def account_create(self):
"""Render the account creation page"""
user = Session.query(Users).get(session['REMOTE_USER'])
if user.logname:
h.flash.set_message(u'You have a login', u'error')
h.redirect('/users/index')
return render('/access/account_create.mako')
def validate(func, self, *args, **kwargs):
if u'REMOTE_USER' in session:
user = Session.query(Users).get(session[u'REMOTE_USER'])
if user.has_access(permission):
return func(self, *args, **kwargs)
else:
h.flash.set_message(u'You don\'t have access to that area.',
'error')
h.redirect(h.url('/'))
#h.redirect_to(u'/')
else:
return func(self, *args, **kwargs)
def sendMail(self):
#check captcha
recaptcha_challenge_field = request.POST.get(
'recaptcha_challenge_field')
recaptcha_response_field = request.POST.get('recaptcha_response_field')
private_key = '6Leg-LwSAAAAAOm95rcbsmX7Ekhc-ehmY9bRW2-R'
remoteip = request.environ['REMOTE_ADDR']
retCaptcha = self.checkCaptcha(recaptcha_challenge_field,
recaptcha_response_field, private_key,
remoteip)
isValid = retCaptcha.split("__")[0]
if isValid == "True":
#collect session variable and send mail to [email protected]
first = request.POST.get('firstname')
last = request.POST.get('lastname')
univ = request.POST.get('university')
dep = request.POST.get('department')
#if 'address' in request.params:
# address = request.POST.get('address')
#if 'postalcode' in request.params:
# postal = request.POST.get('postalcode')
#if 'city' in request.params:
# city = request.POST.get('city')
#if 'country' in request.params:
# country = request.POST.get('country')
if 'type' in request.params:
portal = request.GET.get('get')
else:
portal = 'Amber'
email = request.POST.get('email')
comments = request.POST.get('comments')
scope = request.POST.get('subject')
subject = '%s - %s Web portal' % (scope, portal)
body = "University or Organization: %s\n Department: %s\n email: %s\n\n %s %s says: %s\n" % (
univ, dep, email, first, last, comments)
ret = sendmail('*****@*****.**', "", subject, email, body)
if ret:
msg = 'Your message was successfully delivered.'
h.flash.set_message(msg, 'success')
h.redirect('/users/index')
else:
msg = 'Mail System has encountered an error.If you still wish to proceed, please try again later.'
h.flash.set_message(msg, 'error')
return h.redirect('/feedback/index')
else:
return retCaptcha
def login(self):
"""Check logname and password to login the user"""
logname = request.POST.get('user_name', '')
password = request.POST.get('user_pwd', '')
if password:
password = hashlib.sha1(password).hexdigest()
#c.password = password
if logname:
if password:
member = Session.query(Users).filter(
and_(Users.logname == logname,
Users.removed == False)).first()
if not member:
h.flash.set_message(
'Could not find your logname in the system.', 'error')
elif member.password != password:
h.flash.set_message('Your password is incorrect.', 'error')
else:
# Check for the user home. If the user was created by the admin
# the home field is not in the db. So it's the moment to create it.
if not member.home:
member.home = '%s%s' % (home_dir_prefix, member.id)
Session.add(member)
Session.commit()
# Session variables binding
session['REMOTE_USER'] = member.id
session['LOGNAME'] = member.logname
session['HOME'] = os.path.join(
config['app_conf']['working_dir'], member.home)
session.save()
# Home directory creation
if not os.path.isdir(session['HOME']):
os.makedirs(session['HOME'])
h.flash.set_message('You have successfully logged in.',
'success')
h.redirect('/users/index')
else:
h.flash.set_message('Please type in your password.', 'error')
c.title = session['PORTAL'].upper()
return render('/access/intro.mako')
def account_create_db(self):
"""Update current user record with accounting information
coming from account_crete.mako form"""
user = Session.query(Users).get(session['REMOTE_USER'])
user.email = request.POST.get('email')
user.logname = request.POST.get('logname')
user.home = '%s%s' % (home_dir_prefix, user.id)
user.start_date = datetime.now()
frm = request.POST.get('from')
if frm == 'creation':
logname = Session.query(Users).filter(
Users.logname == user.logname).all()
if logname:
h.flash.set_message(
'Logname already in use. Please choose another one',
'error')
return render('/access/account_create.mako')
user.password = unicode(
hashlib.sha1(request.POST.get('password')).hexdigest(), 'utf-8')
Session.add(user)
Session.commit()
h.flash.set_message(u'Account succesfully created/modified.',
u'success')
h.redirect('/users/index')
def check_mail_local(self, uid):
#mail:
print "acces using email for uid " + uid
print "retrive DB info"
db = MySQLdb.connect(host="", user="", passwd="", db="")
crs = db.cursor()
crs.execute("""SELECT mail,name FROM ssoxs_users WHERE uid=%s""" % uid)
res = crs.fetchone()
if len(res[0]) > 1:
mail = res[0].lower()
#name:
if len(res[1]) > 0:
f = res[1].split()[0]
if len(res[1]) > 0:
if len(res[1].split()) > 1:
l = res[1].split()[1]
else:
l = ""
else:
l = ""
print res
member = Session.query(Users).filter(
and_(Users.email == mail, Users.removed == False)).first()
if not member:
print "########## SSO Create new User using mail ################"
print mail
logname = "SSO" + str(random.randint(100000, 999999))
#try:
# (f, l) = DN.split('/CN=')[1].split()
#except ValueError:
# f = DN.split('/CN=')[1].split()[0]
# l = ' '.join(DN.split('/CN=')[1].split()[1:])
role = Session.query(Role).filter(Role.name == 'Member').first()
save_log("NEW USER NAME " + f + "\n")
save_log("NEW USER LASTNAME " + l + "\n")
new_user = Users()
new_user.firstname = f
new_user.lastname = l
new_user.logname = logname
new_user.dn = ""
new_user.email = mail
new_user.password = "******"
new_user.ssoxs_uid = int(uid)
new_user.roles.append(role)
Session.add(new_user)
Session.commit()
new_user.home = "user_%s" % new_user.id
Session.commit()
session['REMOTE_USER'] = new_user.id
session.save()
c.current_user = Session.query(Users).get(new_user.id)
no_proxy = True
user = Session.query(Users).get(session['REMOTE_USER'])
if user.home:
home = user.home
else:
home = '%s%s' % (home_dir_prefix, user.id)
session['HOME'] = os.path.join(config['app_conf']['working_dir'],
home)
session.save()
if not os.path.isdir(session['HOME']):
os.makedirs(session['HOME'])
h.flash.set_message('You have successfully logged in.', 'success')
h.redirect('/users/index')
else:
# Check for the user home. If the user was created by the admin
# the home field is not in the db. So it's the moment to create it.
if not member.home:
member.home = '%s%s' % (home_dir_prefix, member.id)
Session.add(member)
Session.commit()
if not member.ssoxs_uid:
member.ssoxs_uid = int(uid)
Session.add(member)
Session.commit()
print "protocol mail add ssox_uid" + uid
# Session variables binding
session['REMOTE_USER'] = member.id
session['LOGNAME'] = member.logname
session['HOME'] = os.path.join(config['app_conf']['working_dir'],
member.home)
session.save()
# Home directory creation
if not os.path.isdir(session['HOME']):
os.makedirs(session['HOME'])
h.flash.set_message('You have successfully logged in.', 'success')
h.redirect('/users/index')
session['PORTAL'] = 'oops!'
session.save()
c.title = 'Oops!'
return render('/access/wrongportal.mako')
def redIAM(self):
refresh_token = ''
access_token = ''
access_token_expire = ''
print "SONO in redIAM"
pp = pprint.PrettyPrinter(indent=4)
print "----- primi Rislutlati GET/POST -------"
pp.pprint(request.GET)
pp.pprint(request.POST)
if (len(request.POST) == 0 and request.GET.get("state")):
#esempio di pycurl
#http://stackoverflow.com/questions/6554386/getting-html-with-pycurl
print "faccio il POST"
if (str(request.GET.get("state")) != session['STATE_IAM']):
print "******* access.redIAM TENATIVO INTRUSIONE ******* "
c.title = session['PORTAL'].upper()
return render('/access/intro.mako')
pcode = request.GET.get("code")
postpar = {
"client_id": self.client_id,
"grant_type": "authorization_code",
"redirect_uri": "https://py-enmr.cerm.unifi.it/access/redIAM",
"client_secret": self.client_secret,
"code": str(pcode)
}
url = "https://iam-test.indigo-datacloud.eu/token"
primo = postpy.postpy(postpar, url)
print " PRIMO "
pprint.pprint(primo)
# scope richiesto"scope":"address phone openid email profile offline_access"
if (primo.get('scope')):
csco = str(primo.get('scope'))
print "-----CSCO---------"
print csco
print "-----CSCO---------"
if (("address" in csco and "email" in csco and "phone" in csco
and "openid" in csco and "profile" in csco)
and "offline_access" not in csco):
print "PRIMO CHECK"
if (primo.get('access_token')):
access_token = primo.get('access_token')
else:
print "ACCES TOKEN NON PRESENTE"
c.title = session['PORTAL'].upper()
return render('/access/intro.mako')
url = "https://iam-test.indigo-datacloud.eu/userinfo"
quarto = postpy.getpyuserinfo(url, access_token)
pprint.pprint(quarto)
if (quarto.get('sub')):
subj = str(quarto.get('sub'))
print "SUBJCT TROVATO"
else:
print "SUBJCT NON TROVATO"
c.title = session['PORTAL'].upper()
return render('/access/intro.mako')
user = Session.query(Users).filter(
Users.iam_subject == subj).first()
if not user or len(user.refresh_token) < 5:
c.title = session['PORTAL'].upper()
return render('/access/introIAM.mako')
# User already present in the database
save_log("USER ALRADY PRESENT IN DB \n")
else:
session['REMOTE_USER'] = user.id
# user.access_token = access_token
# user.refresh_token = refresh_token
# user.iam_subject = subj
#session['ACCESS_TOKE'] = access_token
#session['REFRESH_TOKE'] = user.refresh_token
session['REMOTE_USER']
Session.add(user)
Session.commit()
session.save()
c.current_user = user
if user.removed:
return render('/users/user_removed_ssl.html')
# Check for the user's myproxy presence
# if user.myproxy:
## Instantiate the X509Certificate class
# x509 = x509_certificate.X509Certificate()
## Load the myproxy certificate
# ret = x509.load(user.myproxy.myproxy)
# if ret['OK']:
## Check if it's expired
# ret = x509.hasExpired()
# if ret['OK']:
# c.expired = True
# else:
## Get the expiration date
# ret = x509.getNotAfterDate()
# if ret['OK']:
# c.expiration_date = ret['Value']
# else:
# c.message = ret['Message']
# else:
## User hasn't a myproxy certificate
# no_proxy = True
no_proxy = True
# Home directory creation
user = Session.query(Users).get(session['REMOTE_USER'])
if user.home:
home = user.home
else:
home = '%s%s' % (home_dir_prefix, user.id)
session['HOME'] = os.path.join(
config['app_conf']['working_dir'], home)
session.save()
if not os.path.isdir(session['HOME']):
os.makedirs(session['HOME'])
h.flash.set_message('You have successfully logged in.',
'success')
h.redirect('/users/index')
if (not ("address" in csco and "email" in csco
and "phone" in csco and "openid" in csco
and "profile" in csco and "offline_access" in csco)):
print "******* access.redIAM the user doesen't approve all scope in the iam portalitu ******* "
h.flash.set_message('Please approve al access', 'error')
c.title = session['PORTAL'].upper()
return render('/access/intro.mako')
if (primo.get('refresh_token')):
refresh_token = primo.get('refresh_token')
if (primo.get('access_token')):
access_token = primo.get('access_token')
access_token_expire = primo.get('expires_in')
if (primo.get('id_token')):
id_token = primo.get('id_token')
print refresh_token, access_token
print "******************acces_token*******************"
print access_token
#https://cloud.digitalocean.com/v1/oauth/token?grant_type=refresh_token&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN
# postpar = {"client_id":self.client_id,
# "grant_type":"refresh_token",
# "redirect_uri":"https://py-enmr.cerm.unifi.it/access/redIAM",
# "client_secret":self.client_secret,
# "refresh_token":refresh_token}
#url = "https://iam-test.indigo-datacloud.eu/token"
#richiesta refresh token
#secondo = postpy.postpy(postpar,url)
url = "https://iam-test.indigo-datacloud.eu/userinfo"
quarto = postpy.getpyuserinfo(url, access_token)
pprint.pprint(quarto)
if (not quarto.get('email')):
print "******* access.redIAM email not present ******* "
c.title = session['PORTAL'].upper()
return render('/access/intro.mako')
print "-----EMAIL------"
print str(quarto.get('email'))
if (len(str(quarto.get('email')).split("@")) != 2):
print "******* access.redIAM email not correct ******* "
c.title = session['PORTAL'].upper()
return render('/access/intro.mako')
subj = str(quarto.get('sub'))
email = str(quarto.get('email'))
if (str(quarto.get('family_name'))):
f = str(quarto.get('family_name'))
else:
f = "IAM USER"
if (str(quarto.get('given_name'))):
l = str(quarto.get('given_name'))
else:
l = "IAM USER"
user = Session.query(Users).filter(Users.email == email).first()
# New user
print "*******ceck user*****"
pprint.pprint(user)
if not user:
role = Session.query(Role).filter(
Role.name == 'Member').first()
save_log("NEW USER NAME " + f + "\n")
save_log("NEW USER LASTNAME " + l + "\n")
new_user = Users()
new_user.firstname = f
new_user.lastname = l
new_user.access_token = access_token
new_user.refresh_token = refresh_token
new_user.iam_subject = subj
new_user.roles.append(role)
Session.add(new_user)
Session.commit()
session['REMOTE_USER'] = new_user.id
session.save()
c.current_user = Session.query(Users).get(new_user.id)
no_proxy = True
else:
# User already present in the database
save_log("USER ALRADY PRESENT IN DB \n")
session['REMOTE_USER'] = user.id
user.access_token = access_token
user.refresh_token = refresh_token
user.iam_subject = subj
session['ACCESS_TOKE'] = access_token
session['REFRESH_TOKE'] = refresh_token
session['REMOTE_USER']
Session.add(user)
Session.commit()
session.save()
c.current_user = user
if user.removed:
return render('/users/user_removed_ssl.html')
# Check for the user's myproxy presence
# if user.myproxy:
## Instantiate the X509Certificate class
# x509 = x509_certificate.X509Certificate()
## Load the myproxy certificate
# ret = x509.load(user.myproxy.myproxy)
# if ret['OK']:
## Check if it's expired
# ret = x509.hasExpired()
# if ret['OK']:
# c.expired = True
# else:
## Get the expiration date
# ret = x509.getNotAfterDate()
# if ret['OK']:
# c.expiration_date = ret['Value']
# else:
# c.message = ret['Message']
# else:
## User hasn't a myproxy certificate
# no_proxy = True
no_proxy = True
# Home directory creation
user = Session.query(Users).get(session['REMOTE_USER'])
if user.home:
home = user.home
else:
home = '%s%s' % (home_dir_prefix, user.id)
session['HOME'] = os.path.join(config['app_conf']['working_dir'],
home)
session.save()
if not os.path.isdir(session['HOME']):
os.makedirs(session['HOME'])
h.flash.set_message('You have successfully logged in.', 'success')
h.redirect('/users/index')
c.title = session['PORTAL'].upper()
return render('/access/intro.mako')
def check_DN_local(self, DN, uid):
member = Session.query(Users).filter(
and_(Users.dn == DN, Users.removed == False)).first()
if not member:
print "########## SSO Create new User ################"
print DN
#retrive information using xml_rpc from DB
#TODO
#check validity of certifcate
#check DN
#if DN == DNfrom xml_rpc
logname = "SSO" + str(random.randint(100000, 999999))
mail = "*****@*****.**"
try:
(f, l) = DN.split('/CN=')[1].split()
except ValueError:
f = DN.split('/CN=')[1].split()[0]
l = ' '.join(DN.split('/CN=')[1].split()[1:])
role = Session.query(Role).filter(Role.name == 'Member').first()
save_log("NEW USER NAME " + f + "\n")
save_log("NEW USER LASTNAME " + l + "\n")
new_user = Users()
new_user.firstname = f
new_user.lastname = l
new_user.logname = logname
new_user.dn = DN
new_user.email = mail
new_user.ssoxs_uid = int(uid)
new_user.password = "******"
new_user.roles.append(role)
Session.add(new_user)
Session.commit()
new_user.home = "user_%s" % new_user.id
Session.commit()
session['REMOTE_USER'] = new_user.id
session.save()
c.current_user = Session.query(Users).get(new_user.id)
no_proxy = True
user = Session.query(Users).get(session['REMOTE_USER'])
if user.home:
home = user.home
else:
home = '%s%s' % (home_dir_prefix, user.id)
session['HOME'] = os.path.join(config['app_conf']['working_dir'],
home)
session.save()
if not os.path.isdir(session['HOME']):
os.makedirs(session['HOME'])
h.flash.set_message('You have successfully logged in.', 'success')
h.redirect('/users/index')
else:
# Check for the user home. If the user was created by the admin
# the home field is not in the db. So it's the moment to create it.
if not member.home:
member.home = '%s%s' % (home_dir_prefix, member.id)
Session.add(member)
Session.commit()
#update ssoxs_uid
if not member.ssoxs_uid:
member.ssoxs_uid = int(uid)
Session.add(member)
Session.commit()
print "protocol DN add ssox_uid"
# Session variables binding
session['REMOTE_USER'] = member.id
session['LOGNAME'] = member.logname
session['HOME'] = os.path.join(config['app_conf']['working_dir'],
member.home)
session.save()
# Home directory creation
if not os.path.isdir(session['HOME']):
os.makedirs(session['HOME'])
h.flash.set_message('You have successfully logged in.', 'success')
h.redirect('/users/index')
session['PORTAL'] = 'oops!'
session.save()
c.title = 'Oops!'
return render('/access/wrongportal.mako')