def _control(request, *args, **kwargs): key = get_param_in_request(request, TOKEN) condition = "True" if not key: message = auth_messages.get("token_required") if request.is_ajax(): return HttpResponse(message, status=203) return HttpResponse( loader.render_to_string(TOKEN_INVALID, {"error": message})) if key not in cache: message = auth_messages.get("token_invalid") if request.is_ajax(): return HttpResponse(message, status=203) return HttpResponse( loader.render_to_string(TOKEN_INVALID, {"error": message})) # Get hash in cache data_from_cache = cache.get(key) user_hash = data_from_cache.get('user_hash') permissions = data_from_cache.get('permissions') #Check Has Permission if required_permissions: for perm in required_permissions: write_required = perm.get('write', False) read_required = perm.get('read', False) required_permission = perm.get('permission') permission = permissions.get(required_permission) write_permission = condition == permission.get('write') read_permission = condition == permission.get('read') if (write_required and not write_permission) or ( read_required and not read_permission): message = auth_messages.get('user_not_authorized') if request.is_ajax(): return HttpResponse(message, status=2003) return HttpResponse( loader.render_to_string(TOKEN_INVALID, {"error": message})) # Decrypt hash user = Encryption().Decrypt(user_hash) username, password, user_ldap = str(user).split("@") if user_ldap == "": client = ClientFactory(NETWORK_API_URL, username, password) else: client = ClientFactory(NETWORK_API_URL, username, password, user_ldap) kwargs["form_acess"] = ControlAcessForm(initial={"token": key}) kwargs["client"] = client # Execute method return func(request, *args, **kwargs)
def login(request): modal_auto_open = "false" if request.method == 'POST': form = LoginForm(request.POST) form_pass = PassForm() if form.is_valid(): try: client = ClientFactory( NETWORK_API_URL, NETWORK_API_USERNAME, NETWORK_API_PASSWORD) user = client.create_usuario().authenticate(form.cleaned_data[ 'username'], form.cleaned_data['password'], form.cleaned_data['is_ldap_user']) if user is None: messages.add_message( request, messages.ERROR, auth_messages.get("user_invalid")) else: request.session.set_expiry(SESSION_EXPIRY_AGE) auth = AuthSession(request.session) user = user.get('user') if user.get('permission') is None: messages.add_message( request, messages.ERROR, auth_messages.get("nogroup_error")) return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request)) auth.login(User(user.get('id'), user.get('user'), user.get('nome'), user.get( 'email'), user.get('pwd'), user.get('permission'), user.get('ativo'), user.get('user_ldap'))) if form.cleaned_data['redirect'] != "": return HttpResponseRedirect(form.cleaned_data['redirect']) return HttpResponseRedirect(URL_HOME) except InvalidParameterError, e: logger.error(e) messages.add_message( request, messages.ERROR, auth_messages.get("user_invalid")) except NetworkAPIClientError, e: logger.error(e) messages.add_message(request, messages.ERROR, e) except LDAPNotFoundError, e: logger.error(e) messages.add_message( request, messages.ERROR, auth_messages.get("user_ldap_not_found"))
def _control(request, *args, **kwargs): key = get_param_in_request(request, TOKEN) condition = "True" if not key: message = auth_messages.get("token_required") if request.is_ajax(): return HttpResponse(message, status=203) return HttpResponse(loader.render_to_string(TOKEN_INVALID, {"error": message})) if key not in cache: message = auth_messages.get("token_invalid") if request.is_ajax(): return HttpResponse(message, status=203) return HttpResponse(loader.render_to_string(TOKEN_INVALID, {"error": message})) # Get hash in cache data_from_cache = cache.get(key) user_hash = data_from_cache.get('user_hash') permissions = data_from_cache.get('permissions') #Check Has Permission if required_permissions: for perm in required_permissions: write_required = perm.get('write', False) read_required = perm.get('read', False) required_permission = perm.get('permission') permission = permissions.get(required_permission) write_permission = condition == permission.get('write') read_permission = condition == permission.get('read') if (write_required and not write_permission) or (read_required and not read_permission): message = auth_messages.get('user_not_authorized') if request.is_ajax(): return HttpResponse(message, status=2003) return HttpResponse(loader.render_to_string(TOKEN_INVALID, {"error": message})) # Decrypt hash user = Encryption().Decrypt(user_hash) username, password, user_ldap = str(user).split("@") if user_ldap == "": client = ClientFactory(NETWORK_API_URL, username, password) else: client = ClientFactory(NETWORK_API_URL, username, password, user_ldap) kwargs["form_acess"] = ControlAcessForm(initial={"token": key}) kwargs["client"] = client # Execute method return func(request, *args, **kwargs)
def handler500(request): auth = AuthSession(request.session) messages.add_message(request, messages.ERROR, auth_messages.get("500")) if auth.is_authenticated(): return HttpResponseRedirect(URL_HOME) return HttpResponseRedirect(URL_LOGIN)
def change_password(request): lists = dict() if request.method == 'GET': lists['change_pass_form'] = ChangePassForm() return render_to_response_ajax(AJAX_NEW_PASS, lists, context_instance=RequestContext(request)) if request.method == 'POST': change_pass_form = ChangePassForm() try: change_pass_form = ChangePassForm(request.POST) if change_pass_form.is_valid(): auth = AuthSession(request.session) client = auth.get_clientFactory() new_password = change_pass_form.cleaned_data['new_pass'] user = auth.get_user() user_id = user.get_id() user_current_password = user.get_password() client.create_usuario().change_password( user_id, user_current_password, new_password) user.set_password(new_password) messages.add_message( request, messages.SUCCESS, auth_messages.get("pass_change_sucess")) # Returns HTML response = HttpResponse(loader.render_to_string( AJAX_NEW_PASS, lists, context_instance=RequestContext(request))) # Send response status with error response.status_code = 200 return response else: lists['change_pass_form'] = change_pass_form # Returns HTML response = HttpResponse(loader.render_to_string( AJAX_NEW_PASS, lists, context_instance=RequestContext(request))) # Send response status with error response.status_code = 412 return response except NetworkAPIClientError, e: logger.error(e) messages.add_message(request, messages.ERROR, e) lists['change_pass_form'] = change_pass_form return render_to_response_ajax(AJAX_NEW_PASS, lists, context_instance=RequestContext(request))
def _has_perm(request, *args, **kwargs): auth = AuthSession(request.session) if auth.is_authenticated(): user = auth.get_user() for perm in permission: write = perm.get("write") read = perm.get("read") if not user.has_perm(perm['permission'], write, read): messages.add_message( request, messages.ERROR, auth_messages.get('user_not_authorized')) return HttpResponseRedirect(URL_HOME) return view_func(request, *args, **kwargs) else: return HttpResponseRedirect(URL_LOGIN)
def lost_pass(request): form = LoginForm() modal_auto_open = "true" form_pass = None try: if request.method == 'POST': form_pass = PassForm(request.POST) if form_pass.is_valid(): client = ClientFactory(NETWORK_API_URL, NETWORK_API_USERNAME, NETWORK_API_PASSWORD) users = client.create_usuario().listar() users = users.get("usuario") username = form_pass.cleaned_data['username'] email = form_pass.cleaned_data['email'] for user in users: if user.get("user").upper() == username.upper(): if user.get("email") == email: if not user.get('user_ldap'): pass_open = make_random_password() password = hashlib.md5(pass_open).hexdigest() ativo = '1' if user.get('ativo') else '0' client.create_usuario().alterar( user.get('id'), user.get('user'), password, user.get('nome'), ativo, user.get('email'), user.get('user_ldap')) lists = dict() lists['user'] = user.get('user') lists['new_pass'] = pass_open # Montar Email com nova senha connection = EmailBackend( username=EMAIL_HOST_USER, password=EMAIL_HOST_PASSWORD) send_email = EmailMessage( 'Solicitação de Nova Senha', loader.render_to_string( MAIL_NEW_PASS, lists), EMAIL_FROM, [email], connection=connection) send_email.content_subtype = "html" send_email.send() messages.add_message( request, messages.SUCCESS, auth_messages.get("email_success")) modal_auto_open = 'false' return render_to_response( templates.LOGIN, { 'form': form, 'form_pass': form_pass, 'modal': modal_auto_open }, context_instance=RequestContext(request)) else: messages.add_message( request, messages.ERROR, auth_messages.get( "user_ldap_cant_recover_pass")) modal_auto_open = 'false' return render_to_response( templates.LOGIN, { 'form': form, 'form_pass': form_pass, 'modal': modal_auto_open }, context_instance=RequestContext(request)) for user in users: if user.get("user_ldap") is not None and user.get( "user_ldap").upper() == username.upper(): messages.add_message( request, messages.ERROR, auth_messages.get("user_ldap_cant_recover_pass")) modal_auto_open = 'false' return render_to_response( templates.LOGIN, { 'form': form, 'form_pass': form_pass, 'modal': modal_auto_open }, context_instance=RequestContext(request)) messages.add_message(request, messages.ERROR, auth_messages.get("user_email_invalid")) modal_auto_open = 'false' except NetworkAPIClientError as e: logger.error(e) messages.add_message(request, messages.ERROR, e) modal_auto_open = 'false' except BaseException as e: logger.exception(e) logger.error("URLError Invalid EMAIL_HOST in settings.py") messages.add_message(request, messages.ERROR, "Invalid EMAIL_HOST in settings.py") modal_auto_open = 'false' return render_to_response(templates.LOGIN, { 'form': form, 'form_pass': form_pass, 'modal': modal_auto_open }, context_instance=RequestContext(request))
def lost_pass(request): form = LoginForm() modal_auto_open = "true" try: if request.method == 'POST': form_pass = PassForm(request.POST) if form_pass.is_valid(): client = ClientFactory( NETWORK_API_URL, NETWORK_API_USERNAME, NETWORK_API_PASSWORD) users = client.create_usuario().listar() users = users.get("usuario") username = form_pass.cleaned_data['username'] email = form_pass.cleaned_data['email'] for user in users: if user.get("user").upper() == username.upper(): if user.get("email") == email: if not user.get('user_ldap'): pass_open = make_random_password() password = hashlib.md5(pass_open).hexdigest() ativo = None if user.get('ativo'): ativo = '1' else: ativo = '0' client.create_usuario().alterar(user.get('id'), user.get('user'), password, user.get('nome'), ativo, user.get('email'), user.get('user_ldap')) lists = dict() lists['user'] = user.get('user') lists['new_pass'] = pass_open # Montar Email com nova senha connection = EmailBackend( username=EMAIL_HOST_USER, password=EMAIL_HOST_PASSWORD) send_email = EmailMessage('Solicitação de Nova Senha', loader.render_to_string( MAIL_NEW_PASS, lists), EMAIL_FROM, [email], connection=connection) send_email.content_subtype = "html" send_email.send() messages.add_message( request, messages.SUCCESS, auth_messages.get("email_success")) modal_auto_open = 'false' return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request)) else: messages.add_message( request, messages.ERROR, auth_messages.get("user_ldap_cant_recover_pass")) modal_auto_open = 'false' return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request)) for user in users: if user.get("user_ldap") is not None and user.get("user_ldap").upper() == username.upper(): messages.add_message( request, messages.ERROR, auth_messages.get("user_ldap_cant_recover_pass")) modal_auto_open = 'false' return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request)) messages.add_message( request, messages.ERROR, auth_messages.get("user_email_invalid")) modal_auto_open = 'false' except NetworkAPIClientError, e: logger.error(e) messages.add_message(request, messages.ERROR, e) modal_auto_open = 'false'
request, messages.ERROR, auth_messages.get("user_invalid")) except NetworkAPIClientError, e: logger.error(e) messages.add_message(request, messages.ERROR, e) except LDAPNotFoundError, e: logger.error(e) messages.add_message( request, messages.ERROR, auth_messages.get("user_ldap_not_found")) except Exception, e: logger.error(e) user = {} messages.add_message( request, messages.ERROR, auth_messages.get("500")) return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request)) else: return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request)) else: auth = AuthSession(request.session) if auth.is_authenticated(): return HttpResponseRedirect(URL_HOME) form = LoginForm() form_pass = PassForm()
def generate_token(request): try: lists = {} form = forms.GenerateTokenForm( request.POST) if request.method == 'POST' else forms.GenerateTokenForm() if form.is_valid(): user_ldap_ass = "" user = str(form.cleaned_data['user']) idt = None if not form.cleaned_data[ 'requestVip'] else form.cleaned_data['requestVip'] ttl = ACCESS_EXTERNAL_TTL if not form.cleaned_data[ 'p'] else form.cleaned_data['p'] # Login with LDAP if form.cleaned_data['is_ldap_user']: username_ldap, password_ldap = str(user).split("@") try: user_ldap = Ldap("").get_user(username_ldap) except LDAPNotFoundError, e: raise Exception(auth_messages.get("user_ldap_not_found")) pwd_ldap = user_ldap['userPassword'] activate = user_ldap.get('nsaccountlock') pwd = password_ldap if re.match("\{(MD|md)5\}.*", pwd_ldap, 0): pwd = base64.b64encode(hashlib.md5(pwd).digest()) pwd_ldap = pwd_ldap[pwd_ldap.index("}") + 1:] if pwd == pwd_ldap and (activate is None or activate.upper() == 'FALSE'): # Valid User client, client_user = facade.validate_user_networkapi( user, form.cleaned_data['is_ldap_user']) user_ldap_client = client_user.get('user') user_ldap_ass = user_ldap_client['user_ldap'] else: client_user = None else: # Valid User client, client_user = facade.validate_user_networkapi( user, form.cleaned_data['is_ldap_user']) # Valid User if client_user is None: raise UserNotAuthenticatedError("user_invalid") else: # Valid idt if idt is not None and not is_valid_int_param(idt): raise Exception( error_messages.get("invalid_param") % "requestVip") # Valid ttl if not is_valid_int_param(ttl): raise Exception(error_messages.get("invalid_param") % "p") if idt is not None: client.create_vip().get_by_id(idt) # Encrypt hash user_hash = Encryption().Encrypt(user + "@" + str(user_ldap_ass)) # Get Authenticate User authenticate_user = client_user.get('user') # Get Permissions by Authenticate User permissions = authenticate_user and authenticate_user.get('permission') # Generates token key = "%s:%s:%s" % (__name__, str(user), str(strftime("%Y%m%d%H%M%S"))) token = hashlib.sha1(key).hexdigest() data_to_cache = {"user_hash": user_hash, "permissions": permissions} # Set token in cache cache.set(token, data_to_cache, int(ttl)) lists["token"] = token if idt is not None: lists["url"] = reverse("vip-request.edit.external", args=[idt]) else: lists["url"] = reverse("vip-request.form.external") return render_to_response(templates.VIPREQUEST_TOKEN, lists, context_instance=RequestContext(request)) except InvalidParameterError, e: logger.error(e) lists["error"] = error_messages.get("invalid_param") % "id"
def generate_token(request): try: lists = {} form = forms.GenerateTokenForm( request.POST ) if request.method == 'POST' else forms.GenerateTokenForm() if form.is_valid(): user_ldap_ass = "" user = str(form.cleaned_data['user']) idt = None if not form.cleaned_data[ 'requestVip'] else form.cleaned_data['requestVip'] ttl = ACCESS_EXTERNAL_TTL if not form.cleaned_data[ 'p'] else form.cleaned_data['p'] # Login with LDAP if form.cleaned_data['is_ldap_user']: username_ldap, password_ldap = str(user).split("@") try: user_ldap = Ldap("").get_user(username_ldap) except LDAPNotFoundError, e: raise Exception(auth_messages.get("user_ldap_not_found")) pwd_ldap = user_ldap['userPassword'] activate = user_ldap.get('nsaccountlock') pwd = password_ldap if re.match("\{(MD|md)5\}.*", pwd_ldap, 0): pwd = base64.b64encode(hashlib.md5(pwd).digest()) pwd_ldap = pwd_ldap[pwd_ldap.index("}") + 1:] if pwd == pwd_ldap and (activate is None or activate.upper() == 'FALSE'): # Valid User client, client_user = facade.validate_user_networkapi( user, form.cleaned_data['is_ldap_user']) user_ldap_client = client_user.get('user') user_ldap_ass = user_ldap_client['user_ldap'] else: client_user = None else: # Valid User client, client_user = facade.validate_user_networkapi( user, form.cleaned_data['is_ldap_user']) # Valid User if client_user is None: raise UserNotAuthenticatedError("user_invalid") else: # Valid idt if idt is not None and not is_valid_int_param(idt): raise Exception( error_messages.get("invalid_param") % "requestVip") # Valid ttl if not is_valid_int_param(ttl): raise Exception(error_messages.get("invalid_param") % "p") if idt is not None: client.create_vip().get_by_id(idt) # Encrypt hash user_hash = Encryption().Encrypt(user + "@" + str(user_ldap_ass)) # Get Authenticate User authenticate_user = client_user.get('user') # Get Permissions by Authenticate User permissions = authenticate_user and authenticate_user.get( 'permission') # Generates token key = "%s:%s:%s" % (__name__, str(user), str(strftime("%Y%m%d%H%M%S"))) token = hashlib.sha1(key).hexdigest() data_to_cache = { "user_hash": user_hash, "permissions": permissions } # Set token in cache cache.set(token, data_to_cache, int(ttl)) lists["token"] = token if idt is not None: lists["url"] = reverse("vip-request.edit.external", args=[idt]) else: lists["url"] = reverse("vip-request.form.external") return render_to_response(templates.VIPREQUEST_TOKEN, lists, context_instance=RequestContext(request)) except InvalidParameterError, e: logger.error(e) lists["error"] = error_messages.get("invalid_param") % "id"
auth_messages.get("user_invalid")) except NetworkAPIClientError, e: logger.error(e) messages.add_message(request, messages.ERROR, e) except LDAPNotFoundError, e: logger.error(e) messages.add_message(request, messages.ERROR, auth_messages.get("user_ldap_not_found")) except Exception, e: logger.error(e) user = {} messages.add_message(request, messages.ERROR, auth_messages.get("500")) return render_to_response(templates.LOGIN, { 'form': form, 'form_pass': form_pass, 'modal': modal_auto_open }, context_instance=RequestContext(request)) else: return render_to_response(templates.LOGIN, { 'form': form, 'form_pass': form_pass, 'modal': modal_auto_open }, context_instance=RequestContext(request))