbname = 'acl'
key = arguments.get('key')
value = arguments.get('value')
if all([dbname, key]) and services.datastore.deletestoredvalue(dbname, key, value) is True:
return Results.success()
return Results.error('set data error')
def setcollection(self):
# Check auth
try:
(auth, user ) = self.validate_env()
except Exception as e:
self.logger.error( e )
return Results.error( message=str(e) )
userid = user.userid
arguments = cherrypy.request.json
if type(arguments) is not dict:
return Results.error('bad request invalid parameters')
key = arguments.get('key')
value = arguments.get('value')
if key not in ['callHistory']:
return Results.error('collection name denied')
return self._addtocollection(userid, key, value)
def getuserapplist(self):
logger.debug('')
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
# list all applications allowed for this user (auth)
applist = services.apps.user_applist(auth)
# get the default application list from the config file
userapplist = settings.get_default_applist()
userapplist += applist
return Results.success(result=userapplist)
def getmessageinfo(self):
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
message = ''
if user.userid:
logger.debug('getmessageinfo::popflush(%s)', user.userid)
message = services.messageinfo.popflush(user.userid)
logger.debug('getmessageinfo %s is %s', str(user.userid),
str(message))
else:
logger.debug('getmessageinfo warning userid is None')
return Results.success(message, result={'message': message})
def labels(self):
"""[summary]
Returns:
[json]: [Results array of labels if auth set]
"""
self.logger.debug('')
res = None
if services.auth.isidentified:
auth = services.auth.auth
labels = []
if auth.data and type( auth.data.get('labels') ) is dict :
for k in auth.data.get('labels').keys():
labels.append( str(k) )
res = Results.success( result=labels)
else:
res = Results.error( message='invalid user credentials' )
return res
def issue(self):
"""[summary]
"""
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
arguments = cherrypy.request.json
myjira = oc.od.tracker.jiraclient()
summary = arguments.get('summary', 'summary')
description = arguments.get('description', 'description')
issuetype = arguments.get('issue', {'name': 'Bug'})
new_issue = myjira.issue(description=description,
summary=summary,
issuetype=issuetype)
return Results.success(result=new_issue)
def disconnect(self):
"""
Disconnect a connected user,
remove ONLY all cookies (by setting empty value)
Keep desktop running
Args:
None
Returns:
JSON Results
"""
bReturn = None
if services.auth.isidentified:
# Always remove all http cookies
services.auth.logout()
bReturn = Results.success()
else:
bReturn = Results.error( message='invalid user credentials' )
return bReturn
def launchdesktop(self):
try:
(auth, user) = self.validate_env()
except Exception as e:
logger.error(e)
return Results.error(message=str(e))
# add lang to user dict
self.LocaleSettingsLanguage(user)
preferednodehostname = services.auth.user.get('nodehostname')
if preferednodehostname is None:
self.logger.debug('services.auth.nodehostname is None')
preferednodehostname = cherrypy.request.headers.get(
'Prefered-Nodename')
self.logger.debug(
'cherrypy.request.headers.get(Prefered-Nodename) = %s ',
str(preferednodehostname))
return self._launchdesktop(preferednodehostname, auth, user,
cherrypy.request.json)
