def post(self): email = request.form.get("email", None) password = request.form.get("password", None) if email is None or password is None: return abort(400, message="email and password required") if not Validate().email(email): return abort(400, message="invalid email") try: account = ModelAccount.get(ModelAccount.email == email, ModelAccount.status == 'active') except peewee.DoesNotExist: return abort(401, message="invalid email or password") # check password! if not account.check_password(password): return abort(401, message="invalid email or password") # update to bcrypt if account.get_password_algo() != "bcrypt": account.set_password(password) account.save() user_agent = request.headers.get('User-Agent') generated_cookie = account.generate_cookie_value(account, user_agent) data = {"status": "ok", "account": account.to_clean_dict()} response = make_response(self.serialize(data)) response.mimetype = 'application/json' response.set_cookie('vegadns', generated_cookie) return response
def validate(self): if not Validate().sha256(self.token_value): raise Exception("Invalid email") if not self.date_created: raise Exception("date_created is not set") if not self.account_id: raise Exception("account_id is not set")
def validate(self, default_record=False): if not default_record: self.validate_domain_id() self.validate_record_hostname(default_record) ip = str(self.values.get("value")) if not Validate().ipv6(ip): raise RecordValueException("Invalid IPv6 address: " + ip)
def validate(self): v = Validate() if not v.sha256(self.key): raise Exception('Invalid key') if not v.sha256(self.secret): raise Exception('Invalid secret') if self.deleted != 0 and self.deleted != 1: raise Exception('deleted must be 1 or 0')
def validate(self): if not Validate().email(self.email): raise Exception("Invalid email") if not self.time: raise Exception("time is not set") if not self.entry: raise Exception("entry is not set") if not self.account_id: raise Exception("account_id is not set")
def validate(self): if self.prefix_type not in ['ipv4', 'ipv6']: raise ValueError("prefix_type must be ipv4 or ipv6") if not Validate().ip_prefix(self.prefix, self.prefix_type): raise ValueError("prefix must be a valid network prefix") if self.location_id is None: raise ValueError("location_id is required")
def validate(self): if not Validate().email(self.email): raise Exception("Invalid email: " + self.email) if not self.first_name: raise Exception("first_name must not be empty") if not self.last_name: raise Exception("last_name must not be empty") if self.account_type not in ["senior_admin", "group_admin", "user"]: raise Exception("Invalid account_type: " + self.account_type) if self.status not in ["active", "inactive"]: raise Exception("Invalid status: " + self.status)
def post(self): email = request.form.get("email", None) if email is None: abort(400, message="email is required") if not Validate().email(email): abort(400, message="invalid email address") try: account = ModelAccount.get(ModelAccount.email == email) except peewee.DoesNotExist: abort(400, message="email does not exist") # create token now = round(time.time()) token = ModelToken() token.account_id = account.account_id token.token_value = token.generateToken() token.date_created = now token.save() # cleanup old tokens oldtokens = ModelToken.delete().where( ModelToken.date_created < now - ModelToken.EXPIRE_IN ) oldtokens.execute() # prep email data name = account.first_name + " " + account.last_name url = config.get( 'ui_server', 'ui_url' ) + "#passwordReset?token=" + token.token_value data = { 'name': name, 'url': url, } body = vegadns.api.email.parseTemplate('password_reset_request', data) to = account.email subject = "VegaDNS Password Reset Request" # send email common = vegadns.api.email.common.Common() vegadns.api.email.send(to, subject, body) return {'status': 'ok'}
def post(self): if self.auth.account.account_type != "senior_admin": abort( 403, message="Insufficient privileges to create a location prefix" ) location_id = self.get_location_id() # make sure the location exists try: locationdb = Location.get(Location.location_id == location_id) except peewee.DoesNotExist: abort(400, message="location_id does not exist") prefix_type = str(request.form.get('prefix_type', 'ipv4')).lower() if prefix_type not in ['ipv4', 'ipv6']: abort(400, message='prefix_type must be either ipv4 or ipv6') prefix = request.form.get('prefix', None) if prefix is None or not Validate().ip_prefix(prefix, prefix_type): abort( 400, message='invalid prefix for prefix_type ' + prefix_type ) prefix_description = request.form.get('prefix_description', None) new_prefix = LocationPrefix() new_prefix.location_id = location_id new_prefix.prefix = prefix new_prefix.prefix_type = prefix_type if prefix_description is not None: new_prefix.prefix_description = prefix_description try: new_prefix.save() except peewee.IntegrityError as e: abort( 400, message=str(e) ) # notify listeners of dns data change self.send_update_notification() return {'status': 'ok', 'location_prefix': new_prefix.to_dict()}
def put(self, prefix_id): if self.auth.account.account_type != "senior_admin": abort( 403, message="Insufficient privileges to update a location prefix" ) try: prefixdb = ModelPrefix.get(ModelPrefix.prefix_id == prefix_id) except peewee.DoesNotExist: abort(404, message="prefix not found") prefix_type = str(request.form.get('prefix_type', 'ipv4')).lower() if prefix_type not in ['ipv4', 'ipv6']: abort(400, message='prefix_type must be either ipv4 or ipv6') prefix = request.form.get('prefix', None) valid_prefix = Validate().ip_prefix(prefix, prefix_type) if not valid_prefix: abort( 400, message='invalid prefix for prefix_type ' + prefix_type ) prefix_description = request.form.get('prefix_description', None) prefixdb.prefix = prefix prefixdb.prefix_type = prefix_type if prefix_description is not None: prefixdb.prefix_description = prefix_description try: prefixdb.save() except peewee.IntegrityError as e: abort( 400, message=str(e) ) # notify listeners of dns data change self.send_update_notification() return {'status': 'ok', 'location_prefix': prefixdb.to_dict()}
def post(self): if self.auth.account.account_type != 'senior_admin': abort(403, message="Insufficient privileges to create accounts") first_name = request.form.get("first_name", None) last_name = request.form.get("last_name", None) if first_name is None or last_name is None: abort(400, message="first_name and last_name are required") email = request.form.get("email", None) if not Validate().email(email): abort(400, message="invalid email") try: existing_account = ModelAccount.get(ModelAccount.email == email) abort(400, message="Email address already in use") except peewee.DoesNotExist: # Expected pass account_type = request.form.get("account_type", None) if account_type not in ["senior_admin", "user"]: abort(400, message="account_type must be either senior_admin or user") phone = request.form.get("phone", "") # Configurable password regex? password = request.form.get("password", None) account = ModelAccount() account.first_name = first_name account.last_name = last_name account.email = email account.account_type = account_type account.phone = phone account.status = 'active' account.set_password(password) account.save() self.dns_log(0, ("created account " + account.first_name + " " + account.last_name + ", " + account.email)) return {'status': 'ok', 'account': account.to_clean_dict()}, 201
def validate(self): v = Validate() if not v.uuid(self.access_token): raise Exception('Invalid access_token')
def setUp(self): self.validate = Validate()
def get(self, format): if format != 'tinydns': abort(400, message="invalid format: " + format) records = self.get_records() domains = {} for record in records: if record.domain_id.domain not in domains: domains[record.domain_id.domain] = [] domains[record.domain_id.domain].append(record) organized = [] for key, val in sorted(domains.items()): organized.append({'domain_name': key, 'records': val}) locations = self.get_locations() prefixes = self.get_prefixes() locationdata = "# locations\n" # need to build this manually since peewee join results are limiting for location in locations: temp_list = [] for prefix in prefixes: if prefix.location_id != location.location_id: continue else: if prefix.prefix_type == "ipv4": temp_list.append(prefix.prefix) else: temp_list.append("s" + str(prefix.prefix).replace(":", "")) if len(temp_list) == 0: locationdata += "%" + location.location + "\n" else: for i in temp_list: locationdata += "%" + location.location + ":" + i + "\n" datafile = locationdata + "\n" tinydns = ExportTinydnsData() datafile += tinydns.export_domains(organized, locations) generation_record_host = config.get('monitoring', 'vegadns_generation_txt_record') if generation_record_host \ and Validate().record_hostname(generation_record_host): timestamp = self.get_latest_log_timestamp() md5 = hashlib.md5(datafile + "\n").hexdigest() model = ModelRecord() model.type = RecordType().set('TXT') model.host = generation_record_host model.val = str(timestamp) + "-" + md5 model.ttl = 3600 generation_record_line = tinydns.data_line_from_model(model) datafile += "\n\n# VegaDNS Generation TXT Record\n" datafile += generation_record_line.rstrip("\n") response = make_response(datafile) response.headers['content-type'] = 'text/plain' return response
def put(self, account_id): if self.auth.account.account_type != 'senior_admin': if self.auth.account.account_id != account_id: abort( 403, message="Insufficient privileges to edit this account" ) first_name = request.form.get("first_name", None) last_name = request.form.get("last_name", None) if first_name is None or last_name is None: abort(400, message="first_name and last_name are required") email = request.form.get("email", None) if not Validate().email(email): abort(400, message="invalid email") try: existing_account = ModelAccount.get( ModelAccount.email == email, ModelAccount.account_id != account_id ) abort(400, message="Email address already in use") except peewee.DoesNotExist: # Expected pass account_type = request.form.get("account_type", None) if account_type not in ["senior_admin", "user"]: abort( 400, message="account_type must be either system_admin or user" ) status = request.form.get("status", None) if status not in ["active", "inactive"]: abort(400, message="status must be 'active' or 'inactive'") phone = request.form.get("phone", None) # Configurable password regex? password = request.form.get("password", None) try: account = ModelAccount.get(ModelAccount.account_id == account_id) except peewee.DoesNotExist: abort(404, message="Account does not exist") account.first_name = first_name account.last_name = last_name account.email = email account.account_type = account_type account.phone = phone account.status = status # only set password if it was provided if password is not None: account.set_password(password) account.save() data = { "status": "ok", "account": account.to_clean_dict() } response = make_response(self.serialize(data)) response.mimetype = 'application/json' if (password is not None and account.account_id == self.auth.account.account_id): user_agent = request.headers.get('User-Agent') generated_cookie = account.generate_cookie_value( account, user_agent ) response.set_cookie('vegadns', generated_cookie) return response