def before_request():
"""
This is executed before the request.
user_required checks if there is a logged in admin or user
The checks for ONLY admin are preformed in api/system.py
"""
# remove session from param and gather all parameters, either
# from the Form data or from JSON in the request body.
ensure_no_config_object()
request.all_data = get_all_params(request.values, request.data)
if g.logged_in_user.get("role") == "user":
# A user is calling this API. First thing we do is restricting the user parameter.
# ...to restrict token view, audit view or token actions.
request.all_data["user"] = g.logged_in_user.get("username")
request.all_data["realm"] = g.logged_in_user.get("realm")
try:
request.User = get_user_from_param(request.all_data)
# overwrite or set the resolver parameter in case of a logged in user
if g.logged_in_user.get("role") == "user":
request.all_data["resolver"] = request.User.resolver
except AttributeError:
# Some endpoints do not need users OR e.g. the setPolicy endpoint
# takes a list as the userobject
request.User = None
except UserError:
# In cases like the policy API, the parameter "user" is part of the
# policy and will not resolve to a user object
request.User = User()
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Already get some typical parameters to log
serial = getParam(request.all_data, "serial")
if serial:
tokentype = get_token_type(serial)
else:
tokentype = None
if request.User:
audit_username = request.User.login
audit_realm = request.User.realm
audit_resolver = request.User.resolver
else:
audit_realm = getParam(request.all_data, "realm")
audit_resolver = getParam(request.all_data, "resolver")
audit_username = getParam(request.all_data, "user")
g.audit_object.log({
"success":
False,
"serial":
serial,
"user":
audit_username,
"realm":
audit_realm,
"resolver":
audit_resolver,
"token_type":
tokentype,
"client":
g.client_ip,
"client_user_agent":
request.user_agent.browser,
"privacyidea_server":
privacyidea_server,
"action":
"{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail":
"",
"info":
""
})
if g.logged_in_user.get("role") == "admin":
# An administrator is calling this API
g.audit_object.log({"administrator": g.logged_in_user.get("username")})
def test_03_get_token_type(self):
ttype = get_token_type("hotptoken")
self.assertTrue(ttype == "hotp", ttype)
def test_03_get_token_type(self):
ttype = get_token_type("hotptoken")
self.assertTrue(ttype == "hotp", ttype)
def before_request():
"""
This is executed before the request.
user_required checks if there is a logged in admin or user
The checks for ONLY admin are preformed in api/system.py
"""
# remove session from param and gather all parameters, either
# from the Form data or from JSON in the request body.
g.config_object = ConfigClass()
request.all_data = get_all_params(request.values, request.data)
try:
request.User = get_user_from_param(request.all_data)
except AttributeError:
# Some endpoints do not need users OR e.g. the setPolicy endpoint
# takes a list as the userobject
request.User = None
except UserError:
# In cases like the policy API, the parameter "user" is part of the
# policy and will not resolve to a user object
request.User = User()
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Already get some typical parameters to log
serial = getParam(request.all_data, "serial")
if serial and "**" not in serial:
tokentype = get_token_type(serial)
else:
tokentype = None
realm = getParam(request.all_data, "realm")
user_loginname = ""
resolver = ""
if "token_blueprint" in request.endpoint:
# In case of token endpoint we evaluate the user in the request.
# Note: In policy-endpoint "user" is part of the policy configuration
# and will cause an exception
user = get_user_from_param(request.all_data)
user_loginname = user.login
realm = user.realm or realm
resolver = user.resolver
g.audit_object.log({
"success":
False,
"serial":
serial,
"user":
user_loginname,
"realm":
realm,
"resolver":
resolver,
"token_type":
tokentype,
"client":
g.client_ip,
"client_user_agent":
request.user_agent.browser,
"privacyidea_server":
privacyidea_server,
"action":
"{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail":
"",
"info":
""
})
if g.logged_in_user.get("role") == "user":
# A user is calling this API
# In case the token API is called by the user and not by the admin we
# need to restrict the token view.
CurrentUser = get_user_from_param({
"user":
g.logged_in_user.get("username"),
"realm":
g.logged_in_user.get("realm")
})
request.all_data["user"] = CurrentUser.login
request.all_data["resolver"] = CurrentUser.resolver
request.all_data["realm"] = CurrentUser.realm
g.audit_object.log({
"user": CurrentUser.login,
"resolver": CurrentUser.resolver,
"realm": CurrentUser.realm
})
else:
# An administrator is calling this API
g.audit_object.log({"administrator": g.logged_in_user.get("username")})
def before_request():
"""
This is executed before the request.
user_required checks if there is a logged in admin or user
The checks for ONLY admin are preformed in api/system.py
"""
# remove session from param and gather all parameters, either
# from the Form data or from JSON in the request body.
g.config_object = ConfigClass()
request.all_data = get_all_params(request.values, request.data)
try:
request.User = get_user_from_param(request.all_data)
except AttributeError:
# Some endpoints do not need users OR e.g. the setPolicy endpoint
# takes a list as the userobject
request.User = None
except UserError:
# In cases like the policy API, the parameter "user" is part of the
# policy and will not resolve to a user object
pass
g.policy_object = PolicyClass()
g.audit_object = getAudit(current_app.config)
g.event_config = EventConfiguration()
# access_route contains the ip adresses of all clients, hops and proxies.
g.client_ip = get_client_ip(request,
get_from_config(SYSCONF.OVERRIDECLIENT))
privacyidea_server = current_app.config.get("PI_AUDIT_SERVERNAME") or \
request.host
# Already get some typical parameters to log
serial = getParam(request.all_data, "serial")
if serial and "**" not in serial:
tokentype = get_token_type(serial)
else:
tokentype = None
realm = getParam(request.all_data, "realm")
user_loginname = ""
resolver = ""
if "token_blueprint" in request.endpoint:
# In case of token endpoint we evaluate the user in the request.
# Note: In policy-endpoint "user" is part of the policy configuration
# and will cause an exception
user = get_user_from_param(request.all_data)
user_loginname = user.login
realm = user.realm or realm
resolver = user.resolver
g.audit_object.log({"success": False,
"serial": serial,
"user": user_loginname,
"realm": realm,
"resolver": resolver,
"token_type": tokentype,
"client": g.client_ip,
"client_user_agent": request.user_agent.browser,
"privacyidea_server": privacyidea_server,
"action": "{0!s} {1!s}".format(request.method, request.url_rule),
"action_detail": "",
"info": ""})
if g.logged_in_user.get("role") == "user":
# A user is calling this API
# In case the token API is called by the user and not by the admin we
# need to restrict the token view.
CurrentUser = get_user_from_param({"user":
g.logged_in_user.get(
"username"),
"realm": g.logged_in_user.get(
"realm")})
request.all_data["user"] = CurrentUser.login
request.all_data["resolver"] = CurrentUser.resolver
request.all_data["realm"] = CurrentUser.realm
g.audit_object.log({"user": CurrentUser.login,
"resolver": CurrentUser.resolver,
"realm": CurrentUser.realm})
else:
# An administrator is calling this API
g.audit_object.log({"administrator": g.logged_in_user.get("username")})
