def post(self):
'''
This login uses parameters to generate auth token
The alternative is to use the template tag inside "REST" that is called auth_token, that extracts an auth token from an user session
We can use any of this forms due to the fact that the auth token is in fact a session key
Parameters:
mandatory:
username:
password:
authId or auth or authSmallName: (must include at least one. If multiple are used, precedence is the list order)
Result:
on success: { 'result': 'ok', 'auth': [auth_code] }
on error: { 'result: 'error', 'error': [error string] }
Locale comes on "Header", as any HTTP Request (Accept-Language header)
Calls to any method of REST that must be authenticated needs to be called with "X-Auth-Token" Header added
'''
try:
if 'authId' not in self._params and 'authSmallName' not in self._params and 'auth' not in self._params:
raise RequestError('Invalid parameters (no auth)')
authId = self._params.get('authId', None)
authSmallName = self._params.get('authSmallName', None)
authName = self._params.get('auth', None)
username, password = self._params['username'], self._params['password']
locale = self._params.get('locale', 'en')
if authName == 'admin' or authSmallName == 'admin':
if GlobalConfig.SUPER_USER_LOGIN.get(True) == username and GlobalConfig.SUPER_USER_PASS.get(True) == password:
self.genAuthToken(-1, username, locale, True, True)
return{'result': 'ok', 'token': self.getAuthToken()}
else:
raise Exception('Invalid credentials')
else:
try:
# Will raise an exception if no auth found
if authId is not None:
auth = Authenticator.objects.get(uuid=authId)
elif authName is not None:
auth = Authenticator.objects.get(name=authName)
else:
auth = Authenticator.objects.get(small_name=authSmallName)
logger.debug('Auth obj: {0}'.format(auth))
user = authenticate(username, password, auth)
if user is None: # invalid credentials
raise Exception()
self.genAuthToken(auth.id, user.name, locale, user.is_admin, user.staff_member)
return{'result': 'ok', 'token': self.getAuthToken()}
except:
logger.exception('Credentials ')
raise Exception('Invalid Credentials (invalid authenticator)')
raise Exception('Invalid Credentials')
except Exception as e:
logger.exception('exception')
return {'result': 'error', 'error': unicode(e)}
def post(self):
'''
This login uses parameters to generate auth token
The alternative is to use the template tag inside "REST" that is called auth_token, that extracts an auth token from an user session
We can use any of this forms due to the fact that the auth token is in fact a session key
Parameters:
mandatory:
username:
password:
authId or auth or authSmallName: (must include at least one. If multiple are used, precedence is the list order)
optional:
platform: From what platform are we connecting. If not specified, will try to deduct it from user agent.
Valid values:
Linux = 'Linux'
WindowsPhone = 'Windows Phone'
Windows = 'Windows'
Macintosh = 'Mac'
Android = 'Android'
iPad = 'iPad'
iPhone = 'iPhone'
Defaults to:
Unknown = 'Unknown'
Result:
on success: { 'result': 'ok', 'auth': [auth_code] }
on error: { 'result: 'error', 'error': [error string] }
Locale comes on "Header", as any HTTP Request (Accept-Language header)
Calls to any method of REST that must be authenticated needs to be called with "X-Auth-Token" Header added
'''
try:
if 'authId' not in self._params and 'authSmallName' not in self._params and 'auth' not in self._params:
raise RequestError('Invalid parameters (no auth)')
authId = self._params.get('authId', None)
authSmallName = self._params.get('authSmallName', None)
authName = self._params.get('auth', None)
platform = self._params.get('platform', self._request.os)
username, password = self._params['username'], self._params[
'password']
locale = self._params.get('locale', 'en')
if authName == 'admin' or authSmallName == 'admin':
if GlobalConfig.SUPER_USER_LOGIN.get(
True) == username and GlobalConfig.SUPER_USER_PASS.get(
True) == password:
self.genAuthToken(-1, username, locale, platform, True,
True)
return {'result': 'ok', 'token': self.getAuthToken()}
else:
raise Exception('Invalid credentials')
else:
try:
# Will raise an exception if no auth found
if authId is not None:
auth = Authenticator.objects.get(
uuid=processUuid(authId))
elif authName is not None:
auth = Authenticator.objects.get(name=authName)
else:
auth = Authenticator.objects.get(
small_name=authSmallName)
if password == '':
password = '******' # Strange password if credential leaved empty
logger.debug('Auth obj: {0}'.format(auth))
user = authenticate(username, password, auth)
if user is None: # invalid credentials
raise Exception()
self.genAuthToken(auth.id, user.name, locale, platform,
user.is_admin, user.staff_member)
return {'result': 'ok', 'token': self.getAuthToken()}
except:
logger.exception('Credentials ')
raise Exception(
'Invalid Credentials (invalid authenticator)')
raise Exception('Invalid Credentials')
except Exception as e:
logger.exception('exception')
return {'result': 'error', 'error': six.text_type(e)}
def login(request, tag=None):
'''
View responsible of logging in an user
:param request: http request
:param tag: tag of login auth
'''
# request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt())
host = request.META.get('HTTP_HOST') or request.META.get('SERVER_NAME') or 'auth_host' # Last one is a placeholder in case we can't locate host name
# Get Authenticators limitation
logger.debug('Host: {0}'.format(host))
if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(True) is True:
if tag is None:
try:
Authenticator.objects.get(small_name=host)
tag = host
except Exception:
try:
tag = Authenticator.objects.order_by('priority')[0].small_name
except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-)
tag = None
logger.debug('Tag: {0}'.format(tag))
logger.debug(request.method)
if request.method == 'POST':
if 'uds' not in request.COOKIES:
logger.debug('Request does not have uds cookie')
return errors.errorView(request, errors.COOKIES_NEEDED) # We need cookies to keep session data
request.session.cycle_key()
form = LoginForm(request.POST, tag=tag)
if form.is_valid():
os = OsDetector.getOsFromUA(request.META.get('HTTP_USER_AGENT'))
try:
authenticator = Authenticator.objects.get(pk=form.cleaned_data['authenticator'])
except Exception:
authenticator = Authenticator()
userName = form.cleaned_data['user']
cache = Cache('auth')
cacheKey = str(authenticator.id) + userName
tries = cache.get(cacheKey)
if tries is None:
tries = 0
if authenticator.getInstance().blockUserOnLoginFailures is True and tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt():
form.add_form_error('Too many authentication errors. User temporarily blocked.')
authLogLogin(request, authenticator, userName, 'Temporarily blocked')
else:
user = authenticate(userName, form.cleaned_data['password'], authenticator)
logger.debug('User: {}'.format(user))
if user is None:
logger.debug("Invalid credentials for user {0}".format(userName))
tries += 1
cache.put(cacheKey, tries, GlobalConfig.LOGIN_BLOCK.getInt())
form.add_form_error('Invalid credentials')
authLogLogin(request, authenticator, userName, 'Invalid credentials')
else:
logger.debug('User {} has logged in'.format(userName))
cache.remove(cacheKey) # Valid login, remove cached tries
response = HttpResponseRedirect(reverse('uds.web.views.index'))
webLogin(request, response, user, form.cleaned_data['password'])
# Add the "java supported" flag to session
request.session['OS'] = os
authLogLogin(request, authenticator, user.name)
return response
else:
form = LoginForm(tag=tag)
response = render_to_response(theme.template('login.html'), {'form': form, 'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True)},
context_instance=RequestContext(request))
getUDSCookie(request, response)
return response
def post(self):
'''
This login uses parameters to generate auth token
The alternative is to use the template tag inside "REST" that is called auth_token, that extracts an auth token from an user session
We can use any of this forms due to the fact that the auth token is in fact a session key
Parameters:
mandatory:
username:
password:
authId or auth or authSmallName: (must include at least one. If multiple are used, precedence is the list order)
optional:
platform: From what platform are we connecting. If not specified, will try to deduct it from user agent.
Valid values:
Linux = 'Linux'
WindowsPhone = 'Windows Phone'
Windows = 'Windows'
Macintosh = 'Mac'
Android = 'Android'
iPad = 'iPad'
iPhone = 'iPhone'
Defaults to:
Unknown = 'Unknown'
Result:
on success: { 'result': 'ok', 'auth': [auth_code] }
on error: { 'result: 'error', 'error': [error string] }
Locale comes on "Header", as any HTTP Request (Accept-Language header)
Calls to any method of REST that must be authenticated needs to be called with "X-Auth-Token" Header added
'''
try:
if 'authId' not in self._params and 'authSmallName' not in self._params and 'auth' not in self._params:
raise RequestError('Invalid parameters (no auth)')
authId = self._params.get('authId', None)
authSmallName = self._params.get('authSmallName', None)
authName = self._params.get('auth', None)
platform = self._params.get('platform', self._request.os)
username, password = self._params['username'], self._params['password']
locale = self._params.get('locale', 'en')
if authName == 'admin' or authSmallName == 'admin':
if GlobalConfig.SUPER_USER_LOGIN.get(True) == username and GlobalConfig.SUPER_USER_PASS.get(True) == password:
self.genAuthToken(-1, username, locale, platform, True, True)
return{'result': 'ok', 'token': self.getAuthToken()}
else:
raise Exception('Invalid credentials')
else:
try:
# Will raise an exception if no auth found
if authId is not None:
auth = Authenticator.objects.get(uuid=processUuid(authId))
elif authName is not None:
auth = Authenticator.objects.get(name=authName)
else:
auth = Authenticator.objects.get(small_name=authSmallName)
if password == '':
password = '******' # Strange password if credential leaved empty
logger.debug('Auth obj: {0}'.format(auth))
user = authenticate(username, password, auth)
if user is None: # invalid credentials
raise Exception()
self.genAuthToken(auth.id, user.name, locale, platform, user.is_admin, user.staff_member)
return{'result': 'ok', 'token': self.getAuthToken()}
except:
logger.exception('Credentials ')
raise Exception('Invalid Credentials (invalid authenticator)')
raise Exception('Invalid Credentials')
except Exception as e:
logger.exception('exception')
return {'result': 'error', 'error': six.text_type(e)}
def checkLogin( # pylint: disable=too-many-branches, too-many-statements
request: 'HttpRequest',
form: 'LoginForm',
tag: typing.Optional[str] = None
) -> typing.Tuple[typing.Optional['User'], typing.Any]:
host = request.META.get('HTTP_HOST') or request.META.get(
'SERVER_NAME'
) or 'auth_host' # Last one is a placeholder in case we can't locate host name
# Get Authenticators limitation
logger.debug('Host: %s', host)
if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(False) is True:
if tag is None:
try:
Authenticator.objects.get(small_name=host)
tag = host
except Exception:
try:
tag = Authenticator.objects.order_by(
'priority')[0].small_name
except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-)
tag = None
logger.debug('Tag: %s', tag)
if 'uds' not in request.COOKIES:
logger.debug('Request does not have uds cookie')
return (None, errors.COOKIES_NEEDED)
if form.is_valid():
os = request.os
try:
authenticator = Authenticator.objects.get(
uuid=processUuid(form.cleaned_data['authenticator']))
except Exception:
authenticator = Authenticator()
userName = form.cleaned_data['user']
if GlobalConfig.LOWERCASE_USERNAME.getBool(True) is True:
userName = userName.lower()
cache = Cache('auth')
cacheKey = str(authenticator.id) + userName
tries = cache.get(cacheKey) or 0
triesByIp = cache.get(request.ip) or 0
maxTries = GlobalConfig.MAX_LOGIN_TRIES.getInt()
if (authenticator.getInstance().blockUserOnLoginFailures is True and
(tries >= maxTries) or triesByIp >= maxTries):
authLogLogin(request, authenticator, userName,
'Temporarily blocked')
return (
None,
_('Too many authentication errrors. User temporarily blocked'))
password = form.cleaned_data['password']
user = None
if password == '':
password = '******' # Random string, in fact, just a placeholder that will not be used :)
user = authenticate(userName, password, authenticator)
logger.debug('User: %s', user)
if user is None:
logger.debug("Invalid user %s (access denied)", userName)
cache.put(cacheKey, tries + 1, GlobalConfig.LOGIN_BLOCK.getInt())
cache.put(request.ip, triesByIp + 1,
GlobalConfig.LOGIN_BLOCK.getInt())
authLogLogin(request, authenticator, userName,
'Access denied (user not allowed by UDS)')
return (None, _('Access denied'))
request.session.cycle_key()
logger.debug('User %s has logged in', userName)
cache.remove(cacheKey) # Valid login, remove cached tries
# Add the "java supported" flag to session
request.session['OS'] = os
if form.cleaned_data['logouturl'] != '':
logger.debug('The logoout url will be %s',
form.cleaned_data['logouturl'])
request.session['logouturl'] = form.cleaned_data['logouturl']
authLogLogin(request, authenticator, user.name)
return (user, form.cleaned_data['password'])
logger.info('Invalid form received')
return (None, _('Invalid data'))
def login(request, tag=None):
'''
View responsible of logging in an user
:param request: http request
:param tag: tag of login auth
'''
# request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt())
host = request.META.get('HTTP_HOST') or request.META.get('SERVER_NAME') or 'auth_host' # Last one is a placeholder in case we can't locate host name
# Get Authenticators limitation
logger.debug('Host: {0}'.format(host))
if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(False) is True:
if tag is None:
try:
Authenticator.objects.get(small_name=host)
tag = host
except Exception:
try:
tag = Authenticator.objects.order_by('priority')[0].small_name
except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-)
tag = None
logger.debug('Tag: {0}'.format(tag))
logger.debug(request.method)
if request.method == 'POST':
if 'uds' not in request.COOKIES:
logger.debug('Request does not have uds cookie')
return errors.errorView(request, errors.COOKIES_NEEDED) # We need cookies to keep session data
request.session.cycle_key()
form = LoginForm(request.POST, tag=tag)
if form.is_valid():
os = request.os
try:
authenticator = Authenticator.objects.get(pk=form.cleaned_data['authenticator'])
except Exception:
authenticator = Authenticator()
userName = form.cleaned_data['user']
if GlobalConfig.LOWERCASE_USERNAME.getBool(True) is True:
userName = userName.lower()
cache = Cache('auth')
cacheKey = str(authenticator.id) + userName
tries = cache.get(cacheKey)
if tries is None:
tries = 0
if authenticator.getInstance().blockUserOnLoginFailures is True and tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt():
form.add_error(None, 'Too many authentication errors. User temporarily blocked.')
authLogLogin(request, authenticator, userName, 'Temporarily blocked')
else:
password = form.cleaned_data['password']
user = None
if password == '':
password = '******'
user = authenticate(userName, password, authenticator)
logger.debug('User: {}'.format(user))
if user is None:
logger.debug("Invalid credentials for user {0}".format(userName))
tries += 1
cache.put(cacheKey, tries, GlobalConfig.LOGIN_BLOCK.getInt())
form.add_error(None, ugettext('Invalid credentials'))
authLogLogin(request, authenticator, userName, 'Invalid credentials')
else:
logger.debug('User {} has logged in'.format(userName))
cache.remove(cacheKey) # Valid login, remove cached tries
response = HttpResponseRedirect(reverse('uds.web.views.index'))
webLogin(request, response, user, form.cleaned_data['password'])
# Add the "java supported" flag to session
request.session['OS'] = os
if form.cleaned_data['logouturl'] != '':
logger.debug('The logoout url will be {}'.format(form.cleaned_data['logouturl']))
request.session['logouturl'] = form.cleaned_data['logouturl']
authLogLogin(request, authenticator, user.name)
return response
else:
logger.info('Invalid form received')
else:
form = LoginForm(tag=tag)
response = render_to_response(
theme.template('login.html'),
{
'form': form,
'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True),
'version': VERSION
},
context_instance=RequestContext(request)
)
getUDSCookie(request, response)
return response
def checkLogin(request, form, tag=None):
host = request.META.get('HTTP_HOST') or request.META.get('SERVER_NAME') or 'auth_host' # Last one is a placeholder in case we can't locate host name
# Get Authenticators limitation
logger.debug('Host: {0}'.format(host))
if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(False) is True:
if tag is None:
try:
Authenticator.objects.get(small_name=host)
tag = host
except Exception:
try:
tag = Authenticator.objects.order_by('priority')[0].small_name
except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-)
tag = None
logger.debug('Tag: {0}'.format(tag))
if 'uds' not in request.COOKIES:
logger.debug('Request does not have uds cookie')
return (None, errors.COOKIES_NEEDED)
if form.is_valid():
os = request.os
try:
authenticator = Authenticator.objects.get(uuid=processUuid(form.cleaned_data['authenticator']))
except Exception:
authenticator = Authenticator()
userName = form.cleaned_data['user']
if GlobalConfig.LOWERCASE_USERNAME.getBool(True) is True:
userName = userName.lower()
cache = Cache('auth')
cacheKey = str(authenticator.id) + userName
tries = cache.get(cacheKey)
if tries is None:
tries = 0
if authenticator.getInstance().blockUserOnLoginFailures is True and tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt():
authLogLogin(request, authenticator, userName, 'Temporarily blocked')
return (None, _('Too many authentication errrors. User temporarily blocked'))
else:
password = form.cleaned_data['password']
user = None
if password == '':
password = '******' # Random string, in fact, just a placeholder that will not be used :)
user = authenticate(userName, password, authenticator)
logger.debug('User: {}'.format(user))
if user is None:
logger.debug("Invalid user {0} (access denied)".format(userName))
tries += 1
cache.put(cacheKey, tries, GlobalConfig.LOGIN_BLOCK.getInt())
authLogLogin(request, authenticator, userName, 'Access denied (user not allowed by UDS)')
return (None, _('Access denied'))
else:
request.session.cycle_key()
logger.debug('User {} has logged in'.format(userName))
cache.remove(cacheKey) # Valid login, remove cached tries
# Add the "java supported" flag to session
request.session['OS'] = os
if form.cleaned_data['logouturl'] != '':
logger.debug('The logoout url will be {}'.format(form.cleaned_data['logouturl']))
request.session['logouturl'] = form.cleaned_data['logouturl']
authLogLogin(request, authenticator, user.name)
return (user, form.cleaned_data['password'])
logger.info('Invalid form received')
return (None, _('Invalid data'))
def post(self) -> typing.Any:
"""
This login uses parameters to generate auth token
The alternative is to use the template tag inside "REST" that is called auth_token, that extracts an auth token from an user session
We can use any of this forms due to the fact that the auth token is in fact a session key
Parameters:
mandatory:
username:
password:
authId or auth or authSmallName: (must include at least one. If multiple are used, precedence is the list order)
optional:
platform: From what platform are we connecting. If not specified, will try to deduct it from user agent.
Valid values:
Linux = 'Linux'
WindowsPhone = 'Windows Phone'
Windows = 'Windows'
Macintosh = 'Mac'
Android = 'Android'
iPad = 'iPad'
iPhone = 'iPhone'
Defaults to:
Unknown = 'Unknown'
Result:
on success: { 'result': 'ok', 'auth': [auth_code] }
on error: { 'result: 'error', 'error': [error string] }
Locale comes on "Header", as any HTTP Request (Accept-Language header)
Calls to any method of REST that must be authenticated needs to be called with "X-Auth-Token" Header added
"""
# Checks if client is "blocked"
cache = Cache('RESTapi')
fails = cache.get(self._request.ip) or 0
if fails > ALLOWED_FAILS:
logger.info('Access to REST API %s is blocked for %s seconds since last fail', self._request.ip, GlobalConfig.LOGIN_BLOCK.getInt())
try:
if 'authId' not in self._params and 'authSmallName' not in self._params and 'auth' not in self._params:
raise RequestError('Invalid parameters (no auth)')
scrambler: str = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(32)) # @UndefinedVariable
authId: typing.Optional[str] = self._params.get('authId', None)
authSmallName: typing.Optional[str] = self._params.get('authSmallName', None)
authName: typing.Optional[str] = self._params.get('auth', None)
platform: str = self._params.get('platform', self._request.os)
username: str
password: str
username, password = self._params['username'], self._params['password']
locale: str = self._params.get('locale', 'en')
if authName == 'admin' or authSmallName == 'admin':
if GlobalConfig.SUPER_USER_LOGIN.get(True) == username and GlobalConfig.SUPER_USER_PASS.get(True) == password:
self.genAuthToken(-1, username, password, locale, platform, True, True, scrambler)
return Login.result(result='ok', token=self.getAuthToken())
return Login.result(error='Invalid credentials')
# Will raise an exception if no auth found
if authId:
auth = Authenticator.objects.get(uuid=processUuid(authId))
elif authName:
auth = Authenticator.objects.get(name=authName)
else:
auth = Authenticator.objects.get(small_name=authSmallName)
if not password:
password = '******' # Extrange password if credential left empty. Value is not important, just not empty
logger.debug('Auth obj: %s', auth)
user = authenticate(username, password, auth, True)
if user is None: # invalid credentials
# Sleep a while here to "prottect"
time.sleep(3) # Wait 3 seconds if credentials fails for "protection"
# And store in cache for blocking for a while if fails
cache.put(self._request.ip, fails+1, GlobalConfig.LOGIN_BLOCK.getInt())
return Login.result(error='Invalid credentials')
return Login.result(
result='ok',
token=self.genAuthToken(auth.id, user.name, password, locale, platform, user.is_admin, user.staff_member, scrambler),
scrambler=scrambler
)
except Exception:
# logger.exception('exception')
pass
return Login.result(error='Invalid credentials')
