1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-24 21:34:41 +03:00

Merge remote-tracking branch 'origin/v3.0'

This commit is contained in:
Adolfo Gómez García 2021-05-04 13:05:31 +02:00
commit 98293bba75
5 changed files with 78 additions and 65 deletions

View File

@ -245,6 +245,7 @@ class Handler:
session.save()
self._authToken = session.session_key
self._session = session
return self._authToken
def cleanAuthToken(self) -> None:

View File

@ -40,7 +40,7 @@ from uds.REST import RequestError
from uds.core.managers import userServiceManager
from uds.core.managers import cryptoManager
from uds.core.services.exceptions import ServiceNotReadyError
from uds.web.util import errors
from uds.web.util import errors, services
logger = logging.getLogger(__name__)
@ -85,8 +85,6 @@ class Connection(Handler):
def serviceList(self):
# We look for services for this authenticator groups. User is logged in in just 1 authenticator, so his groups must coincide with those assigned to ds
from uds.web.util.services import getServicesData
# Ensure user is present on request, used by web views methods
self._request.user = self._user
@ -180,6 +178,16 @@ class Connection(Handler):
def getTicketContent(self):
return {} # TODO: use this for something?
def getUdsLink(self):
# Returns the UDS link for the user & transport
self._request.user = self._user # type: ignore
self._request._cryptedpass = self._session['REST']['password'] # type: ignore
self._request._scrambler = self._request.META['HTTP_SCRAMBLER'] # type: ignore
linkInfo = services.enableService(self._request, idService=self._args[0], idTransport=self._args[1])
if linkInfo['error']:
return Connection.result(error=linkInfo['error'])
return Connection.result(result=linkInfo['url'])
def get(self):
"""
Processes get requests
@ -201,6 +209,9 @@ class Connection(Handler):
# /connection/idService/idTransport/skipChecking
if self._args[2] == 'skipChecking':
return self.connection(True)
# /connection/idService/idTransport/udslink
elif self._args[2] == 'udslink':
return self.getUdsLink()
if len(self._args) == 4:
# /connection/idService/idTransport/scrambler/hostname

View File

@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2012-2020 Virtual Cable S.L.U.
# Copyright (c) 2012-2021 Virtual Cable S.L.U.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@ -389,9 +389,10 @@ def webPassword(request: HttpRequest) -> str:
session (db) and client browser cookies. This method uses this two values to recompose the user password
so we can provide it to remote sessions.
"""
return cryptoManager().symDecrpyt(
request.session.get(PASS_KEY, ''), getUDSCookie(request)
) # recover as original unicode string
if hasattr(request, 'session'):
return cryptoManager().symDecrpyt(request.session.get(PASS_KEY, ''), getUDSCookie(request)) # recover as original unicode string
else: # No session, get from _session instead, this is an "client" REST request
return cryptoManager().symDecrpyt(request._cryptedpass, request._scrambler) # type: ignore
def webLogout(

View File

@ -46,6 +46,8 @@ from uds.models import (
from uds.core.util.config import GlobalConfig
from uds.core.util import html
from uds.core.managers import userServiceManager
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from uds.core.util.request import ExtendedHttpRequestWithUser
@ -369,5 +371,56 @@ def getServicesData(
'ip': request.ip,
'nets': nets,
'transports': validTrans,
'autorun': autorun,
'autorun': autorun
}
def enableService(request: 'HttpRequest', idService: str, idTransport: str) -> typing.Mapping[str, typing.Any]:
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
logger.debug('idService: %s, idTransport: %s', idService, idTransport)
url = ''
error = ugettext('Service not ready. Please, try again in a while.')
# If meta service, process and rebuild idService & idTransport
try:
res = userServiceManager().getService(request.user, request.os, request.ip, idService, idTransport, doTest=False)
scrambler = cryptoManager().randomString(32)
password = cryptoManager().symCrypt(webPassword(request), scrambler)
userService, trans = res[1], res[3]
typeTrans = trans.getType()
error = '' # No error
if typeTrans.ownLink:
url = reverse('TransportOwnLink', args=('A' + userService.uuid, trans.uuid))
else:
data = {
'service': 'A' + userService.uuid,
'transport': trans.uuid,
'user': request.user.uuid,
'password': password
}
ticket = TicketStore.create(data)
url = html.udsLink(request, ticket, scrambler)
except ServiceNotReadyError as e:
logger.debug('Service not ready')
# Not ready, show message and return to this page in a while
# error += ' (code {0:04X})'.format(e.code)
error = ugettext('Your service is being created, please, wait for a few seconds while we complete it.)') + '({}%)'.format(int(e.code * 25))
except MaxServicesReachedError:
logger.info('Number of service reached MAX for service pool "%s"', idService)
error = errors.errorString(errors.MAX_SERVICES_REACHED)
except ServiceAccessDeniedByCalendar:
logger.info('Access tried to a calendar limited access pool "%s"', idService)
error = errors.errorString(errors.SERVICE_CALENDAR_DENIED)
except Exception as e:
logger.exception('Error')
error = str(e)
return {
'url': str(url),
'error': str(error)
}

View File

@ -130,65 +130,12 @@ def serviceImage(request: 'ExtendedHttpRequest', idImage: str) -> HttpResponse:
@webLoginRequired(admin=False)
@never_cache
def userServiceEnabler(
request: 'ExtendedHttpRequestWithUser', idService: str, idTransport: str
) -> HttpResponse:
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
logger.debug('idService: %s, idTransport: %s', idService, idTransport)
url = ''
error = _('Service not ready. Please, try again in a while.')
# If meta service, process and rebuild idService & idTransport
try:
res = userServiceManager().getService(
request.user, request.os, request.ip, idService, idTransport, doTest=False
)
scrambler = cryptoManager().randomString(32)
password = cryptoManager().symCrypt(webPassword(request), scrambler)
userService, trans = res[1], res[3]
typeTrans = trans.getType()
error = '' # No error
if typeTrans.ownLink:
url = reverse('TransportOwnLink', args=('A' + userService.uuid, trans.uuid))
else:
data = {
'service': 'A' + userService.uuid,
'transport': trans.uuid,
'user': request.user.uuid,
'password': password,
}
# Ensure "client access" is removed on enable action...
userService.setProperty('accessedByClient', '0')
ticket = TicketStore.create(data)
url = html.udsLink(request, ticket, scrambler)
except ServiceNotReadyError as e:
logger.debug('Service not ready')
# Not ready, show message and return to this page in a while
# error += ' (code {0:04X})'.format(e.code)
error = _(
'Your service is being created, please, wait for a few seconds while we complete it.)'
) + '({}%)'.format(int(e.code * 25))
except MaxServicesReachedError:
logger.info('Number of service reached MAX for service pool "%s"', idService)
error = errors.errorString(errors.MAX_SERVICES_REACHED)
except ServiceAccessDeniedByCalendar:
logger.info('Access tried to a calendar limited access pool "%s"', idService)
error = errors.errorString(errors.SERVICE_CALENDAR_DENIED)
except Exception as e:
logger.exception('Error')
error = str(e)
def userServiceEnabler(request: 'HttpRequest', idService: str, idTransport: str) -> HttpResponse:
return HttpResponse(
json.dumps({'url': str(url), 'error': str(error)}),
content_type='application/json',
json.dumps(services.enableService(request, idService=idService, idTransport=idTransport)),
content_type='application/json'
)
def closer(request: 'ExtendedHttpRequest') -> HttpResponse: