def set_pin(self, pin): if not pin: changed = bool(self.pin) self.pin = None return changed changed = not self.check_pin(pin) self.pin = auth.generate_hash_pin_v2(pin) return changed
def _create_users(org_id, users_data, remote_addr, background): global _users_background org = organization.get_by_id(org_id) users = [] partial_event = len(users_data) <= 100 if background: _users_background_lock.acquire() if _users_background: return _users_background = True _users_background_lock.release() try: for i, user_data in enumerate(users_data): name = utils.filter_str(user_data['name']) email = utils.filter_str(user_data.get('email')) pin = utils.filter_str(user_data.get('pin')) or None disabled = user_data.get('disabled') network_links = user_data.get('network_links') bypass_secondary = True if user_data.get( 'bypass_secondary') else False client_to_client = True if user_data.get( 'client_to_client') else False dns_servers = user_data.get('dns_servers') or None dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None port_forwarding_in = user_data.get('port_forwarding') port_forwarding = [] groups = user_data.get('groups') or [] for i, group in enumerate(groups): groups[i] = utils.filter_str(group) groups = list(set(groups)) if pin: if not pin.isdigit(): return utils.jsonify( { 'error': PIN_NOT_DIGITS, 'error_msg': PIN_NOT_DIGITS_MSG, }, 400) if len(pin) < settings.user.pin_min_length: return utils.jsonify( { 'error': PIN_TOO_SHORT, 'error_msg': PIN_TOO_SHORT_MSG, }, 400) pin = auth.generate_hash_pin_v2(pin) if port_forwarding_in: for data in port_forwarding_in: port_forwarding.append({ 'protocol': utils.filter_str(data.get('protocol')), 'port': utils.filter_str(data.get('port')), 'dport': utils.filter_str(data.get('dport')), }) user = org.new_user(type=CERT_CLIENT, name=name, email=email, groups=groups, pin=pin, disabled=disabled, bypass_secondary=bypass_secondary, client_to_client=client_to_client, dns_servers=dns_servers, dns_suffix=dns_suffix, port_forwarding=port_forwarding) user.audit_event( 'user_created', 'User created from web console', remote_addr=remote_addr, ) if network_links: for network_link in network_links: try: user.add_network_link(network_link) except (ipaddress.AddressValueError, ValueError): return _network_link_invalid() except ServerOnlineError: return utils.jsonify( { 'error': NETWORK_LINK_NOT_OFFLINE, 'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG, }, 400) users.append(user.dict()) if partial_event and i != 0 and i % 10 == 0: event.Event(type=ORGS_UPDATED) event.Event(type=USERS_UPDATED, resource_id=org.id) event.Event(type=SERVERS_UPDATED) except: logger.exception('Error creating users', 'users') raise finally: if background: _users_background_lock.acquire() _users_background = False _users_background_lock.release() event.Event(type=ORGS_UPDATED) event.Event(type=USERS_UPDATED, resource_id=org.id) event.Event(type=SERVERS_UPDATED) if len(users) > 1: logger.LogEntry(message='Created %s new users.' % len(users)) return utils.jsonify(users) else: logger.LogEntry(message='Created new user "%s".' % users[0]['name']) return utils.jsonify(users[0])
def _create_user(users, org, user_data, remote_addr, pool): name = utils.filter_str(user_data['name']) email = utils.filter_str(user_data.get('email')) auth_type = utils.filter_str(user_data.get('auth_type')) pin = utils.filter_str(user_data.get('pin')) or None disabled = True if user_data.get('disabled') else False network_links = user_data.get('network_links') or None bypass_secondary = True if user_data.get( 'bypass_secondary') else False client_to_client = True if user_data.get( 'client_to_client') else False dns_servers = user_data.get('dns_servers') or None dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None port_forwarding_in = user_data.get('port_forwarding') port_forwarding = [] if auth_type not in AUTH_TYPES: auth_type = LOCAL_AUTH groups = user_data.get('groups') or [] for i, group in enumerate(groups): groups[i] = utils.filter_str(group) groups = list(set(groups)) if pin: if settings.user.pin_digits_only and not pin.isdigit(): return utils.jsonify({ 'error': PIN_NOT_DIGITS, 'error_msg': PIN_NOT_DIGITS_MSG, }, 400) if len(pin) < settings.user.pin_min_length: return utils.jsonify({ 'error': PIN_TOO_SHORT, 'error_msg': PIN_TOO_SHORT_MSG, }, 400) pin = auth.generate_hash_pin_v2(pin) if port_forwarding_in: for data in port_forwarding_in: port_forwarding.append({ 'protocol': utils.filter_str(data.get('protocol')), 'port': utils.filter_str(data.get('port')), 'dport': utils.filter_str(data.get('dport')), }) user = org.new_user(type=CERT_CLIENT, pool=pool, name=name, email=email, auth_type=auth_type, groups=groups, pin=pin, disabled=disabled, bypass_secondary=bypass_secondary, client_to_client=client_to_client, dns_servers=dns_servers, dns_suffix=dns_suffix, port_forwarding=port_forwarding) user.audit_event('user_created', 'User created from web console', remote_addr=remote_addr, ) if network_links: for network_link in network_links: try: user.add_network_link(network_link) except (ipaddress.AddressValueError, ValueError): return _network_link_invalid() except ServerOnlineError: return utils.jsonify({ 'error': NETWORK_LINK_NOT_OFFLINE, 'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG, }, 400) users.append(user.dict())
def user_post(org_id): if settings.app.demo_mode: return utils.demo_blocked() org = organization.get_by_id(org_id) users = [] if isinstance(flask.request.json, list): users_data = flask.request.json else: users_data = [flask.request.json] try: for user_data in users_data: name = utils.filter_str(user_data['name']) email = utils.filter_str(user_data.get('email')) pin = utils.filter_str(user_data.get('pin')) or None disabled = user_data.get('disabled') network_links = user_data.get('network_links') bypass_secondary = True if user_data.get( 'bypass_secondary') else False client_to_client = True if user_data.get( 'client_to_client') else False dns_servers = user_data.get('dns_servers') or None dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None port_forwarding_in = user_data.get('port_forwarding') port_forwarding = [] if pin: if not pin.isdigit(): return utils.jsonify({ 'error': PIN_NOT_DIGITS, 'error_msg': PIN_NOT_DIGITS_MSG, }, 400) if len(pin) < settings.user.pin_min_length: return utils.jsonify({ 'error': PIN_TOO_SHORT, 'error_msg': PIN_TOO_SHORT_MSG, }, 400) pin = auth.generate_hash_pin_v2(pin) if port_forwarding_in: for data in port_forwarding_in: port_forwarding.append({ 'protocol': utils.filter_str(data.get('protocol')), 'port': utils.filter_str(data.get('port')), 'dport': utils.filter_str(data.get('dport')), }) user = org.new_user(type=CERT_CLIENT, name=name, email=email, pin=pin, disabled=disabled, bypass_secondary=bypass_secondary, client_to_client=client_to_client, dns_servers=dns_servers, dns_suffix=dns_suffix, port_forwarding=port_forwarding) user.audit_event('user_created', 'User created from web console', remote_addr=utils.get_remote_addr(), ) if network_links: for network_link in network_links: try: user.add_network_link(network_link) except (ipaddress.AddressValueError, ValueError): return _network_link_invalid() except ServerOnlineError: return utils.jsonify({ 'error': NETWORK_LINK_NOT_OFFLINE, 'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG, }, 400) users.append(user.dict()) finally: event.Event(type=ORGS_UPDATED) event.Event(type=USERS_UPDATED, resource_id=org.id) event.Event(type=SERVERS_UPDATED) if isinstance(flask.request.json, list): logger.LogEntry(message='Created %s new users.' % len( flask.request.json)) return utils.jsonify(users) else: logger.LogEntry(message='Created new user "%s".' % users[0]['name']) return utils.jsonify(users[0])
def _create_users(org_id, users_data, remote_addr, background): global _users_background org = organization.get_by_id(org_id) users = [] partial_event = len(users_data) <= 100 if background: _users_background_lock.acquire() if _users_background: return _users_background = True _users_background_lock.release() try: for i, user_data in enumerate(users_data): name = utils.filter_str(user_data['name']) email = utils.filter_str(user_data.get('email')) pin = utils.filter_str(user_data.get('pin')) or None disabled = user_data.get('disabled') network_links = user_data.get('network_links') bypass_secondary = True if user_data.get( 'bypass_secondary') else False client_to_client = True if user_data.get( 'client_to_client') else False dns_servers = user_data.get('dns_servers') or None dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None port_forwarding_in = user_data.get('port_forwarding') port_forwarding = [] groups = user_data.get('groups') or [] for i, group in enumerate(groups): groups[i] = utils.filter_str(group) groups = list(set(groups)) if pin: if not pin.isdigit(): return utils.jsonify({ 'error': PIN_NOT_DIGITS, 'error_msg': PIN_NOT_DIGITS_MSG, }, 400) if len(pin) < settings.user.pin_min_length: return utils.jsonify({ 'error': PIN_TOO_SHORT, 'error_msg': PIN_TOO_SHORT_MSG, }, 400) pin = auth.generate_hash_pin_v2(pin) if port_forwarding_in: for data in port_forwarding_in: port_forwarding.append({ 'protocol': utils.filter_str(data.get('protocol')), 'port': utils.filter_str(data.get('port')), 'dport': utils.filter_str(data.get('dport')), }) user = org.new_user(type=CERT_CLIENT, name=name, email=email, groups=groups, pin=pin, disabled=disabled, bypass_secondary=bypass_secondary, client_to_client=client_to_client, dns_servers=dns_servers, dns_suffix=dns_suffix, port_forwarding=port_forwarding) user.audit_event('user_created', 'User created from web console', remote_addr=remote_addr, ) if network_links: for network_link in network_links: try: user.add_network_link(network_link) except (ipaddress.AddressValueError, ValueError): return _network_link_invalid() except ServerOnlineError: return utils.jsonify({ 'error': NETWORK_LINK_NOT_OFFLINE, 'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG, }, 400) users.append(user.dict()) if partial_event and i != 0 and i % 10 == 0: event.Event(type=ORGS_UPDATED) event.Event(type=USERS_UPDATED, resource_id=org.id) event.Event(type=SERVERS_UPDATED) except: logger.exception('Error creating users', 'users') raise finally: if background: _users_background_lock.acquire() _users_background = False _users_background_lock.release() event.Event(type=ORGS_UPDATED) event.Event(type=USERS_UPDATED, resource_id=org.id) event.Event(type=SERVERS_UPDATED) if len(users) > 1: logger.LogEntry(message='Created %s new users.' % len(users)) return utils.jsonify(users) else: logger.LogEntry(message='Created new user "%s".' % users[0]['name']) return utils.jsonify(users[0])
def _create_user(users, org, user_data, remote_addr, pool): name = utils.filter_str(user_data['name']) email = utils.filter_str(user_data.get('email')) pin = utils.filter_str(user_data.get('pin')) or None disabled = True if user_data.get('disabled') else False network_links = user_data.get('network_links') or None bypass_secondary = True if user_data.get( 'bypass_secondary') else False client_to_client = True if user_data.get( 'client_to_client') else False dns_servers = user_data.get('dns_servers') or None dns_suffix = utils.filter_str(user_data.get('dns_suffix')) or None port_forwarding_in = user_data.get('port_forwarding') port_forwarding = [] groups = user_data.get('groups') or [] for i, group in enumerate(groups): groups[i] = utils.filter_str(group) groups = list(set(groups)) if pin: if not pin.isdigit(): return utils.jsonify({ 'error': PIN_NOT_DIGITS, 'error_msg': PIN_NOT_DIGITS_MSG, }, 400) if len(pin) < settings.user.pin_min_length: return utils.jsonify({ 'error': PIN_TOO_SHORT, 'error_msg': PIN_TOO_SHORT_MSG, }, 400) pin = auth.generate_hash_pin_v2(pin) if port_forwarding_in: for data in port_forwarding_in: port_forwarding.append({ 'protocol': utils.filter_str(data.get('protocol')), 'port': utils.filter_str(data.get('port')), 'dport': utils.filter_str(data.get('dport')), }) user = org.new_user(type=CERT_CLIENT, pool=pool, name=name, email=email, groups=groups, pin=pin, disabled=disabled, bypass_secondary=bypass_secondary, client_to_client=client_to_client, dns_servers=dns_servers, dns_suffix=dns_suffix, port_forwarding=port_forwarding) user.audit_event('user_created', 'User created from web console', remote_addr=remote_addr, ) if network_links: for network_link in network_links: try: user.add_network_link(network_link) except (ipaddress.AddressValueError, ValueError): return _network_link_invalid() except ServerOnlineError: return utils.jsonify({ 'error': NETWORK_LINK_NOT_OFFLINE, 'error_msg': NETWORK_LINK_NOT_OFFLINE_MSG, }, 400) users.append(user.dict())