def _json_login(self, auth_info):
auth_context = {}
auth_context['response'] = response
auth_context['back'] = auth_info.get('back', None)
if not auth_context['back']:
logger.error('Client requests authentication without back url.')
abort(422)
auth_context.update(auth_info.get('args', {}))
auth_method = auth_info.get('method', 'NO_METHOD')
try:
auth_plugin = driver.DriverManager(
namespace='cauth.authentication',
name=auth_method,
invoke_on_load=True,
invoke_args=(conf,)).driver
except (RuntimeError, base.AuthProtocolNotAvailableError) as e:
response.status = 401
msg = '"%s" is not a valid authentication method' % auth_method
logger.error(msg + ': %s' % e)
response.body = render('login.html',
dict(back=auth_context['back'],
message=msg))
return response.body
try:
logger.info('%s plugin loaded' % auth_method)
valid_user = auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError:
response.status = 401
response.body = render('login.html',
dict(back=auth_context['back'],
message='Authentication failed.'))
return response.body
if valid_user:
logger.info('%s successfully authenticated' % valid_user['login'])
common.setup_response(valid_user, auth_context['back'])
def post(self, **kwargs):
logger.info('Client requests authentication.')
back = kwargs.get('back')
if not back:
logger.error('Client requests authentication without back url.')
abort(422)
username = kwargs.get('username')
password = kwargs.get('password')
if username and password:
valid_user = self.check_valid_user(username, password)
if not valid_user:
logger.error('Client requests authentication with wrong'
' credentials.')
response.status = 401
return render('login.html',
dict(back=back, message='Authorization failed.'))
email, lastname, sshkey = valid_user
logger.info('Client requests authentication success %s' % username)
common.setup_response(username, back, email, lastname, sshkey)
else:
logger.error('Client requests authentication without credentials.')
response.status = 401
return render('login.html', dict(back=back,
message='Authorization failed.'))
def brand(self, *rest):
brand_id = conf['branding'].get('brand_id', 'default')
# return doc
if request.path.startswith('/brand/doc/'):
tmpl = normpath(
request.path.replace('/brand',
conf.app.assets_root + '/' + brand_id))
if brand_id != 'default' and isfile(tmpl):
f = open(tmpl)
response.headers['Content-Type'] = 'text/html'
response.app_iter = FileIter(f)
return
else:
tmpl = request.path.replace('/brand', '')
return render(tmpl, _gen_context_())
# return requested brand asset
path = normpath(
request.path.replace('/brand',
conf.app.assets_root + '/' + brand_id))
if not isfile(path):
path = request.path.replace('/brand',
conf.app.assets_root + '/default/')
if not isfile(path):
abort(404)
f = open(path)
response.headers['Content-Type'] = guess_type(f.name)
response.app_iter = FileIter(f)
def callback(self, **kwargs):
auth_context = kwargs
auth_context['response'] = kwargs
auth_context['calling_back'] = True
try:
# Verify the state previously put in the db
state = auth_context.get('state', None)
back, provider = db.get_url(state)
if not back:
err = 'OAuth callback with forged state, discarding'
logger.debug(err)
raise base.UnauthenticatedError(err)
auth_plugin = self.auth_plugins.get(provider)
if not auth_plugin:
msg = 'Unknown OAuth provider: %s' % provider
logger.error(msg)
raise base.UnauthenticatedError(msg)
logger.debug('Callback called by OAuth provider %s' % provider)
auth_context['back'] = back
valid_user = auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=back,
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
logger.info(
'%s (%s) successfully authenticated with OAuth2.'
% (valid_user['login'], valid_user['email']))
common.setup_response(valid_user,
back)
def callback(self, **kwargs):
auth_context = kwargs
auth_context['response'] = kwargs
auth_context['calling_back'] = True
try:
# Verify the state previously put in the db
state = auth_context.get('state', None)
back, _ = db.get_url(state)
if not back:
err = 'GITHUB callback called with an unknown state.'
raise base.UnauthenticatedError(err)
auth_context['back'] = back
valid_user = self.auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=back,
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
logger.info(
'%s (%s) successfully authenticated with github.'
% (valid_user['login'], valid_user['email']))
common.setup_response(valid_user,
back)
def index(self, **kwargs):
if 'back' not in kwargs:
logger.error('Client requests authentication without back url.')
abort(422)
auth_context = kwargs
auth_context['response'] = response
auth_plugin = driver.DriverManager(
namespace='cauth.authentication',
name='GithubPersonalAccessToken',
invoke_on_load=True,
invoke_args=(conf,)).driver
try:
valid_user = auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=auth_context['back'],
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
msg = '%s (%s) authenticated with Github Personal Access Token.'
logger.info(msg % (valid_user['login'],
valid_user['email']))
common.setup_response(valid_user,
auth_context['back'])
def before(self, state):
"""
Executed before a controller gets called. When an error condition is
detected (one of the callables raises a ``SystemCheckError``) it sets
the response status to 500 and returns a JSON response with the
appropriate reason.
"""
for check in [ansible_exists, rabbitmq_is_running, celery_has_workers,
database_connection]:
try:
check()
except SystemCheckError as system_error:
message = render('json', {'message': system_error.message})
raise WSGIHTTPException(content_type='application/json', body=message)
def before(self, state):
"""
Executed before a controller gets called. When an error condition is
detected (one of the callables raises a ``SystemCheckError``) it sets
the response status to 500 and returns a JSON response with the
appropriate reason.
"""
for check in [
ansible_exists, rabbitmq_is_running, celery_has_workers,
database_connection
]:
try:
check()
except SystemCheckError as system_error:
message = render('json', {'message': system_error.message})
raise WSGIHTTPException(content_type='application/json',
body=message)
def callback(self, **kwargs):
auth_context = kwargs.copy()
auth_context['response'] = kwargs
auth_context['calling_back'] = True
try:
back = auth_context['back']
valid_user = self.auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=back,
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
logger.info(
'%s (%s) successfully authenticated with OpenID.'
% (valid_user['login'], valid_user['email']))
common.setup_response(valid_user,
back)
def reset(self, email=None, **kwargs):
if request.method != "POST":
return O.none()
if not email:
email = request.json.get("email")
user = request.db.query(User).filter(User.email == email).first()
if not user:
return O.success(msg="Message sent to the specified email.")
token = User.create_token(request, user.id, scope='RECOVER')
ACTION_URL = "%s/index.html#page/recovery/%s" % (
conf.DASH_SERVER_URL.rstrip('/'), token.value)
html = render('email/recover.html', dict(ACTION_URL=ACTION_URL))
requests.post("https://api.mailgun.net/v2/cloudrunner.io/messages",
auth=("api", "key-276qmsiyxi8z5tvie2bvxm2jhfxkhjh9"),
data={
"from":
"CloudRunner.IO Team <*****@*****.**>",
"to": [email],
"subject": "[CloudRunner.IO] Recover lost password",
"html": html
})
def reset(self, email=None, **kwargs):
if request.method != "POST":
return O.none()
if not email:
email = request.json.get("email")
user = request.db.query(User).filter(
User.email == email).first()
if not user:
return O.success(msg="Message sent to the specified email.")
token = User.create_token(request, user.id, scope='RECOVER')
ACTION_URL = "%s/index.html#page/recovery/%s" % (
conf.DASH_SERVER_URL.rstrip('/'),
token.value)
html = render('email/recover.html',
dict(ACTION_URL=ACTION_URL))
requests.post(
"https://api.mailgun.net/v2/cloudrunner.io/messages",
auth=("api", "key-276qmsiyxi8z5tvie2bvxm2jhfxkhjh9"),
data={"from": "CloudRunner.IO Team <*****@*****.**>",
"to": [email],
"subject": "[CloudRunner.IO] Recover lost password",
"html": html})
def callback(self, **kwargs):
auth_context = kwargs
auth_context['response'] = kwargs
auth_context['calling_back'] = True
try:
state = auth_context.get('state', None)
back, provider = db.get_url(state)
if not back or provider != "openid_connect":
err = 'OpenID Connect callback with forged state, discarding'
logger.debug(err)
raise base.UnauthenticatedError(err)
auth_context['back'] = back
valid_user = self.auth_plugin.authenticate(**auth_context)
except base.UnauthenticatedError as e:
response.status = 401
auth_methods = [k for k, v in conf.get('auth', {})]
return render('login.html',
dict(back=back,
message='Authorization failure: %s' % e,
auth_methods=auth_methods))
logger.info(
'%s (%s) successfully authenticated with OpenIDConnect.'
% (valid_user['login'], valid_user['email']))
common.setup_response(valid_user, back)
customer_reply.customer.id)
if customer.credit_cards:
token = customer.credit_cards[0].token
request.braintree.Subscription.create({
"payment_method_token": token,
"plan_id": plan_id
})
else:
for error in customer_reply.errors.deep_errors:
print vars(error)
bcc = []
if hasattr(conf, "registration_bcc") and conf.registration_bcc:
bcc = [conf.registration_bcc]
html = render('email/activate.html',
dict(ACTION_URL=ACTION_URL, KEY=key.value))
requests.post(
"https://api.mailgun.net/v2/cloudrunner.io/messages",
auth=("api", "key-276qmsiyxi8z5tvie2bvxm2jhfxkhjh9"),
data={"from": "CloudRunner.IO Team <*****@*****.**>",
"to": [email],
"bcc": [bcc],
"subject": "[CloudRunner.IO] Complete your registration",
"html": html})
return O.success(msg="Check your email how to activate your account")
@expose('json')
@wrap_command(User, method='activate', model_name='Account')
def activate(self, **kwargs):
if request.method != "POST":
def index(self, name='Jonathan'):
return render('mako.html', dict(name=name))
return dict(name=name)
def index(self, name="Jonathan"):
return render("mako.html", dict(name=name))
token = customer.credit_cards[0].token
request.braintree.Subscription.create({
"payment_method_token":
token,
"plan_id":
plan_id
})
else:
for error in customer_reply.errors.deep_errors:
print vars(error)
bcc = []
if hasattr(conf, "registration_bcc") and conf.registration_bcc:
bcc = [conf.registration_bcc]
html = render('email/activate.html',
dict(ACTION_URL=ACTION_URL, KEY=key.value))
requests.post("https://api.mailgun.net/v2/cloudrunner.io/messages",
auth=("api", "key-276qmsiyxi8z5tvie2bvxm2jhfxkhjh9"),
data={
"from":
"CloudRunner.IO Team <*****@*****.**>",
"to": [email],
"bcc": [bcc],
"subject":
"[CloudRunner.IO] Complete your registration",
"html": html
})
return O.success(msg="Check your email how to activate your account")
@expose('json')
