Пример #1
0
def get_config_documentation():
    """
    returns an restructured text document, that describes the complete
    configuration.
    """
    P = PolicyClass()

    config = get_from_config()
    resolvers = get_resolver_list()
    realms = get_realms()
    policies = P.list_policies()
    admins = get_db_admins()
    context = {
        "system": socket.getfqdn(socket.gethostname()),
        "date": datetime.datetime.now().strftime("%Y-%m-%d %H:%M"),
        "systemconfig": config,
        "appconfig": current_app.config,
        "resolverconfig": resolvers,
        "realmconfig": realms,
        "policyconfig": policies,
        "admins": admins
    }

    g.audit_object.log({"success": True})
    # Three or more line breaks will be changed to two.
    return re.sub("\n{3,}", "\n\n",
                  render_template("documentation.rst", context=context))
Пример #2
0
def upgrade():
    # 1. Read the push_registration_url and ttl from the Firebase Config
    fb_gateways = get_smsgateway(gwtype=GWTYPE)
    print(fb_gateways)
    # 2. Check which policy contains this Firebase Config
    P = PolicyClass()
    pols = P.list_policies(scope=SCOPE.ENROLL,
                           action="{0!s}".format(PUSH_ACTION.FIREBASE_CONFIG))

    # iterate through all enrollment policies
    for pol in pols:
        # Check for all firebase gateways, if this policy needs to be modified
        for fbgw in fb_gateways:
            if pol.get("action").get(
                    PUSH_ACTION.FIREBASE_CONFIG) == fbgw.identifier:
                print("Modifying policy {0!s}".format(pol.get("name")))
                # This is an enrollment policy, that references this very firebase config
                # 3. Add the push_registration_url and ttl to this policy
                registration_url = fbgw.option_dict.get("registration URL")
                ttl = fbgw.option_dict.get("time to live")
                # We can leave most of the parameters None, since it will update the policy.
                # We still need to pass the original "active" and "check_all_resolvers" params
                # and we need to update the action
                action = pol.get("action")
                # Only add registration_url and ttl to the policy, if these values actually exist,
                # to avoid deleting (setting an empty value) in the policy.
                if registration_url:
                    action[PUSH_ACTION.REGISTRATION_URL] = registration_url
                if ttl:
                    action[PUSH_ACTION.TTL] = ttl
                r = set_policy(
                    name=pol.get("name"),
                    scope=SCOPE.ENROLL,
                    active=pol.get("active"),
                    check_all_resolvers=pol.get("check_all_resolvers"),
                    action=action)
                print("+- Updated policy {0!s}: {1!s}".format(
                    pol.get("name"), r))
                # 4. Delete push_registration_url and ttl from the Firebase Config
                #    Note: If we had a firebase config, that would not be used in a policy,
                #    the url and ttl would not be deleted from the firebase config. But this
                #    does not matter. I like to keep it in this for-loop to avoid side unknown side effects.
                print("Deleting URL and TTL from the Firebase Gateway config.")
                if registration_url:
                    delete_smsgateway_option(fbgw.id, "registration URL")
                if ttl:
                    delete_smsgateway_option(fbgw.id, "time to live")
Пример #3
0
def is_password_reset():
    """
    Check if password reset is allowed.

    We need to check, if a user policy with password_reset exists AND if an
    editable resolver exists. Otherwise password_reset does not make any sense.

    :return: True or False
    """
    rlist = get_resolver_list(editable=True)
    log.debug("Number of editable resolvers: {0!s}".format(len(rlist)))
    Policy = PolicyClass()
    policy_at_all = Policy.list_policies(scope=SCOPE.USER, active=True)
    log.debug("Policy at all: {0!s}".format(policy_at_all))
    policy_reset_pw = Policy.match_policies(scope=SCOPE.USER,
                                            action=ACTION.PASSWORDRESET,
                                            active=True)
    log.debug("Password reset policy: {0!s}".format(policy_reset_pw))
    pwreset = (policy_at_all and policy_reset_pw) or not policy_at_all
    log.debug("Password reset allowed via policy: {0!s}".format(pwreset))

    return bool(rlist and pwreset)