def _control(request, *args, **kwargs):
key = get_param_in_request(request, TOKEN)
condition = "True"
if not key:
message = auth_messages.get("token_required")
if request.is_ajax():
return HttpResponse(message, status=203)
return HttpResponse(
loader.render_to_string(TOKEN_INVALID, {"error": message}))
if key not in cache:
message = auth_messages.get("token_invalid")
if request.is_ajax():
return HttpResponse(message, status=203)
return HttpResponse(
loader.render_to_string(TOKEN_INVALID, {"error": message}))
# Get hash in cache
data_from_cache = cache.get(key)
user_hash = data_from_cache.get('user_hash')
permissions = data_from_cache.get('permissions')
#Check Has Permission
if required_permissions:
for perm in required_permissions:
write_required = perm.get('write', False)
read_required = perm.get('read', False)
required_permission = perm.get('permission')
permission = permissions.get(required_permission)
write_permission = condition == permission.get('write')
read_permission = condition == permission.get('read')
if (write_required and not write_permission) or (
read_required and not read_permission):
message = auth_messages.get('user_not_authorized')
if request.is_ajax():
return HttpResponse(message, status=2003)
return HttpResponse(
loader.render_to_string(TOKEN_INVALID,
{"error": message}))
# Decrypt hash
user = Encryption().Decrypt(user_hash)
username, password, user_ldap = str(user).split("@")
if user_ldap == "":
client = ClientFactory(NETWORK_API_URL, username, password)
else:
client = ClientFactory(NETWORK_API_URL, username, password,
user_ldap)
kwargs["form_acess"] = ControlAcessForm(initial={"token": key})
kwargs["client"] = client
# Execute method
return func(request, *args, **kwargs)
def login(request):
modal_auto_open = "false"
if request.method == 'POST':
form = LoginForm(request.POST)
form_pass = PassForm()
if form.is_valid():
try:
client = ClientFactory(
NETWORK_API_URL, NETWORK_API_USERNAME, NETWORK_API_PASSWORD)
user = client.create_usuario().authenticate(form.cleaned_data[
'username'], form.cleaned_data['password'], form.cleaned_data['is_ldap_user'])
if user is None:
messages.add_message(
request, messages.ERROR, auth_messages.get("user_invalid"))
else:
request.session.set_expiry(SESSION_EXPIRY_AGE)
auth = AuthSession(request.session)
user = user.get('user')
if user.get('permission') is None:
messages.add_message(
request, messages.ERROR, auth_messages.get("nogroup_error"))
return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request))
auth.login(User(user.get('id'), user.get('user'), user.get('nome'), user.get(
'email'), user.get('pwd'), user.get('permission'), user.get('ativo'), user.get('user_ldap')))
if form.cleaned_data['redirect'] != "":
return HttpResponseRedirect(form.cleaned_data['redirect'])
return HttpResponseRedirect(URL_HOME)
except InvalidParameterError, e:
logger.error(e)
messages.add_message(
request, messages.ERROR, auth_messages.get("user_invalid"))
except NetworkAPIClientError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
except LDAPNotFoundError, e:
logger.error(e)
messages.add_message(
request, messages.ERROR, auth_messages.get("user_ldap_not_found"))
def _control(request, *args, **kwargs):
key = get_param_in_request(request, TOKEN)
condition = "True"
if not key:
message = auth_messages.get("token_required")
if request.is_ajax():
return HttpResponse(message, status=203)
return HttpResponse(loader.render_to_string(TOKEN_INVALID, {"error": message}))
if key not in cache:
message = auth_messages.get("token_invalid")
if request.is_ajax():
return HttpResponse(message, status=203)
return HttpResponse(loader.render_to_string(TOKEN_INVALID, {"error": message}))
# Get hash in cache
data_from_cache = cache.get(key)
user_hash = data_from_cache.get('user_hash')
permissions = data_from_cache.get('permissions')
#Check Has Permission
if required_permissions:
for perm in required_permissions:
write_required = perm.get('write', False)
read_required = perm.get('read', False)
required_permission = perm.get('permission')
permission = permissions.get(required_permission)
write_permission = condition == permission.get('write')
read_permission = condition == permission.get('read')
if (write_required and not write_permission) or (read_required and not read_permission):
message = auth_messages.get('user_not_authorized')
if request.is_ajax():
return HttpResponse(message, status=2003)
return HttpResponse(loader.render_to_string(TOKEN_INVALID, {"error": message}))
# Decrypt hash
user = Encryption().Decrypt(user_hash)
username, password, user_ldap = str(user).split("@")
if user_ldap == "":
client = ClientFactory(NETWORK_API_URL, username, password)
else:
client = ClientFactory(NETWORK_API_URL, username, password, user_ldap)
kwargs["form_acess"] = ControlAcessForm(initial={"token": key})
kwargs["client"] = client
# Execute method
return func(request, *args, **kwargs)
def handler500(request):
auth = AuthSession(request.session)
messages.add_message(request, messages.ERROR, auth_messages.get("500"))
if auth.is_authenticated():
return HttpResponseRedirect(URL_HOME)
return HttpResponseRedirect(URL_LOGIN)
def change_password(request):
lists = dict()
if request.method == 'GET':
lists['change_pass_form'] = ChangePassForm()
return render_to_response_ajax(AJAX_NEW_PASS, lists, context_instance=RequestContext(request))
if request.method == 'POST':
change_pass_form = ChangePassForm()
try:
change_pass_form = ChangePassForm(request.POST)
if change_pass_form.is_valid():
auth = AuthSession(request.session)
client = auth.get_clientFactory()
new_password = change_pass_form.cleaned_data['new_pass']
user = auth.get_user()
user_id = user.get_id()
user_current_password = user.get_password()
client.create_usuario().change_password(
user_id, user_current_password, new_password)
user.set_password(new_password)
messages.add_message(
request, messages.SUCCESS, auth_messages.get("pass_change_sucess"))
# Returns HTML
response = HttpResponse(loader.render_to_string(
AJAX_NEW_PASS, lists, context_instance=RequestContext(request)))
# Send response status with error
response.status_code = 200
return response
else:
lists['change_pass_form'] = change_pass_form
# Returns HTML
response = HttpResponse(loader.render_to_string(
AJAX_NEW_PASS, lists, context_instance=RequestContext(request)))
# Send response status with error
response.status_code = 412
return response
except NetworkAPIClientError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
lists['change_pass_form'] = change_pass_form
return render_to_response_ajax(AJAX_NEW_PASS, lists, context_instance=RequestContext(request))
def handler500(request):
auth = AuthSession(request.session)
messages.add_message(request, messages.ERROR, auth_messages.get("500"))
if auth.is_authenticated():
return HttpResponseRedirect(URL_HOME)
return HttpResponseRedirect(URL_LOGIN)
def _has_perm(request, *args, **kwargs):
auth = AuthSession(request.session)
if auth.is_authenticated():
user = auth.get_user()
for perm in permission:
write = perm.get("write")
read = perm.get("read")
if not user.has_perm(perm['permission'], write, read):
messages.add_message(
request, messages.ERROR, auth_messages.get('user_not_authorized'))
return HttpResponseRedirect(URL_HOME)
return view_func(request, *args, **kwargs)
else:
return HttpResponseRedirect(URL_LOGIN)
def _has_perm(request, *args, **kwargs):
auth = AuthSession(request.session)
if auth.is_authenticated():
user = auth.get_user()
for perm in permission:
write = perm.get("write")
read = perm.get("read")
if not user.has_perm(perm['permission'], write, read):
messages.add_message(
request, messages.ERROR,
auth_messages.get('user_not_authorized'))
return HttpResponseRedirect(URL_HOME)
return view_func(request, *args, **kwargs)
else:
return HttpResponseRedirect(URL_LOGIN)
def lost_pass(request):
form = LoginForm()
modal_auto_open = "true"
form_pass = None
try:
if request.method == 'POST':
form_pass = PassForm(request.POST)
if form_pass.is_valid():
client = ClientFactory(NETWORK_API_URL, NETWORK_API_USERNAME,
NETWORK_API_PASSWORD)
users = client.create_usuario().listar()
users = users.get("usuario")
username = form_pass.cleaned_data['username']
email = form_pass.cleaned_data['email']
for user in users:
if user.get("user").upper() == username.upper():
if user.get("email") == email:
if not user.get('user_ldap'):
pass_open = make_random_password()
password = hashlib.md5(pass_open).hexdigest()
ativo = '1' if user.get('ativo') else '0'
client.create_usuario().alterar(
user.get('id'), user.get('user'), password,
user.get('nome'), ativo, user.get('email'),
user.get('user_ldap'))
lists = dict()
lists['user'] = user.get('user')
lists['new_pass'] = pass_open
# Montar Email com nova senha
connection = EmailBackend(
username=EMAIL_HOST_USER,
password=EMAIL_HOST_PASSWORD)
send_email = EmailMessage(
'Solicitação de Nova Senha',
loader.render_to_string(
MAIL_NEW_PASS, lists),
EMAIL_FROM, [email],
connection=connection)
send_email.content_subtype = "html"
send_email.send()
messages.add_message(
request, messages.SUCCESS,
auth_messages.get("email_success"))
modal_auto_open = 'false'
return render_to_response(
templates.LOGIN, {
'form': form,
'form_pass': form_pass,
'modal': modal_auto_open
},
context_instance=RequestContext(request))
else:
messages.add_message(
request, messages.ERROR,
auth_messages.get(
"user_ldap_cant_recover_pass"))
modal_auto_open = 'false'
return render_to_response(
templates.LOGIN, {
'form': form,
'form_pass': form_pass,
'modal': modal_auto_open
},
context_instance=RequestContext(request))
for user in users:
if user.get("user_ldap") is not None and user.get(
"user_ldap").upper() == username.upper():
messages.add_message(
request, messages.ERROR,
auth_messages.get("user_ldap_cant_recover_pass"))
modal_auto_open = 'false'
return render_to_response(
templates.LOGIN, {
'form': form,
'form_pass': form_pass,
'modal': modal_auto_open
},
context_instance=RequestContext(request))
messages.add_message(request, messages.ERROR,
auth_messages.get("user_email_invalid"))
modal_auto_open = 'false'
except NetworkAPIClientError as e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
modal_auto_open = 'false'
except BaseException as e:
logger.exception(e)
logger.error("URLError Invalid EMAIL_HOST in settings.py")
messages.add_message(request, messages.ERROR,
"Invalid EMAIL_HOST in settings.py")
modal_auto_open = 'false'
return render_to_response(templates.LOGIN, {
'form': form,
'form_pass': form_pass,
'modal': modal_auto_open
},
context_instance=RequestContext(request))
def lost_pass(request):
form = LoginForm()
modal_auto_open = "true"
try:
if request.method == 'POST':
form_pass = PassForm(request.POST)
if form_pass.is_valid():
client = ClientFactory(
NETWORK_API_URL, NETWORK_API_USERNAME, NETWORK_API_PASSWORD)
users = client.create_usuario().listar()
users = users.get("usuario")
username = form_pass.cleaned_data['username']
email = form_pass.cleaned_data['email']
for user in users:
if user.get("user").upper() == username.upper():
if user.get("email") == email:
if not user.get('user_ldap'):
pass_open = make_random_password()
password = hashlib.md5(pass_open).hexdigest()
ativo = None
if user.get('ativo'):
ativo = '1'
else:
ativo = '0'
client.create_usuario().alterar(user.get('id'), user.get('user'), password,
user.get('nome'), ativo, user.get('email'), user.get('user_ldap'))
lists = dict()
lists['user'] = user.get('user')
lists['new_pass'] = pass_open
# Montar Email com nova senha
connection = EmailBackend(
username=EMAIL_HOST_USER, password=EMAIL_HOST_PASSWORD)
send_email = EmailMessage('Solicitação de Nova Senha', loader.render_to_string(
MAIL_NEW_PASS, lists), EMAIL_FROM, [email], connection=connection)
send_email.content_subtype = "html"
send_email.send()
messages.add_message(
request, messages.SUCCESS, auth_messages.get("email_success"))
modal_auto_open = 'false'
return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request))
else:
messages.add_message(
request, messages.ERROR, auth_messages.get("user_ldap_cant_recover_pass"))
modal_auto_open = 'false'
return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request))
for user in users:
if user.get("user_ldap") is not None and user.get("user_ldap").upper() == username.upper():
messages.add_message(
request, messages.ERROR, auth_messages.get("user_ldap_cant_recover_pass"))
modal_auto_open = 'false'
return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request))
messages.add_message(
request, messages.ERROR, auth_messages.get("user_email_invalid"))
modal_auto_open = 'false'
except NetworkAPIClientError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
modal_auto_open = 'false'
request, messages.ERROR, auth_messages.get("user_invalid"))
except NetworkAPIClientError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
except LDAPNotFoundError, e:
logger.error(e)
messages.add_message(
request, messages.ERROR, auth_messages.get("user_ldap_not_found"))
except Exception, e:
logger.error(e)
user = {}
messages.add_message(
request, messages.ERROR, auth_messages.get("500"))
return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request))
else:
return render_to_response(templates.LOGIN, {'form': form, 'form_pass': form_pass, 'modal': modal_auto_open}, context_instance=RequestContext(request))
else:
auth = AuthSession(request.session)
if auth.is_authenticated():
return HttpResponseRedirect(URL_HOME)
form = LoginForm()
form_pass = PassForm()
def generate_token(request):
try:
lists = {}
form = forms.GenerateTokenForm(
request.POST) if request.method == 'POST' else forms.GenerateTokenForm()
if form.is_valid():
user_ldap_ass = ""
user = str(form.cleaned_data['user'])
idt = None if not form.cleaned_data[
'requestVip'] else form.cleaned_data['requestVip']
ttl = ACCESS_EXTERNAL_TTL if not form.cleaned_data[
'p'] else form.cleaned_data['p']
# Login with LDAP
if form.cleaned_data['is_ldap_user']:
username_ldap, password_ldap = str(user).split("@")
try:
user_ldap = Ldap("").get_user(username_ldap)
except LDAPNotFoundError, e:
raise Exception(auth_messages.get("user_ldap_not_found"))
pwd_ldap = user_ldap['userPassword']
activate = user_ldap.get('nsaccountlock')
pwd = password_ldap
if re.match("\{(MD|md)5\}.*", pwd_ldap, 0):
pwd = base64.b64encode(hashlib.md5(pwd).digest())
pwd_ldap = pwd_ldap[pwd_ldap.index("}") + 1:]
if pwd == pwd_ldap and (activate is None or activate.upper() == 'FALSE'):
# Valid User
client, client_user = facade.validate_user_networkapi(
user, form.cleaned_data['is_ldap_user'])
user_ldap_client = client_user.get('user')
user_ldap_ass = user_ldap_client['user_ldap']
else:
client_user = None
else:
# Valid User
client, client_user = facade.validate_user_networkapi(
user, form.cleaned_data['is_ldap_user'])
# Valid User
if client_user is None:
raise UserNotAuthenticatedError("user_invalid")
else:
# Valid idt
if idt is not None and not is_valid_int_param(idt):
raise Exception(
error_messages.get("invalid_param") % "requestVip")
# Valid ttl
if not is_valid_int_param(ttl):
raise Exception(error_messages.get("invalid_param") % "p")
if idt is not None:
client.create_vip().get_by_id(idt)
# Encrypt hash
user_hash = Encryption().Encrypt(user + "@" + str(user_ldap_ass))
# Get Authenticate User
authenticate_user = client_user.get('user')
# Get Permissions by Authenticate User
permissions = authenticate_user and authenticate_user.get('permission')
# Generates token
key = "%s:%s:%s" % (__name__, str(user), str(strftime("%Y%m%d%H%M%S")))
token = hashlib.sha1(key).hexdigest()
data_to_cache = {"user_hash": user_hash, "permissions": permissions}
# Set token in cache
cache.set(token, data_to_cache, int(ttl))
lists["token"] = token
if idt is not None:
lists["url"] = reverse("vip-request.edit.external", args=[idt])
else:
lists["url"] = reverse("vip-request.form.external")
return render_to_response(templates.VIPREQUEST_TOKEN, lists, context_instance=RequestContext(request))
except InvalidParameterError, e:
logger.error(e)
lists["error"] = error_messages.get("invalid_param") % "id"
def generate_token(request):
try:
lists = {}
form = forms.GenerateTokenForm(
request.POST
) if request.method == 'POST' else forms.GenerateTokenForm()
if form.is_valid():
user_ldap_ass = ""
user = str(form.cleaned_data['user'])
idt = None if not form.cleaned_data[
'requestVip'] else form.cleaned_data['requestVip']
ttl = ACCESS_EXTERNAL_TTL if not form.cleaned_data[
'p'] else form.cleaned_data['p']
# Login with LDAP
if form.cleaned_data['is_ldap_user']:
username_ldap, password_ldap = str(user).split("@")
try:
user_ldap = Ldap("").get_user(username_ldap)
except LDAPNotFoundError, e:
raise Exception(auth_messages.get("user_ldap_not_found"))
pwd_ldap = user_ldap['userPassword']
activate = user_ldap.get('nsaccountlock')
pwd = password_ldap
if re.match("\{(MD|md)5\}.*", pwd_ldap, 0):
pwd = base64.b64encode(hashlib.md5(pwd).digest())
pwd_ldap = pwd_ldap[pwd_ldap.index("}") + 1:]
if pwd == pwd_ldap and (activate is None
or activate.upper() == 'FALSE'):
# Valid User
client, client_user = facade.validate_user_networkapi(
user, form.cleaned_data['is_ldap_user'])
user_ldap_client = client_user.get('user')
user_ldap_ass = user_ldap_client['user_ldap']
else:
client_user = None
else:
# Valid User
client, client_user = facade.validate_user_networkapi(
user, form.cleaned_data['is_ldap_user'])
# Valid User
if client_user is None:
raise UserNotAuthenticatedError("user_invalid")
else:
# Valid idt
if idt is not None and not is_valid_int_param(idt):
raise Exception(
error_messages.get("invalid_param") % "requestVip")
# Valid ttl
if not is_valid_int_param(ttl):
raise Exception(error_messages.get("invalid_param") % "p")
if idt is not None:
client.create_vip().get_by_id(idt)
# Encrypt hash
user_hash = Encryption().Encrypt(user + "@" +
str(user_ldap_ass))
# Get Authenticate User
authenticate_user = client_user.get('user')
# Get Permissions by Authenticate User
permissions = authenticate_user and authenticate_user.get(
'permission')
# Generates token
key = "%s:%s:%s" % (__name__, str(user),
str(strftime("%Y%m%d%H%M%S")))
token = hashlib.sha1(key).hexdigest()
data_to_cache = {
"user_hash": user_hash,
"permissions": permissions
}
# Set token in cache
cache.set(token, data_to_cache, int(ttl))
lists["token"] = token
if idt is not None:
lists["url"] = reverse("vip-request.edit.external",
args=[idt])
else:
lists["url"] = reverse("vip-request.form.external")
return render_to_response(templates.VIPREQUEST_TOKEN,
lists,
context_instance=RequestContext(request))
except InvalidParameterError, e:
logger.error(e)
lists["error"] = error_messages.get("invalid_param") % "id"
auth_messages.get("user_invalid"))
except NetworkAPIClientError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
except LDAPNotFoundError, e:
logger.error(e)
messages.add_message(request, messages.ERROR,
auth_messages.get("user_ldap_not_found"))
except Exception, e:
logger.error(e)
user = {}
messages.add_message(request, messages.ERROR,
auth_messages.get("500"))
return render_to_response(templates.LOGIN, {
'form': form,
'form_pass': form_pass,
'modal': modal_auto_open
},
context_instance=RequestContext(request))
else:
return render_to_response(templates.LOGIN, {
'form': form,
'form_pass': form_pass,
'modal': modal_auto_open
},
context_instance=RequestContext(request))