def initialize(self, **kwargs): form = PassphraseSubmitForm(request_params()) if form.validate(): crypto_util.configure_crypto_state(form.passphrase.data) raise cherrypy.HTTPRedirect("/") else: return render("startup.html", {'form': form})
def process_add(self, **kwargs): # We don't specify the args explicitly since we are using wtforms here. form = GroupAddForm(request_params()) if form.validate(): group = groups.create(name=form.name.data) auditlog.log(auditlog.CODE_CONTENT_ADD, target=group) notify_entity_activity(group, 'created') raise cherrypy.HTTPRedirect('/group/list') else: return render("group/add.html", {'form': form})
def process_login(self, **kwargs): form = LoginForm(request_params()) # TODO: Refactor to combine with the ensconce.server:checkpassword method. Lots of duplicate # logic here. AT MINIMUM MAKE SURE THAT ANY CHANGES HERE ARE REFLECTED THERE # This is a "flow-control" exception. ... You'll see. :) class _LoginFailed(Exception): pass try: if not form.validate(): raise _LoginFailed() username = form.username.data password = form.password.data for auth_provider in get_configured_providers(): try: auth_provider.authenticate(username, password) except exc.InsufficientPrivileges: form.username.errors.append(ValidationError("Insufficient privileges to log in.")) # Fail fast in this case; we don't want to continue on to try other authenticators. raise _LoginFailed() except exc.AuthError: # Swallow other auth errors so it goes onto next authenticator in the list. pass except: # Other exceptions needs to get logged at least. log.exception("Unexpected error authenticating user using {0!r}".format(auth_provider)) else: log.info("Authentication succeeded for username {0} using provider {1}".format(username, auth_provider)) break else: log.debug("Authenticators exhausted; login failed.") form.password.errors.append(ValidationError("Invalid username/password.")) raise _LoginFailed() except _LoginFailed: auditlog.log(auditlog.CODE_AUTH_FAILED, comment=username) return render("login.html", {'auth_provider': config['auth.provider'], 'form': form}) else: # Resolve the user using the *current value* for auth_provider (as that is the one that passed the auth. user = auth_provider.resolve_user(username) log.debug("Setting up cherrypy session with username={0}, user_id={1}".format(username, user.id)) cherrypy.session['username'] = username # @UndefinedVariable cherrypy.session['user_id'] = user.id # @UndefinedVariable auditlog.log(auditlog.CODE_AUTH_LOGIN) if form.redirect.data: raise cherrypy.HTTPRedirect(form.redirect.data) else: raise cherrypy.HTTPRedirect("/")
def process_edit(self, **kwargs): log.debug("params = %r" % request_params()) form = OperatorEditForm(request_params()) form.access_id.choices = [(l.id, l.description) for l in access.list()] if form.validate(): params = dict(operator_id=form.operator_id.data, username=form.username.data, access_id=form.access_id.data) # If password is blank, let's just not change it. if form.password.data: params['password'] = form.password.data (operator, modified) = operators.modify(**params) auditlog.log(auditlog.CODE_CONTENT_MOD, target=operator, attributes_modified=modified) notify_entity_activity(operator, 'updated') raise cherrypy.HTTPRedirect('/user/list') else: return render('user/edit.html', {'form': form, 'externally_managed': operator.externally_managed})
def process_add(self, **kwargs): form = OperatorAddForm(request_params()) form.access_id.choices = [(l.id, l.description) for l in access.list()] if form.validate(): operator = operators.create(username=form.username.data, password=form.password.data, access_id=form.access_id.data) auditlog.log(auditlog.CODE_CONTENT_ADD, target=operator) notify_entity_activity(operator, 'created') raise cherrypy.HTTPRedirect('/user/list') else: return render('user/add.html', {'form': form })
def process_add(self, **kwargs): form = AccessAddForm(request_params()) if form.validate(): level_mask = 0 for i in form.levels.data: level_mask |= int(i) level = access.create(level_mask, form.description.data) auditlog.log(auditlog.CODE_CONTENT_ADD, target=level) notify_entity_activity(level, 'created') raise cherrypy.HTTPRedirect('/access/list') else: return render('access/add.html', {'form': form})
def process_add(self, **kwargs): form = PasswordAddForm(request_params()) if form.validate(): pw = passwords.create(username=form.username.data, resource_id=form.resource_id.data, password=form.password_decrypted.data, description=form.description.data, tags=form.tags.data) auditlog.log(auditlog.CODE_CONTENT_ADD, target=pw) notify_entity_activity(pw, 'created') raise cherrypy.HTTPRedirect('/resource/view/%d' % pw.resource_id) else: return render('password/add.html', {'form': form})
def process_edit(self, **kwargs): """ Updates a group (changes name). """ form = GroupEditForm(request_params()) if form.validate(): (group, modified) = groups.modify(form.group_id.data, name=form.name.data) auditlog.log(auditlog.CODE_CONTENT_MOD, target=group, attributes_modified=modified) notify_entity_activity(group, 'updated') raise cherrypy.HTTPRedirect('/group/list') else: return render('group/edit.html', {'form': form})
def process_merge(self, **kwargs): form = MergeForm(request_params()) group_tuples = [(g.id, g.name) for g in groups.list()] form.from_group_id.choices = [(0, '[From Group]')] + group_tuples form.to_group_id.choices = [(0, '[To Group]')] + group_tuples if form.validate(): log.info("Passed validation, somehow.") (moved_resources, from_group, to_group) = groups.merge(form.from_group_id.data, form.to_group_id.data) for r in moved_resources: auditlog.log(auditlog.CODE_CONTENT_MOD, target=r, attributes_modified=['group_id']) auditlog.log(auditlog.CODE_CONTENT_DEL, target=from_group) raise cherrypy.HTTPRedirect('/group/view/{0}'.format(to_group.id)) else: return render("group/merge.html", {'form': form})
def process_add(self, **kwargs): form = ResourceAddForm(request_params()) form.group_ids.choices = [(g.id, g.label) for g in groups.list()] if form.validate(): resource = resources.create(name=form.name.data, group_ids=form.group_ids.data, addr=form.addr.data, description=form.description.data, notes=form.notes_decrypted.data, tags=form.tags.data) # XXX: process auditlog.log(auditlog.CODE_CONTENT_ADD, target=resource) notify_entity_activity(resource, 'created') raise cherrypy.HTTPRedirect('/resource/view/{0}'.format(resource.id)) else: return render('resource/add.html', {'form': form })
def process_edit(self, **kwargs): form = PasswordEditForm(request_params()) if form.validate(): (pw, modified) = passwords.modify(form.password_id.data, username=form.username.data, password=form.password_decrypted.data, description=form.description.data, tags=form.tags.data) auditlog.log(auditlog.CODE_CONTENT_MOD, target=pw, attributes_modified=modified) notify_entity_activity(pw, 'updated') raise cherrypy.HTTPRedirect('/resource/view/{0}'.format(pw.resource_id)) else: log.warning("Form failed validation: {0}".format(form.errors)) return render('password/edit.html', {'form': form})
def export(self, group_id=None, **kwargs): form = ExportForm(request_params(), group_id=group_id) form.group_id.choices = [(g.id, g.name) for g in groups.list()] exporter_choices = [('yaml', 'YAML (GPG/PGP-encrypted)')] if config['export.keepass.enabled']: if not os.path.exists(config['export.keepass.exe_path']): log.error("KeePass export enabled, but specified converter script does not exist: {0}".format(config.get('export.keepass.exe_path'))) else: exporter_choices.append(('kdb', 'KeePass 1.x')) form.format.choices = exporter_choices if cherrypy.request.method == 'POST': if form.validate(): group = groups.get(form.group_id.data) if form.format.data == 'yaml': exporter = GpgYamlExporter(use_tags=False, passphrase=form.passphrase.data, resource_filters=[model.GroupResource.group_id==group.id]) # @UndefinedVariable encrypted_stream = BytesIO() exporter.export(stream=encrypted_stream) encrypted_stream.seek(0) # Just to ensure it's rewound return serve_fileobj(encrypted_stream, content_type='application/pgp-encrypted', disposition='attachment', name='group-{0}-export.pgp'.format(re.sub('[^\w\-\.]', '_', group.name))) elif form.format.data == 'kdb': exporter = KeepassExporter(passphrase=form.passphrase.data, resource_filters=[model.GroupResource.group_id==group.id]) # @UndefinedVariable encrypted_stream = BytesIO() exporter.export(stream=encrypted_stream) encrypted_stream.seek(0) # Just to ensure it's rewound return serve_fileobj(encrypted_stream, content_type='application/x-keepass-database', disposition='attachment', name='group-{0}-export.kdb'.format(re.sub('[^\w\-\.]', '_', group.name))) else: # I don't think we can get here in normal business. raise RuntimeError("Unhandled format specified: {0}".format(form.format.data)) else: # does not validate return render("group/export.html", {'form': form}) else: # request method is GET return render("group/export.html", {'form': form})
def process_edit(self, **kwargs): form = ResourceEditForm(request_params()) form.group_ids.choices = [(g.id, g.label) for g in groups.list()] if form.validate(): (resource, modified) = resources.modify(form.resource_id.data, name=form.name.data, addr=form.addr.data, group_ids=form.group_ids.data, notes=form.notes_decrypted.data, description=form.description.data, tags=form.tags.data) # XXX: process auditlog.log(auditlog.CODE_CONTENT_MOD, target=resource, attributes_modified=modified) notify_entity_activity(resource, 'updated') raise cherrypy.HTTPRedirect('/resource/view/{0}'.format(resource.id)) else: log.warning("Form validation failed.") log.warning(form.errors) return render('resource/edit.html', {'form': form})
def list(self, **kwargs): class PagerForm(Form): page = SelectField('Page', default=1, coerce=int) form = PagerForm(request_params()) page_size = 50 page = form.page.data offset = page_size * (page - 1) limit = page_size results = resources.search(limit=limit, offset=offset) total_pages = int(math.ceil( (1.0 * results.count) / page_size)) form.page.choices = [(i, i) for i in range(1, total_pages+1)] return render('resource/list.html', {'resources': results.entries, 'form': form, 'page': page, 'total_pages': total_pages})
def auditlog(self, **kwargs): form = AuditlogForm(request_params()) page_size = 50 page = form.page.data offset = page_size * (page - 1) limit = page_size log.debug("Page = {0}, offset={1}, limit={2}".format(page, offset, limit)) results = auditlog.search(start=form.start.data, end=form.end.data, code=form.code.data, operator_username=form.operator.data, offset=offset, limit=limit) if results.count < offset: form.page.data = 1 form.page.raw_data = ['1'] # Apparently need this too! total_pages = int(math.ceil( (1.0 * results.count) / page_size)) return render('auditlog.html', {'entries': results.entries, 'form': form, 'total_pages': total_pages})
def edit(self, group_id): group = groups.get(group_id) form = GroupEditForm(request_params(), group, group_id=group.id) return render('group/edit.html', {'form': form})
def edit(self, password_id): pw = passwords.get(password_id) form = PasswordEditForm(request_params(), obj=pw, password_id=pw.id) return render('password/edit.html', {'form': form})
def edit(self, resource_id): resource = resources.get(resource_id) log.debug("Resource matched: {0!r}".format(resource)) form = ResourceEditForm(request_params(), obj=resource, resource_id=resource_id, group_ids=[g.id for g in resource.groups]) form.group_ids.choices = [(g.id, g.label) for g in groups.list()] return render('resource/edit.html', {'form': form})
def edit(self, operator_id): operator = operators.get(operator_id) form = OperatorEditForm(request_params(), obj=operator, operator_id=operator_id) form.access_id.choices = [(l.id, l.description) for l in access.list()] return render('user/edit.html', {'form': form, 'externally_managed': operator.externally_managed})
def add(self, resource_id): form = PasswordAddForm(request_params()) return render('password/add.html', {'form': form})