def wrapper(request, *args, **kwargs):
if not admin_settings.ADMIN_ENABLED:
# we must never raise an AdminHttp404 exception here.
raise Http404
token = get_token_from_cookie(request, admin_settings.AUTH_COOKIE_NAME)
astakos.get_user(request, settings.ASTAKOS_AUTH_URL,
fallback_token=token, logger=logger)
if hasattr(request, 'user') and request.user:
groups = request.user['access']['user']['roles']
groups = [g["name"] for g in groups]
if not set(groups) & set(permitted_groups):
logger.debug("Failed to access admin view %r. No valid admin "
"group (%r) matches user groups (%r)",
request.user_uniq, permitted_groups, groups)
raise PermissionDenied
else:
logger.debug("Failed to access admin view %r. No authenticated "
"user found.", request.user_uniq)
logger.debug("auth_url (%s)", settings.ASTAKOS_AUTH_URL)
raise PermissionDenied
logging.debug("User %s accessed admininterface view (%s)",
request.user_uniq, request.path)
return func(request, *args, **kwargs)
def generate_key_pair(request):
"""
Response to generate private/public RSA key pair
"""
get_user(request, settings.ASTAKOS_AUTH_URL)
if request.method != "POST":
return http.HttpResponseNotAllowed(["POST"])
if not SUPPORT_GENERATE_KEYS:
raise Exception("Application does not support ssh keys generation")
if PublicKeyPair.user_limit_exceeded(request.user_uniq):
return http.HttpResponseServerError("SSH keys limit exceeded")
# generate RSA key
from Crypto import Random
Random.atfork()
key = rsakey.RSA.generate(SSH_KEY_LENGTH)
# get PEM string
pem = exportKey(key, 'PEM')
public_data = Message()
public_data.add_string('ssh-rsa')
public_data.add_mpint(key.key.e)
public_data.add_mpint(key.key.n)
# generate public content
public = str("ssh-rsa %s" % base64.b64encode(str(public_data)))
data = {'private': pem, 'public': public}
return http.HttpResponse(json.dumps(data), mimetype="application/json")
def wrapper(request, *args, **kwargs):
HELPDESK_ENABLED = getattr(settings, 'HELPDESK_ENABLED', True)
if not HELPDESK_ENABLED:
raise Http404
token = get_token_from_cookie(request, AUTH_COOKIE_NAME)
astakos.get_user(request, settings.ASTAKOS_AUTH_URL,
fallback_token=token, logger=logger)
if hasattr(request, 'user') and request.user:
groups = request.user['access']['user']['roles']
groups = [g["name"] for g in groups]
if not groups:
logger.info("Failed to access helpdesk view. User: %r",
request.user_uniq)
raise PermissionDenied
has_perm = False
for g in groups:
if g in permitted_groups:
has_perm = True
if not has_perm:
logger.info("Failed to access helpdesk view %r. No valid "
"helpdesk group (%r) matches user groups (%r)",
request.user_uniq, permitted_groups, groups)
raise PermissionDenied
else:
logger.info("Failed to access helpdesk view %r. No authenticated "
"user found.", request.user_uniq)
raise PermissionDenied
logging.info("User %s accessed helpdesk view (%s)", request.user_uniq,
request.path)
return func(request, *args, **kwargs)
def wrapper(request, *args, **kwargs):
HELPDESK_ENABLED = getattr(settings, 'HELPDESK_ENABLED', True)
if not HELPDESK_ENABLED:
raise Http404
token = get_token_from_cookie(request, AUTH_COOKIE_NAME)
astakos.get_user(request, settings.ASTAKOS_BASE_URL,
fallback_token=token, logger=logger)
if hasattr(request, 'user') and request.user:
groups = request.user.get('groups', [])
if not groups:
logger.error("Failed to access helpdesk view. User: %r",
request.user_uniq)
raise PermissionDenied
has_perm = False
for g in groups:
if g in permitted_groups:
has_perm = True
if not has_perm:
logger.error("Failed to access helpdesk view %r. No valid "
"helpdesk group (%r) matches user groups (%r)",
request.user_uniq, permitted_groups, groups)
raise PermissionDenied
else:
logger.error("Failed to access helpdesk view %r. No authenticated "
"user found.", request.user_uniq)
raise PermissionDenied
logging.info("User %s accessed helpdesk view (%s)", request.user_uniq,
request.path)
return func(request, *args, **kwargs)
def wrapper(request, *args, **kwargs):
if not admin_settings.ADMIN_ENABLED:
# we must never raise an AdminHttp404 exception here.
raise Http404
token = get_token_from_cookie(request, admin_settings.AUTH_COOKIE_NAME)
astakos.get_user(request,
settings.ASTAKOS_AUTH_URL,
fallback_token=token,
logger=logger)
if hasattr(request, 'user') and request.user:
groups = request.user['access']['user']['roles']
groups = [g["name"] for g in groups]
if not set(groups) & set(permitted_groups):
logger.debug(
"Failed to access admin view %r. No valid admin "
"group (%r) matches user groups (%r)", request.user_uniq,
permitted_groups, groups)
raise PermissionDenied
else:
logger.debug(
"Failed to access admin view %r. No authenticated "
"user found.", request.user_uniq)
logger.debug("auth_url (%s)", settings.ASTAKOS_AUTH_URL)
raise PermissionDenied
logging.debug("User %s accessed admininterface view (%s)",
request.user_uniq, request.path)
return func(request, *args, **kwargs)
def create_new_keypair(request):
"""
Response to generate private/public RSA key pair
"""
get_user(request, settings.ASTAKOS_AUTH_URL)
if request.method != "POST":
return http.HttpResponseNotAllowed(["POST"])
if not SUPPORT_GENERATE_KEYS:
raise Exception("Application does not support ssh keys generation")
if PublicKeyPair.user_limit_exceeded(request.user_uniq):
return http.HttpResponseServerError("SSH keys limit exceeded")
data = generate_keypair()
return http.HttpResponse(json.dumps(data), content_type="application/json")
def view(request, *args, **kwargs):
get_user(request, settings.ASTAKOS_AUTH_URL)
if not request.user_uniq:
return HttpResponse(status=401)
self = cls(*initargs, **initkwargs)
return self.dispatch(request, *args, **kwargs)
def view(request, *args, **kwargs):
get_user(request, settings.ASTAKOS_AUTH_URL)
if not request.user_uniq:
return HttpResponse(status=401)
self = cls(*initargs, **initkwargs)
return self.dispatch(request, *args, **kwargs)
