def get(self, mod_type=None, target=None, pkg_name=None):
"""DynamicManifest get handler.
Returns:
A webapp.Response() response.
"""
# TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_READONLY.
self.user = auth.DoUserAuth(is_admin=True)
try:
self._ParseParameters(mod_type, target, pkg_name)
except InvalidModificationType:
self.error(404)
return
if not self.target:
logging.warning('Target is required but was not specified.')
self.error(400)
return
query = self.model.all().filter('%s =' % self.mod_type, self.target)
if self.pkg_name:
query.filter('value =', self.pkg_name)
mods = [m.Serialize() for m in query]
if not mods:
self.error(404)
return
self.response.headers['Content-Type'] = 'application/json'
self.response.out.write(mods)
def _DoAuth(self):
try:
self.user = auth.DoOAuthAuth()
except auth.NotAuthenticated:
enable_admin_check = True
# OAuth was either not used or failed, so perform regular user auth.
self.user = auth.DoUserAuth(is_admin=enable_admin_check)
def get(self, report=None, uuid=None):
"""Misc get handler."""
auth.DoUserAuth()
if report == 'hostmanifest':
self._DisplayHostManifest(uuid=uuid)
elif report == 'installs':
pending = self.request.get('pending') == '1'
pkg = urllib.unquote(self.request.get('pkg', 'all'))
if pending:
self._DisplayHostsPendingPkg(pkg)
else:
self._DisplayInstallsForPackage(pkg)
elif report == 'installproblems':
self._DisplayInstallProblems()
elif report == 'preflightexits':
self._DisplayPreflightExits()
elif report == 'diskfree':
self._DisplayLowDiskFree()
elif report == 'uptime':
self._DisplayLongestUptime()
elif report == 'offcorp':
self._DisplayLongestOffCorp()
elif report == 'manifest':
track = uuid
self._DisplayManifest(track)
elif report == 'msulogsummary':
self._DisplayMsuLogSummary()
elif report == 'msulogevent':
self._DisplayMsuLogEvent()
elif report == 'user_settings':
self._DisplayUserSettings()
elif report == 'clientlog':
log_key_name = uuid
l = models.ClientLogFile.get_by_key_name(log_key_name)
if l:
self.response.headers[
'Content-Type'] = 'text/plain; charset=utf-8'
self.response.out.write(l.log_file)
else:
self.response.out.write('Log not found')
self.response.set_status(404)
elif report == 'maintenance':
if not self.IsAdminUser():
self.response.set_status(403)
return
from simian.mac.admin import maintenance
action = uuid
if action == 'update_installs_schema':
maintenance.UpdateInstallLogSchema()
elif action == 'update_legacy_apple_updates':
maintenance.ConvertLegacyAppleUpdateInstallLogEntities()
elif action == 'rebuild_install_counts':
maintenance.RebuildInstallCounts()
else:
self.response.set_status(404)
else:
self.response.set_status(404)
def post(self, date=None, range_of_days=None):
"""POST handler."""
auth.DoUserAuth()
if date:
if range_of_days:
self._DisplayReleaseReport(date, range_of_days)
else:
self._DisplayReleaseReport(date)
else:
self._DisplayReleaseReport()
def testDoUserAuthAnyDomainUserSuccess(self):
self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', True)
self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users))
mock_user = self.mox.CreateMockAnything()
email = '*****@*****.**'
auth.users.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(email)
self.mox.ReplayAll()
self.assertEqual(mock_user, auth.DoUserAuth())
self.mox.VerifyAll()
def post(self, filename):
auth.DoUserAuth()
try:
bucket = settings.ICONS_GCS_BUCKET
except AttributeError:
self._RenderError(
httplib.NOT_FOUND, 'Dedicated icons GCS bucket is not set.')
return
p = models.PackageInfo.get_by_key_name(filename)
if not p:
self._RenderError(
httplib.NOT_FOUND, 'PackageInfo not found: %s' % filename)
return
if not p.name:
self._RenderError(
httplib.NOT_FOUND, 'PackageInfo Name is empty: %s' % filename)
return
icon_filename = self.request.POST['icon'].filename
if not icon_filename.endswith('.png'):
self._RenderError(
httplib.BAD_REQUEST, 'Only png icons supported.')
return
lock = models.GetLockForPackage(p.filename)
try:
lock.Acquire()
except datastore_locks.AcquireLockError:
self._RenderError(httplib.CONFLICT, 'PackageInfo is locked')
return
content = self.request.POST['icon'].file.read()
icon_path = '/%s/%s.png' % (
bucket, base64.urlsafe_b64encode(p.name))
with gcs.open(icon_path, 'w') as f:
f.write(content)
plist = p.plist
plist['icon_hash'] = hashlib.sha256(content).hexdigest()
# replace p._plist
p.plist = str(plist)
p.put()
lock.Release()
for catalog in p.catalogs:
models.Catalog.Generate(catalog)
self.redirect('/admin/package/%s' % filename)
def get(self, report=None, product_id=None):
"""GET handler."""
auth.DoUserAuth()
if not report:
self._DisplayMain()
if report == 'product':
self._DisplayProductDescription(product_id)
elif report == 'logs':
product_id = self.request.get('product_id')
self._DisplayUpdateLogs(product_id=product_id)
else:
self.response.set_status(404)
def MockDoUserAuth(self, user=None, is_admin=None, fail=False):
"""Mock calling auth.DoUserAuth().
Args:
user: user for DoUserAuth to return.
fail: bool, whether to fail or not
"""
if 'authDoUserAuth' not in self._set_mock:
self.mox.StubOutWithMock(auth, 'DoUserAuth')
self._set_mock['authDoUserAuth'] = 1
if fail:
if is_admin is None:
auth.DoUserAuth().AndRaise(auth.NotAuthenticated)
else:
auth.DoUserAuth(is_admin=is_admin).AndRaise(
auth.NotAuthenticated)
else:
if is_admin is None:
auth.DoUserAuth().AndReturn(user)
else:
auth.DoUserAuth(is_admin=is_admin).AndReturn(user)
def get(self):
"""Summary get handler."""
auth.DoUserAuth()
report_type = self.request.get('filter-type')
report_filter = self.request.get('filter')
if report_type and report_filter:
report_filter = urllib.unquote(report_filter)
report_filter = report_filter.strip()
include_inactive = self.request.get('include-inactive') != ''
self._DisplaySummary(report_type, report_filter, include_inactive)
else:
self._DisplayCachedSummary()
def testDoUserAuthWithIsAdminTrueSuccess(self):
self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users))
self.mox.StubOutWithMock(auth, 'IsAdminUser')
mock_user = self.mox.CreateMockAnything()
email = '*****@*****.**'
auth.users.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(email)
auth.IsAdminUser(email).AndReturn(True)
auth.IsAdminUser(email).AndReturn(True)
self.mox.ReplayAll()
self.assertEqual(mock_user, auth.DoUserAuth(is_admin=True))
self.mox.VerifyAll()
def testDoAnyAuth(self):
"""Test DoAnyAuth()."""
is_admin = True
require_level = 123
self.mox.StubOutWithMock(auth, 'DoUserAuth')
self.mox.StubOutWithMock(auth.gaeserver, 'DoMunkiAuth')
auth.DoUserAuth(is_admin=is_admin).AndReturn('user')
auth.DoUserAuth(is_admin=is_admin).AndRaise(auth.IsAdminMismatch)
auth.DoUserAuth(is_admin=is_admin).AndRaise(auth.NotAuthenticated)
auth.gaeserver.DoMunkiAuth(
require_level=require_level).AndReturn('token')
auth.DoUserAuth(is_admin=is_admin).AndRaise(auth.NotAuthenticated)
auth.gaeserver.DoMunkiAuth(require_level=require_level).AndRaise(
auth.gaeserver.NotAuthenticated)
self.mox.ReplayAll()
self.assertEqual(auth.DoAnyAuth(is_admin=is_admin), 'user')
self.assertRaises(auth.IsAdminMismatch,
auth.DoAnyAuth,
is_admin=is_admin)
self.assertEqual(
auth.DoAnyAuth(is_admin=is_admin, require_level=require_level),
'token')
self.assertRaises(auth.base.NotAuthenticated,
auth.DoAnyAuth,
is_admin=is_admin,
require_level=require_level)
self.mox.VerifyAll()
def get(self, report=None):
"""GET handler."""
auth.DoUserAuth()
if report == 'logs':
self._DisplayLogs()
else:
historical = self.request.get('historical') == '1'
applesus = self.request.get('applesus') == '1'
if historical or applesus:
self._DisplayPackagesListFromCache(applesus=applesus)
else:
self._DisplayPackagesList()
def testIsAllowedTo(self):
"""Test PermissionResolver.IsAllowedTo."""
test_resolver = auth.PermissionResolver('task')
self.mox.StubOutWithMock(auth, 'DoUserAuth')
self.mox.StubOutWithMock(auth.PermissionResolver, '_IsAllowedToPropose')
auth.DoUserAuth().AndReturn(True)
auth.PermissionResolver._IsAllowedToPropose().AndReturn(True)
auth.DoUserAuth().AndReturn(True)
auth.PermissionResolver._IsAllowedToPropose().AndReturn(False)
auth.DoUserAuth().AndRaise(auth.NotAuthenticated(''))
auth.DoUserAuth().AndReturn(True)
self.mox.ReplayAll()
test_resolver.email = '*****@*****.**'
test_resolver.task = 'Propose'
self.assertTrue(test_resolver.IsAllowedTo())
self.assertFalse(test_resolver.IsAllowedTo())
self.assertFalse(test_resolver.IsAllowedTo())
test_resolver.task = 'FakeTask'
self.assertFalse(test_resolver.IsAllowedTo())
self.mox.VerifyAll()
def post(self):
"""DynamicManifest post handler."""
# TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_DYN_MAN.
try:
self.user = auth.DoOAuthAuth()
except auth.NotAuthenticated:
enable_admin_check = True
# OAuth was either not used or failed, so perform regular user auth.
self.user = auth.DoUserAuth(is_admin=enable_admin_check)
mod_type = self.request.get('mod_type')
target = self.request.get('target')
mutate = self.request.get('mutate', 'true').lower() == 'true'
if not mutate:
logging.info('Enabling dry-run mode')
pkg_alias = self.request.get('pkg_alias')
if pkg_alias:
pkg_name = models.PackageAlias.ResolvePackageName(pkg_alias)
if not pkg_name:
logging.info('Package alias not found: %s', pkg_alias)
self.error(404)
return
logging.debug('Found pkg_name=%s for pkg_alias=%s', pkg_name,
pkg_alias)
else:
pkg_name = self.request.get('pkg_name')
try:
self._ParseParameters(mod_type, target, pkg_name)
except InvalidModificationType:
self.error(404)
return
try:
if mutate:
self._PutMod()
self.response.headers['Content-Type'] = 'application/json'
self.response.out.write(json.dumps([{'pkg_name': pkg_name}]))
except ValueError:
self.error(400)
except db.Error:
self.error(500)
def put(self, mod_type=None, target=None, pkg_name=None):
"""DynamicManifest put handler.
Returns:
A webapp.Response() response.
"""
# TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_DYN_MAN.
self.user = auth.DoUserAuth(is_admin=True)
try:
self._ParseParameters(mod_type, target, pkg_name)
except InvalidModificationType:
self.error(404)
return
try:
self._PutMod()
except ValueError:
self.error(400)
except db.Error:
self.error(500)
def testDoUserAuthWithAllDomainUsersOff(self):
self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', False)
self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users))
self.mox.StubOutWithMock(auth, 'IsAdminUser')
self.mox.StubOutWithMock(auth, 'IsSupportUser')
self.mox.StubOutWithMock(auth, 'IsSecurityUser')
self.mox.StubOutWithMock(auth, 'IsPhysicalSecurityUser')
mock_user = self.mox.CreateMockAnything()
email = '*****@*****.**'
auth.users.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(email)
auth.IsAdminUser(email).AndReturn(False)
auth.IsSupportUser(email).AndReturn(False)
auth.IsSecurityUser(email).AndReturn(False)
auth.IsPhysicalSecurityUser(email).AndReturn(True)
self.mox.ReplayAll()
self.assertEqual(mock_user, auth.DoUserAuth())
self.mox.VerifyAll()
def delete(self, mod_type=None, target=None, pkg_name=None):
"""DynamicManifest delete handler.
Returns:
A webapp.Response() response.
"""
# TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_DYN_MAN.
self.user = auth.DoUserAuth(is_admin=True)
try:
self._ParseParameters(mod_type, target, pkg_name)
except InvalidModificationType:
self.error(404)
return
mod = self.model.get_by_key_name(self.key_name)
if not mod:
self.error(404)
return
try:
mod.delete()
except db.Error:
logging.exception('error on DynamicManifest.delete()')
self.error(500)
def get(self, report=None, product_id=None):
"""GET handler."""
auth.DoUserAuth()
self._DisplayMain()
def get(self, report=None, uuid=None):
"""Stats get handler."""
auth.DoUserAuth()
if not report:
report_type = self.request.get('type')
report_filter = self.request.get('filter')
if report_type and report_filter:
report_filter = urllib.unquote(report_filter)
report_filter = report_filter.strip()
self._DisplaySummary(report_type, report_filter)
else:
self._DisplayCachedSummary()
elif report == 'host':
self._DisplayHost(uuid=uuid)
elif report == 'hostmanifest':
self._DisplayHostManifest(uuid=uuid)
elif report == 'installs':
pkg = self.request.get('pkg')
historical = self.request.get('historical') == '1'
applesus = self.request.get('applesus') == '1'
pending = self.request.get('pending') == '1'
if pkg:
if pending:
self._DisplayHostsPendingPkg(pkg)
else:
self._DisplayInstallsForPackage(pkg)
else:
if historical or applesus:
self._DisplayPackagesListFromCache(applesus=applesus)
else:
self._DisplayPackagesList()
elif report == 'installproblems':
self._DisplayInstallProblems()
elif report == 'preflightexits':
self._DisplayPreflightExits()
elif report == 'diskfree':
self._DisplayLowDiskFree()
elif report == 'uptime':
self._DisplayLongestUptime()
elif report == 'offcorp':
self._DisplayLongestOffCorp()
elif report == 'brokenclients':
self._DisplayBrokenClients()
elif report == 'msulogsummary':
self._DisplayMsuLogSummary(since_days=uuid)
elif report == 'msulogevent':
self._DisplayMsuLogEvent()
elif report == 'user_settings':
self._DisplayUserSettings()
elif report == 'adminlogs':
self._DisplayAdminLogs()
elif report == 'loststolen':
self._DisplayLostStolen()
elif report == 'packagealias':
self._DisplayPackageAlias()
elif report == 'clientlog':
log_key_name = uuid
l = models.ClientLogFile.get_by_key_name(log_key_name)
if l:
self.response.headers[
'Content-Type'] = 'text/plain; charset=utf-8'
self.response.out.write(l.log_file)
else:
self.response.out.write('Log not found')
self.response.set_status(404)
elif report == 'maintenance':
if not auth.IsAdminUser():
self.response.set_status(403)
return
from simian.mac.admin import maintenance
action = uuid
if action == 'update_installs_schema':
maintenance.UpdateInstallLogSchema()
elif action == 'update_legacy_apple_updates':
maintenance.ConvertLegacyAppleUpdateInstallLogEntities()
elif action == 'rebuild_install_counts':
maintenance.RebuildInstallCounts()
else:
self.response.set_status(404)
else:
self.response.set_status(404)
def get(self, uuid=None):
"""GET handler."""
if uuid:
uuid = util.UrlUnquote(uuid)
auth.DoUserAuth()
self._DisplayHost(uuid=uuid)
def get(self): """GET handler.""" auth.DoUserAuth() self._DisplayReleaseReport()
def testDoUserAuthAnyDomainUserSuccess(self):
self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', True)
self.assertEqual(self.email, auth.DoUserAuth().email())
def _UserAuthWithApiKeyCheck(self):
# TODO(user): setup DoUserAuth require_level=gaeserver.LEVEL_API_READONLY.
self.user = auth.DoUserAuth(is_admin=True)
self._CheckApiKey()
def get(self):
"""GET handler."""
auth.DoUserAuth()
self._DisplayBrokenClients()
def testDoUserAuthWithIsAdminTrueSuccess(self, _): self.assertEqual(self.email, auth.DoUserAuth(is_admin=True).email())
def testDoUserAuthWithAllDomainUsersOff(self, *_):
self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', False)
self.assertEqual(self.email, auth.DoUserAuth().email())
