From ed602e9354948a9095fab3bf6a45a6a28d6f5dbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20G=C3=B3mez?= Date: Wed, 11 Jun 2014 07:50:03 +0000 Subject: [PATCH] * Removed deprecated "getIp" method call from views * Added option so requests Ips can be checked "behind" a proxy or not (increases security) * Marqued getIp from auth as "deprecated" and generates a warning on logs * Renamed Decorators to decorators, do not liked the initial "D"... :-) * Added ip of request extraction to GlobalRequestMiddleware * Fixed IPMachinesService.py so it adapts correctly to new fact that Storage readData returns "unicode" strings * Added a default -99999 as min value to spinners (admin web interface) * --- .../org.eclipse.core.resources.prefs | 3 ++- server/src/uds/admin/views.py | 4 ++-- server/src/uds/auths/IP/Authenticator.py | 5 +++- server/src/uds/core/auths/auth.py | 21 +++++------------ .../util/{Decorators.py => decorators.py} | 22 ++++++++++-------- server/src/uds/core/util/request.py | 23 +++++++++++++++++++ .../PhysicalMachines/IPMachinesService.py | 2 +- server/src/uds/static/adm/js/gui-tools.coffee | 2 +- server/src/uds/web/views.py | 1 - 9 files changed, 51 insertions(+), 32 deletions(-) rename server/src/uds/core/util/{Decorators.py => decorators.py} (89%) diff --git a/server/.settings/org.eclipse.core.resources.prefs b/server/.settings/org.eclipse.core.resources.prefs index ce09fe0e5..ea272fa50 100644 --- a/server/.settings/org.eclipse.core.resources.prefs +++ b/server/.settings/org.eclipse.core.resources.prefs @@ -106,7 +106,6 @@ encoding//src/uds/core/ui/theme.py=utf-8 encoding//src/uds/core/util/AutoAttributes.py=utf-8 encoding//src/uds/core/util/Cache.py=utf-8 encoding//src/uds/core/util/Config.py=utf-8 -encoding//src/uds/core/util/Decorators.py=utf-8 encoding//src/uds/core/util/OsDetector.py=utf-8 encoding//src/uds/core/util/State.py=utf-8 encoding//src/uds/core/util/StateQueue.py=utf-8 @@ -117,6 +116,7 @@ encoding//src/uds/core/util/UniqueMacGenerator.py=utf-8 encoding//src/uds/core/util/UniqueNameGenerator.py=utf-8 encoding//src/uds/core/util/__init__.py=utf-8 encoding//src/uds/core/util/connection.py=utf-8 +encoding//src/uds/core/util/decorators.py=utf-8 encoding//src/uds/core/util/html.py=utf-8 encoding//src/uds/core/util/log.py=utf-8 encoding//src/uds/core/util/middleware/__init__.py=utf-8 @@ -261,6 +261,7 @@ encoding//src/uds/tests/core/util/net.py=utf-8 encoding//src/uds/tests/core/util/storage.py=utf-8 encoding//src/uds/tests/web/__init__.py=utf-8 encoding//src/uds/tests/web/admin/auth/__init__.py=utf-8 +encoding//src/uds/tests/web/admin/auth/create.py=utf-8 encoding//src/uds/tests/web/auth/__init__.py=utf-8 encoding//src/uds/transports/HTML5RDP/HTML5RDP.py=utf-8 encoding//src/uds/transports/HTML5RDP/__init__.py=utf-8 diff --git a/server/src/uds/admin/views.py b/server/src/uds/admin/views.py index 58961a19a..6bf6bee64 100644 --- a/server/src/uds/admin/views.py +++ b/server/src/uds/admin/views.py @@ -37,11 +37,11 @@ from django.shortcuts import render from django.utils.translation import ugettext as _ from uds.core.auths.auth import webLoginRequired -from uds.core.util.Decorators import denyBrowsers +from uds.core.util.decorators import denyBrowsers import logging -__updated__ = '2014-02-19' +__updated__ = '2014-06-11' logger = logging.getLogger(__name__) diff --git a/server/src/uds/auths/IP/Authenticator.py b/server/src/uds/auths/IP/Authenticator.py index 88be9b0d4..3690995bf 100644 --- a/server/src/uds/auths/IP/Authenticator.py +++ b/server/src/uds/auths/IP/Authenticator.py @@ -39,15 +39,18 @@ from uds.core.auths import Authenticator from uds.core.auths.GroupsManager import GroupsManager from uds.core.util import net from uds.core.util.request import getRequest +from uds.core.ui.UserInterface import gui import logging -__updated__ = '2014-02-19' +__updated__ = '2014-06-11' logger = logging.getLogger(__name__) class IPAuth(Authenticator): + translateProxy = gui.CheckBoxField(label=_('Accept proxy'), order=3, tooltip=_('If checked, requests via proxy will get FORWARDED ip address (take care with this bein checked, can take internal IP addresses from internet)')) + typeName = _('IP Authenticator') typeType = 'IPAuth' typeDescription = _('IP Authenticator') diff --git a/server/src/uds/core/auths/auth.py b/server/src/uds/core/auths/auth.py index 365303010..ce9dc3e13 100644 --- a/server/src/uds/core/auths/auth.py +++ b/server/src/uds/core/auths/auth.py @@ -42,6 +42,7 @@ from django.utils.translation import get_language from django.utils.translation import ugettext as _ from uds.core.util.Config import GlobalConfig from uds.core.util import log +from uds.core.util.decorators import deprecated from uds.core import auths from uds.core.managers.CryptoManager import CryptoManager from uds.core.util.State import State @@ -49,7 +50,7 @@ from uds.models import User import logging -__updated__ = '2014-06-02' +__updated__ = '2014-06-11' logger = logging.getLogger(__name__) authLogger = logging.getLogger('authLog') @@ -78,19 +79,10 @@ def getRootUser(): u.logout = lambda: None return u - -def getIp(request, translateProxy=True): - ''' - Obtains the IP of a Django Request, even behind a proxy - - Returns the obtained IP, that is always be a valid ip address. - ''' - try: - if translateProxy is False: - raise KeyError() # Do not allow HTTP_X_FORWARDED_FOR - request.ip = request.META['HTTP_X_FORWARDED_FOR'].split(",")[0] - except KeyError: - request.ip = request.META['REMOTE_ADDR'] +@deprecated +def getIp(request): + import inspect + logger.info('Deprecated IP') return request.ip @@ -123,7 +115,6 @@ def webLoginRequired(view_func): # Refresh session duration # request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt()) request.user = user - getIp(request) return view_func(request, *args, **kwargs) return _wrapped_view diff --git a/server/src/uds/core/util/Decorators.py b/server/src/uds/core/util/decorators.py similarity index 89% rename from server/src/uds/core/util/Decorators.py rename to server/src/uds/core/util/decorators.py index 7a0ab9ed4..7e6a1cd8b 100644 --- a/server/src/uds/core/util/Decorators.py +++ b/server/src/uds/core/util/decorators.py @@ -38,8 +38,6 @@ from uds.web import errors from time import sleep from functools import wraps -import warnings -import functools import logging @@ -90,18 +88,22 @@ def denyBrowsers(browsers=['ie<9'], errorResponse=lambda request: errors.errorVi return _wrapped_view return wrap -# Snippet based on https://wiki.python.org/moin/PythonDecoratorLibrary#Smart_deprecation_warnings_.28with_valid_filenames.2C_line_numbers.2C_etc..29 def deprecated(func): '''This is a decorator which can be used to mark functions as deprecated. It will result in a warning being emitted when the function is used.''' + import inspect - @functools.wraps(func) + @wraps(func) def new_func(*args, **kwargs): - logger.info( - "Call to deprecated function {0} from {1}:{2}.".format(func.__name__, - func.func_code.co_filename, - func.func_code.co_firstlineno + 1) - ) + try: + caller = inspect.stack()[1] + logger.warn( + "Call to deprecated function {0} from {1}:{2}.".format(func.__name__, + caller[1], caller[2] + )) + except: + logger.info('No stack info on deprecated function call {0}'.format(func.__name__)) + return func(*args, **kwargs) - return new_func \ No newline at end of file + return new_func diff --git a/server/src/uds/core/util/request.py b/server/src/uds/core/util/request.py index 975c005ff..ce6299a57 100644 --- a/server/src/uds/core/util/request.py +++ b/server/src/uds/core/util/request.py @@ -33,6 +33,12 @@ from __future__ import unicode_literals import threading +import logging + +__updated__ = '2014-06-11' + +logger = logging.getLogger(__name__) + _requests = {} @@ -42,5 +48,22 @@ def getRequest(): class GlobalRequestMiddleware(object): def process_request(self, request): + # Add IP to request + GlobalRequestMiddleware.getIp(request) _requests[threading._get_ident()] = request return None + + @staticmethod + def getIp(request): + ''' + Obtains the IP of a Django Request, even behind a proxy + + Returns the obtained IP, that is always be a valid ip address. + ''' + request.ip = request.META['REMOTE_ADDR'] + try: + request.ip_proxy = request.META['HTTP_X_FORWARDED_FOR'].split(",")[0] + request.is_proxy = True + except: + request.ip_proxy = request.ip + request.is_proxy = False diff --git a/server/src/uds/services/PhysicalMachines/IPMachinesService.py b/server/src/uds/services/PhysicalMachines/IPMachinesService.py index d824ba6a6..541565c5f 100644 --- a/server/src/uds/services/PhysicalMachines/IPMachinesService.py +++ b/server/src/uds/services/PhysicalMachines/IPMachinesService.py @@ -79,7 +79,7 @@ class IPMachinesService(services.Service): def unmarshal(self, vals): if vals == 'v1': - self._ips = cPickle.loads(self.storage().readData('ips')) + self._ips = cPickle.loads(str(self.storage().readData('ips'))) def getUnassignedMachine(self): # Search first unassigned machine diff --git a/server/src/uds/static/adm/js/gui-tools.coffee b/server/src/uds/static/adm/js/gui-tools.coffee index ea051c0b5..92b369468 100644 --- a/server/src/uds/static/adm/js/gui-tools.coffee +++ b/server/src/uds/static/adm/js/gui-tools.coffee @@ -71,7 +71,7 @@ # Activate Touchspinner $(selector + " input[type=numeric]:not([readonly])").TouchSpin - min: 0 + min: -99999 max: 99999 decimals: 0 diff --git a/server/src/uds/web/views.py b/server/src/uds/web/views.py index 9cc3c6885..954dcb74d 100644 --- a/server/src/uds/web/views.py +++ b/server/src/uds/web/views.py @@ -84,7 +84,6 @@ def login(request, smallName=None): logger.debug('Small name: {0}'.format(smallName)) - getIp(request) if request.method == 'POST': if 'uds' not in request.COOKIES: return errors.errorView(request, errors.COOKIES_NEEDED) # We need cookies to keep session data