haproxy-wi/app/modules/roxywi/user.py

import os

from jinja2 import Environment, FileSystemLoader

import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.alerting.alerting as alerting

form = common.form


def create_user(new_user: str, email: str, password: str, role: str, activeuser: int, group: int, **kwargs) -> bool:
    if roxywi_common.check_user_group(token=kwargs.get('token')):

        if roxywi_auth.is_admin(level=2, role_id=kwargs.get('role_id')):
            try:
                user_id = sql.add_user(new_user, email, password, role, activeuser, group)
                sql.update_user_role(user_id, group, role)
                roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1)
                try:
                    sql.update_user_role(user_id, group, role)
                except Exception as e:
                    print(f'error: cannot update user role {e}')
                try:
                    if password == 'aduser':
                        password = 'your domain password'
                    message = f"A user has been created for you on Roxy-WI portal!\n\n" \
                              f"Now you can login to https://{os.environ.get('HTTP_HOST', '')}\n\n" \
                              f"Your credentials are:\n" \
                              f"Login: {new_user}\n" \
                              f"Password: {password}"
                    alerting.send_email(email, 'A user has been created for you', message)
                except Exception as e:
                    roxywi_common.logging('error: Cannot send email for a new user', e, roxywi=1, login=1)
            except Exception as e:
                print(f'error: Cannot create a new user: {e}')
                roxywi_common.logging('error: Cannot create a new user', e, roxywi=1, login=1)
                return False
        else:
            print('error: dalsdm')
            roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
            return False

    return True


def delete_user():
    userdel = int(form.getvalue('userdel'))
    if sql.is_user_super_admin(userdel):
        count_super_admin_users = sql.get_super_admin_count()
        if count_super_admin_users < 2:
            raise Exception('error: you cannot delete a last user with superAdmin role')
    user = sql.select_users(id=userdel)
    username = ''
    for u in user:
        username = u.username
    if sql.delete_user(userdel):
        sql.delete_user_groups(userdel)
        roxywi_common.logging(username, ' has been deleted user ', roxywi=1, login=1)
        print("Ok")


def update_user():
    email = form.getvalue('email')
    new_user = form.getvalue('updateuser')
    user_id = form.getvalue('id')
    activeuser = form.getvalue('activeuser')
    group_id = int(form.getvalue('usergroup'))

    if roxywi_common.check_user_group():
        if form.getvalue('role'):
            role_id = int(form.getvalue('role'))
            if roxywi_auth.is_admin(level=role_id):
                try:
                    sql.update_user(new_user, email, role_id, user_id, activeuser)
                except Exception as e:
                    print(e)
                sql.update_user_role(user_id, group_id, role_id)
                roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
            else:
                roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
        else:
            try:
                sql.update_user_from_admin_area(new_user, email, user_id, activeuser)
            except Exception as e:
                print(e)
            roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)


def update_user_password():
    password = form.getvalue('updatepassowrd')
    username = ''

    if form.getvalue('uuid'):
        user_id = sql.get_user_id_by_uuid(form.getvalue('uuid'))
    else:
        user_id = form.getvalue('id')
    user = sql.select_users(id=user_id)
    for u in user:
        username = u.username
    sql.update_user_password(password, user_id)
    roxywi_common.logging('user ' + username, ' has changed password ', roxywi=1, login=1)
    print("Ok")


def get_user_services() -> None:
    user_id = common.checkAjaxInput(form.getvalue('getuserservices'))
    lang = roxywi_common.get_user_lang()
    services = sql.select_services()

    env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
    template = env.get_template('ajax/show_user_services.html')
    template = template.render(user_services=sql.select_user_services(user_id), id=user_id, services=services, lang=lang)
    print(template)


def change_user_services() -> None:
    import json

    user_id = common.checkAjaxInput(form.getvalue('changeUserServicesId'))
    user = common.checkAjaxInput(form.getvalue('changeUserServicesUser'))
    services = ''
    user_services = json.loads(form.getvalue('jsonDatas'))

    for k, v in user_services.items():
        for k2, v2 in v.items():
            services += ' ' + k2

    try:
        if sql.update_user_services(services=services, user_id=user_id):
            roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', roxywi=1, login=1)
    except Exception as e:
        print(e)


def change_user_active_group() -> None:
    group_id = common.checkAjaxInput(form.getvalue('changeUserCurrentGroupId'))
    user_uuid = common.checkAjaxInput(form.getvalue('changeUserGroupsUser'))

    try:
        if sql.update_user_current_groups(group_id, user_uuid):
            print('Ok')
        else:
            print('error: Cannot change group')
    except Exception as e:
        print(e)


def get_user_active_group(user_id: str, group: str) -> None:
    group_id = sql.get_user_id_by_uuid(user_id.value)
    groups = sql.select_user_groups_with_names(group_id)
    lang = roxywi_common.get_user_lang()
    env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
    template = env.get_template('ajax/show_user_current_group.html')
    template = template.render(groups=groups, group=group.value, id=group_id, lang=lang)
    print(template)


def show_user_groups_and_roles() -> None:
    user_id = common.checkAjaxInput(form.getvalue('user_id'))
    groups = sql.select_user_groups_with_names(user_id, user_not_in_group=1)
    roles = sql.select_roles()
    lang = roxywi_common.get_user_lang()
    user_groups = sql.select_user_groups_with_names(user_id)
    env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
    template = env.get_template('ajax/show_user_groups_and_roles.html')
    template = template.render(groups=groups, user_groups=user_groups, roles=roles, lang=lang)
    print(template)


def save_user_group_and_role() -> None:
    import json

    user = common.checkAjaxInput(form.getvalue('changeUserGroupsUser'))
    groups_and_roles = json.loads(form.getvalue('jsonDatas'))

    for k, v in groups_and_roles.items():
        user_id = int(k)
        if not sql.delete_user_groups(user_id):
            print('error: cannot delete old groups')
        for k2, v2 in v.items():
            group_id = int(k2)
            role_id = int(v2['role_id'])
            try:
                sql.update_user_role(user_id, group_id, role_id)
            except Exception as e:
                print(e)
                break
        else:
            roxywi_common.logging('Roxy-WI server', f'Groups and roles have been updated for user: {user}', roxywi=1, login=1)
            print('ok')


def get_ldap_email() -> None:
    import ldap

    username = common.checkAjaxInput(form.getvalue('get_ldap_email'))
    server = sql.get_setting('ldap_server')
    port = sql.get_setting('ldap_port')
    user = sql.get_setting('ldap_user')
    password = sql.get_setting('ldap_password')
    ldap_base = sql.get_setting('ldap_base')
    domain = sql.get_setting('ldap_domain')
    ldap_search_field = sql.get_setting('ldap_search_field')
    ldap_class_search = sql.get_setting('ldap_class_search')
    ldap_user_attribute = sql.get_setting('ldap_user_attribute')
    ldap_type = sql.get_setting('ldap_type')

    ldap_proto = 'ldap' if ldap_type == "0" else 'ldaps'

    ldap_bind = ldap.initialize('{}://{}:{}/'.format(ldap_proto, server, port))

    try:
        ldap_bind.protocol_version = ldap.VERSION3
        ldap_bind.set_option(ldap.OPT_REFERRALS, 0)

        bind = ldap_bind.simple_bind_s(user, password)

        criteria = "(&(objectClass=" + ldap_class_search + ")(" + ldap_user_attribute + "=" + username + "))"
        attributes = [ldap_search_field]
        result = ldap_bind.search_s(ldap_base, ldap.SCOPE_SUBTREE, criteria, attributes)

        results = [entry for dn, entry in result if isinstance(entry, dict)]
        try:
            print('["' + results[0][ldap_search_field][0].decode("utf-8") + '","' + domain + '"]')
        except Exception:
            print('error: user not found')
    finally:
        ldap_bind.unbind()
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`import os`

			`from jinja2 import Environment, FileSystemLoader`

			`import modules.db.sql as sql`
			`import modules.common.common as common`
			`import modules.roxywi.auth as roxywi_auth`
			`import modules.roxywi.common as roxywi_common`
			`import modules.alerting.alerting as alerting`

			`form = common.form`


v6.3.2.0 Changelog: https://roxy-wi.org/changelog#6_3_2 2022-12-22 19:19:43 +00:00			`def create_user(new_user: str, email: str, password: str, role: str, activeuser: int, group: int, **kwargs) -> bool:`
			`if roxywi_common.check_user_group(token=kwargs.get('token')):`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00
v6.3.2.0 Changelog: https://roxy-wi.org/changelog#6_3_2 2022-12-22 19:19:43 +00:00			`if roxywi_auth.is_admin(level=2, role_id=kwargs.get('role_id')):`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`try:`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-03 20:03:41 +00:00			`user_id = sql.add_user(new_user, email, password, role, activeuser, group)`
			`sql.update_user_role(user_id, group, role)`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1)`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-03 20:03:41 +00:00			`try:`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-04 07:42:26 +00:00			`sql.update_user_role(user_id, group, role)`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-03 20:03:41 +00:00			`except Exception as e:`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-04 07:42:26 +00:00			`print(f'error: cannot update user role {e}')`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`try:`
v6.3.5.0 Changelog: https://roxy-wi.org/changelog#6_3_5 2023-02-13 14:45:45 +00:00			`if password == 'aduser':`
			`password = 'your domain password'`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`message = f"A user has been created for you on Roxy-WI portal!\n\n" \`
			`f"Now you can login to https://{os.environ.get('HTTP_HOST', '')}\n\n" \`
			`f"Your credentials are:\n" \`
			`f"Login: {new_user}\n" \`
			`f"Password: {password}"`
			`alerting.send_email(email, 'A user has been created for you', message)`
			`except Exception as e:`
			`roxywi_common.logging('error: Cannot send email for a new user', e, roxywi=1, login=1)`
			`except Exception as e:`
			`print(f'error: Cannot create a new user: {e}')`
			`roxywi_common.logging('error: Cannot create a new user', e, roxywi=1, login=1)`
v6.3.2.0 Changelog: https://roxy-wi.org/changelog#6_3_2 2022-12-22 19:19:43 +00:00			`return False`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`else:`
			`print('error: dalsdm')`
			`roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)`
v6.3.2.0 Changelog: https://roxy-wi.org/changelog#6_3_2 2022-12-22 19:19:43 +00:00			`return False`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00
v6.3.2.0 Changelog: https://roxy-wi.org/changelog#6_3_2 2022-12-22 19:19:43 +00:00			`return True`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00
v6.3.2.0 Changelog: https://roxy-wi.org/changelog#6_3_2 2022-12-22 19:25:54 +00:00
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`def delete_user():`
v6.3.13.0 Changelog: https://roxy-wi.org/changelog#6_3_13 2023-06-03 15:04:22 +00:00			`userdel = int(form.getvalue('userdel'))`
v6.3.13.0 Changelog: https://roxy-wi.org/changelog#6_3_13 2023-06-04 05:05:35 +00:00			`if sql.is_user_super_admin(userdel):`
			`count_super_admin_users = sql.get_super_admin_count()`
			`if count_super_admin_users < 2:`
			`raise Exception('error: you cannot delete a last user with superAdmin role')`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`user = sql.select_users(id=userdel)`
			`username = ''`
			`for u in user:`
			`username = u.username`
			`if sql.delete_user(userdel):`
			`sql.delete_user_groups(userdel)`
			`roxywi_common.logging(username, ' has been deleted user ', roxywi=1, login=1)`
			`print("Ok")`


			`def update_user():`
			`email = form.getvalue('email')`
			`new_user = form.getvalue('updateuser')`
			`user_id = form.getvalue('id')`
			`activeuser = form.getvalue('activeuser')`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-03 20:03:41 +00:00			`group_id = int(form.getvalue('usergroup'))`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00
			`if roxywi_common.check_user_group():`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-06 09:59:08 +00:00			`if form.getvalue('role'):`
			`role_id = int(form.getvalue('role'))`
			`if roxywi_auth.is_admin(level=role_id):`
v6.3.9.0 Changelog: https://roxy-wi.org/changelog#6_3_9 2023-04-09 13:11:16 +00:00			`try:`
			`sql.update_user(new_user, email, role_id, user_id, activeuser)`
			`except Exception as e:`
			`print(e)`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-06 09:59:08 +00:00			`sql.update_user_role(user_id, group_id, role_id)`
			`roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)`
			`else:`
			`roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00			`else:`
v6.3.9.0 Changelog: https://roxy-wi.org/changelog#6_3_9 2023-04-09 13:11:16 +00:00			`try:`
			`sql.update_user_from_admin_area(new_user, email, user_id, activeuser)`
			`except Exception as e:`
			`print(e)`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-06 09:59:08 +00:00			`roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-04 18:43:25 +00:00

			`def update_user_password():`
			`password = form.getvalue('updatepassowrd')`
			`username = ''`

			`if form.getvalue('uuid'):`
			`user_id = sql.get_user_id_by_uuid(form.getvalue('uuid'))`
			`else:`
			`user_id = form.getvalue('id')`
			`user = sql.select_users(id=user_id)`
			`for u in user:`
			`username = u.username`
			`sql.update_user_password(password, user_id)`
			`roxywi_common.logging('user ' + username, ' has changed password ', roxywi=1, login=1)`
			`print("Ok")`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-09 12:14:05 +00:00

			`def get_user_services() -> None:`
			`user_id = common.checkAjaxInput(form.getvalue('getuserservices'))`
v6.3.5.0 Changelog: https://roxy-wi.org/changelog#6_3_5 2023-02-13 14:45:45 +00:00			`lang = roxywi_common.get_user_lang()`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-09 12:14:05 +00:00			`services = sql.select_services()`

v6.3.5.0 Changelog: https://roxy-wi.org/changelog#6_3_5 2023-02-13 14:45:45 +00:00			`env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)`
			`template = env.get_template('ajax/show_user_services.html')`
			`template = template.render(user_services=sql.select_user_services(user_id), id=user_id, services=services, lang=lang)`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-09 12:14:05 +00:00			`print(template)`


			`def change_user_services() -> None:`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-03 20:03:41 +00:00			`import json`

v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-09 12:14:05 +00:00			`user_id = common.checkAjaxInput(form.getvalue('changeUserServicesId'))`
			`user = common.checkAjaxInput(form.getvalue('changeUserServicesUser'))`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-03 20:03:41 +00:00			`services = ''`
			`user_services = json.loads(form.getvalue('jsonDatas'))`

			`for k, v in user_services.items():`
			`for k2, v2 in v.items():`
			`services += ' ' + k2`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-09 12:14:05 +00:00
			`try:`
			`if sql.update_user_services(services=services, user_id=user_id):`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-03 20:03:41 +00:00			`roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', roxywi=1, login=1)`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-09 12:14:05 +00:00			`except Exception as e:`
			`print(e)`


			`def change_user_active_group() -> None:`
			`group_id = common.checkAjaxInput(form.getvalue('changeUserCurrentGroupId'))`
			`user_uuid = common.checkAjaxInput(form.getvalue('changeUserGroupsUser'))`

			`try:`
			`if sql.update_user_current_groups(group_id, user_uuid):`
			`print('Ok')`
			`else:`
			`print('error: Cannot change group')`
			`except Exception as e:`
			`print(e)`


			`def get_user_active_group(user_id: str, group: str) -> None:`
			`group_id = sql.get_user_id_by_uuid(user_id.value)`
			`groups = sql.select_user_groups_with_names(group_id)`
v6.3.5.0 Changelog: https://roxy-wi.org/changelog#6_3_5 2023-02-14 09:34:19 +00:00			`lang = roxywi_common.get_user_lang()`
			`env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)`
			`template = env.get_template('ajax/show_user_current_group.html')`
			`template = template.render(groups=groups, group=group.value, id=group_id, lang=lang)`
v6.3.1.0 Changelog: https://roxy-wi.org/changelog#6_3_1 2022-12-09 12:14:05 +00:00			`print(template)`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-03 20:03:41 +00:00

			`def show_user_groups_and_roles() -> None:`
			`user_id = common.checkAjaxInput(form.getvalue('user_id'))`
			`groups = sql.select_user_groups_with_names(user_id, user_not_in_group=1)`
			`roles = sql.select_roles()`
			`lang = roxywi_common.get_user_lang()`
			`user_groups = sql.select_user_groups_with_names(user_id)`
			`env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)`
			`template = env.get_template('ajax/show_user_groups_and_roles.html')`
			`template = template.render(groups=groups, user_groups=user_groups, roles=roles, lang=lang)`
			`print(template)`


			`def save_user_group_and_role() -> None:`
			`import json`

			`user = common.checkAjaxInput(form.getvalue('changeUserGroupsUser'))`
			`groups_and_roles = json.loads(form.getvalue('jsonDatas'))`

			`for k, v in groups_and_roles.items():`
			`user_id = int(k)`
			`if not sql.delete_user_groups(user_id):`
			`print('error: cannot delete old groups')`
			`for k2, v2 in v.items():`
			`group_id = int(k2)`
			`role_id = int(v2['role_id'])`
			`try:`
			`sql.update_user_role(user_id, group_id, role_id)`
			`except Exception as e:`
			`print(e)`
			`break`
			`else:`
			`roxywi_common.logging('Roxy-WI server', f'Groups and roles have been updated for user: {user}', roxywi=1, login=1)`
			`print('ok')`
v6.3.7.0 Changelog: https://roxy-wi.org/changelog#6_3_7 2023-03-08 13:15:15 +00:00

			`def get_ldap_email() -> None:`
			`import ldap`

			`username = common.checkAjaxInput(form.getvalue('get_ldap_email'))`
			`server = sql.get_setting('ldap_server')`
			`port = sql.get_setting('ldap_port')`
			`user = sql.get_setting('ldap_user')`
			`password = sql.get_setting('ldap_password')`
			`ldap_base = sql.get_setting('ldap_base')`
			`domain = sql.get_setting('ldap_domain')`
			`ldap_search_field = sql.get_setting('ldap_search_field')`
			`ldap_class_search = sql.get_setting('ldap_class_search')`
			`ldap_user_attribute = sql.get_setting('ldap_user_attribute')`
			`ldap_type = sql.get_setting('ldap_type')`

			`ldap_proto = 'ldap' if ldap_type == "0" else 'ldaps'`

			`ldap_bind = ldap.initialize('{}://{}:{}/'.format(ldap_proto, server, port))`

			`try:`
			`ldap_bind.protocol_version = ldap.VERSION3`
			`ldap_bind.set_option(ldap.OPT_REFERRALS, 0)`

			`bind = ldap_bind.simple_bind_s(user, password)`

			`criteria = "(&(objectClass=" + ldap_class_search + ")(" + ldap_user_attribute + "=" + username + "))"`
			`attributes = [ldap_search_field]`
			`result = ldap_bind.search_s(ldap_base, ldap.SCOPE_SUBTREE, criteria, attributes)`

			`results = [entry for dn, entry in result if isinstance(entry, dict)]`
			`try:`
			`print('["' + results[0][ldap_search_field][0].decode("utf-8") + '","' + domain + '"]')`
			`except Exception:`
			`print('error: user not found')`
			`finally:`
			`ldap_bind.unbind()`