def post(self):
b = request.get_json()
email = b['email']
password = b['password']
user = g.db.execute_one_dict(
'''
SELECT id, password
FROM "user"
WHERE email = %s
''', [email])
if not user:
abort(400, 'Invalid email/password combination')
if not bcrypt.checkpw(password.encode('utf8'),
user['password'].encode('utf8')):
abort(400, 'Invalid email/password combination')
token = encode_user_token(user['id'])
res = OK('Logged in')
res.set_cookie('token', token)
return res
def post(self):
b = request.get_json()
email = b['email'].lower()
password = b['password']
user = g.db.execute_one_dict('''
SELECT id, password FROM "user"
WHERE email = %s
''', [email])
if user and user['id'] == '00000000-0000-0000-0000-000000000000':
# Admin login
if not bcrypt.checkpw(password.encode('utf8'), user['password'].encode('utf8')):
abort(400, 'Invalid email/password combination')
else:
ldap_user = authenticate(email, password)
if not user:
user = g.db.execute_one_dict('''
INSERT INTO "user" (email, username, name)
VALUES (%s, %s, %s) RETURNING id
''', [email, ldap_user['cn'], ldap_user['displayName']])
token = encode_user_token(user['id'])
g.db.commit()
res = OK('Logged in')
res.set_cookie('token', token)
return res
def post(self):
b = request.get_json()
email = b['email']
password = b['password']
ldap_user = authenticate(email, password)
user = g.db.execute_one_dict(
'''
SELECT id FROM "user"
WHERE email = %s
''', [email])
if not user:
user = g.db.execute_one_dict(
'''
INSERT INTO "user" (email, username, name)
VALUES (%s, %s, %s) RETURNING id
''', [email, ldap_user['cn'], ldap_user['displayName']])
token = encode_user_token(user['id'])
g.db.commit()
res = OK('Logged in')
res.set_cookie('token', token)
return res
def post(self):
if os.environ['INFRABOX_ACCOUNT_SIGNUP_ENABLED'] != 'true':
abort(404)
b = request.get_json()
email = b['email']
password1 = b['password1']
password2 = b['password2']
username = b['username']
if password1 != password2:
abort(400, 'Passwords don\'t match')
e = parseaddr(email)
if not e:
abort(400, 'Invalid email')
if not e[1]:
abort(400, 'Invalid email')
if not username.isalnum():
abort(400, 'Username is not alphanumeric')
user = g.db.execute_one_dict(
'''
SELECT id, password
FROM "user"
WHERE email = %s
''', [email])
if user:
abort(400, 'An account with this email already exists')
user = g.db.execute_one_dict(
'''
SELECT id, password
FROM "user"
WHERE username = %s
''', [username])
if user:
abort(400, 'An account with this username already exists')
hashed_password = bcrypt.hashpw(password1.encode('utf8'),
bcrypt.gensalt())
user = g.db.execute_one_dict(
'''
INSERT into "user" (username, email, password)
VALUES (%s, %s, %s) RETURNING ID
''', [username, email, hashed_password])
token = encode_user_token(user['id'])
g.db.commit()
res = OK('Logged in')
res.set_cookie('token', token)
return res
def get(self, project_id, job_id):
filename = request.args.get('filename', None)
if not filename:
abort(404)
result = g.db.execute_one_dict(
'''
SELECT cluster_name
FROM job
WHERE id = %s
AND project_id = %s
''', [job_id, project_id])
if not result or not result['cluster_name']:
abort(404)
job_cluster = result['cluster_name']
key = '%s/%s' % (job_id, filename)
if os.environ['INFRABOX_CLUSTER_NAME'] == job_cluster:
f = storage.download_archive(key)
else:
c = g.db.execute_one_dict(
'''
SELECT *
FROM cluster
WHERE name=%s
''', [job_cluster])
url = '%s/api/v1/projects/%s/jobs/%s/archive/download?filename=%s' % (
c['root_url'], project_id, job_id, filename)
try:
token = encode_user_token(g.token['user']['id'])
except AttributeError:
#public project has no token here.
token = ""
headers = {'Authorization': 'bearer ' + token}
logger.info('get archive %s from %s', [filename, url])
# TODO(ib-steffen): allow custom ca bundles
r = requests.get(url,
headers=headers,
timeout=120,
verify=False,
stream=True)
f = r.raw
if not f:
logger.error(key)
abort(404)
return send_file(f,
as_attachment=True,
attachment_filename=os.path.basename(filename))
def get(self, project_id, job_id):
token = request.headers.get('Authorization')
if token:
token = token.replace("bearer ", "").replace("Bearer ","")
filename = request.args.get('filename', None)
force_download = request.args.get('view', "false") == "false"
if not filename:
abort(404)
result = g.db.execute_one_dict('''
SELECT cluster_name
FROM job
WHERE id = %s
AND project_id = %s
''', [job_id, project_id])
if not result or not result['cluster_name']:
abort(404)
job_cluster = result['cluster_name']
key = '%s/%s' % (job_id, filename)
f = storage.download_archive(key)
if not f and os.environ['INFRABOX_CLUSTER_NAME'] != job_cluster:
c = g.db.execute_one_dict('''
SELECT *
FROM cluster
WHERE name=%s
''', [job_cluster])
url = '%s/api/v1/projects/%s/jobs/%s/archive/download?filename=%s' % (c['root_url'], project_id, job_id, filename)
if not token:
try:
token = encode_user_token(g.token['user']['id'])
except Exception:
#public project has no token here.
token = ""
headers = {'Authorization': 'bearer ' + token}
# TODO(ib-steffen): allow custom ca bundles
r = requests.get(url, headers=headers, timeout=120, verify=False)
f = BytesIO(r.content)
f.seek(0)
if not f:
abort(404)
filename = os.path.basename(filename)
return send_file(f, as_attachment=force_download, attachment_filename=filename,\
mimetype=mimetypes.guess_type(filename)[0])
def get(self):
state = request.args.get('state')
code = request.args.get('code')
if not states.get(state, None):
abort(401)
del states[state]
r = requests.post(GITHUB_TOKEN_URL, data={
'client_id': GITHUB_CLIENT_ID,
'client_secret': GITHUB_CLIENT_SECRET,
'code': code,
'state': state
}, headers={'Accept': 'application/json'})
result = r.json()
access_token = result['access_token']
r = requests.get(GITHUB_USER_PROFILE_URL, headers={
'Accept': 'application/json',
'Authorization': 'token %s' % access_token
})
gu = r.json()
github_id = gu['id']
user = g.db.execute_one_dict('''
SELECT id FROM "user"
WHERE github_id = %s
''', [github_id])
if not user:
user = g.db.execute_one_dict('''
INSERT INTO "user" (github_id, username, avatar_url, name)
VALUES (%s, %s, %s, %s) RETURNING id
''', [github_id, gu['login'], gu['avatar_url'], gu['name']])
user_id = user['id']
g.db.execute('''
UPDATE "user" SET github_api_token = %s
WHERE id = %s
''', [access_token, user_id])
g.db.commit()
token = encode_user_token(user_id)
res = redirect('/dashboard')
res.set_cookie('token', token)
return res
def post(self):
auth = init_saml_auth()
auth.process_response()
errors = auth.get_errors()
logger.info("Request: %s %s", request, request.headers)
if len(errors) != 0:
logger.error("Authentication failed: %s", "; ".join(errors))
abort(500, "Authentication failed")
if not auth.is_authenticated():
logger.error("User returned unauthorized from IdP")
abort(401, "Unauthorized")
attributes = get_attribute_dict(auth)
logger.debug("User data: %s", attributes)
email = format_user_field(
get_env("INFRABOX_ACCOUNT_SAML_EMAIL_FORMAT"), attributes).lower()
# Check if user already exists in database
user = g.db.execute_one_dict(
"""
SELECT id FROM "user"
WHERE email = %s
""", [email])
if not user:
name = format_user_field(
get_env("INFRABOX_ACCOUNT_SAML_NAME_FORMAT"), attributes)
username = format_user_field(
get_env("INFRABOX_ACCOUNT_SAML_USERNAME_FORMAT"), attributes)
user = g.db.execute_one_dict(
"""
INSERT INTO "user" (name, username, email)
VALUES (%s, %s, %s) RETURNING id
""", [name, username, email])
token = encode_user_token(user["id"])
g.db.commit()
redirect_url = get_root_url("global") + "/dashboard/"
logger.debug("Redirecting authenticated user to %s", redirect_url)
response = redirect(redirect_url)
response.set_cookie("token", token)
return response
def get_project_headers(self): # pragma: no cover
token = encode_user_token(self.user_id)
h = {'Authorization': 'token %s' % token}
return h
def get_user_authorization(user_id): # pragma: no cover
token = encode_user_token(user_id)
h = {'Authorization': 'token %s' % token}
return h
def get(self):
state = request.args.get('state')
code = request.args.get('code')
t = request.args.get('t', None)
if not states.get(state, None):
abort(401)
del states[state]
# TODO(ib-steffen): allow custom ca bundles
r = requests.post(GITHUB_TOKEN_URL,
data={
'client_id': GITHUB_CLIENT_ID,
'client_secret': GITHUB_CLIENT_SECRET,
'code': code,
'state': state
},
headers={'Accept': 'application/json'},
verify=False)
if r.status_code != 200:
logger.error(r.text)
abort(500)
result = r.json()
access_token = result['access_token']
check_org(access_token)
# TODO(ib-steffen): allow custom ca bundles
r = requests.get(GITHUB_USER_PROFILE_URL,
headers={
'Accept': 'application/json',
'Authorization': 'token %s' % access_token
},
verify=False)
gu = r.json()
github_id = gu['id']
if os.environ['INFRABOX_GITHUB_LOGIN_ENABLED'] == 'true':
user = g.db.execute_one_dict(
'''
SELECT id FROM "user"
WHERE github_id = %s
''', [github_id])
if not user:
user = g.db.execute_one_dict(
'''
INSERT INTO "user" (github_id, username, avatar_url, name)
VALUES (%s, %s, %s, %s) RETURNING id
''', [github_id, gu['login'], gu['avatar_url'], gu['name']])
user_id = user['id']
else:
if not t:
abort(404)
user = g.db.execute_one_dict(
'''
SELECT id
FROM "user"
WHERE github_api_token = %s
''', [t])
if not user:
abort(404)
user_id = user['id']
g.db.execute(
'''
UPDATE "user" SET github_api_token = %s, github_id = %s
WHERE id = %s
''', [access_token, github_id, user_id])
g.db.commit()
token = encode_user_token(user_id)
url = get_root_url('global') + '/dashboard/'
logger.debug("Redirecting GitHub user to %s", url)
res = redirect(url)
res.set_cookie('token', token)
return res
def get_project_authorization(user_id, project_id): # pragma: no cover
user_token = encode_user_token(user_id)
project_token = encode_project_token(user_token, project_id)
h = {'Authorization': 'token %s' % project_token}
return h
