def transportOwnLink(request: 'ExtendedHttpRequestWithUser', idService: str, idTransport: str): response: typing.MutableMapping[str, typing.Any] = {} # For type checkers to "be happy" try: res = userServiceManager().getService(request.user, request.os, request.ip, idService, idTransport) ip, userService, iads, trans, itrans = res # pylint: disable=unused-variable # This returns a response object in fact if itrans and ip: response = { 'url': itrans.getLink( userService, trans, ip, request.os, request.user, webPassword(request), request, ) } except ServiceNotReadyError as e: response = {'running': e.code * 25} except Exception as e: logger.exception("Exception") response = {'error': str(e)} return HttpResponse(content=json.dumps(response), content_type='application/json') # Will never reach this return errors.errorView(request, errors.UNKNOWN_ERROR)
def denyBrowsers(browsers=None, errorResponse=lambda request: errors.errorView( request, errors.BROWSER_NOT_SUPPORTED)): """ Decorator to set protection to access page Look for samples at uds.core.web.views """ if browsers is None: browsers = ['ie<9'] def wrap(view_func): @wraps(view_func) def _wrapped_view(request, *args, **kwargs): """ Wrapped function for decorator """ for b in browsers: if checkBrowser(request, b): return errorResponse(request) return view_func(request, *args, **kwargs) return _wrapped_view return wrap
def denyBrowsers( browsers: typing.Optional[typing.List[str]] = None, errorResponse: typing.Callable = lambda request: errors.errorView( request, errors.BROWSER_NOT_SUPPORTED) ) -> typing.Callable[[typing.Callable[..., RT]], typing.Callable[..., RT]]: """ Decorator to set protection to access page Look for samples at uds.core.web.views """ denied: typing.List[str] = browsers or ['ie<9'] def wrap(view_func: typing.Callable[..., RT]) -> typing.Callable[..., RT]: @wraps(view_func) def _wrapped_view(request, *args, **kwargs) -> RT: """ Wrapped function for decorator """ for b in denied: if checkBrowser(request, b): return errorResponse(request) return view_func(request, *args, **kwargs) return _wrapped_view return wrap
def denyBrowsers(browsers=None, errorResponse=lambda request: errors.errorView(request, errors.BROWSER_NOT_SUPPORTED)): """ Decorator to set protection to access page Look for samples at uds.core.web.views """ if browsers is None: browsers = ['ie<9'] def wrap(view_func): @wraps(view_func) def _wrapped_view(request, *args, **kwargs): """ Wrapped function for decorator """ for b in browsers: if checkBrowser(request, b): return errorResponse(request) return view_func(request, *args, **kwargs) return _wrapped_view return wrap
def login(request, tag=None): from uds.web.forms.LoginForm import LoginForm from uds.web.util.authentication import checkLogin from uds.core.auths.auth import webLogin from django.http import HttpResponseRedirect # Default empty form if request.method == 'POST': form = LoginForm(request.POST, tag=tag) user, data = checkLogin(request, form, tag) if user: response = HttpResponseRedirect(reverse('page.index')) webLogin(request, response, user, data) # data is user password here else: # If error is numeric, redirect... # Error, set error on session for process for js if isinstance(data, int): return errorView(request, data) request.session['errors'] = [data] return index(request) else: response = index(request) return response
def login(request: ExtendedHttpRequest, tag: typing.Optional[str] = None) -> HttpResponse: # Default empty form logger.debug('Tag: %s', tag) if request.method == 'POST': request.session['restricted'] = False # Access is from login form = LoginForm(request.POST, tag=tag) user, data = checkLogin(request, form, tag) if user: response = HttpResponseRedirect(reverse('page.index')) # save tag, weblogin will clear session tag = request.session.get('tag') auth.webLogin(request, response, user, data) # data is user password here # And restore tag request.session['tag'] = tag else: # If error is numeric, redirect... # Error, set error on session for process for js time.sleep(2) # On failure, wait a bit... if isinstance(data, int): return errors.errorView(request, data) request.session['errors'] = [data] return index(request) else: request.session['tag'] = tag response = index(request) return response
def _wrapped_view(request, *args, **kwargs): from uds.web.util import errors for k in kwargs.keys(): if k[:2] == 'id': try: kwargs[k] = unscrambleId(request, kwargs[k]) except Exception: return errors.errorView(request, errors.INVALID_REQUEST) return view_func(request, *args, **kwargs)
def transportOwnLink(request: 'HttpRequest', idService: str, idTransport: str): try: res = userServiceManager().getService(request.user, request.os, request.ip, idService, idTransport) ip, userService, iads, trans, itrans = res # pylint: disable=unused-variable # This returns a response object in fact if itrans and ip: return itrans.getLink(userService, trans, ip, request.os, request.user, webPassword(request), request) except ServiceNotReadyError as e: return errors.exceptionView(request, e) except Exception as e: logger.exception("Exception") return errors.exceptionView(request, e) # Will never reach this return errors.errorView(request, errors.UNKNOWN_ERROR)
def login(request: HttpRequest, tag: typing.Optional[str] = None) -> HttpResponse: # Default empty form if request.method == 'POST': form = LoginForm(request.POST, tag=tag) user, data = checkLogin(request, form, tag) if user: response = HttpResponseRedirect(reverse('page.index')) auth.webLogin(request, response, user, data) # data is user password here else: # If error is numeric, redirect... # Error, set error on session for process for js if isinstance(data, int): return errors.errorView(request, data) request.session['errors'] = [data] return index(request) else: request.session['tag'] = tag response = index(request) return response
def login(request, tag=None): """ View responsible of logging in an user :param request: http request :param tag: tag of login auth """ # request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt()) response = None # Default empty form form = LoginForm(tag=tag) if request.method == 'POST': form = LoginForm(request.POST, tag=tag) user, data = checkLogin(request, form, tag) if user: response = HttpResponseRedirect(reverse('uds.web.views.index')) webLogin(request, response, user, data) # data is user password here else: # error, data = error if isinstance(data, int): return errors.errorView(request, data) # Error to notify form.add_error(None, data) if response is None: response = render(request, theme.template('login.html'), { 'form': form, 'authenticators': Authenticator.getByTag(tag), 'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True), 'version': VERSION } ) getUDSCookie(request, response) return response
def ticketAuth(request: 'HttpRequest', ticketId: str) -> HttpResponse: # pylint: disable=too-many-locals,too-many-branches,too-many-statements """ Used to authenticate an user via a ticket """ try: data = TicketStore.get(ticketId, invalidate=True) try: # Extract ticket.data from ticket.data storage, and remove it if success username = data['username'] groups = data['groups'] auth = data['auth'] realname = data['realname'] servicePool = data['servicePool'] password = cryptoManager().decrypt(data['password']) transport = data['transport'] except Exception: logger.error('Ticket stored is not valid') raise auths.exceptions.InvalidUserException() auth = Authenticator.objects.get(uuid=auth) # If user does not exists in DB, create it right now # Add user to groups, if they exists... grps: typing.List = [] for g in groups: try: grps.append(auth.groups.get(uuid=g)) except Exception: logger.debug('Group list has changed since ticket assignment') if not grps: logger.error('Ticket has no valid groups') raise Exception('Invalid ticket authentication') usr = auth.getOrCreateUser(username, realname) if usr is None or State.isActive( usr.state) is False: # If user is inactive, raise an exception raise auths.exceptions.InvalidUserException() # Add groups to user (replace existing groups) usr.groups.set(grps) # Force cookie generation webLogin(request, None, usr, password) request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session request.session[ 'ticket'] = '1' # Store that user access is done using ticket # Override and recalc transport based on current os transport = None logger.debug("Service & transport: %s, %s", servicePool, transport) # Check if servicePool is part of the ticket if servicePool: # If service pool is in there, also is transport res = userServiceManager().getService(request.user, request.os, request.ip, 'F' + servicePool, transport, False) _, userService, _, transport, _ = res transportInstance = transport.getInstance() if transportInstance.ownLink is True: link = reverse('TransportOwnLink', args=('A' + userService.uuid, transport.uuid)) else: link = html.udsAccessLink(request, 'A' + userService.uuid, transport.uuid) request.session['launch'] = link response = HttpResponseRedirect(reverse('page.ticket.launcher')) else: response = HttpResponseRedirect(reverse('page.index')) # Now ensure uds cookie is at response getUDSCookie(request, response, True) return response except ServiceNotReadyError as e: return errors.errorView(request, errors.SERVICE_NOT_READY) except TicketStore.InvalidTicket: return errors.errorView(request, errors.RELOAD_NOT_SUPPORTED) except Authenticator.DoesNotExist: logger.error('Ticket has an non existing authenticator') return errors.errorView(request, errors.ACCESS_DENIED) except ServicePool.DoesNotExist: logger.error('Ticket has an invalid Service Pool') return errors.errorView(request, errors.SERVICE_NOT_FOUND) except Exception as e: logger.exception('Exception') return errors.exceptionView(request, e)