def set_pin(self, pin):
if not pin:
changed = bool(self.pin)
self.pin = None
return changed
changed = not self.check_pin(pin)
self.pin = auth.generate_hash_pin_v2(pin)
return changed
def set_pin(self, pin):
if not pin:
changed = bool(self.pin)
self.pin = None
return changed
changed = not self.check_pin(pin)
self.pin = auth.generate_hash_pin_v2(pin)
return changed
def _create_users(org_id, users_data, remote_addr, background):
global _users_background
org = organization.get_by_id(org_id)
users = []
partial_event = len(users_data) <= 100
if background:
_users_background_lock.acquire()
if _users_background:
return
_users_background = True
_users_background_lock.release()
try:
for i, user_data in enumerate(users_data):
name = utils.filter_str(user_data['name'])
email = utils.filter_str(user_data.get('email'))
pin = utils.filter_str(user_data.get('pin')) or None
disabled = user_data.get('disabled')
network_links = user_data.get('network_links')
bypass_secondary = True if user_data.get(
'bypass_secondary') else False
client_to_client = True if user_data.get(
'client_to_client') else False
dns_servers = user_data.get('dns_servers') or None
dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None
port_forwarding_in = user_data.get('port_forwarding')
port_forwarding = []
groups = user_data.get('groups') or []
for i, group in enumerate(groups):
groups[i] = utils.filter_str(group)
groups = list(set(groups))
if pin:
if not pin.isdigit():
return utils.jsonify(
{
'error': PIN_NOT_DIGITS,
'error_msg': PIN_NOT_DIGITS_MSG,
}, 400)
if len(pin) < settings.user.pin_min_length:
return utils.jsonify(
{
'error': PIN_TOO_SHORT,
'error_msg': PIN_TOO_SHORT_MSG,
}, 400)
pin = auth.generate_hash_pin_v2(pin)
if port_forwarding_in:
for data in port_forwarding_in:
port_forwarding.append({
'protocol':
utils.filter_str(data.get('protocol')),
'port':
utils.filter_str(data.get('port')),
'dport':
utils.filter_str(data.get('dport')),
})
user = org.new_user(type=CERT_CLIENT,
name=name,
email=email,
groups=groups,
pin=pin,
disabled=disabled,
bypass_secondary=bypass_secondary,
client_to_client=client_to_client,
dns_servers=dns_servers,
dns_suffix=dns_suffix,
port_forwarding=port_forwarding)
user.audit_event(
'user_created',
'User created from web console',
remote_addr=remote_addr,
)
if network_links:
for network_link in network_links:
try:
user.add_network_link(network_link)
except (ipaddress.AddressValueError, ValueError):
return _network_link_invalid()
except ServerOnlineError:
return utils.jsonify(
{
'error': NETWORK_LINK_NOT_OFFLINE,
'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG,
}, 400)
users.append(user.dict())
if partial_event and i != 0 and i % 10 == 0:
event.Event(type=ORGS_UPDATED)
event.Event(type=USERS_UPDATED, resource_id=org.id)
event.Event(type=SERVERS_UPDATED)
except:
logger.exception('Error creating users', 'users')
raise
finally:
if background:
_users_background_lock.acquire()
_users_background = False
_users_background_lock.release()
event.Event(type=ORGS_UPDATED)
event.Event(type=USERS_UPDATED, resource_id=org.id)
event.Event(type=SERVERS_UPDATED)
if len(users) > 1:
logger.LogEntry(message='Created %s new users.' % len(users))
return utils.jsonify(users)
else:
logger.LogEntry(message='Created new user "%s".' % users[0]['name'])
return utils.jsonify(users[0])
def _create_user(users, org, user_data, remote_addr, pool):
name = utils.filter_str(user_data['name'])
email = utils.filter_str(user_data.get('email'))
auth_type = utils.filter_str(user_data.get('auth_type'))
pin = utils.filter_str(user_data.get('pin')) or None
disabled = True if user_data.get('disabled') else False
network_links = user_data.get('network_links') or None
bypass_secondary = True if user_data.get(
'bypass_secondary') else False
client_to_client = True if user_data.get(
'client_to_client') else False
dns_servers = user_data.get('dns_servers') or None
dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None
port_forwarding_in = user_data.get('port_forwarding')
port_forwarding = []
if auth_type not in AUTH_TYPES:
auth_type = LOCAL_AUTH
groups = user_data.get('groups') or []
for i, group in enumerate(groups):
groups[i] = utils.filter_str(group)
groups = list(set(groups))
if pin:
if settings.user.pin_digits_only and not pin.isdigit():
return utils.jsonify({
'error': PIN_NOT_DIGITS,
'error_msg': PIN_NOT_DIGITS_MSG,
}, 400)
if len(pin) < settings.user.pin_min_length:
return utils.jsonify({
'error': PIN_TOO_SHORT,
'error_msg': PIN_TOO_SHORT_MSG,
}, 400)
pin = auth.generate_hash_pin_v2(pin)
if port_forwarding_in:
for data in port_forwarding_in:
port_forwarding.append({
'protocol': utils.filter_str(data.get('protocol')),
'port': utils.filter_str(data.get('port')),
'dport': utils.filter_str(data.get('dport')),
})
user = org.new_user(type=CERT_CLIENT, pool=pool, name=name,
email=email, auth_type=auth_type, groups=groups, pin=pin,
disabled=disabled, bypass_secondary=bypass_secondary,
client_to_client=client_to_client, dns_servers=dns_servers,
dns_suffix=dns_suffix, port_forwarding=port_forwarding)
user.audit_event('user_created',
'User created from web console',
remote_addr=remote_addr,
)
if network_links:
for network_link in network_links:
try:
user.add_network_link(network_link)
except (ipaddress.AddressValueError, ValueError):
return _network_link_invalid()
except ServerOnlineError:
return utils.jsonify({
'error': NETWORK_LINK_NOT_OFFLINE,
'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG,
}, 400)
users.append(user.dict())
def user_post(org_id):
if settings.app.demo_mode:
return utils.demo_blocked()
org = organization.get_by_id(org_id)
users = []
if isinstance(flask.request.json, list):
users_data = flask.request.json
else:
users_data = [flask.request.json]
try:
for user_data in users_data:
name = utils.filter_str(user_data['name'])
email = utils.filter_str(user_data.get('email'))
pin = utils.filter_str(user_data.get('pin')) or None
disabled = user_data.get('disabled')
network_links = user_data.get('network_links')
bypass_secondary = True if user_data.get(
'bypass_secondary') else False
client_to_client = True if user_data.get(
'client_to_client') else False
dns_servers = user_data.get('dns_servers') or None
dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None
port_forwarding_in = user_data.get('port_forwarding')
port_forwarding = []
if pin:
if not pin.isdigit():
return utils.jsonify({
'error': PIN_NOT_DIGITS,
'error_msg': PIN_NOT_DIGITS_MSG,
}, 400)
if len(pin) < settings.user.pin_min_length:
return utils.jsonify({
'error': PIN_TOO_SHORT,
'error_msg': PIN_TOO_SHORT_MSG,
}, 400)
pin = auth.generate_hash_pin_v2(pin)
if port_forwarding_in:
for data in port_forwarding_in:
port_forwarding.append({
'protocol': utils.filter_str(data.get('protocol')),
'port': utils.filter_str(data.get('port')),
'dport': utils.filter_str(data.get('dport')),
})
user = org.new_user(type=CERT_CLIENT, name=name, email=email,
pin=pin, disabled=disabled, bypass_secondary=bypass_secondary,
client_to_client=client_to_client, dns_servers=dns_servers,
dns_suffix=dns_suffix, port_forwarding=port_forwarding)
user.audit_event('user_created',
'User created from web console',
remote_addr=utils.get_remote_addr(),
)
if network_links:
for network_link in network_links:
try:
user.add_network_link(network_link)
except (ipaddress.AddressValueError, ValueError):
return _network_link_invalid()
except ServerOnlineError:
return utils.jsonify({
'error': NETWORK_LINK_NOT_OFFLINE,
'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG,
}, 400)
users.append(user.dict())
finally:
event.Event(type=ORGS_UPDATED)
event.Event(type=USERS_UPDATED, resource_id=org.id)
event.Event(type=SERVERS_UPDATED)
if isinstance(flask.request.json, list):
logger.LogEntry(message='Created %s new users.' % len(
flask.request.json))
return utils.jsonify(users)
else:
logger.LogEntry(message='Created new user "%s".' % users[0]['name'])
return utils.jsonify(users[0])
def _create_users(org_id, users_data, remote_addr, background):
global _users_background
org = organization.get_by_id(org_id)
users = []
partial_event = len(users_data) <= 100
if background:
_users_background_lock.acquire()
if _users_background:
return
_users_background = True
_users_background_lock.release()
try:
for i, user_data in enumerate(users_data):
name = utils.filter_str(user_data['name'])
email = utils.filter_str(user_data.get('email'))
pin = utils.filter_str(user_data.get('pin')) or None
disabled = user_data.get('disabled')
network_links = user_data.get('network_links')
bypass_secondary = True if user_data.get(
'bypass_secondary') else False
client_to_client = True if user_data.get(
'client_to_client') else False
dns_servers = user_data.get('dns_servers') or None
dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None
port_forwarding_in = user_data.get('port_forwarding')
port_forwarding = []
groups = user_data.get('groups') or []
for i, group in enumerate(groups):
groups[i] = utils.filter_str(group)
groups = list(set(groups))
if pin:
if not pin.isdigit():
return utils.jsonify({
'error': PIN_NOT_DIGITS,
'error_msg': PIN_NOT_DIGITS_MSG,
}, 400)
if len(pin) < settings.user.pin_min_length:
return utils.jsonify({
'error': PIN_TOO_SHORT,
'error_msg': PIN_TOO_SHORT_MSG,
}, 400)
pin = auth.generate_hash_pin_v2(pin)
if port_forwarding_in:
for data in port_forwarding_in:
port_forwarding.append({
'protocol': utils.filter_str(data.get('protocol')),
'port': utils.filter_str(data.get('port')),
'dport': utils.filter_str(data.get('dport')),
})
user = org.new_user(type=CERT_CLIENT, name=name, email=email,
groups=groups, pin=pin, disabled=disabled,
bypass_secondary=bypass_secondary,
client_to_client=client_to_client, dns_servers=dns_servers,
dns_suffix=dns_suffix, port_forwarding=port_forwarding)
user.audit_event('user_created',
'User created from web console',
remote_addr=remote_addr,
)
if network_links:
for network_link in network_links:
try:
user.add_network_link(network_link)
except (ipaddress.AddressValueError, ValueError):
return _network_link_invalid()
except ServerOnlineError:
return utils.jsonify({
'error': NETWORK_LINK_NOT_OFFLINE,
'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG,
}, 400)
users.append(user.dict())
if partial_event and i != 0 and i % 10 == 0:
event.Event(type=ORGS_UPDATED)
event.Event(type=USERS_UPDATED, resource_id=org.id)
event.Event(type=SERVERS_UPDATED)
except:
logger.exception('Error creating users', 'users')
raise
finally:
if background:
_users_background_lock.acquire()
_users_background = False
_users_background_lock.release()
event.Event(type=ORGS_UPDATED)
event.Event(type=USERS_UPDATED, resource_id=org.id)
event.Event(type=SERVERS_UPDATED)
if len(users) > 1:
logger.LogEntry(message='Created %s new users.' % len(users))
return utils.jsonify(users)
else:
logger.LogEntry(message='Created new user "%s".' % users[0]['name'])
return utils.jsonify(users[0])
def _create_user(users, org, user_data, remote_addr, pool):
name = utils.filter_str(user_data['name'])
email = utils.filter_str(user_data.get('email'))
pin = utils.filter_str(user_data.get('pin')) or None
disabled = True if user_data.get('disabled') else False
network_links = user_data.get('network_links') or None
bypass_secondary = True if user_data.get(
'bypass_secondary') else False
client_to_client = True if user_data.get(
'client_to_client') else False
dns_servers = user_data.get('dns_servers') or None
dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None
port_forwarding_in = user_data.get('port_forwarding')
port_forwarding = []
groups = user_data.get('groups') or []
for i, group in enumerate(groups):
groups[i] = utils.filter_str(group)
groups = list(set(groups))
if pin:
if not pin.isdigit():
return utils.jsonify({
'error': PIN_NOT_DIGITS,
'error_msg': PIN_NOT_DIGITS_MSG,
}, 400)
if len(pin) < settings.user.pin_min_length:
return utils.jsonify({
'error': PIN_TOO_SHORT,
'error_msg': PIN_TOO_SHORT_MSG,
}, 400)
pin = auth.generate_hash_pin_v2(pin)
if port_forwarding_in:
for data in port_forwarding_in:
port_forwarding.append({
'protocol': utils.filter_str(data.get('protocol')),
'port': utils.filter_str(data.get('port')),
'dport': utils.filter_str(data.get('dport')),
})
user = org.new_user(type=CERT_CLIENT, pool=pool, name=name,
email=email, groups=groups, pin=pin, disabled=disabled,
bypass_secondary=bypass_secondary,
client_to_client=client_to_client, dns_servers=dns_servers,
dns_suffix=dns_suffix, port_forwarding=port_forwarding)
user.audit_event('user_created',
'User created from web console',
remote_addr=remote_addr,
)
if network_links:
for network_link in network_links:
try:
user.add_network_link(network_link)
except (ipaddress.AddressValueError, ValueError):
return _network_link_invalid()
except ServerOnlineError:
return utils.jsonify({
'error': NETWORK_LINK_NOT_OFFLINE,
'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG,
}, 400)
users.append(user.dict())
