예제 #1
0
	def decorated_view(*args, **kwargs):
		# if OctoPrint hasn't been set up yet, abort
		if settings().getBoolean(["server", "firstRun"]) and (octoprint.server.userManager is None or not octoprint.server.userManager.hasBeenCustomized()):
			return make_response("OctoPrint isn't setup yet", 403)

		# if API is globally enabled, enabled for this request and an api key is provided that is not the current UI API key, try to use that
		apikey = getApiKey(request)
		if settings().get(["api", "enabled"]) and apiEnabled and apikey is not None and apikey != octoprint.server.UI_API_KEY:
			if apikey == settings().get(["api", "key"]):
				# master key was used
				user = ApiUser()
			else:
				# user key might have been used
				user = octoprint.server.userManager.findUser(apikey=apikey)

			if user is None:
				return make_response("Invalid API key", 401)
			if login_user(user, remember=False):
				identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id()))
				return func(*args, **kwargs)

		# call regular login_required decorator
		#TODO: remove this temporary disablement of login requirement
		#return login_required(func)(*args, **kwargs)
		return func(*args, **kwargs)
예제 #2
0
    def decorated_view(*args, **kwargs):
        # if OctoPrint hasn't been set up yet, abort
        if settings().getBoolean([
                "server", "firstRun"
        ]) and (octoprint.server.userManager is None
                or not octoprint.server.userManager.hasBeenCustomized()):
            return make_response("OctoPrint isn't setup yet", 403)

        # if API is globally enabled, enabled for this request and an api key is provided, try to use that
        apikey = _getApiKey(request)
        if settings().get(["api", "enabled"
                           ]) and apiEnabled and apikey is not None:
            if apikey == settings().get(["api", "key"]):
                # master key was used
                user = ApiUser()
            else:
                # user key might have been used
                user = octoprint.server.userManager.findUser(apikey=apikey)

            if user is None:
                make_response("Invalid API key", 401)
            if login_user(user, remember=False):
                identity_changed.send(current_app._get_current_object(),
                                      identity=Identity(user.get_id()))
                return func(*args, **kwargs)

        # call regular login_required decorator
        return login_required(func)(*args, **kwargs)
예제 #3
0
def get_user_for_apikey(apikey):
    if apikey is not None:
        if apikey == settings().get([
                "api", "key"
        ]) or octoprint.server.appSessionManager.validate(apikey):
            # master key or an app session key was used
            return ApiUser()

        if octoprint.server.userManager.enabled:
            user = octoprint.server.userManager.findUser(apikey=apikey)
            if user is not None:
                # user key was used
                return user

        apikey_hooks = plugin_manager().get_hooks(
            "octoprint.accesscontrol.keyvalidator")
        for name, hook in apikey_hooks.items():
            try:
                user = hook(apikey)
                if user is not None:
                    return user
            except:
                logging.getLogger(__name__).exception(
                    "Error running api key validator "
                    "for plugin {} and key {}".format(name, apikey),
                    extra=dict(plugin=name))
    return None
예제 #4
0
def get_user_for_apikey(apikey):
	if settings().get(["api", "enabled"]) and apikey is not None:
		if apikey == settings().get(["api", "key"]) or octoprint.server.appSessionManager.validate(apikey):
			# master key or an app session key was used
			return ApiUser()
		elif octoprint.server.userManager is not None:
			# user key might have been used
			return octoprint.server.userManager.findUser(apikey=apikey)
	return None
예제 #5
0
def _getUserForApiKey(apikey):
	if settings().get(["api", "enabled"]) and apikey is not None:
		if apikey == settings().get(["api", "key"]):
			# master key was used
			return ApiUser()
		else:
			# user key might have been used
			return octoprint.server.userManager.findUser(apikey=apikey)
	else:
		return None
예제 #6
0
def get_user_for_apikey(apikey):
    if settings().get(["api", "enabled"]) and apikey is not None:
        if apikey == settings().get([
                "api", "key"
        ]) or octoprint.server.appSessionManager.validate(apikey):
            # master key or an app session key was used
            return ApiUser()
        elif octoprint.server.userManager.enabled:
            # user key might have been used
            return octoprint.server.userManager.findUser(apikey=apikey)
        else:
            # NOTE: This is a workaround to allow to special beepanel user to access the API even when the user access control is disabled
            user = octoprint.server.userManager.findUser(apikey=apikey)
            if user.get_id() == 'beepanel':
                return user
    return None