Exemplo n.º 1
0
    def get(self):
        # deferred.defer(add_permissions_schema_update.AddPermissionsSchemaUpdate)
        # self.response.out.write('Schema migration successfully initiated.')
        login_success = 0
        login_failures = 0

        orgs = organization.Organization.all()
        for org in orgs:
            del org._password_hash_list[:]
            if generate_hash.recursive_hash(
                    org.password) not in org._password_hash_list:
                org._password_hash_list.append(
                    generate_hash.recursive_hash(org.password))
                organization.PutAndCache(org)
        # log. Save old?
        for org in orgs:
            if generate_hash.recursive_hash(
                    org.password) in org._password_hash_list:
                login_success += 1
            else:
                login_failures += 1

        self.response.out.write('Passwords updated<br>')
        self.response.out.write("Login successes: %s<br>" % login_success)
        self.response.out.write("Login failures: %s<br>" % login_failures)
Exemplo n.º 2
0
def PutAndCache(organization, cache_time=600):
    if organization.password:
        if not generate_hash.recursive_hash(
                organization.password) in organization._password_hash_list:
            organization._password_hash_list.append(
                generate_hash.recursive_hash(organization.password))

    organization.put()
    return memcache.set(cache_prefix + str(organization.key().id()),
                        (organization, OrgToDict(organization)),
                        time=cache_time)
    def AuthenticatedPost(self, org, event):
        name = self.request.get("name")
        event_name = self.request.get("event")
        password = self.request.get("password")

        event = event_db.Event.all().filter("name =", event_name).get()
        org = organization.Organization.all().filter("name =", name).filter("incidents =", event.key()).get()
        password_hash = generate_hash.recursive_hash(password)
        if password_hash in org._password_hash_list:
            org._password_hash_list.remove(password_hash)
            org._password_hash_list = list(set(org._password_hash_list))
            organization.PutAndCache(org)
            self.redirect("/admin?message=Password deleted.")
        else:
            self.redirect("/admin-delete-password?message=That password doesn't exist for this org. Select an incident to try again.")
    def AuthenticatedPost(self, org, event):
        name = self.request.get("name")
        form = GetOrganizationForm(self.request.POST)
        event_name = None
        if form.event.data:
            event_name = form.event.data
        if event_name == "None" or event_name == None:
            event_name = self.request.get("event_name")
        logging.info("new password")
        logging.info(name)
        logging.info(event_name)
        password = self.request.get("password")
        # raise Exception(event_name)

        if self.request.get("accept") == "true":
            event_name = self.request.get("event_name")
            this_event = event_db.Event.all().filter("name =",
                                                     event_name).get()
            org = organization.Organization.all().filter(
                "name =", name).filter("incidents =", this_event.key()).get()
            password_hash = generate_hash.recursive_hash(password)
            if org:
                if password_hash in org._password_hash_list:
                    self.rediect(
                        "/admin?message=That password already exists for that organization"
                    )
                    return
                org._password_hash_list.append(password_hash)
                org._password_hash_list = list(set(org._password_hash_list))
                organization.PutAndCache(org)
                audit = audit_db.new_password(org, password_hash)
                url = "/admin?message=New password added to " + name + " working on " + event_name
                self.redirect(url)
                return
            else:
                url = "/admin-generate-new-password?error_message=Could not find " + name + "for: " + event_name
                self.redirect(url)
                return

        password = random_password.generate_password()
        template_params = page_db.get_page_block_dict()
        template_params.update({
            "password": password,
            "name": name,
            "event_name": event_name
        })
        self.response.out.write(post_template.render(template_params))
Exemplo n.º 5
0
    def AuthenticatedPost(self, org, event):
        name = self.request.get("name")
        event_name = self.request.get("event")
        password = self.request.get("password")

        event = event_db.Event.all().filter("name =", event_name).get()
        org = organization.Organization.all().filter("name =", name).filter(
            "incidents =", event.key()).get()
        password_hash = generate_hash.recursive_hash(password)
        if password_hash in org._password_hash_list:
            org._password_hash_list.remove(password_hash)
            org._password_hash_list = list(set(org._password_hash_list))
            organization.PutAndCache(org)
            self.redirect("/admin?message=Password deleted.")
        else:
            self.redirect(
                "/admin-delete-password?message=That password doesn't exist for this org. Select an incident to try again."
            )
  def post(self):
    # raise Exception(self.request)
    now = datetime.datetime.now()
    form = GetOrganizationForm(self.request.POST)
    if not form.validate():
      self.redirect('/authentication')
    event = None
    for e in event_db.Event.gql(
    "WHERE name = :name LIMIT 1", name = form.event.data):
        event = e

    # check org and incident match
    org = None
    selected_org_name = self.request.get("name")
    if selected_org_name == "Other":
      selected_org_name = self.request.get("existing-organization")
    if selected_org_name == "Admin":
      # admin user
      for x in organization.Organization.gql(
    "WHERE name = :name LIMIT 1", name=selected_org_name
      ):
        org = x
    else:
      # regular user
      for x in organization.Organization.gql(
    "WHERE name = :name AND incidents = :incident LIMIT 1",
          name=selected_org_name,
          incident=event.key()
      ):
        org = x
      if org is None:
          # try legacy incident field
          for x in organization.Organization.gql(
              "WHERE name = :name and incident = :incident LIMIT 1",
              name=selected_org_name,
              incident=event.key()
          ):
              org = x

    # handle verified+active existing org joining new incident
    if not org and selected_org_name == 'Other':
        existing_org_name = self.request.get("existing-organization")
        for x in organization.Organization.gql(
            "WHERE name = :name LIMIT 1", name=existing_org_name):
            org = x

    # hash here, test if event and org and password_hash(form.password.data) in org.password_hash_list
    if event and org and generate_hash.recursive_hash(form.password.data) in org._password_hash_list and audit_db.login(org_name = org.name, ip=self.request.remote_addr, org = org, password_hash = generate_hash.recursive_hash(form.password.data), event_name = event.name, email=self.request.get("email")):
    # if event and org and org.password == form.password.data:
      # login was successful
      # (temp) force migration of org.incident -> org.incidents
      unicode(org.incidents)

      # add org to incident if not already allowed
      if not org.may_access(event):
          org.join(event)
          logging.info(
            u"authentication_handler: "
            u"Existing organization %s has joined incident %s." % (
                org.name, event.name
            )
          )

          # email administrators
          review_url = "%s://%s/admin-single-organization?organization=%s" % (
              urlparse(self.request.url).scheme,
              urlparse(self.request.url).netloc,
              org.key().id()
          )
          organization_form = organization.OrganizationForm(None, org)
          email_administrators_using_templates(
            event=event,
            subject_template_name='organization_joins_incident.to_admins.subject.txt',
            body_template_name='organization_joins_incident.to_admins.body.txt',
            organization=org,
            review_url=review_url,
            organization_form=organization_form,
          )
          org.save()

      # timestamp login
      now = datetime.datetime.utcnow()
      org.timestamp_login = now
      org.save()
      event.timestamp_last_login = now
      event.save()

      # create login key
      keys = key.Key.all()
      keys.order("date")
      selected_key = None
      for k in keys:
        age = now - k.date
        # Only use keys created in about the last day,
        # and garbage collect keys older than 2 days.
        if age.days > 14:
          k.delete()
        elif age.days <= 1:
          selected_key = k
      if not selected_key:
        selected_key = key.Key(
            secret_key = ''.join(random.choice(
                string.ascii_uppercase + string.digits)
                                  for x in range(20)))
        selected_key.put()

      # set cookie of org and event
      self.response.headers.add_header("Set-Cookie",
                                       selected_key.getCookie(org, event))
      self.redirect(urllib.unquote(self.request.get('destination', default_value='/').encode('ascii')))
    else:
      audit_db.bad_login(ip=self.request.remote_addr)
      self.redirect(self.request.url + "?error_message=Incorrect Organization and Passcode Combination")
Exemplo n.º 7
0
    def post(self):
        # raise Exception(self.request)
        now = datetime.datetime.now()
        form = GetOrganizationForm(self.request.POST)
        if not form.validate():
            self.redirect('/authentication')
        event = None
        for e in event_db.Event.gql("WHERE name = :name LIMIT 1",
                                    name=form.event.data):
            event = e

        # check org and incident match
        org = None
        selected_org_name = self.request.get("name")
        if selected_org_name == "Other":
            selected_org_name = self.request.get("existing-organization")
        if selected_org_name == "Admin":
            # admin user
            for x in organization.Organization.gql(
                    "WHERE name = :name LIMIT 1", name=selected_org_name):
                org = x
        else:
            # regular user
            for x in organization.Organization.gql(
                    "WHERE name = :name AND incidents = :incident LIMIT 1",
                    name=selected_org_name,
                    incident=event.key()):
                org = x
            if org is None:
                # try legacy incident field
                for x in organization.Organization.gql(
                        "WHERE name = :name and incident = :incident LIMIT 1",
                        name=selected_org_name,
                        incident=event.key()):
                    org = x

        # handle verified+active existing org joining new incident
        if not org and selected_org_name == 'Other':
            existing_org_name = self.request.get("existing-organization")
            for x in organization.Organization.gql(
                    "WHERE name = :name LIMIT 1", name=existing_org_name):
                org = x

        # hash here, test if event and org and password_hash(form.password.data) in org.password_hash_list
        if event and org and generate_hash.recursive_hash(
                form.password.data
        ) in org._password_hash_list and audit_db.login(
                org_name=org.name,
                ip=self.request.remote_addr,
                org=org,
                password_hash=generate_hash.recursive_hash(form.password.data),
                event_name=event.name,
                email=self.request.get("email")):
            # if event and org and org.password == form.password.data:
            # login was successful
            # (temp) force migration of org.incident -> org.incidents
            unicode(org.incidents)

            # add org to incident if not already allowed
            if not org.may_access(event):
                org.join(event)
                logging.info(
                    u"authentication_handler: "
                    u"Existing organization %s has joined incident %s." %
                    (org.name, event.name))

                # email administrators
                review_url = "%s://%s/admin-single-organization?organization=%s" % (
                    urlparse(self.request.url).scheme,
                    urlparse(self.request.url).netloc, org.key().id())
                organization_form = organization.OrganizationForm(None, org)
                email_administrators_using_templates(
                    event=event,
                    subject_template_name=
                    'organization_joins_incident.to_admins.subject.txt',
                    body_template_name=
                    'organization_joins_incident.to_admins.body.txt',
                    organization=org,
                    review_url=review_url,
                    organization_form=organization_form,
                )
                org.save()

            # timestamp login
            now = datetime.datetime.utcnow()
            org.timestamp_login = now
            org.save()
            event.timestamp_last_login = now
            event.save()

            # create login key
            keys = key.Key.all()
            keys.order("date")
            selected_key = None
            for k in keys:
                age = now - k.date
                # Only use keys created in about the last day,
                # and garbage collect keys older than 2 days.
                if age.days > 14:
                    k.delete()
                elif age.days <= 1:
                    selected_key = k
            if not selected_key:
                selected_key = key.Key(secret_key=''.join(
                    random.choice(string.ascii_uppercase + string.digits)
                    for x in range(20)))
                selected_key.put()

            # set cookie of org and event
            self.response.headers.add_header(
                "Set-Cookie", selected_key.getCookie(org, event))
            self.redirect(
                urllib.unquote(
                    self.request.get('destination',
                                     default_value='/').encode('ascii')))
        else:
            audit_db.bad_login(ip=self.request.remote_addr)
            self.redirect(
                self.request.url +
                "?error_message=Incorrect Organization and Passcode Combination"
            )