def tacacs_authentication(self, user, name, password):
if not hasattr(env, "tacacs_client"):
env.log("error",
"TACACS+ authentication failed: no server configured")
return False
success = env.tacacs_client.authenticate(name, password).valid
return {"name": name, "is_admin": True} if success else False
def ldap_authentication(self, user, name, password):
if not hasattr(env, "ldap_server"):
env.log("error",
"LDAP authentication failed: no server configured")
return False
user = f"uid={name},dc=example,dc=com"
success = Connection(env.ldap_server, user=user,
password=password).bind()
return {"name": name, "is_admin": True} if success else False
def register_plugins(self):
for plugin, settings in vs.plugins_settings.items():
try:
module = import_module(f"eNMS.plugins.{plugin}")
module.Plugin(self, controller, db, vs, env, **settings)
except Exception:
env.log(
"error",
f"Could not import plugin '{plugin}':\n{format_exc()}")
continue
info(f"Loading plugin: {settings['name']}")
def decorated_function(*args, **kwargs):
remote_address = request.environ["REMOTE_ADDR"]
client_address = request.environ.get("HTTP_X_FORWARDED_FOR",
remote_address)
rest_request = request.path.startswith("/rest/")
endpoint = "/".join(request.path.split("/")[:2 + rest_request])
request_property = f"{request.method.lower()}_requests"
endpoint_rbac = vs.rbac[request_property].get(endpoint)
if not current_user.is_authenticated:
login_user(db.get_user("admin"))
username = getattr(current_user, "name", "Unknown")
if not endpoint_rbac:
status_code = 404
else:
try:
result = function(*args, **kwargs)
status_code = 200
except (db.rbac_error, Forbidden):
status_code = 403
except NotFound:
status_code = 404
except Exception:
status_code, traceback = 500, format_exc()
log = (f"USER: {username} ({client_address}) - "
f"{request.method} {request.path} ({status_code})")
if status_code == 500:
log += f"\n{traceback}"
env.log(Server.status_log_level[status_code],
log,
change_log=False)
if status_code == 200:
return result
elif endpoint == "/login" or request.method == "GET" and not rest_request:
if (not current_user.is_authenticated and not rest_request
and endpoint != "/login"):
url = url_for("blueprint.route",
page="login",
next_url=request.url)
return redirect(login_url(url))
next_url = request.args.get("next_url")
login_link = login_url(
url_for("blueprint.route", page="login",
next_url=next_url))
return (
render_template("error.html",
error=status_code,
login_url=login_link),
status_code,
)
else:
error_message = Server.status_error_message[status_code]
alert = f"Error {status_code} - {error_message}"
return jsonify({"alert": alert}), status_code
def test_create_logs(user_client):
number_of_logs = len(db.fetch_all("changelog"))
for i in range(10):
env.log("warning", str(i))
db.session.commit()
assert len(db.fetch_all("changelog")) == number_of_logs + 11
def logout():
logout_log = f"USER '{current_user.name}' logged out"
logout_user()
env.log("info", logout_log, logger="security")
return redirect(url_for("blueprint.route", page="login"))