def get_config_documentation(): """ returns an restructured text document, that describes the complete configuration. """ P = PolicyClass() config = get_from_config() resolvers = get_resolver_list() realms = get_realms() policies = P.list_policies() admins = get_db_admins() context = { "system": socket.getfqdn(socket.gethostname()), "date": datetime.datetime.now().strftime("%Y-%m-%d %H:%M"), "systemconfig": config, "appconfig": current_app.config, "resolverconfig": resolvers, "realmconfig": realms, "policyconfig": policies, "admins": admins } g.audit_object.log({"success": True}) # Three or more line breaks will be changed to two. return re.sub("\n{3,}", "\n\n", render_template("documentation.rst", context=context))
def upgrade(): # 1. Read the push_registration_url and ttl from the Firebase Config fb_gateways = get_smsgateway(gwtype=GWTYPE) print(fb_gateways) # 2. Check which policy contains this Firebase Config P = PolicyClass() pols = P.list_policies(scope=SCOPE.ENROLL, action="{0!s}".format(PUSH_ACTION.FIREBASE_CONFIG)) # iterate through all enrollment policies for pol in pols: # Check for all firebase gateways, if this policy needs to be modified for fbgw in fb_gateways: if pol.get("action").get( PUSH_ACTION.FIREBASE_CONFIG) == fbgw.identifier: print("Modifying policy {0!s}".format(pol.get("name"))) # This is an enrollment policy, that references this very firebase config # 3. Add the push_registration_url and ttl to this policy registration_url = fbgw.option_dict.get("registration URL") ttl = fbgw.option_dict.get("time to live") # We can leave most of the parameters None, since it will update the policy. # We still need to pass the original "active" and "check_all_resolvers" params # and we need to update the action action = pol.get("action") # Only add registration_url and ttl to the policy, if these values actually exist, # to avoid deleting (setting an empty value) in the policy. if registration_url: action[PUSH_ACTION.REGISTRATION_URL] = registration_url if ttl: action[PUSH_ACTION.TTL] = ttl r = set_policy( name=pol.get("name"), scope=SCOPE.ENROLL, active=pol.get("active"), check_all_resolvers=pol.get("check_all_resolvers"), action=action) print("+- Updated policy {0!s}: {1!s}".format( pol.get("name"), r)) # 4. Delete push_registration_url and ttl from the Firebase Config # Note: If we had a firebase config, that would not be used in a policy, # the url and ttl would not be deleted from the firebase config. But this # does not matter. I like to keep it in this for-loop to avoid side unknown side effects. print("Deleting URL and TTL from the Firebase Gateway config.") if registration_url: delete_smsgateway_option(fbgw.id, "registration URL") if ttl: delete_smsgateway_option(fbgw.id, "time to live")
def is_password_reset(): """ Check if password reset is allowed. We need to check, if a user policy with password_reset exists AND if an editable resolver exists. Otherwise password_reset does not make any sense. :return: True or False """ rlist = get_resolver_list(editable=True) log.debug("Number of editable resolvers: {0!s}".format(len(rlist))) Policy = PolicyClass() policy_at_all = Policy.list_policies(scope=SCOPE.USER, active=True) log.debug("Policy at all: {0!s}".format(policy_at_all)) policy_reset_pw = Policy.match_policies(scope=SCOPE.USER, action=ACTION.PASSWORDRESET, active=True) log.debug("Password reset policy: {0!s}".format(policy_reset_pw)) pwreset = (policy_at_all and policy_reset_pw) or not policy_at_all log.debug("Password reset allowed via policy: {0!s}".format(pwreset)) return bool(rlist and pwreset)