def get(self):
user_id = identify_user(self)
execution_service = self.application.execution_service
active_executions = execution_service.get_active_executions(user_id)
self.write(json.dumps(active_executions))
def wrapper(self, *args, **kwargs):
if not has_admin_rights(self):
user_id = identify_user(self)
LOGGER.warning('User %s (%s) tried to access admin REST service %s',
user_id, get_audit_name_from_request(self), self.request.path)
raise tornado.web.HTTPError(403, 'Access denied')
return func(self, *args, **kwargs)
def open(self, user, execution_id):
auth = self.application.auth
if not auth.is_authenticated(self):
return None
execution_service = self.application.execution_service
try:
self.executor = execution_service.get_active_executor(
execution_id, get_user(self))
except Exception as e:
self.handle_exception_on_open(e)
return
self.ioloop = tornado.ioloop.IOLoop.current()
self.write_message(wrap_to_server_event('input', 'your input >>'))
user_id = identify_user(self)
output_stream = execution_service.get_raw_output_stream(
execution_id, user_id)
pipe_output_to_http(output_stream, self.safe_write)
file_download_feature = self.application.file_download_feature
web_socket = self
def finished():
try:
downloadable_files = file_download_feature.get_downloadable_files(
execution_id)
for file in downloadable_files:
filename = os.path.basename(file)
url_path = web_socket.prepare_download_url(file)
web_socket.safe_write(
wrap_to_server_event('file', {
'url': url_path,
'filename': filename
}))
except:
LOGGER.exception('Could not prepare downloadable files')
connection = web_socket.ws_connection
if (connection is not None) and (hasattr(connection,
'ping_callback')):
# we need to stop callback explicitly and as soon as possible, to avoid sending ping after close
connection.ping_callback.stop()
output_stream.wait_close(timeout=5)
web_socket.ioloop.add_callback(web_socket.close, code=1000)
file_download_feature.subscribe_on_inline_images(
execution_id, self.send_inline_image)
execution_service.add_finish_listener(finished, execution_id)
def wrapper(self, *args, **kwargs):
auth = self.application.auth
authorizer = self.application.authorizer
login_url = self.get_login_url()
request_path = self.request.path
login_resource = is_allowed_during_login(request_path, login_url, self)
if login_resource:
return func(self, *args, **kwargs)
authenticated = auth.is_authenticated(self)
access_allowed = authenticated and authorizer.is_allowed_in_app(
identify_user(self))
if authenticated and (not access_allowed):
user = identify_user(self)
LOGGER.warning('User ' + user + ' is not allowed')
code = 403
message = 'Access denied. Please contact system administrator'
if isinstance(self, tornado.websocket.WebSocketHandler):
self.close(code=code, reason=message)
else:
raise tornado.web.HTTPError(code, message)
if authenticated and access_allowed:
return func(self, *args, **kwargs)
if not isinstance(self, tornado.web.StaticFileHandler):
message = 'Not authenticated'
code = 401
LOGGER.warning('%s %s %s: user is not authenticated' %
(code, self.request.method, request_path))
if isinstance(self, tornado.websocket.WebSocketHandler):
self.close(code=code, reason=message)
return
else:
raise tornado.web.HTTPError(code, message)
login_url += "?" + urlencode(dict(next=request_path))
redirect_relative(login_url, self)
return
def validate_absolute_path(self, root, absolute_path):
audit_name = get_audit_name_from_request(self)
user_id = identify_user(self)
file_download_feature = self.application.file_download_feature
file_path = file_utils.relative_path(absolute_path, os.path.abspath(root))
if not file_download_feature.allowed_to_download(file_path, user_id):
LOGGER.warning('Access attempt from ' + user_id + '(' + audit_name + ') to ' + absolute_path)
raise tornado.web.HTTPError(403)
return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path):
if not self.application.auth.is_enabled() and (absolute_path.endswith("/login.html")):
raise tornado.web.HTTPError(404)
relative_path = file_utils.relative_path(absolute_path, root)
if self.is_admin_file(relative_path):
if not has_admin_rights(self):
user_id = identify_user(self)
LOGGER.warning('User %s (%s) tried to access admin static file %s',
user_id, get_audit_name_from_request(self), relative_path)
raise tornado.web.HTTPError(403)
return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_execution_id(execution_id, request_handler, only_active=True):
if is_empty(execution_id):
raise tornado.web.HTTPError(400, reason='Execution id is missing')
execution_service = request_handler.application.execution_service
if only_active and (not execution_service.is_active(execution_id)):
raise tornado.web.HTTPError(
400, reason='No (active) executor found for id ' + execution_id)
user_id = identify_user(request_handler)
if not execution_service.can_access(execution_id, user_id):
LOGGER.warning(
'Prohibited access to not owned execution #%s (user=%s)',
execution_id, str(user_id))
raise tornado.web.HTTPError(
403, reason='Prohibited access to not owned execution')
def has_admin_rights(request_handler):
user_id = identify_user(request_handler)
return request_handler.application.authorizer.is_admin(user_id)
