def get_config_documentation():
"""
returns an restructured text document, that describes the complete
configuration.
"""
P = PolicyClass()
config = get_from_config()
resolvers = get_resolver_list()
realms = get_realms()
policies = P.list_policies()
admins = get_db_admins()
context = {
"system": socket.getfqdn(socket.gethostname()),
"date": datetime.datetime.now().strftime("%Y-%m-%d %H:%M"),
"systemconfig": config,
"appconfig": current_app.config,
"resolverconfig": resolvers,
"realmconfig": realms,
"policyconfig": policies,
"admins": admins
}
g.audit_object.log({"success": True})
# Three or more line breaks will be changed to two.
return re.sub("\n{3,}", "\n\n",
render_template("documentation.rst", context=context))
def upgrade():
# 1. Read the push_registration_url and ttl from the Firebase Config
fb_gateways = get_smsgateway(gwtype=GWTYPE)
print(fb_gateways)
# 2. Check which policy contains this Firebase Config
P = PolicyClass()
pols = P.list_policies(scope=SCOPE.ENROLL,
action="{0!s}".format(PUSH_ACTION.FIREBASE_CONFIG))
# iterate through all enrollment policies
for pol in pols:
# Check for all firebase gateways, if this policy needs to be modified
for fbgw in fb_gateways:
if pol.get("action").get(
PUSH_ACTION.FIREBASE_CONFIG) == fbgw.identifier:
print("Modifying policy {0!s}".format(pol.get("name")))
# This is an enrollment policy, that references this very firebase config
# 3. Add the push_registration_url and ttl to this policy
registration_url = fbgw.option_dict.get("registration URL")
ttl = fbgw.option_dict.get("time to live")
# We can leave most of the parameters None, since it will update the policy.
# We still need to pass the original "active" and "check_all_resolvers" params
# and we need to update the action
action = pol.get("action")
# Only add registration_url and ttl to the policy, if these values actually exist,
# to avoid deleting (setting an empty value) in the policy.
if registration_url:
action[PUSH_ACTION.REGISTRATION_URL] = registration_url
if ttl:
action[PUSH_ACTION.TTL] = ttl
r = set_policy(
name=pol.get("name"),
scope=SCOPE.ENROLL,
active=pol.get("active"),
check_all_resolvers=pol.get("check_all_resolvers"),
action=action)
print("+- Updated policy {0!s}: {1!s}".format(
pol.get("name"), r))
# 4. Delete push_registration_url and ttl from the Firebase Config
# Note: If we had a firebase config, that would not be used in a policy,
# the url and ttl would not be deleted from the firebase config. But this
# does not matter. I like to keep it in this for-loop to avoid side unknown side effects.
print("Deleting URL and TTL from the Firebase Gateway config.")
if registration_url:
delete_smsgateway_option(fbgw.id, "registration URL")
if ttl:
delete_smsgateway_option(fbgw.id, "time to live")
def is_password_reset():
"""
Check if password reset is allowed.
We need to check, if a user policy with password_reset exists AND if an
editable resolver exists. Otherwise password_reset does not make any sense.
:return: True or False
"""
rlist = get_resolver_list(editable=True)
log.debug("Number of editable resolvers: {0!s}".format(len(rlist)))
Policy = PolicyClass()
policy_at_all = Policy.list_policies(scope=SCOPE.USER, active=True)
log.debug("Policy at all: {0!s}".format(policy_at_all))
policy_reset_pw = Policy.match_policies(scope=SCOPE.USER,
action=ACTION.PASSWORDRESET,
active=True)
log.debug("Password reset policy: {0!s}".format(policy_reset_pw))
pwreset = (policy_at_all and policy_reset_pw) or not policy_at_all
log.debug("Password reset allowed via policy: {0!s}".format(pwreset))
return bool(rlist and pwreset)
