mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-24 21:34:41 +03:00
Merge remote-tracking branch 'origin/v3.0'
This commit is contained in:
commit
98293bba75
@ -245,6 +245,7 @@ class Handler:
|
||||
session.save()
|
||||
self._authToken = session.session_key
|
||||
self._session = session
|
||||
|
||||
return self._authToken
|
||||
|
||||
def cleanAuthToken(self) -> None:
|
||||
|
@ -40,7 +40,7 @@ from uds.REST import RequestError
|
||||
from uds.core.managers import userServiceManager
|
||||
from uds.core.managers import cryptoManager
|
||||
from uds.core.services.exceptions import ServiceNotReadyError
|
||||
from uds.web.util import errors
|
||||
from uds.web.util import errors, services
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
@ -85,8 +85,6 @@ class Connection(Handler):
|
||||
|
||||
def serviceList(self):
|
||||
# We look for services for this authenticator groups. User is logged in in just 1 authenticator, so his groups must coincide with those assigned to ds
|
||||
from uds.web.util.services import getServicesData
|
||||
|
||||
# Ensure user is present on request, used by web views methods
|
||||
self._request.user = self._user
|
||||
|
||||
@ -180,6 +178,16 @@ class Connection(Handler):
|
||||
def getTicketContent(self):
|
||||
return {} # TODO: use this for something?
|
||||
|
||||
def getUdsLink(self):
|
||||
# Returns the UDS link for the user & transport
|
||||
self._request.user = self._user # type: ignore
|
||||
self._request._cryptedpass = self._session['REST']['password'] # type: ignore
|
||||
self._request._scrambler = self._request.META['HTTP_SCRAMBLER'] # type: ignore
|
||||
linkInfo = services.enableService(self._request, idService=self._args[0], idTransport=self._args[1])
|
||||
if linkInfo['error']:
|
||||
return Connection.result(error=linkInfo['error'])
|
||||
return Connection.result(result=linkInfo['url'])
|
||||
|
||||
def get(self):
|
||||
"""
|
||||
Processes get requests
|
||||
@ -201,6 +209,9 @@ class Connection(Handler):
|
||||
# /connection/idService/idTransport/skipChecking
|
||||
if self._args[2] == 'skipChecking':
|
||||
return self.connection(True)
|
||||
# /connection/idService/idTransport/udslink
|
||||
elif self._args[2] == 'udslink':
|
||||
return self.getUdsLink()
|
||||
|
||||
if len(self._args) == 4:
|
||||
# /connection/idService/idTransport/scrambler/hostname
|
||||
|
@ -1,6 +1,6 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Copyright (c) 2012-2020 Virtual Cable S.L.U.
|
||||
# Copyright (c) 2012-2021 Virtual Cable S.L.U.
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without modification,
|
||||
@ -389,9 +389,10 @@ def webPassword(request: HttpRequest) -> str:
|
||||
session (db) and client browser cookies. This method uses this two values to recompose the user password
|
||||
so we can provide it to remote sessions.
|
||||
"""
|
||||
return cryptoManager().symDecrpyt(
|
||||
request.session.get(PASS_KEY, ''), getUDSCookie(request)
|
||||
) # recover as original unicode string
|
||||
if hasattr(request, 'session'):
|
||||
return cryptoManager().symDecrpyt(request.session.get(PASS_KEY, ''), getUDSCookie(request)) # recover as original unicode string
|
||||
else: # No session, get from _session instead, this is an "client" REST request
|
||||
return cryptoManager().symDecrpyt(request._cryptedpass, request._scrambler) # type: ignore
|
||||
|
||||
|
||||
def webLogout(
|
||||
|
@ -46,6 +46,8 @@ from uds.models import (
|
||||
from uds.core.util.config import GlobalConfig
|
||||
from uds.core.util import html
|
||||
|
||||
from uds.core.managers import userServiceManager
|
||||
|
||||
# Not imported at runtime, just for type checking
|
||||
if typing.TYPE_CHECKING:
|
||||
from uds.core.util.request import ExtendedHttpRequestWithUser
|
||||
@ -369,5 +371,56 @@ def getServicesData(
|
||||
'ip': request.ip,
|
||||
'nets': nets,
|
||||
'transports': validTrans,
|
||||
'autorun': autorun,
|
||||
'autorun': autorun
|
||||
}
|
||||
|
||||
def enableService(request: 'HttpRequest', idService: str, idTransport: str) -> typing.Mapping[str, typing.Any]:
|
||||
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
|
||||
logger.debug('idService: %s, idTransport: %s', idService, idTransport)
|
||||
url = ''
|
||||
error = ugettext('Service not ready. Please, try again in a while.')
|
||||
|
||||
# If meta service, process and rebuild idService & idTransport
|
||||
|
||||
try:
|
||||
res = userServiceManager().getService(request.user, request.os, request.ip, idService, idTransport, doTest=False)
|
||||
scrambler = cryptoManager().randomString(32)
|
||||
password = cryptoManager().symCrypt(webPassword(request), scrambler)
|
||||
|
||||
userService, trans = res[1], res[3]
|
||||
|
||||
typeTrans = trans.getType()
|
||||
|
||||
error = '' # No error
|
||||
|
||||
if typeTrans.ownLink:
|
||||
url = reverse('TransportOwnLink', args=('A' + userService.uuid, trans.uuid))
|
||||
else:
|
||||
data = {
|
||||
'service': 'A' + userService.uuid,
|
||||
'transport': trans.uuid,
|
||||
'user': request.user.uuid,
|
||||
'password': password
|
||||
}
|
||||
|
||||
ticket = TicketStore.create(data)
|
||||
url = html.udsLink(request, ticket, scrambler)
|
||||
except ServiceNotReadyError as e:
|
||||
logger.debug('Service not ready')
|
||||
# Not ready, show message and return to this page in a while
|
||||
# error += ' (code {0:04X})'.format(e.code)
|
||||
error = ugettext('Your service is being created, please, wait for a few seconds while we complete it.)') + '({}%)'.format(int(e.code * 25))
|
||||
except MaxServicesReachedError:
|
||||
logger.info('Number of service reached MAX for service pool "%s"', idService)
|
||||
error = errors.errorString(errors.MAX_SERVICES_REACHED)
|
||||
except ServiceAccessDeniedByCalendar:
|
||||
logger.info('Access tried to a calendar limited access pool "%s"', idService)
|
||||
error = errors.errorString(errors.SERVICE_CALENDAR_DENIED)
|
||||
except Exception as e:
|
||||
logger.exception('Error')
|
||||
error = str(e)
|
||||
|
||||
return {
|
||||
'url': str(url),
|
||||
'error': str(error)
|
||||
}
|
||||
|
@ -130,65 +130,12 @@ def serviceImage(request: 'ExtendedHttpRequest', idImage: str) -> HttpResponse:
|
||||
|
||||
@webLoginRequired(admin=False)
|
||||
@never_cache
|
||||
def userServiceEnabler(
|
||||
request: 'ExtendedHttpRequestWithUser', idService: str, idTransport: str
|
||||
) -> HttpResponse:
|
||||
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
|
||||
logger.debug('idService: %s, idTransport: %s', idService, idTransport)
|
||||
url = ''
|
||||
error = _('Service not ready. Please, try again in a while.')
|
||||
|
||||
# If meta service, process and rebuild idService & idTransport
|
||||
|
||||
try:
|
||||
res = userServiceManager().getService(
|
||||
request.user, request.os, request.ip, idService, idTransport, doTest=False
|
||||
)
|
||||
scrambler = cryptoManager().randomString(32)
|
||||
password = cryptoManager().symCrypt(webPassword(request), scrambler)
|
||||
|
||||
userService, trans = res[1], res[3]
|
||||
|
||||
typeTrans = trans.getType()
|
||||
|
||||
error = '' # No error
|
||||
|
||||
if typeTrans.ownLink:
|
||||
url = reverse('TransportOwnLink', args=('A' + userService.uuid, trans.uuid))
|
||||
else:
|
||||
data = {
|
||||
'service': 'A' + userService.uuid,
|
||||
'transport': trans.uuid,
|
||||
'user': request.user.uuid,
|
||||
'password': password,
|
||||
}
|
||||
|
||||
# Ensure "client access" is removed on enable action...
|
||||
userService.setProperty('accessedByClient', '0')
|
||||
|
||||
ticket = TicketStore.create(data)
|
||||
url = html.udsLink(request, ticket, scrambler)
|
||||
except ServiceNotReadyError as e:
|
||||
logger.debug('Service not ready')
|
||||
# Not ready, show message and return to this page in a while
|
||||
# error += ' (code {0:04X})'.format(e.code)
|
||||
error = _(
|
||||
'Your service is being created, please, wait for a few seconds while we complete it.)'
|
||||
) + '({}%)'.format(int(e.code * 25))
|
||||
except MaxServicesReachedError:
|
||||
logger.info('Number of service reached MAX for service pool "%s"', idService)
|
||||
error = errors.errorString(errors.MAX_SERVICES_REACHED)
|
||||
except ServiceAccessDeniedByCalendar:
|
||||
logger.info('Access tried to a calendar limited access pool "%s"', idService)
|
||||
error = errors.errorString(errors.SERVICE_CALENDAR_DENIED)
|
||||
except Exception as e:
|
||||
logger.exception('Error')
|
||||
error = str(e)
|
||||
|
||||
def userServiceEnabler(request: 'HttpRequest', idService: str, idTransport: str) -> HttpResponse:
|
||||
return HttpResponse(
|
||||
json.dumps({'url': str(url), 'error': str(error)}),
|
||||
content_type='application/json',
|
||||
json.dumps(services.enableService(request, idService=idService, idTransport=idTransport)),
|
||||
content_type='application/json'
|
||||
)
|
||||
|
||||
|
||||
|
||||
def closer(request: 'ExtendedHttpRequest') -> HttpResponse:
|
||||
|
Loading…
Reference in New Issue
Block a user