def execute(my): # Since this is not called with Command.execute_cmd my.check() web = WebContainer.get_web() reset_on = my.kwargs.get('reset') == True if reset_on: security = WebContainer.get_security() #Batch() login = Login.get_by_login(my.login) if not login: web.set_form_value(ResetPasswordWdg.MSG, 'This user [%s] does not exist or has been disabled. Please contact the Administrator.'%my.login) return email = login.get_value('email') if not email: web.set_form_value(ResetPasswordWdg.MSG, 'This user [%s] does not have an email entry for us to email you the new password. Please contact the Administrator.'%my.login) return # auto pass generation unique_code = ''.join([ random.choice('abcdefghijklmno12345') for i in xrange(0, 5)]) auto_password = unique_code msg = ResetPasswordWdg.RESET_MSG # send the email try: from pyasm.command import EmailTriggerTestCmd admin = Login.get_by_login('admin') if admin: sender_email = admin.get_value('email') else: sender_email = '*****@*****.**' recipient_emails = [email] email_msg = 'Your TACTIC password has been reset. The new password is:\n%s\nYou can change your password once you log in by going to Edit My Account at the top right corner.'%auto_password email_cmd = EmailTriggerTestCmd(sender_email=sender_email, recipient_emails=recipient_emails, msg= email_msg, subject='TACTIC password change') email_cmd.execute() except TacticException, e: msg = "Failed to send an email for your new password. Reset aborted." web.set_form_value(ResetPasswordWdg.MSG, msg) raise else: encrypted = hashlib.md5(auto_password).hexdigest() login.set_value('password', encrypted) login.commit() web.set_form_value(ResetPasswordWdg.MSG, 'A new password has been sent to your email address. Please check your email.') # handle windows domains #if my.domain: # my.login = "******" % (my.domain, my.login) web.set_form_value(ResetPasswordWdg.MSG, msg)
def execute(my): from pyasm.web import WebContainer web = WebContainer.get_web() # If the tag <force_lowercase_login> is set to "true" # in the TACTIC config file, # then force the login string argument to be lowercase. # This tag is false by default. my.login = web.get_form_value("login") if Config.get_value("security","force_lowercase_login") == "true": my.login = my.login.lower() my.password = web.get_form_value("password") my.domain = web.get_form_value("domain") if my.login == "" and my.password == "": return False if my.login == "" or my.password == "": web.set_form_value(WebLoginWdg.LOGIN_MSG, \ "Empty username or password") return False security = WebContainer.get_security() # handle windows domains #if my.domain: # my.login = "******" % (my.domain, my.login) verify_password = web.get_form_value("verify_password") if verify_password: if verify_password != my.password: web.set_form_value(WebLoginWdg.LOGIN_MSG, \ "Passwords do not match.") return False my.password = Login.get_default_password() try: security.login_user(my.login, my.password, domain=my.domain) except SecurityException, e: msg = str(e) if not msg: msg = "Incorrect username or password" from pyasm.widget import WebLoginWdg web.set_form_value(WebLoginWdg.LOGIN_MSG, msg)
def add(my,widget,title=None,index=None): if title == None: title = widget.__class__.__name__ # determine the url and check security # DEPRECATED!!!! use "tab" security url_selector = WebContainer.get_web().get_request_url().get_selector() check = "%s|%s" % (url_selector,title) # check tab security if my.mode != "check": security = WebContainer.get_security() if not security.check_access("url", check, "view"): return # new security mechanism if not security.check_access("tab_title", title, "view"): return # new, new security mechanism tab_path = my.get_tab_path(title) if not security.check_access("tab", tab_path, "view"): return # check if this tab is invisible if not my.check_visibility(tab_path): return if index == None: my.tab_names.append(title) else: my.tab_names.insert(index,title) my.wdg_dict[title] = widget # for tabs, the widget passed in can be None. Only the # title is added if widget == None: return # only the selected one really gets added if not my.tab_value or title == my.tab_value: Container.put("tab_path", my.get_tab_path(title)) widget = my.init_widget(widget, title) # the very first time user click on the main tab if not my.tab_value: my.tab_value = title super(TabWdg,my)._add_widget(widget, title)
def add(my, widget, title=None, index=None): if title == None: title = widget.__class__.__name__ # determine the url and check security # DEPRECATED!!!! use "tab" security url_selector = WebContainer.get_web().get_request_url().get_selector() check = "%s|%s" % (url_selector, title) # check tab security if my.mode != "check": security = WebContainer.get_security() if not security.check_access("url", check, "view"): return # new security mechanism if not security.check_access("tab_title", title, "view"): return # new, new security mechanism tab_path = my.get_tab_path(title) if not security.check_access("tab", tab_path, "view"): return # check if this tab is invisible if not my.check_visibility(tab_path): return if index == None: my.tab_names.append(title) else: my.tab_names.insert(index, title) my.wdg_dict[title] = widget # for tabs, the widget passed in can be None. Only the # title is added if widget == None: return # only the selected one really gets added if not my.tab_value or title == my.tab_value: Container.put("tab_path", my.get_tab_path(title)) widget = my.init_widget(widget, title) # the very first time user click on the main tab if not my.tab_value: my.tab_value = title super(TabWdg, my)._add_widget(widget, title)
def add(self,widget,title=None): if title == None: title = widget.__class__.__name__ # determine the url and check security request_url = WebContainer.get_web().get_request_url() base = request_url.get_base() if base.endswith("/"): base = "%sIndex" % base check = "%s|%s" % (base,title) security = WebContainer.get_security() if not security.check_access("url", check, "view"): return if not security.check_access("tab", title, "view"): return self.tab_names.append(title) # for tabs, the widget passed in can be None. Only the # title is added assert widget != None # only the selected one really gets added try: # if a method was passed in, then execute it if type(widget) == types.MethodType: widget = MethodWdg(widget) elif isinstance(widget, basestring): widget = Common.create_from_class_path(widget) elif not isinstance(widget, Widget): widget = ClassWdg(widget) # catch all exceptions and log them except Exception as e: self.handle_exception(e) super(DynTabWdg,self)._add_widget(widget, title)
def add(self, widget, title=None): if title == None: title = widget.__class__.__name__ # determine the url and check security request_url = WebContainer.get_web().get_request_url() base = request_url.get_base() if base.endswith("/"): base = "%sIndex" % base check = "%s|%s" % (base, title) security = WebContainer.get_security() if not security.check_access("url", check, "view"): return if not security.check_access("tab", title, "view"): return self.tab_names.append(title) # for tabs, the widget passed in can be None. Only the # title is added assert widget != None # only the selected one really gets added try: # if a method was passed in, then execute it if type(widget) == types.MethodType: widget = MethodWdg(widget) elif isinstance(widget, basestring): widget = Common.create_from_class_path(widget) elif not isinstance(widget, Widget): widget = ClassWdg(widget) # catch all exceptions and log them except Exception as e: self.handle_exception(e) super(DynTabWdg, self)._add_widget(widget, title)
def get_upload_dir(cls): from pyasm.web import WebContainer ticket = WebContainer.get_security().get_ticket().get_key() dir = "%s/upload/%s" % (Environment.get_tmp_dir(), ticket) return dir
def execute(my): from pyasm.web import WebContainer web = WebContainer.get_web() from pyasm.widget import WebLoginWdg # If the tag <force_lowercase_login> is set to "true" # in the TACTIC config file, # then force the login string argument to be lowercase. # This tag is false by default. my.login = web.get_form_value("login") if Config.get_value("security","force_lowercase_login") == "true": my.login = my.login.lower() my.password = web.get_form_value("password") my.domain = web.get_form_value("domain") if my.login == "" and my.password == "": return False if my.login == "" or my.password == "": web.set_form_value(WebLoginWdg.LOGIN_MSG, \ "Empty username or password") return False security = WebContainer.get_security() # handle windows domains #if my.domain: # my.login = "******" % (my.domain, my.login) verify_password = web.get_form_value("verify_password") if verify_password: if verify_password != my.password: web.set_form_value(WebLoginWdg.LOGIN_MSG, \ "Passwords do not match.") return False search = Search("sthpw/login") search.add_filter('upn',my.login) login_sobject = search.get_sobject() if not login_sobject: search2 = Search("sthpw/login") search2.add_filter('login',my.login) login_sobject = search2.get_sobject() if login_sobject.get_value("login") == "admin": login_sobject.set_password(verify_password) try: security.login_user(my.login, my.password, domain=my.domain) except SecurityException, e: msg = str(e) if not msg: msg = "Incorrect username or password" web.set_form_value(WebLoginWdg.LOGIN_MSG, msg) max_attempts=-1 try: max_attempts = int(Config.get_value("security", "max_login_attempt")) except: pass if max_attempts >0: login_attempt = login_sobject.get_value('login_attempt') login_attempt = login_attempt+1 login_sobject.set_value('login_attempt', login_attempt) if login_attempt == max_attempts: #set license_Type to disabled and set off the thread to re-enable it login_sobject.set_value('license_type', 'disabled') disabled_time = Config.get_value("security", "account_lockout_duration") if not disabled_time: disabled_time = "30 minutes" delay,unit = disabled_time.split(" ",1) if "minute" in unit: delay = int(delay)*60 elif "hour" in unit: delay =int(delay)*3600 elif "second" in unit: delay = int(delay) else: #make delay default to 30 min delay = 30*60 my.reenable_user(login_sobject, delay) login_sobject.commit(triggers=False)
def execute(my): # Since this is not called with Command.execute_cmd my.check() web = WebContainer.get_web() reset_on = my.kwargs.get('reset') == True if reset_on: security = WebContainer.get_security() #Batch() login = Login.get_by_login(my.login) if not login: web.set_form_value( ResetPasswordWdg.MSG, 'This user [%s] does not exist or has been disabled. Please contact the Administrator.' % my.login) return email = login.get_value('email') if not email: web.set_form_value( ResetPasswordWdg.MSG, 'This user [%s] does not have an email entry for us to email you the new password. Please contact the Administrator.' % my.login) return # auto pass generation unique_code = ''.join( [random.choice('abcdefghijklmno12345') for i in xrange(0, 5)]) auto_password = unique_code msg = ResetPasswordWdg.RESET_MSG # send the email try: from pyasm.command import EmailTriggerTestCmd admin = Login.get_by_login('admin') if admin: sender_email = admin.get_value('email') else: sender_email = '*****@*****.**' recipient_emails = [email] email_msg = 'Your TACTIC password has been reset. The new password is:\n%s\nYou can change your password once you log in by going to Edit My Account at the top right corner.' % auto_password email_cmd = EmailTriggerTestCmd( sender_email=sender_email, recipient_emails=recipient_emails, msg=email_msg, subject='TACTIC password change') email_cmd.execute() except TacticException, e: msg = "Failed to send an email for your new password. Reset aborted." web.set_form_value(ResetPasswordWdg.MSG, msg) raise else: encrypted = hashlib.md5(auto_password).hexdigest() login.set_value('password', encrypted) login.commit() web.set_form_value( ResetPasswordWdg.MSG, 'A new password has been sent to your email address. Please check your email.' ) # handle windows domains #if my.domain: # my.login = "******" % (my.domain, my.login) web.set_form_value(ResetPasswordWdg.MSG, msg)
def get_upload_dir(cls): from pyasm.web import WebContainer ticket = WebContainer.get_security().get_ticket().get_key() dir = "%s/upload/%s" % (Environment.get_tmp_dir(), ticket) return dir
def is_logged_in(my): security = WebContainer.get_security() return security.is_logged_in()
def execute(self): from pyasm.web import WebContainer web = WebContainer.get_web() from pyasm.widget import WebLoginWdg # If the tag <force_lowercase_login> is set to "true" # in the TACTIC config file, # then force the login string argument to be lowercase. # This tag is false by default. self.login = web.get_form_value("login") if Config.get_value("security", "force_lowercase_login") == "true": self.login = self.login.lower() password = web.get_form_value("password") self.password = password self.domain = web.get_form_value("domain") if self.login == "" and self.password == "": web.set_form_value(WebLoginWdg.LOGIN_MSG, \ "Username and password are empty") return False if self.login == "": web.set_form_value(WebLoginWdg.LOGIN_MSG, \ "Username is empty") return False if self.password == "": web.set_form_value(WebLoginWdg.LOGIN_MSG, \ "Password is empty") return False security = WebContainer.get_security() # handle windows domains #if self.domain: # self.login = "******" % (self.domain, self.login) verify_password = web.get_form_value("verify_password") if verify_password: if verify_password != self.password: web.set_form_value(WebLoginWdg.LOGIN_MSG, \ "Passwords do not match.") return False # check to see if the login exists in the database login_sobject = None if SearchType.column_exists("sthpw/login", "upn"): search = Search("sthpw/login") search.add_filter('upn', self.login) login_sobject = search.get_sobject() if not login_sobject: search2 = Search("sthpw/login") search2.add_filter('login', self.login) login_sobject = search2.get_sobject() if not login_sobject: search2 = Search("sthpw/login") search2.add_filter('email', self.login) login_sobject = search2.get_sobject() # FIXME: need to only be able to do this if admin password is empty if verify_password: if login_sobject and login_sobject.get_value("login") == "admin": login_sobject.set_password(verify_password) try: # always use the login column regardless of what the user entered if login_sobject: login = login_sobject.get_value("login") else: login = self.login security.login_user(login, self.password, domain=self.domain) except SecurityException, e: msg = str(e) if not msg: msg = "Incorrect username or password" web.set_form_value(WebLoginWdg.LOGIN_MSG, msg) max_attempts = -1 try: max_attempts = int( Config.get_value("security", "max_login_attempt")) except: pass if max_attempts > 0: login_attempt = 0 if login_sobject: login_attempt = login_sobject.get_value('login_attempt') login_attempt = login_attempt + 1 login_sobject.set_value('login_attempt', login_attempt) if login_attempt == max_attempts: #set license_Type to disabled and set off the thread to re-enable it login_sobject.set_value('license_type', 'disabled') disabled_time = Config.get_value( "security", "account_lockout_duration") if not disabled_time: disabled_time = "30 minutes" delay, unit = disabled_time.split(" ", 1) if "minute" in unit: delay = int(delay) * 60 elif "hour" in unit: delay = int(delay) * 3600 elif "second" in unit: delay = int(delay) else: #make delay default to 30 min delay = 30 * 60 self.reenable_user(login_sobject, delay) if login_sobject: login_sobject.commit(triggers=False)
def is_logged_in(self): security = WebContainer.get_security() return security.is_logged_in()