def _display_host(self):
if os.environ.get('WERKZEUG_RUN_MAIN') != 'true':
display_hostname = self.host != '*' and self.host or 'localhost'
if ':' in display_hostname:
display_hostname = '[%s]' % display_hostname
proto = 'https' if self.ssl_context else 'http'
console.info(' * Running on {0}://{1}:{2}'.format(proto, display_hostname, self.port))
if self.evalex_whitelist:
console.info(' * Werkzeug debugger console on {0}://{1}:{2}/console'.format(proto, display_hostname,
self.port))
if self.evalex_whitelist is True: # explicitly check against True!
console.warning(' * Werkzeug debugger console is available to all clients')
def _display_host(self):
if os.environ.get('WERKZEUG_RUN_MAIN') != 'true':
display_hostname = self.host != '*' and self.host or 'localhost'
if ':' in display_hostname:
display_hostname = '[%s]' % display_hostname
proto = 'https' if self.ssl_context else 'http'
console.info(' * Running on {0}://{1}:{2}'.format(proto, display_hostname, self.port))
if self.evalex_whitelist:
console.info(' * Werkzeug debugger console on {0}://{1}:{2}/console'.format(proto, display_hostname,
self.port))
if self.evalex_whitelist is True: # explicitly check against True!
console.warning(' * Werkzeug debugger console is available to all clients')
def user_revoke(user_id):
"""Revokes administration rights from a given user"""
avatar = AvatarHolder().getById(user_id)
if avatar is None:
error("The user does not exists")
return
print_user_info(avatar)
if not avatar.isAdmin():
warning("This user does not have administration rights")
return
if prompt_bool(cformat("%{yellow}Revoke administration rights from this user?")):
admin_list = HelperMaKaCInfo.getMaKaCInfoInstance().getAdminList()
admin_list.revoke(avatar)
success("Administration rights revoked successfully")
def user_revoke(user_id):
"""Revokes administration rights from a given user"""
user = User.get(user_id)
if user is None:
error("This user does not exist")
return
print_user_info(user)
if not user.is_admin:
warning("This user does not have administration rights")
return
if prompt_bool(cformat("%{yellow}Revoke administration rights from this user?")):
user.is_admin = False
transaction.commit()
success("Administration rights revoked successfully")
def user_grant(user_id):
"""Grants administration rights to a given user"""
user = User.get(user_id)
if user is None:
error("This user does not exist")
return
print_user_info(user)
if user.is_admin:
warning("This user already has administration rights")
return
if prompt_bool(cformat("%{yellow}Grant administration rights to this user?")):
user.is_admin = True
transaction.commit()
success("Administration rights granted successfully")
def user_grant(user_id):
"""Grants administration rights to a given user"""
avatar = AvatarHolder().getById(user_id)
if avatar is None:
error("The user does not exists")
return
print_user_info(avatar)
if avatar.isAdmin():
warning("This user already has administration rights")
return
if prompt_bool(cformat("%{yellow}Grant administration rights to this user?")):
admin_list = HelperMaKaCInfo.getMaKaCInfoInstance().getAdminList()
admin_list.grant(avatar)
avatar.activateAccount()
success("Administration rights granted successfully")
def start_web_server(app, host='localhost', port=0, with_ssl=False, keep_base_url=True, ssl_cert=None, ssl_key=None,
reload_on_change=False, enable_evalex=False, evalex_from=None, quiet=False):
config = Config.getInstance()
# Let Indico know that we are using the embedded server. This causes it to re-raise exceptions so they
# end up in the Werkzeug debugger.
config._configVars['EmbeddedWebserver'] = True
# We obviously do not have X-Sendfile or X-Accel-Redirect support in the embedded server
config._configVars['StaticFileMethod'] = None
# Get appropriate base url and defaults
base_url = config.getBaseSecureURL() if with_ssl else config.getBaseURL()
if not base_url:
base_url = config.getBaseURL() or 'http://localhost'
if with_ssl:
port = 443
console.warning(' * You should set {0}; retrieving host information from {1}'.format(
'BaseSecureURL' if with_ssl else 'BaseURL',
base_url)
)
default_port = 443 if with_ssl else 80
url_data = urlparse.urlparse(base_url)
# commandline data has priority, fallback to data from base url (or default in case of port)
host = host or url_data.netloc.partition(':')[0]
requested_port = used_port = port or url_data.port or default_port
# Don't let people bind on a port they cannot use.
if used_port < 1024 and not _can_bind_port(used_port):
used_port += 8000
console.warning(' * You cannot open a socket on port {}, using {} instead.'.format(requested_port, used_port))
# By default we update the base URL with the actual host/port. The user has the option to
# disable this though in case he wants different values, e.g. to use iptables to make his
# development server available via port 443 while listening on a non-privileged port:
# iptables -t nat -A PREROUTING -d YOURIP/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-port 8443
if not keep_base_url:
scheme = 'https' if with_ssl else 'http'
netloc = host
if used_port != default_port:
netloc += ':%d' % used_port
base_url = '{0}://{1}{2}'.format(scheme, netloc, url_data.path)
# However, if we had to change the port to avoid a permission issue we always rewrite BaseURL.
# In this case it is somewhat safe to assume that the user is not actually trying to use the iptables hack
# mentioned above but simply did not consider using a non-privileged port.
elif requested_port != used_port:
netloc = '{0}:{1}'.format(url_data.netloc.partition(':')[0], used_port)
base_url = '{0}://{1}{2}'.format(url_data.scheme, netloc, url_data.path)
# If we need to perform internal requests for some reason we want to use the true host:port
server_netloc = '{0}:{1}'.format(host, port) if port != default_port else host
config._configVars['EmbeddedWebserverBaseURL'] = urlparse.urlunsplit(
urlparse.urlsplit(base_url)._replace(netloc=server_netloc))
# We update both BaseURL and BaseSecureURL to something that actually works.
# In case of SSL-only we need both URLs to be set to the same SSL url to prevent some stuff being "loaded"
# from an URL that is not available.
# In case of not using SSL we clear the BaseSecureURL so the user does not need to update the config during
# development if he needs to disable SSL for some reason.
if with_ssl:
config._configVars['BaseURL'] = base_url
config._configVars['BaseSecureURL'] = base_url
else:
config._configVars['BaseURL'] = base_url
config._configVars['BaseSecureURL'] = ''
config._deriveOptions()
if not enable_evalex:
evalex_whitelist = False
elif evalex_from:
evalex_whitelist = evalex_from
else:
evalex_whitelist = True
console.info(' * Using BaseURL {0}'.format(base_url))
app.wsgi_app = make_indico_dispatcher(app.wsgi_app)
app.wsgi_app = SharedDataMiddleware(app.wsgi_app, {
'/htmlcov': os.path.join(app.root_path, '..', 'htmlcov')
}, cache=False)
QuietWSGIRequestHandler.INDICO_URL_PREFIX = url_data.path.rstrip('/')
server = WerkzeugServer(app, host, used_port, reload_on_change=reload_on_change, evalex_whitelist=evalex_whitelist,
enable_ssl=with_ssl, ssl_cert=ssl_cert, ssl_key=ssl_key, quiet=quiet)
signal.signal(signal.SIGINT, _sigint)
server.run()
def start_web_server(host='localhost', port=0, with_ssl=False, keep_base_url=True, ssl_cert=None, ssl_key=None,
reload_on_change=False):
"""
Sets up a Werkzeug-based web server based on the parameters provided
"""
config = Config.getInstance()
# Let Indico know that we are using the embedded server. This causes it to re-raise exceptions so they
# end up in the Werkzeug debugger.
config._configVars['EmbeddedWebserver'] = True
# Get appropriate base url and defaults
base_url = config.getBaseSecureURL() if with_ssl else config.getBaseURL()
if not base_url:
base_url = config.getBaseURL() or 'http://localhost'
if with_ssl:
port = 443
console.warning(' * You should set {0}; retrieving host information from {1}'.format(
'BaseSecureURL' if with_ssl else 'BaseURL',
base_url))
default_port = 443 if with_ssl else 80
url_data = urlparse.urlparse(base_url)
# commandline data has priority, fallback to data from base url (or default in case of port)
host = host or url_data.netloc.partition(':')[0]
requested_port = used_port = port or url_data.port or default_port
# Don't let people bind on a port they cannot use.
if used_port < 1024 and not _can_bind_port(used_port):
used_port += 8000
console.warning(' * You cannot open a socket on port {0}, using {1} instead.'.format(requested_port, used_port))
# By default we update the base URL with the actual host/port. The user has the option to
# disable this though in case he wants different values, e.g. to use iptables to make his
# development server available via port 443 while listening on a non-privileged port:
# iptables -t nat -A PREROUTING -d YOURIP/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-port 8443
if not keep_base_url:
scheme = 'https' if with_ssl else 'http'
netloc = host
if used_port != default_port:
netloc += ':%d' % used_port
base_url = '{0}://{1}{2}'.format(scheme, netloc, url_data.path)
# However, if we had to change the port to avoid a permission issue we always rewrite BaseURL.
# In this case it is somewhat safe to assume that the user is not actually trying to use the iptables hack
# mentioned above but simply did not consider using a non-privileged port.
elif requested_port != used_port:
netloc = '{0}:{1}'.format(url_data.netloc.partition(':')[0], used_port)
base_url = '{0}://{1}{2}' % (url_data.scheme, netloc, url_data.path)
# We update both BaseURL and BaseSecureURL to something that actually works.
# In case of SSL-only we need both URLs to be set to the same SSL url to prevent some stuff being "loaded"
# from an URL that is not available.
# In case of not using SSL we clear the BaseSecureURL so the user does not need to update the config during
# development if he needs to disable SSL for some reason.
if with_ssl:
config._configVars['BaseURL'] = base_url
config._configVars['BaseSecureURL'] = base_url
else:
config._configVars['BaseURL'] = base_url
config._configVars['BaseSecureURL'] = ''
config._deriveOptions()
console.info(' * Using BaseURL {0}'.format(base_url))
server = WerkzeugServer(host, used_port, reload_on_change=reload_on_change,
enable_ssl=with_ssl, ssl_cert=ssl_cert, ssl_key=ssl_key)
signal.signal(signal.SIGINT, _sigint)
server.run()
def start_web_server(app,
host='localhost',
port=0,
with_ssl=False,
keep_base_url=True,
ssl_cert=None,
ssl_key=None,
reload_on_change=False,
enable_evalex=False,
evalex_from=None,
quiet=False):
config = Config.getInstance()
# Let Indico know that we are using the embedded server. This causes it to re-raise exceptions so they
# end up in the Werkzeug debugger.
config._configVars['EmbeddedWebserver'] = True
# We obviously do not have X-Sendfile or X-Accel-Redirect support in the embedded server
config._configVars['StaticFileMethod'] = None
# Get appropriate base url and defaults
base_url = config.getBaseSecureURL() if with_ssl else config.getBaseURL()
if not base_url:
base_url = config.getBaseURL() or 'http://localhost'
if with_ssl:
port = 443
console.warning(
' * You should set {0}; retrieving host information from {1}'.
format('BaseSecureURL' if with_ssl else 'BaseURL', base_url))
default_port = 443 if with_ssl else 80
url_data = urlparse.urlparse(base_url)
# commandline data has priority, fallback to data from base url (or default in case of port)
host = host or url_data.netloc.partition(':')[0]
requested_port = used_port = port or url_data.port or default_port
# Don't let people bind on a port they cannot use.
if used_port < 1024 and not _can_bind_port(used_port):
used_port += 8000
console.warning(
' * You cannot open a socket on port {}, using {} instead.'.format(
requested_port, used_port))
# By default we update the base URL with the actual host/port. The user has the option to
# disable this though in case he wants different values, e.g. to use iptables to make his
# development server available via port 443 while listening on a non-privileged port:
# iptables -t nat -A PREROUTING -d YOURIP/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-port 8443
if not keep_base_url:
scheme = 'https' if with_ssl else 'http'
netloc = host
if used_port != default_port:
netloc += ':%d' % used_port
base_url = '{0}://{1}{2}'.format(scheme, netloc, url_data.path)
# However, if we had to change the port to avoid a permission issue we always rewrite BaseURL.
# In this case it is somewhat safe to assume that the user is not actually trying to use the iptables hack
# mentioned above but simply did not consider using a non-privileged port.
elif requested_port != used_port:
netloc = '{0}:{1}'.format(url_data.netloc.partition(':')[0], used_port)
base_url = '{0}://{1}{2}'.format(url_data.scheme, netloc,
url_data.path)
# We update both BaseURL and BaseSecureURL to something that actually works.
# In case of SSL-only we need both URLs to be set to the same SSL url to prevent some stuff being "loaded"
# from an URL that is not available.
# In case of not using SSL we clear the BaseSecureURL so the user does not need to update the config during
# development if he needs to disable SSL for some reason.
if with_ssl:
config._configVars['BaseURL'] = base_url
config._configVars['BaseSecureURL'] = base_url
else:
config._configVars['BaseURL'] = base_url
config._configVars['BaseSecureURL'] = ''
config._deriveOptions()
if not enable_evalex:
evalex_whitelist = False
elif evalex_from:
evalex_whitelist = evalex_from
else:
evalex_whitelist = True
console.info(' * Using BaseURL {0}'.format(base_url))
app.wsgi_app = make_indico_dispatcher(app.wsgi_app)
app.wsgi_app = SharedDataMiddleware(
app.wsgi_app,
{'/htmlcov': os.path.join(app.root_path, '..', 'htmlcov')},
cache=False)
QuietWSGIRequestHandler.INDICO_URL_PREFIX = url_data.path.rstrip('/')
server = WerkzeugServer(app,
host,
used_port,
reload_on_change=reload_on_change,
evalex_whitelist=evalex_whitelist,
enable_ssl=with_ssl,
ssl_cert=ssl_cert,
ssl_key=ssl_key,
quiet=quiet)
signal.signal(signal.SIGINT, _sigint)
server.run()
