burmatovan/openuds
1
0
Fork 0
forked from shaba/openuds
Code Issues Pull Requests Projects Releases Wiki Activity

small html fixes

Browse Source
This commit is contained in:
Adolfo Gómez García 2022-10-14 00:28:18 +02:00
parent ae2ffccbc3
commit bf635a5e9a
No known key found for this signature in database
GPG Key ID: DD1ABF20724CDA23
6 changed files with 41 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
server/src/uds/core/auths/auth.py
View File

@ -123,15 +123,24 @@ def getRootUser() -> User:
# Decorator to make easier protect pages that needs to be logged in
def webLoginRequired(
admin: typing.Union[bool, str] = False
admin: typing.Union[bool, typing.Literal['admin']] = False
) -> typing.Callable[
[typing.Callable[..., HttpResponse]], typing.Callable[..., HttpResponse]
]:
"""
Decorator to set protection to access page
"""Decorator to set protection to access page
Look for samples at uds.core.web.views
if admin == True, needs admin or staff
if admin == 'admin', needs admin
Args:
admin (bool, optional): If True, needs admin or staff. Is it's "admin" literal, needs admin . Defaults to False (any user).
Returns:
typing.Callable[[typing.Callable[..., HttpResponse]], typing.Callable[..., HttpResponse]]: Decorator
Note:
This decorator is used to protect pages that needs to be logged in.
To protect against ajax calls, use `denyNonAuthenticated` instead
"""
def decorator(
@ -148,7 +157,7 @@ def webLoginRequired(
if not request.user or not request.authorized:
return HttpResponseRedirect(reverse('page.login'))
if admin is True or admin == 'admin': # bool or string "admin"
if admin in (True, 'admin'):
if request.user.isStaff() is False or (
admin == 'admin' and not request.user.is_admin
):
@ -172,7 +181,6 @@ def trustedSourceRequired(
) -> typing.Callable[..., RT]:
"""
Decorator to set protection to access page
look for sample at uds.dispatchers.pam
"""
@wraps(view_func)
@ -194,6 +202,8 @@ def trustedSourceRequired(
# decorator to deny non authenticated requests
# The difference with webLoginRequired is that this one does not redirect to login page
# it's designed to be used in ajax calls mainly
def denyNonAuthenticated(
view_func: typing.Callable[..., RT]
) -> typing.Callable[..., RT]:

5
server/src/uds/models/ticket_store.py
View File

@ -173,6 +173,7 @@ class TicketStore(UUIDModel):
uuid: str,
secure: bool = False,
owner: typing.Optional[str] = None,
checkFnc: typing.Callable[[typing.Any], bool] = lambda x: True,
**kwargs: typing.Any,
) -> None:
try:
@ -189,6 +190,10 @@ class TicketStore(UUIDModel):
dct = pickle.loads(data)
# invoke check function
if checkFnc(dct) is False:
raise TicketStore.InvalidTicket('Validation failed')
for k, v in kwargs.items():
if v is not None:
dct[k] = v

4
server/src/uds/models/user_service.py
View File

@ -71,10 +71,10 @@ class UserService(UUIDModel): # pylint: disable=too-many-public-methods
# The reference to deployed service is used to accelerate the queries for different methods, in fact its redundant cause we can access to the deployed service
# through publication, but queries are much more simple
deployed_service: 'models.ForeignKey["UserService", ServicePool]' = models.ForeignKey(
deployed_service: 'models.ForeignKey[ServicePool]' = models.ForeignKey(
ServicePool, on_delete=models.CASCADE, related_name='userServices'
)
publication: 'models.ForeignKey["UserService", ServicePoolPublication]' = (
publication: 'models.ForeignKey[ServicePoolPublication|None]' = (
models.ForeignKey(
ServicePoolPublication,
on_delete=models.CASCADE,

8
server/src/uds/transports/HTML5RDP/html5rdp.py
View File

@ -35,14 +35,10 @@ import logging
import typing
from urllib.parse import urlencode
from uds.models.util import getSqlDatetime
from django.utils.translation import ugettext_noop as _
from uds.core.ui import gui
from uds.core import transports
from uds.core.util import os_detector as OsDetector
from uds.core.managers import cryptoManager
from uds import models
@ -457,7 +453,7 @@ class HTML5RDPTransport(transports.Transport):
'create-drive-path': 'true',
'ticket-info': {
'userService': userService.uuid,
'user': userService.user.uuid if userService.user else '',
'user': user.uuid,
},
}
@ -474,7 +470,7 @@ class HTML5RDPTransport(transports.Transport):
+ '_'
+ sanitize(user.name)
+ '/'
+ getSqlDatetime().strftime('%Y%m%d-%H%M')
+ models.getSqlDatetime().strftime('%Y%m%d-%H%M')
)
params['create-recording-path'] = 'true'

13
server/src/uds/web/views/modern.py
View File

@ -317,8 +317,21 @@ def update_transport_ticket(request: ExtendedHttpRequestWithUser, idTicket: str,
if password:
password = cryptoManager().symCrypt(password, scrambler)
def checkValidTicket(data: typing.Mapping[str, typing.Any]) -> bool:
if 'ticket-info' not in data:
return True
try:
user = models.User.objects.get(uuid=data['ticket-info'].get('user', None))
if request.user == user:
return True
except models.User.DoesNotExist:
pass
return False
models.TicketStore.update(
uuid=idTicket,
checkFnc=checkValidTicket,
username=username,
password=password,
domain=domain,

4
server/src/uds/web/views/service.py
View File

@ -62,12 +62,14 @@ def transportOwnLink(
):
response: typing.MutableMapping[str, typing.Any] = {}
# If userService is not owned by user, will raise an exception
# For type checkers to "be happy"
try:
res = userServiceManager().getService(
request.user, request.os, request.ip, idService, idTransport
)
ip, userService, iads, trans, itrans = res # pylint: disable=unused-variable
ip, userService, iads, trans, itrans = res
# This returns a response object in fact
if itrans and ip:
response = {