def page_logout():
invalidate_auth_session()
if auth_type == 'cookie':
html.http_redirect(config.url_prefix() + 'check_mk/login.py')
else:
# Implement HTTP logout with cookie hack
if not html.has_cookie('logout'):
html.set_http_header('WWW-Authenticate', 'Basic realm="OMD Monitoring Site %s"' % config.omd_site())
html.set_cookie('logout', '1')
raise FinalizeRequest(401)
else:
html.del_cookie('logout')
html.http_redirect(config.url_prefix() + 'check_mk/')
def page_logout():
invalidate_auth_session()
if auth_type == 'cookie':
html.http_redirect(config.url_prefix() + 'check_mk/login.py')
else:
# Implement HTTP logout with cookie hack
if not html.has_cookie('logout'):
html.set_http_header('WWW-Authenticate', 'Basic realm="OMD Monitoring Site %s"' % config.omd_site())
html.set_cookie('logout', '1')
raise FinalizeRequest(401)
else:
html.del_cookie('logout')
html.http_redirect(config.url_prefix() + 'check_mk/')
def do_login():
# handle the sent login form
if html.var('_login'):
try:
username = html.get_unicode_input('_username', '').rstrip()
if username == '':
raise MKUserError('_username', _('No username given.'))
password = html.var('_password', '')
if password == '':
raise MKUserError('_password', _('No password given.'))
origtarget = html.var('_origtarget')
# Disallow redirections to:
# - logout.py: Happens after login
# - side.py: Happens when invalid login is detected during sidebar refresh
# - Full qualified URLs (http://...) to prevent redirection attacks
if not origtarget or "logout.py" in origtarget or 'side.py' in origtarget or '://' in origtarget:
origtarget = config.url_prefix() + 'check_mk/'
# None -> User unknown, means continue with other connectors
# '<user_id>' -> success
# False -> failed
result = userdb.hook_login(username, password)
if result:
# use the username provided by the successful login function, this function
# might have transformed the username provided by the user. e.g. switched
# from mixed case to lower case.
username = result
# When single user session mode is enabled, check that there is not another
# active session
userdb.ensure_user_can_init_session(username)
# reset failed login counts
userdb.on_succeeded_login(username)
# The login succeeded! Now:
# a) Set the auth cookie
# b) Unset the login vars in further processing
# c) Redirect to really requested page
create_auth_session(username)
# Never use inplace redirect handling anymore as used in the past. This results
# in some unexpected situations. We simpy use 302 redirects now. So we have a
# clear situation.
# userdb.need_to_change_pw returns either False or the reason description why the
# password needs to be changed
result = userdb.need_to_change_pw(username)
if result:
html.http_redirect('user_change_pw.py?_origtarget=%s&reason=%s' % (html.urlencode(origtarget), result))
else:
html.http_redirect(origtarget)
else:
userdb.on_failed_login(username)
raise MKUserError(None, _('Invalid credentials.'))
except MKUserError, e:
html.add_user_error(e.varname, e)
return "%s" % e
def do_login():
# handle the sent login form
if html.var('_login'):
try:
username = html.get_unicode_input('_username', '').rstrip()
if username == '':
raise MKUserError('_username', _('No username given.'))
password = html.var('_password', '')
if password == '':
raise MKUserError('_password', _('No password given.'))
origtarget = html.var('_origtarget')
# Disallow redirections to:
# - logout.py: Happens after login
# - side.py: Happens when invalid login is detected during sidebar refresh
# - Full qualified URLs (http://...) to prevent redirection attacks
if not origtarget or "logout.py" in origtarget or 'side.py' in origtarget or '://' in origtarget:
origtarget = config.url_prefix() + 'check_mk/'
# None -> User unknown, means continue with other connectors
# '<user_id>' -> success
# False -> failed
result = userdb.hook_login(username, password)
if result:
# use the username provided by the successful login function, this function
# might have transformed the username provided by the user. e.g. switched
# from mixed case to lower case.
username = result
# When single user session mode is enabled, check that there is not another
# active session
userdb.ensure_user_can_init_session(username)
# reset failed login counts
userdb.on_succeeded_login(username)
# The login succeeded! Now:
# a) Set the auth cookie
# b) Unset the login vars in further processing
# c) Redirect to really requested page
create_auth_session(username)
# Never use inplace redirect handling anymore as used in the past. This results
# in some unexpected situations. We simpy use 302 redirects now. So we have a
# clear situation.
# userdb.need_to_change_pw returns either False or the reason description why the
# password needs to be changed
result = userdb.need_to_change_pw(username)
if result:
html.http_redirect('user_change_pw.py?_origtarget=%s&reason=%s' % (html.urlencode(origtarget), result))
else:
html.http_redirect(origtarget)
else:
userdb.on_failed_login(username)
raise MKUserError(None, _('Invalid credentials.'))
except MKUserError, e:
html.add_user_error(e.varname, e)
return "%s" % e
def site_cookie_suffix():
url_prefix = config.url_prefix()
# Strip of eventual present "http://<host>". DIRTY!
if url_prefix.startswith('http:'):
url_prefix = url_prefix[url_prefix[7:].find('/') + 7:]
return os.path.dirname(url_prefix).replace('/', '_')
def site_cookie_suffix():
url_prefix = config.url_prefix()
# Strip of eventual present "http://<host>". DIRTY!
if url_prefix.startswith('http:'):
url_prefix = url_prefix[url_prefix[7:].find('/') + 7:]
return os.path.dirname(url_prefix).replace('/', '_')
def render_link(text, url, target="main", onclick=None):
# Convert relative links into absolute links. We have three kinds
# of possible links and we change only [3]
# [1] protocol://hostname/url/link.py
# [2] /absolute/link.py
# [3] relative.py
if not (":" in url[:10]
) and not url.startswith("javascript") and url[0] != '/':
url = config.url_prefix() + "check_mk/" + url
return html.render_a(text, href=url, class_="link", target=target or '',\
onfocus = "if (this.blur) this.blur();",\
onclick = onclick or None)
def link(text, url, target="main", onclick=None):
# Convert relative links into absolute links. We have three kinds
# of possible links and we change only [3]
# [1] protocol://hostname/url/link.py
# [2] /absolute/link.py
# [3] relative.py
if not (":" in url[:10]
) and not url.startswith("javascript") and url[0] != '/':
url = config.url_prefix() + "check_mk/" + url
onclick = onclick and (' onclick="%s"' % html.attrencode(onclick)) or ''
return '<a onfocus="if (this.blur) this.blur();" target="%s" ' \
'class=link href="%s"%s>%s</a>' % \
(html.attrencode(target or ""), html.attrencode(url), onclick, html.attrencode(text))
def handle_not_authenticated():
if fail_silently():
# While api call don't show the login dialog
raise MKUnauthenticatedException(_('You are not authenticated.'))
# Redirect to the login-dialog with the current url as original target
# Never render the login form directly when accessing urls like "index.py"
# or "dashboard.py". This results in strange problems.
if html.myfile != 'login':
html.http_redirect('%scheck_mk/login.py?_origtarget=%s' %
(config.url_prefix(), html.urlencode(html.makeuri([]))))
else:
# This either displays the login page or validates the information submitted
# to the login form. After successful login a http redirect to the originally
# requested page is performed.
login.page_login(plain_error())
raise FinalizeRequest()
def nagioscgilink(text, target):
html.write("<li class=sidebar><a target=\"main\" class=link href=\"%snagios/cgi-bin/%s\">%s</a></li>" % \
(config.url_prefix(), target, html.attrencode(text)))
def render_nagvis_maps():
refresh_url = "%snagvis/server/core/ajax_handler.php?mod=Multisite&act=getMaps" % (config.url_prefix())
return refresh_url
def topology_url():
return config.url_prefix() + 'nagvis/frontend/nagvis-js/index.php?' + \
'mod=Map&header_template=on-demand-filter&header_menu=1&label_show=1' + \
'&sources=automap&act=view&backend_id=' + config.omd_site() + \
'&render_mode=undirected&url_target=main&filter_group=' + \
(config.topology_default_filter_group or '')
def render_nagvis_maps():
refresh_url = "%snagvis/server/core/ajax_handler.php?mod=Multisite&act=getMaps" % (
config.url_prefix())
return refresh_url
def topology_url():
return config.url_prefix() + 'nagvis/frontend/nagvis-js/index.php?' + \
'mod=Map&header_template=on-demand-filter&header_menu=1&label_show=1' + \
'&sources=automap&act=view&backend_id=' + config.omd_site() + \
'&render_mode=undirected&url_target=main&filter_group=' + \
(config.topology_default_filter_group or '')
def url_prefix(self):
return config.url_prefix()