def delete_model(mid):
couchdb = slycat.web.server.database.couchdb.connect()
model = couchdb.get("model", mid)
project = couchdb.get("project", model["project"])
slycat.web.server.authentication.require_project_writer(project)
couchdb.delete(model)
cleanup_arrays()
cherrypy.response.status = "204 Model deleted."
def delete_model(mid):
couchdb = slycat.web.server.database.couchdb.connect()
model = couchdb.get("model", mid)
project = couchdb.get("project", model["project"])
slycat.web.server.authentication.require_project_writer(project)
scidb = slycat.web.server.database.scidb.connect()
couchdb.delete(model)
cleanup_arrays()
cherrypy.response.status = "204 Model deleted."
def authenticate(realm, rules=None):
# Sanity-check our inputs.
if '"' in realm:
cherrypy.log.error("slycat-standard-authentication.py authenticate",
"Realm cannot contain the \" (quote) character.")
raise ValueError("Realm cannot contain the \" (quote) character.")
# we need to parse the current url so we can do an https redirect
# cherrypy will redirect http by default :(
current_url = urlparse(cherrypy.url() + "?" + cherrypy.request.query_string)
# Require a secure connection.
# Get the client ip, which might be forwarded by a proxy.
remote_ip = slycat.web.server.check_https_get_remote_ip()
# See if the client already has a valid session.
if "slycatauth" in cherrypy.request.cookie:
sid = cherrypy.request.cookie["slycatauth"].value
couchdb = slycat.web.server.database.couchdb.connect()
session = None
try:
session = couchdb.get("session", sid)
started = session["created"]
user_name = session["creator"]
groups = session["groups"]
# no chaching plz
cherrypy.response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate" # HTTP 1.1.
cherrypy.response.headers["Pragma"] = "no-cache" # HTTP 1.0.
cherrypy.response.headers["Expires"] = "0" # Proxies.
# cherrypy.log.error("%s ::: %s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started),'%Y-%m-%dT%H:%M:%S.%f'),cherrypy.request.app.config["slycat"]["session-timeout"]))
# cherrypy.log.error("%s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]))
if datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > \
cherrypy.request.app.config["slycat"]["session-timeout"]:
couchdb.delete(session)
# expire the old cookie
cherrypy.response.cookie["slycatauth"] = sid
cherrypy.response.cookie["slycatauth"]['expires'] = 0
session = None
cherrypy.request.login = user_name
# Apply (optional) authentication rules.
except Exception as e:
cherrypy.log.error("@%s: could not get db session from cookie for %s" % (e, remote_ip))
# there was no session time to authenticate
if session is None:
cherrypy.log.error("no session found redirecting %s to login" % remote_ip)
raise cherrypy.HTTPRedirect(
"https://" + current_url.netloc + "/login/slycat-login.html?from=" + current_url.geturl().replace(
"http:", "https:"), 307)
# Successful authentication, create a session and return.
# return
else:
cherrypy.log.error("no cookie found redirecting %s to login" % remote_ip)
raise cherrypy.HTTPRedirect(
"https://" + current_url.netloc + "/login/slycat-login.html?from=" + current_url.geturl().replace(
"http:", "https:"), 307)
def delete_project(pid):
couchdb = slycat.web.server.database.couchdb.connect()
project = couchdb.get("project", pid)
slycat.web.server.authentication.require_project_administrator(project)
for bookmark in couchdb.scan("slycat/project-bookmarks", startkey=pid, endkey=pid):
couchdb.delete(bookmark)
for model in couchdb.scan("slycat/project-models", startkey=pid, endkey=pid):
couchdb.delete(model)
couchdb.delete(project)
cleanup_arrays()
cherrypy.response.status = "204 Project deleted."
def delete_project(pid):
couchdb = slycat.web.server.database.couchdb.connect()
project = couchdb.get("project", pid)
slycat.web.server.authentication.require_project_administrator(project)
for bookmark in couchdb.scan("slycat/project-bookmarks",
startkey=pid,
endkey=pid):
couchdb.delete(bookmark)
for model in couchdb.scan("slycat/project-models",
startkey=pid,
endkey=pid):
couchdb.delete(model)
couchdb.delete(project)
cleanup_arrays()
cherrypy.response.status = "204 Project deleted."
def authenticate(realm, rules=None):
# Sanity-check our inputs.
if '"' in realm:
slycat.email.send_error(
"slycat-standard-authentication.py authenticate",
"Realm cannot contain the \" (quote) character.")
raise ValueError("Realm cannot contain the \" (quote) character.")
current_url = urlparse(cherrypy.url() + "?" +
cherrypy.request.query_string)
# Require a secure connection.
# Get the client ip, which might be forwarded by a proxy.
remote_ip = slycat.web.server.check_https_get_remote_ip()
# header username field parsing
hdr_val = slycat.web.server.config["slycat-web-server"]["auth-parse"][
"header-key"]
delim = slycat.web.server.config["slycat-web-server"]["auth-parse"][
"delimeter"]
username_idx = slycat.web.server.config["slycat-web-server"][
"auth-parse"]["username-index"]
# get the username
try:
auth_user = cherrypy.request.headers.get(hdr_val).split(
delim)[username_idx]
except:
raise cherrypy.HTTPError(
"407 Proxy Authentication Required: Slycat could not parse an authorized username."
)
# validate that header auth parsing returns a plausible username
if len(auth_user) > 0 and isinstance(
auth_user, basestring): # tests for str and unicode
#if len(auth_user) > 0 and isinstance(auth_user, str): # python 3 version
pass
else:
raise cherrypy.HTTPError(
"407 Proxy Authentication Required: Slycat did not receive a valid username string."
)
# See if the client already has a valid session.
if "slycatauth" in cherrypy.request.cookie:
sid = cherrypy.request.cookie["slycatauth"].value
couchdb = slycat.web.server.database.couchdb.connect()
session = None
try:
session = couchdb.get("session", sid)
started = session["created"]
user_name = session["creator"]
# check if users match blow away the session if they dont and throw
# an unauthorized error to the web browser
slycat.web.server.check_user(user_name, auth_user, sid)
groups = session["groups"]
# no chaching plz
cherrypy.response.headers[
"Cache-Control"] = "no-cache, no-store, must-revalidate" # HTTP 1.1.
cherrypy.response.headers["Pragma"] = "no-cache" # HTTP 1.0.
cherrypy.response.headers["Expires"] = "0" # Proxies.
# cherrypy.log.error("%s ::: %s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started),'%Y-%m-%dT%H:%M:%S.%f'),cherrypy.request.app.config["slycat"]["session-timeout"]))
# cherrypy.log.error("%s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]))
if datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > \
cherrypy.request.app.config["slycat"]["session-timeout"]:
couchdb.delete(session)
# expire the old cookie
cherrypy.response.cookie["slycatauth"] = sid
cherrypy.response.cookie["slycatauth"]['expires'] = 0
session = None
# set the auth user to the one sent in by apache
cherrypy.request.login = auth_user
# Apply (optional) authentication rules.
except Exception as e:
cherrypy.log.error(
"@%s: could not get db session from cookie for %s" %
(e, remote_ip))
# there was no session time to authenticate
if session is None:
cherrypy.log.error(
"++ no session found redirecting %s to SSO_session" %
remote_ip)
# Successful authentication, create a session and return.
slycat.web.server.create_single_sign_on_session(
remote_ip, auth_user)
else:
cherrypy.log.error(
"++ no cookie found redirecting %s to SSO_session" % remote_ip)
slycat.web.server.create_single_sign_on_session(
remote_ip, auth_user)
def authenticate(realm, rules=None):
# Sanity-check our inputs.
if '"' in realm:
slycat.email.send_error(
"slycat-standard-authentication.py authenticate",
"Realm cannot contain the \" (quote) character.")
raise ValueError("Realm cannot contain the \" (quote) character.")
# we need to parse the current url so we can do an https redirect
# cherrypy will redirect http by default :(
current_url = urlparse(cherrypy.url() + "?" +
cherrypy.request.query_string)
# Require a secure connection.
# Get the client ip, which might be forwarded by a proxy.
remote_ip = slycat.web.server.check_https_get_remote_ip()
# See if the client already has a valid session.
if "slycatauth" in cherrypy.request.cookie:
sid = cherrypy.request.cookie["slycatauth"].value
couchdb = slycat.web.server.database.couchdb.connect()
session = None
try:
session = couchdb.get("session", sid)
started = session["created"]
user_name = session["creator"]
groups = session["groups"]
# no chaching plz
cherrypy.response.headers[
"Cache-Control"] = "no-cache, no-store, must-revalidate" # HTTP 1.1.
cherrypy.response.headers["Pragma"] = "no-cache" # HTTP 1.0.
cherrypy.response.headers["Expires"] = "0" # Proxies.
# cherrypy.log.error("%s ::: %s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started),'%Y-%m-%dT%H:%M:%S.%f'),cherrypy.request.app.config["slycat"]["session-timeout"]))
# cherrypy.log.error("%s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]))
if datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > \
cherrypy.request.app.config["slycat"]["session-timeout"]:
couchdb.delete(session)
# expire the old cookie
cherrypy.response.cookie["slycatauth"] = sid
cherrypy.response.cookie["slycatauth"]['expires'] = 0
session = None
cherrypy.request.login = user_name
# Apply (optional) authentication rules.
except Exception as e:
cherrypy.log.error(
"@%s: could not get db session from cookie for %s" %
(e, remote_ip))
# there was no session time to authenticate
if session is None:
cherrypy.log.error("no session found redirecting %s to login" %
remote_ip)
raise cherrypy.HTTPRedirect(
"https://" + current_url.netloc +
"/login/slycat-login.html?from=" +
current_url.geturl().replace("http:", "https:"), 307)
# Successful authentication, create a session and return.
# return
else:
cherrypy.log.error("no cookie found redirecting %s to login" %
remote_ip)
raise cherrypy.HTTPRedirect(
"https://" + current_url.netloc +
"/login/slycat-login.html?from=" +
current_url.geturl().replace("http:", "https:"), 307)
def authenticate(realm, rules=None):
# Sanity-check our inputs.
if '"' in realm:
slycat.email.send_error("slycat-standard-authentication.py authenticate", "Realm cannot contain the \" (quote) character.")
raise ValueError("Realm cannot contain the \" (quote) character.")
# we need to parse the current url so we can do an https redirect
# cherrypy will redirect http by default :(
current_url = urlparse(cherrypy.url()+"?"+cherrypy.request.query_string)
# Require a secure connection.
if not (cherrypy.request.scheme == "https" or cherrypy.request.headers.get("x-forwarded-proto") == "https"):
slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 403 secure connection required.")
raise cherrypy.HTTPError("403 Secure connection required.")
# Get the client ip, which might be forwarded by a proxy.
remote_ip = cherrypy.request.headers.get("x-forwarded-for") if "x-forwarded-for" in cherrypy.request.headers else cherrypy.request.rem
# See if the client already has a valid session.
if "slycatauth" in cherrypy.request.cookie:
sid = cherrypy.request.cookie["slycatauth"].value
couchdb = slycat.web.server.database.couchdb.connect()
session = None
try:
session = couchdb.get("session", sid)
started = session["created"]
user_name = session["creator"]
groups = session["groups"]
# no chaching plz
cherrypy.response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate" # HTTP 1.1.
cherrypy.response.headers["Pragma"] = "no-cache" # HTTP 1.0.
cherrypy.response.headers["Expires"] = "0" # Proxies.
# cherrypy.log.error("%s ::: %s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started),'%Y-%m-%dT%H:%M:%S.%f'),cherrypy.request.app.config["slycat"]["session-timeout"]))
# cherrypy.log.error("%s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]))
if datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]:
couchdb.delete(session)
# expire the old cookie
cherrypy.response.cookie["slycatauth"] = sid
cherrypy.response.cookie["slycatauth"]['expires'] = 0
session = None
cherrypy.request.login = user_name
# Apply (optional) authentication rules.
if rules and user_name is not None:
deny = None
for operation, category, members in rules:
if operation not in ["allow", "deny"]:
slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown operation: %s." % operation)
raise cherrypy.HTTPError("500 Unknown operation: %s." % operation)
if category not in ["users", "groups"]:
slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown category: %s." % category)
raise cherrypy.HTTPError("500 Unknown category: %s." % category)
operation_default = True if operation == "allow" else False
operation_deny = False if operation == "allow" else True
if deny is None:
deny = operation_default
if category == "users":
if user_name in members:
deny = operation_deny
elif category == "groups":
for group in groups:
if group in members:
deny = operation_deny
break
if deny:
raise cherrypy.HTTPError("403 User denied by authentication rules.")
except Exception as e:
cherrypy.log.error("@%s: could not get db session from cookie for %s" % (e, remote_ip))
# there was no session time to authenticate
if session is None:
cherrypy.log.error("no session found redirecting %s to login" % remote_ip)
raise cherrypy.HTTPRedirect("https://" + current_url.netloc + "/login/slycat-login.html?from=" + current_url.geturl().replace("http:", "https:"), 307)
# Successful authentication, create a session and return.
#return
else:
cherrypy.log.error("no cookie found redirecting %s to login" % remote_ip)
raise cherrypy.HTTPRedirect("https://" + current_url.netloc + "/login/slycat-login.html?from=" + current_url.geturl().replace("http:", "https:"), 307)
def authenticate(realm, rules=None):
# Sanity-check our inputs.
if '"' in realm:
slycat.email.send_error(
"slycat-standard-authentication.py authenticate",
"Realm cannot contain the \" (quote) character.")
raise ValueError("Realm cannot contain the \" (quote) character.")
# we need to parse the current url so we can do an https redirect
# cherrypy will redirect http by default :(
current_url = urlparse(cherrypy.url() + "?" +
cherrypy.request.query_string)
# Require a secure connection.
if not (cherrypy.request.scheme == "https" or
cherrypy.request.headers.get("x-forwarded-proto") == "https"):
slycat.email.send_error(
"slycat-standard-authentication.py authenticate",
"cherrypy.HTTPError 403 secure connection required.")
raise cherrypy.HTTPError("403 Secure connection required.")
# Get the client ip, which might be forwarded by a proxy.
remote_ip = cherrypy.request.headers.get(
"x-forwarded-for"
) if "x-forwarded-for" in cherrypy.request.headers else cherrypy.request.rem
# See if the client already has a valid session.
if "slycatauth" in cherrypy.request.cookie:
sid = cherrypy.request.cookie["slycatauth"].value
couchdb = slycat.web.server.database.couchdb.connect()
session = None
try:
session = couchdb.get("session", sid)
started = session["created"]
user_name = session["creator"]
groups = session["groups"]
# no chaching plz
cherrypy.response.headers[
"Cache-Control"] = "no-cache, no-store, must-revalidate" # HTTP 1.1.
cherrypy.response.headers["Pragma"] = "no-cache" # HTTP 1.0.
cherrypy.response.headers["Expires"] = "0" # Proxies.
# cherrypy.log.error("%s ::: %s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started),'%Y-%m-%dT%H:%M:%S.%f'),cherrypy.request.app.config["slycat"]["session-timeout"]))
# cherrypy.log.error("%s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]))
if datetime.datetime.utcnow() - datetime.datetime.strptime(
unicode(started), '%Y-%m-%dT%H:%M:%S.%f'
) > cherrypy.request.app.config["slycat"]["session-timeout"]:
couchdb.delete(session)
# expire the old cookie
cherrypy.response.cookie["slycatauth"] = sid
cherrypy.response.cookie["slycatauth"]['expires'] = 0
session = None
cherrypy.request.login = user_name
# Apply (optional) authentication rules.
if rules and user_name is not None:
deny = None
for operation, category, members in rules:
if operation not in ["allow", "deny"]:
slycat.email.send_error(
"slycat-standard-authentication.py authenticate",
"cherrypy.HTTPError 500 unknown operation: %s."
% operation)
raise cherrypy.HTTPError(
"500 Unknown operation: %s." % operation)
if category not in ["users", "groups"]:
slycat.email.send_error(
"slycat-standard-authentication.py authenticate",
"cherrypy.HTTPError 500 unknown category: %s."
% category)
raise cherrypy.HTTPError(
"500 Unknown category: %s." % category)
operation_default = True if operation == "allow" else False
operation_deny = False if operation == "allow" else True
if deny is None:
deny = operation_default
if category == "users":
if user_name in members:
deny = operation_deny
elif category == "groups":
for group in groups:
if group in members:
deny = operation_deny
break
if deny:
raise cherrypy.HTTPError(
"403 User denied by authentication rules.")
except Exception as e:
cherrypy.log.error(
"@%s: could not get db session from cookie for %s" %
(e, remote_ip))
# there was no session time to authenticate
if session is None:
cherrypy.log.error("no session found redirecting %s to login" %
remote_ip)
raise cherrypy.HTTPRedirect(
"https://" + current_url.netloc +
"/login/slycat-login.html?from=" +
current_url.geturl().replace("http:", "https:"), 307)
# Successful authentication, create a session and return.
#return
else:
cherrypy.log.error("no cookie found redirecting %s to login" %
remote_ip)
raise cherrypy.HTTPRedirect(
"https://" + current_url.netloc +
"/login/slycat-login.html?from=" +
current_url.geturl().replace("http:", "https:"), 307)
def authenticate(realm, rules=None):
# Sanity-check our inputs.
if '"' in realm:
cherrypy.log.error(
"slycat-standard-authentication.py authenticate",
"Realm cannot contain the \" (quote) character.")
raise ValueError("Realm cannot contain the \" (quote) character.")
# we need to parse the current url so we can do an https redirect
# cherrypy will redirect http by default :(
current_url = urlparse(cherrypy.url() + "?" +
cherrypy.request.query_string)
# Require a secure connection.
# Get the client ip, which might be forwarded by a proxy.
remote_ip = '127.0.0.1'
# See if the client already has a valid session.
if "slycatauth" in cherrypy.request.cookie:
cherrypy.log.error('ding')
sid = cherrypy.request.cookie["slycatauth"].value
couchdb = slycat.web.server.database.couchdb.connect()
session = None
try:
with slycat.web.server.database.couchdb.get_session_lock(sid):
session = couchdb.get("session", sid)
started = session["created"]
user_name = session["creator"]
groups = session["groups"]
# no chaching plz
cherrypy.response.headers[
"Cache-Control"] = "no-cache, no-store, must-revalidate" # HTTP 1.1.
cherrypy.response.headers[
"Pragma"] = "no-cache" # HTTP 1.0.
cherrypy.response.headers["Expires"] = "0" # Proxies.
# cherrypy.log.error("%s ::: %s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started),'%Y-%m-%dT%H:%M:%S.%f'),cherrypy.request.app.config["slycat"]["session-timeout"]))
# cherrypy.log.error("%s" % (datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]))
if datetime.datetime.utcnow() - datetime.datetime.strptime(str(started), '%Y-%m-%dT%H:%M:%S.%f') > \
cherrypy.request.app.config["slycat"]["session-timeout"]:
couchdb.delete(session)
# expire the old cookie
cherrypy.response.cookie["slycatauth"] = sid
cherrypy.response.cookie["slycatauth"]['expires'] = 0
session = None
cherrypy.request.login = '******'
session["last-active-time"] = str(
datetime.datetime.utcnow().isoformat())
couchdb.save(session)
# Apply (optional) authentication rules.
except Exception as e:
slycat.web.server.create_single_sign_on_session(remote_ip,
'user_name',
secure=False)
cherrypy.log.error(
"@%s: could not get db session from cookie for %s" %
(e, remote_ip))
# there was no session time to authenticate
else:
slycat.web.server.create_single_sign_on_session(remote_ip,
'user_name',
secure=False)
