示例#1
0
文件: server.py 项目: fmarton/eNMS
 def route(page):
     endpoint, *args = page.split("/")
     admin_user = current_user.is_admin
     if f"/{endpoint}" not in app.rbac["post_requests"]:
         return jsonify({"alert": "Invalid POST request."})
     if not admin_user and f"/{endpoint}" not in current_user.post_requests:
         return jsonify({"alert": "Error 403 - Operation not allowed."})
     form_type = request.form.get("form_type")
     if request.json:
         kwargs = request.json
     elif form_type:
         form = form_classes[form_type](request.form)
         if not form.validate_on_submit():
             return jsonify({
                 "invalid_form": True,
                 **{
                     "errors": form.errors
                 }
             })
         kwargs = form.form_postprocessing(request.form)
     else:
         kwargs = request.form
     try:
         with db.session_scope():
             result = getattr(app, endpoint)(*args, **kwargs)
     except db.rbac_error:
         result = {"alert": "Error 403 - Operation not allowed."}
     except Exception:
         app.log("error", format_exc(), change_log=False)
         result = {"alert": "Error 500 - Internal Server Error"}
     return jsonify(result)
示例#2
0
文件: server.py 项目: fmarton/eNMS
 def login():
     if request.method == "POST":
         kwargs, success = request.form.to_dict(), False
         username = kwargs["name"]
         try:
             user = app.authenticate_user(**kwargs)
             if user:
                 login_user(user, remember=False)
                 session.permanent = True
                 success, log = True, f"User '{username}' logged in"
             else:
                 log = f"Authentication failed for user '{username}'"
         except Exception as exc:
             log = f"Authentication error for user '{username}' ({exc})"
         finally:
             app.log("info" if success else "warning",
                     log,
                     logger="security")
             if success:
                 return redirect(
                     url_for("blueprint.route", page="dashboard"))
             else:
                 abort(403)
     if not current_user.is_authenticated:
         login_form = LoginForm(request.form)
         methods = app.settings["authentication"]["methods"].items()
         login_form.authentication_method.choices = [
             (method, properties["display_name"])
             for method, properties in methods if properties["enabled"]
         ]
         return render_template("login.html", login_form=login_form)
     return redirect(url_for("blueprint.route", page="dashboard"))
示例#3
0
文件: routes.py 项目: blaisep/eNMS
 def decorated_function(*args, **kwargs):
     path, method = request.path, request.method
     if not current_user.is_authenticated:
         client_address = request.environ.get(
             "HTTP_X_FORWARDED_FOR", request.environ["REMOTE_ADDR"]
         )
         app.log(
             "warning",
             (
                 f"Unauthorized {request.method} request from "
                 f"'{client_address}' calling the endpoint '{request.url}'"
             ),
         )
         return redirect(url_for("blueprint.route", page="login"))
     else:
         endpoint = path if method == "GET" else f"/{path.split('/')[1]}"
         if endpoint not in app.rbac["endpoints"][method]:
             if method == "GET":
                 return render_template("error.html", error=404), 404
             else:
                 return jsonify({"alert": "Invalid POST request."})
         forbidden_endpoints = app.rbac["groups"][current_user.group][method]
         if any(url == endpoint for url in forbidden_endpoints):
             if method == "GET":
                 return render_template("error.html", error=403), 403
             else:
                 return jsonify({"alert": "Error 403 Forbidden."})
         return function(*args, **kwargs)
示例#4
0
文件: server.py 项目: bbrk364/eNMS
 def remove_changelog(keep_last_days):
     deletion_time = datetime.now() - timedelta(days=keep_last_days)
     app.result_log_deletion(
         date_time=deletion_time.strftime("%d/%m/%Y %H:%M:%S"),
         deletion_types=["changelog"],
     )
     app.log("info", f"deleted all changelogs up until {deletion_time}")
示例#5
0
 def delete_log(keep_last_days, log):
     deletion_time = datetime.now() - timedelta(days=keep_last_days)
     app.result_log_deletion(
         date_time=deletion_time.strftime("%d/%m/%Y %H:%M:%S"),
         deletion_types=[log],
     )
     app.log("info",
             f"deleted all logs in '{log}' up until {deletion_time}")
示例#6
0
 def decorated_function(*args, **kwargs):
     if not current_user.is_authenticated:
         client_address = request.environ.get(
             "HTTP_X_FORWARDED_FOR", request.environ["REMOTE_ADDR"])
         app.log(
             "warning",
             (f"Unauthorized {request.method} request from "
              f"'{client_address}' calling the endpoint '{request.url}'"),
         )
         return redirect(url_for("blueprint.route", page="login"))
     else:
         return function(*args, **kwargs)
示例#7
0
 def wrapper(*args, **kwargs):
     try:
         return func(*args, **kwargs)
     except LookupError as exc:
         rest_abort(404, message=str(exc))
     except Exception as exc:
         rest_abort(500, message=str(exc))
     finally:
         try:
             db.session.commit()
         except Exception as exc:
             db.session.rollback()
             app.log("error", format_exc())
             rest_abort(500, message=str(exc))
示例#8
0
 def decorated_function(*args, **kwargs):
     if not current_user.is_authenticated:
         client_address = request.environ.get(
             "HTTP_X_FORWARDED_FOR", request.environ["REMOTE_ADDR"])
         app.log(
             "warning",
             (f"Unauthorized {request.method} request from "
              f"'{client_address}' calling the endpoint '{request.url}'"),
         )
         return redirect(url_for("blueprint.route", page="login"))
     else:
         forbidden_endpoints = app.rbac["groups"][current_user.group]["GET"]
         if request.method == "GET" and request.path in forbidden_endpoints:
             return render_template("error.html", error=403), 403
         return function(*args, **kwargs)
示例#9
0
文件: server.py 项目: Bounar/eNMS
 def wrapper(*args, **kwargs):
     for index in range(db.retry_commit_number):
         try:
             result = func(*args, **kwargs)
         except Exception as exc:
             return rest_abort(500, message=str(exc))
         try:
             db.session.commit()
             return result
         except Exception as exc:
             db.session.rollback()
             app.log("error", f"Rest Call n°{index} failed ({exc}).")
             stacktrace = format_exc()
             sleep(db.retry_commit_time * (index + 1))
     else:
         rest_abort(500, message=stacktrace)
示例#10
0
文件: server.py 项目: andymor/eNMS
 def register_plugins(self):
     for plugin in Path(app.settings["app"]["plugin_path"]).iterdir():
         if not Path(plugin / "settings.json").exists():
             continue
         module = import_module(f"eNMS.plugins.{plugin.stem}")
         with open(plugin / "settings.json", "r") as file:
             settings = load(file)
         if not settings["active"]:
             continue
         plugin = module.Plugin(self, app, db, **settings)
         if "rbac" in settings:
             for requests in ("get_requests", "post_requests"):
                 app.rbac[requests].extend(settings["rbac"].get(requests, []))
         app.rbac["menu"]["Plugins"]["pages"].update(settings.get("pages", {}))
         init_rbac_form(app.rbac)
         app.log("info", f"Loading plugin: {settings['name']}")
示例#11
0
 def register_plugins(self):
     for plugin_path in Path(app.settings["app"]["plugin_path"]).iterdir():
         if not Path(plugin_path / "settings.json").exists():
             continue
         try:
             with open(plugin_path / "settings.json", "r") as file:
                 settings = load(file)
             if not settings["active"]:
                 continue
             module = import_module(f"eNMS.plugins.{plugin_path.stem}")
             module.Plugin(self, app, db, **settings)
             for setup_file in ("database", "properties", "rbac"):
                 update_file(getattr(app, setup_file), settings.get(setup_file, {}))
         except Exception as exc:
             app.log("error", f"Could not load plugin '{plugin_path.stem}' ({exc})")
             continue
         app.log("info", f"Loading plugin: {settings['name']}")
     init_variable_forms(app)
     db.base.metadata.create_all(bind=db.engine)
示例#12
0
 def decorated_function(*args, **kwargs):
     if not current_user.is_authenticated:
         client_address = request.environ.get(
             "HTTP_X_FORWARDED_FOR", request.environ["REMOTE_ADDR"]
         )
         app.log(
             "warning",
             (
                 f"Unauthorized {request.method} request from "
                 f"'{client_address}' calling the endpoint '{request.url}'"
             ),
         )
         return redirect(url_for("blueprint.route", page="login"))
     else:
         method = request.method.lower()
         endpoint = f"/{request.path.split('/')[1]}"
         endpoint_rbac = app.rbac[f"{method}_requests"].get(endpoint)
         if not endpoint_rbac:
             error = 404
         elif not current_user.is_admin and (
             endpoint_rbac == "admin"
             or endpoint_rbac == "access"
             and endpoint not in getattr(current_user, f"{method}_requests")
         ):
             error = 403
         else:
             try:
                 return function(*args, **kwargs)
             except db.rbac_error:
                 error = 403
             except Exception:
                 error = 500
                 app.log("error", format_exc(), change_log=False)
         if method == "get":
             return render_template("error.html", error=error), error
         else:
             message = {
                 403: "Operation not allowed.",
                 404: "Invalid POST request.",
                 500: "Internal Server Error.",
             }[error]
             return jsonify({"alert": f"Error {error} - {message}"})
示例#13
0
 def login():
     if request.method == "POST":
         try:
             user = app.authenticate_user(**request.form.to_dict())
             if user:
                 login_user(user)
                 return redirect(
                     url_for("blueprint.route", page="dashboard"))
             else:
                 abort(403)
         except Exception as exc:
             app.log("error", f"Authentication failed ({exc})")
             abort(403)
     if not current_user.is_authenticated:
         login_form = LoginForm(request.form)
         authentication_methods = []
         if app.settings["ldap"]["active"]:
             authentication_methods.append(("LDAP Domain", ) * 2)
         if app.settings["tacacs"]["active"]:
             authentication_methods.append(("TACACS", ) * 2)
         authentication_methods.append(("Local User", ) * 2)
         login_form.authentication_method.choices = authentication_methods
         return render_template("login.html", login_form=login_form)
     return redirect(url_for("blueprint.route", page="dashboard"))
示例#14
0
文件: server.py 项目: fmarton/eNMS
 def logout():
     logout_log = f"User '{current_user.name}' logging out"
     app.log("info", logout_log, logger="security")
     logout_user()
     return redirect(url_for("blueprint.route", page="login"))
示例#15
0
def test_create_logs(user_client):
    number_of_logs = len(db.fetch_all("changelog"))
    for i in range(10):
        app.log("warning", str(i))
    db.session.commit()
    assert len(db.fetch_all("changelog")) == number_of_logs + 11
示例#16
0
def test_create_logs(user_client: FlaskClient) -> None:
    number_of_logs = len(fetch_all("Changelog"))
    for i in range(10):
        app.log("warning", str(i))
        Session.commit()
    assert len(fetch_all("Changelog")) == number_of_logs + 10