def transportOwnLink(request: 'ExtendedHttpRequestWithUser', idService: str,
idTransport: str):
response: typing.MutableMapping[str, typing.Any] = {}
# For type checkers to "be happy"
try:
res = userServiceManager().getService(request.user, request.os,
request.ip, idService,
idTransport)
ip, userService, iads, trans, itrans = res # pylint: disable=unused-variable
# This returns a response object in fact
if itrans and ip:
response = {
'url':
itrans.getLink(
userService,
trans,
ip,
request.os,
request.user,
webPassword(request),
request,
)
}
except ServiceNotReadyError as e:
response = {'running': e.code * 25}
except Exception as e:
logger.exception("Exception")
response = {'error': str(e)}
return HttpResponse(content=json.dumps(response),
content_type='application/json')
# Will never reach this
return errors.errorView(request, errors.UNKNOWN_ERROR)
def denyBrowsers(browsers=None,
errorResponse=lambda request: errors.errorView(
request, errors.BROWSER_NOT_SUPPORTED)):
"""
Decorator to set protection to access page
Look for samples at uds.core.web.views
"""
if browsers is None:
browsers = ['ie<9']
def wrap(view_func):
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
"""
Wrapped function for decorator
"""
for b in browsers:
if checkBrowser(request, b):
return errorResponse(request)
return view_func(request, *args, **kwargs)
return _wrapped_view
return wrap
def denyBrowsers(
browsers: typing.Optional[typing.List[str]] = None,
errorResponse: typing.Callable = lambda request: errors.errorView(
request, errors.BROWSER_NOT_SUPPORTED)
) -> typing.Callable[[typing.Callable[..., RT]], typing.Callable[..., RT]]:
"""
Decorator to set protection to access page
Look for samples at uds.core.web.views
"""
denied: typing.List[str] = browsers or ['ie<9']
def wrap(view_func: typing.Callable[..., RT]) -> typing.Callable[..., RT]:
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs) -> RT:
"""
Wrapped function for decorator
"""
for b in denied:
if checkBrowser(request, b):
return errorResponse(request)
return view_func(request, *args, **kwargs)
return _wrapped_view
return wrap
def denyBrowsers(browsers=None, errorResponse=lambda request: errors.errorView(request, errors.BROWSER_NOT_SUPPORTED)):
"""
Decorator to set protection to access page
Look for samples at uds.core.web.views
"""
if browsers is None:
browsers = ['ie<9']
def wrap(view_func):
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
"""
Wrapped function for decorator
"""
for b in browsers:
if checkBrowser(request, b):
return errorResponse(request)
return view_func(request, *args, **kwargs)
return _wrapped_view
return wrap
def login(request, tag=None):
from uds.web.forms.LoginForm import LoginForm
from uds.web.util.authentication import checkLogin
from uds.core.auths.auth import webLogin
from django.http import HttpResponseRedirect
# Default empty form
if request.method == 'POST':
form = LoginForm(request.POST, tag=tag)
user, data = checkLogin(request, form, tag)
if user:
response = HttpResponseRedirect(reverse('page.index'))
webLogin(request, response, user, data) # data is user password here
else:
# If error is numeric, redirect...
# Error, set error on session for process for js
if isinstance(data, int):
return errorView(request, data)
request.session['errors'] = [data]
return index(request)
else:
response = index(request)
return response
def login(request, tag=None):
from uds.web.forms.LoginForm import LoginForm
from uds.web.util.authentication import checkLogin
from uds.core.auths.auth import webLogin
from django.http import HttpResponseRedirect
# Default empty form
if request.method == 'POST':
form = LoginForm(request.POST, tag=tag)
user, data = checkLogin(request, form, tag)
if user:
response = HttpResponseRedirect(reverse('page.index'))
webLogin(request, response, user,
data) # data is user password here
else:
# If error is numeric, redirect...
# Error, set error on session for process for js
if isinstance(data, int):
return errorView(request, data)
request.session['errors'] = [data]
return index(request)
else:
response = index(request)
return response
def login(request: ExtendedHttpRequest,
tag: typing.Optional[str] = None) -> HttpResponse:
# Default empty form
logger.debug('Tag: %s', tag)
if request.method == 'POST':
request.session['restricted'] = False # Access is from login
form = LoginForm(request.POST, tag=tag)
user, data = checkLogin(request, form, tag)
if user:
response = HttpResponseRedirect(reverse('page.index'))
# save tag, weblogin will clear session
tag = request.session.get('tag')
auth.webLogin(request, response, user,
data) # data is user password here
# And restore tag
request.session['tag'] = tag
else:
# If error is numeric, redirect...
# Error, set error on session for process for js
time.sleep(2) # On failure, wait a bit...
if isinstance(data, int):
return errors.errorView(request, data)
request.session['errors'] = [data]
return index(request)
else:
request.session['tag'] = tag
response = index(request)
return response
def _wrapped_view(request, *args, **kwargs):
from uds.web.util import errors
for k in kwargs.keys():
if k[:2] == 'id':
try:
kwargs[k] = unscrambleId(request, kwargs[k])
except Exception:
return errors.errorView(request, errors.INVALID_REQUEST)
return view_func(request, *args, **kwargs)
def _wrapped_view(request, *args, **kwargs):
from uds.web.util import errors
for k in kwargs.keys():
if k[:2] == 'id':
try:
kwargs[k] = unscrambleId(request, kwargs[k])
except Exception:
return errors.errorView(request, errors.INVALID_REQUEST)
return view_func(request, *args, **kwargs)
def transportOwnLink(request: 'HttpRequest', idService: str, idTransport: str):
try:
res = userServiceManager().getService(request.user, request.os,
request.ip, idService,
idTransport)
ip, userService, iads, trans, itrans = res # pylint: disable=unused-variable
# This returns a response object in fact
if itrans and ip:
return itrans.getLink(userService, trans, ip, request.os,
request.user, webPassword(request), request)
except ServiceNotReadyError as e:
return errors.exceptionView(request, e)
except Exception as e:
logger.exception("Exception")
return errors.exceptionView(request, e)
# Will never reach this
return errors.errorView(request, errors.UNKNOWN_ERROR)
def login(request: HttpRequest, tag: typing.Optional[str] = None) -> HttpResponse:
# Default empty form
if request.method == 'POST':
form = LoginForm(request.POST, tag=tag)
user, data = checkLogin(request, form, tag)
if user:
response = HttpResponseRedirect(reverse('page.index'))
auth.webLogin(request, response, user, data) # data is user password here
else:
# If error is numeric, redirect...
# Error, set error on session for process for js
if isinstance(data, int):
return errors.errorView(request, data)
request.session['errors'] = [data]
return index(request)
else:
request.session['tag'] = tag
response = index(request)
return response
def login(request, tag=None):
"""
View responsible of logging in an user
:param request: http request
:param tag: tag of login auth
"""
# request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt())
response = None
# Default empty form
form = LoginForm(tag=tag)
if request.method == 'POST':
form = LoginForm(request.POST, tag=tag)
user, data = checkLogin(request, form, tag)
if user:
response = HttpResponseRedirect(reverse('uds.web.views.index'))
webLogin(request, response, user, data) # data is user password here
else: # error, data = error
if isinstance(data, int):
return errors.errorView(request, data)
# Error to notify
form.add_error(None, data)
if response is None:
response = render(request,
theme.template('login.html'),
{
'form': form,
'authenticators': Authenticator.getByTag(tag),
'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True),
'version': VERSION
}
)
getUDSCookie(request, response)
return response
def ticketAuth(request: 'HttpRequest', ticketId: str) -> HttpResponse: # pylint: disable=too-many-locals,too-many-branches,too-many-statements
"""
Used to authenticate an user via a ticket
"""
try:
data = TicketStore.get(ticketId, invalidate=True)
try:
# Extract ticket.data from ticket.data storage, and remove it if success
username = data['username']
groups = data['groups']
auth = data['auth']
realname = data['realname']
servicePool = data['servicePool']
password = cryptoManager().decrypt(data['password'])
transport = data['transport']
except Exception:
logger.error('Ticket stored is not valid')
raise auths.exceptions.InvalidUserException()
auth = Authenticator.objects.get(uuid=auth)
# If user does not exists in DB, create it right now
# Add user to groups, if they exists...
grps: typing.List = []
for g in groups:
try:
grps.append(auth.groups.get(uuid=g))
except Exception:
logger.debug('Group list has changed since ticket assignment')
if not grps:
logger.error('Ticket has no valid groups')
raise Exception('Invalid ticket authentication')
usr = auth.getOrCreateUser(username, realname)
if usr is None or State.isActive(
usr.state) is False: # If user is inactive, raise an exception
raise auths.exceptions.InvalidUserException()
# Add groups to user (replace existing groups)
usr.groups.set(grps)
# Force cookie generation
webLogin(request, None, usr, password)
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
request.session[
'ticket'] = '1' # Store that user access is done using ticket
# Override and recalc transport based on current os
transport = None
logger.debug("Service & transport: %s, %s", servicePool, transport)
# Check if servicePool is part of the ticket
if servicePool:
# If service pool is in there, also is transport
res = userServiceManager().getService(request.user, request.os,
request.ip,
'F' + servicePool, transport,
False)
_, userService, _, transport, _ = res
transportInstance = transport.getInstance()
if transportInstance.ownLink is True:
link = reverse('TransportOwnLink',
args=('A' + userService.uuid, transport.uuid))
else:
link = html.udsAccessLink(request, 'A' + userService.uuid,
transport.uuid)
request.session['launch'] = link
response = HttpResponseRedirect(reverse('page.ticket.launcher'))
else:
response = HttpResponseRedirect(reverse('page.index'))
# Now ensure uds cookie is at response
getUDSCookie(request, response, True)
return response
except ServiceNotReadyError as e:
return errors.errorView(request, errors.SERVICE_NOT_READY)
except TicketStore.InvalidTicket:
return errors.errorView(request, errors.RELOAD_NOT_SUPPORTED)
except Authenticator.DoesNotExist:
logger.error('Ticket has an non existing authenticator')
return errors.errorView(request, errors.ACCESS_DENIED)
except ServicePool.DoesNotExist:
logger.error('Ticket has an invalid Service Pool')
return errors.errorView(request, errors.SERVICE_NOT_FOUND)
except Exception as e:
logger.exception('Exception')
return errors.exceptionView(request, e)