def hasCourselistPermission():
pCheck = permissionCheck()
permissions = pCheck.get(current_user.username)
if "grouplst" in permissions:
return "GRANTED", 200
else:
return "NOT GRANTED", 200
def createSession():
bf = bruteforceProtection()
timeout = bf.isBlocked(request.form.get("uname"))
if timeout > 0:
return jsonify({
"status": "ERR_TOO_MANY_FAILED_ATTEMPTS",
"timeout": timeout
}), 200
dbconn = database()
dbconn.execute("SELECT unix_hash, P.id FROM userpassword UP INNER JOIN people P ON UP.people_id = P.id WHERE P.username = %s", (request.form.get("uname"),))
results = dbconn.fetchall()
if not len(results) == 1:
return "ERR_USERNAME_NOT_UNIQUE", 403
if passlib.hash.ldap_salted_sha1.verify(request.form.get("passwd"), results[0]["unix_hash"]):
user = apiUser(results[0]["id"])
login_user(user)
pCheck = permissionCheck()
gMember = groupMembership()
bf.successfulLogin(request.form.get("uname"))
return jsonify({
"status": "SUCCESS",
"permissions": pCheck.get(current_user.username),
"groups": gMember.getGroupsOfUser(current_user.username)
}), 200
else:
timeout = bf.failedLogin(request.form.get("uname"))
return jsonify({
"status": "ERR_ACCESS_DENIED",
"timeout": timeout
}), 401
def canBeTeacherResetted(id):
pCheck = permissionCheck()
permissions = pCheck.get(current_user.username)
if "pwalwrst" in permissions:
return "GRANTED", 200
else:
return "NOT ALLOWED", 200
def hasResetPermission():
pCheck = permissionCheck()
permissions = pCheck.get(current_user.username)
if "emailrst" in permissions:
return "GRANTED", 200
else:
return "NOT ALLOWED", 200
def getCoursePDF(id):
dbconn = database()
pCheck = permissionCheck()
if "grouplst" not in pCheck.get(current_user.username):
return "ERR_NOT_ALLOWED", 403
courseName = cl.getCourseName(id)
pdf = {"name": courseName, "content": "data:application/pdf;base64,"}
tableCode = ""
style = False
for member in cl.getCourseDetails(id, True):
name = member["lastname"]+', '+member["firstname"] if not member["lastname"] == "" else "-"
email = member["email"] if not member["email"] == "" else "-"
birthdate = member["birthdate"] if not member["birthdate"] == "" else "-"
cssClass = " class=\"alt\"" if style else ""
style = not style
tableCode += "<tr" + cssClass + "><td>" + name + "</td><td>" + email + "</td><td>" + birthdate + "</td></tr>"
htmlCode = "<!DOCTYPE html><html><head><meta charset=\"utf-8\"><title>Kursliste " + courseName + "</title></head><body><h1>Kursliste " + courseName + "</h1><p>Erzeugt am " + datetime.datetime.now().strftime("%d.%m.%Y um %H:%M:%S") + "</p><div class=\"datagrid\"><table><thead><tr><th style=\"background-color:#1155B9;\">Name</th><th>E-Mail</th><th>Geburtsdatum</th></tr></thead><tbody></tbody>" + tableCode + "</table></div><p>PDF-Datei erzeugt mit PhilleConnect.</p></body></html>"
options = {
"page-size": "A4",
"margin-top": "0.25in",
"margin-right": "0.5in",
"margin-bottom": "0.25in",
"margin-left": "0.5in",
"encoding": "UTF-8",
"title": "Kursliste " + courseName
}
pdfCode = pdfkit.from_string(htmlCode, False, options=options, css="/usr/local/bin/selfservice/pdf.css")
pdf["content"] += base64.b64encode(pdfCode).decode("UTF-8")
return jsonify(pdf), 200
def checkSession():
pCheck = permissionCheck()
gMember = groupMembership()
return jsonify({
"status": "SUCCESS",
"permissions": pCheck.get(current_user.username),
"groups": gMember.getGroupsOfUser(current_user.username)
}), 200
def getCourseCSV(id):
dbconn = database()
pCheck = permissionCheck()
if "grouplst" not in pCheck.get(current_user.username):
return "ERR_NOT_ALLOWED", 403
csv = {
"name": cl.getCourseName(id),
"content": "data:text/csv;charset=utf-8,Nachname;Vorname;E-Mail;Geburtsdatum\n"
}
for member in cl.getCourseDetails(id, True):
row = member["lastname"] + ";" + member["firstname"] + ";" + member["email"] + ";" + member["birthdate"] + "\n"
csv["content"] += row
return jsonify(csv), 200
def createResetSession():
isResetEnabled = os.environ.get("EMAIL_RESET_ENABLED")
if not isResetEnabled.lower() == "true":
return "ERR_SERVICE_DISABLED", 500
dbconn = database()
dbconn.execute(
"SELECT COUNT(*) AS num, id, email, firstname FROM people WHERE username = %s",
(request.form.get("username"), ))
result = dbconn.fetchone()
if not result["num"] == 1:
return "ERR_USER_NOT_FOUND", 500
pCheck = permissionCheck()
permissions = pCheck.get(request.form.get("username"))
if "emailrst" not in permissions:
return "ERR_NOT_ALLOWED", 500
if not request.form.get("password1") == request.form.get("password2"):
return "ERR_PASSWORDS_DIFFERENT", 500
if result["email"] == "" or result["email"] is None:
return "ERR_NO_EMAIL", 500
dbconn.execute(
"SELECT COUNT(*) AS num, time FROM mailreset WHERE people_id = %s",
(result["id"], ))
oldTokens = dbconn.fetchone()
if oldTokens["num"] > 0:
earliestCreation = datetime.datetime.now() - datetime.timedelta(days=1)
if oldTokens["time"] >= earliestCreation:
return "ERR_OPEN_RESET_REQUEST", 500
else:
dbconn.execute("DELETE FROM mailreset WHERE people_id = %s",
(result["id"], ))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
token = es.randomString(128)
dbconn.execute(
"INSERT INTO mailreset (time, token, people_id, unix_hash, smb_hash) VALUES (NOW(), %s, %s, %s, %s)",
(token, result["id"], hash.unix(request.form.get("password1")),
hash.samba(request.form.get("password1"))))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
mailstatus = email.sendResetEmail(result["email"], token,
result["firstname"])
if mailstatus == -1:
return "ERR_SMTP_CONNECTION_REFUSED", 500
elif mailstatus == -2:
return "ERR_SMTP_CREDENTIALS_ERROR", 500
elif mailstatus <= -3:
return "ERR_OTHER_SMTP_ERROR", 500
return "SUCCESS", 200
def createSession():
dbconn = db.database()
dbconn.execute(
"SELECT unix_hash, P.id FROM userpassword UP INNER JOIN people P ON UP.people_id = P.id WHERE P.username = %s",
(request.form.get("uname"), ))
results = dbconn.fetchall()
if not len(results) == 1:
return "ERR_USERNAME_NOT_UNIQUE", 403
if passlib.hash.ldap_salted_sha1.verify(request.form.get("passwd"),
results[0]["unix_hash"]):
user = apiUser.apiUser(results[0]["id"])
login_user(user)
pCheck = pc.permissionCheck()
permissions = pCheck.get(current_user.username)
hasAnyRequiredPermission = False
for permission in ["usermgmt", "devimgmt", "servmgmt"]:
if permission in permissions:
return jsonify(permissions), 200
return "ERR_ACCESS_DENIED", 403
else:
return "ERR_ACCESS_DENIED", 401
def resetPassword(id):
gMember = groupMembership()
if not gMember.checkGroupMembership(current_user.username, "teachers"):
return "ERR_NOT_ALLOWED", 403
dbconn = database()
pCheck = permissionCheck()
permissions = pCheck.getForId(id)
if "pwalwrst" not in permissions:
return "ERR_NOT_ALLOWED", 403
dbconn.execute("SELECT id FROM people WHERE username = %s", (current_user.username,))
teacherResult = dbconn.fetchone()
dbconn.execute("SELECT unix_hash FROM userpassword WHERE people_id = %s", (teacherResult["id"],))
teacherPasswordResult = dbconn.fetchone()
if not passlib.hash.ldap_salted_sha1.verify(request.form.get("passwd"), teacherPasswordResult["unix_hash"]):
return "ERR_ACCESS_DENIED", 401
if not request.form.get("password1") == request.form.get("password2"):
return "ERR_PASSWORDS_DIFFERENT", 500
dbconn.execute("UPDATE userpassword SET unix_hash = %s, smb_hash = %s, hint = %s, autogen = 0, cleartext = NULL WHERE people_id = %s", (hash.unix(request.form.get("password1")), hash.samba(request.form.get("password1")), request.form.get("hint"), id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
ldap = requests.post(url="http://pc_admin/api/public/usercheck/" + id)
if not ldap.text == "SUCCESS":
return "ERR_LDAP_ERROR", 500
return "SUCCESS", 200
def isAuthorized(permissions):
permissionCheck = pCheck.permissionCheck()
return permissionCheck.check(current_user.username, permissions)
def getCourseDetail(id):
pCheck = permissionCheck()
if "grouplst" not in pCheck.get(current_user.username):
return "ERR_NOT_ALLOWED", 403
course = {"name": cl.getCourseName(id), "members": cl.getCourseDetails(id)}
return jsonify(course), 200