Compare commits
No commits in common. "90e1a3a73b92210227a83ed72bbfa0266e06cea4" and "1aee5b5e7153765d21a5c4ed84b6f19ad4491bbd" have entirely different histories.
90e1a3a73b
...
1aee5b5e71
137
app.py
137
app.py
@ -1,9 +1,5 @@
|
||||
import glob
|
||||
import json
|
||||
|
||||
import re
|
||||
import sshpubkeys
|
||||
|
||||
from flask import Flask, redirect, url_for, render_template, request
|
||||
|
||||
# lyadmin
|
||||
@ -29,11 +25,6 @@ ACCOUNT_DIR = "req/";
|
||||
FULL_PATH = str(WORKING_DIR) + str(ACCOUNT_DIR)
|
||||
CONF_PATH = str(WORKING_DIR) + "lyadmin.conf.json"
|
||||
|
||||
# validation stuff
|
||||
MAX_PUB_KEY_LEN = 5000
|
||||
EMAIL_REGEX = "^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,10}$"
|
||||
KEY_REGEX = "^[ -~]+$"
|
||||
|
||||
# Account requests are given ID numbers
|
||||
# the first request will have the below
|
||||
# id number
|
||||
@ -43,14 +34,6 @@ INIT_REQ_ID = "00000"
|
||||
with open(CONF_PATH) as c: conf_json_str = c.read()
|
||||
conf_obj = json.loads(conf_json_str)
|
||||
|
||||
# A list of all the shell enums
|
||||
conf_obj["shell_tup_list"] = list(map(
|
||||
lambda k : (
|
||||
k, conf_obj["shell"][k]
|
||||
),
|
||||
list(conf_obj["shell"].keys())
|
||||
))
|
||||
|
||||
# The main home page
|
||||
@app.route("/")
|
||||
def home():
|
||||
@ -65,23 +48,22 @@ def home():
|
||||
|
||||
return render_template("index.html", u_list=u_list, page_name="home")
|
||||
|
||||
# Generates the page with rule. No logic needed.
|
||||
|
||||
# The page with rules
|
||||
def rules():
|
||||
return render_template("rules.html")
|
||||
|
||||
# Generate HTML for a form widget
|
||||
def widg_fun(widg):
|
||||
if(widg.w_type == "input"):
|
||||
return "input id=id_%s name=%s type=text></input"%(
|
||||
widg.w_name, widg.w_name
|
||||
)
|
||||
# Return HTML for a single line input
|
||||
return "input id=id_%s name=%s type=text></input"%(widg.w_name, widg.w_name)
|
||||
elif(widg.w_type == "textarea"):
|
||||
return "textarea cols=40 id=id_%s name=%s rows=10 required=\"\""%(
|
||||
widg.w_name, widg.w_name
|
||||
)
|
||||
# Return HTML for a big text input box
|
||||
return "textarea cols=40 id=id_%s name=%s rows=10 required=\"\""%(widg.w_name, widg.w_name)
|
||||
elif(widg.w_type == "check"):
|
||||
return "input id=id_%s name=%s type=checkbox required=\"\""%(
|
||||
widg.w_name, widg.w_name)
|
||||
# Return HTML for a check box
|
||||
return "input id=id_%s name=%s type=checkbox required=\"\""%(widg.w_name, widg.w_name)
|
||||
return widg.w_type;
|
||||
|
||||
# Generate HTML for request form
|
||||
@ -96,57 +78,32 @@ def req():
|
||||
|
||||
# Configuration for our request form
|
||||
rt = {
|
||||
"username": Widg(
|
||||
"username",
|
||||
"input",
|
||||
None
|
||||
),
|
||||
"email for account lockout / registration confirmation (optional)": Widg(
|
||||
"email",
|
||||
"input",
|
||||
None
|
||||
),
|
||||
"SSH public key": Widg(
|
||||
"pub_key",
|
||||
"textarea",
|
||||
None
|
||||
),
|
||||
"shell of choice": Widg(
|
||||
"shell",
|
||||
"choice",
|
||||
conf_obj["shell_tup_list"]
|
||||
),
|
||||
"have you read the rules?": Widg(
|
||||
"rule_read", "check", None
|
||||
)
|
||||
"username": Widg("username", "input", None),
|
||||
"email for account lockout / registration confirmation (optional)": Widg("email", "input", None),
|
||||
"SSH public key": Widg("pub_key", "textarea", None),
|
||||
"shell of choice": Widg("shell", "choice", map(lambda k : (k, conf_obj["shell"][k]), list(conf_obj["shell"].keys()))),
|
||||
"have you read the rules?": Widg("rule_read", "check", None)
|
||||
};
|
||||
return render_template(
|
||||
"req.html",
|
||||
req_tab = rt,
|
||||
widg_fun = widg_fun,
|
||||
page_name="req"
|
||||
)
|
||||
return render_template("req.html", req_tab = rt, widg_fun = widg_fun, page_name="req")
|
||||
|
||||
def handle_invalid_data(req):
|
||||
# print(str(e))
|
||||
return render_template("signup.html", is_email_user = False)
|
||||
|
||||
# Process input from user creation POST request
|
||||
# Process input from the /req page
|
||||
def signup():
|
||||
app.route('/req/signup')
|
||||
|
||||
# Get all the params from the POST
|
||||
# request
|
||||
username = request.form["username"].strip()
|
||||
email = request.form["email"].strip()
|
||||
pub_key = request.form["pub_key"].strip()
|
||||
shell = request.form["shell"].strip()
|
||||
rule_read = request.form["rule_read"].strip()
|
||||
username = request.form["username"]
|
||||
email = request.form["email"]
|
||||
pub_key = request.form["pub_key"]
|
||||
shell = request.form["shell"]
|
||||
rule_read = request.form["rule_read"]
|
||||
|
||||
is_email_user = False;
|
||||
|
||||
# If a user didnt read the rules
|
||||
# send them back
|
||||
# Browser validations should
|
||||
# prevent this....
|
||||
if(rule_read != "on"):
|
||||
return redirect(url_for('req'))
|
||||
|
||||
@ -156,54 +113,18 @@ def signup():
|
||||
else:
|
||||
email = "NO_EMAIL"
|
||||
|
||||
# Validate shell
|
||||
if(not shell in conf_obj["shell"]):
|
||||
print("failed shell validation")
|
||||
return handle_invalid_data(req)
|
||||
|
||||
# Validate email
|
||||
if( is_email_user and not re.search(EMAIL_REGEX, email)):
|
||||
print("failed email validation")
|
||||
return handle_invalid_data(req)
|
||||
|
||||
# Validate the SSH pub key
|
||||
# Most software only handles up to 4096 bit keys
|
||||
if(len(pub_key) > MAX_PUB_KEY_LEN):
|
||||
print("key failed len check")
|
||||
return handle_invalid_data(req)
|
||||
|
||||
# Only printable ascii characters in
|
||||
# a valid key
|
||||
# if(not re.search("^[ -~]+$", pub_key)):
|
||||
if(not re.search(KEY_REGEX, pub_key)):
|
||||
print("key failed regex")
|
||||
return handle_invalid_data(req)
|
||||
|
||||
# Check the key against a library
|
||||
key = sshpubkeys.SSHKey(
|
||||
pub_key,
|
||||
strict_mode=False,
|
||||
skip_option_parsing=True
|
||||
)
|
||||
try:
|
||||
key.parse()
|
||||
except Exception as e:
|
||||
print("key failed lib validation")
|
||||
return handle_invalid_data(request)
|
||||
|
||||
# All users requests have a sequential ID
|
||||
# The below picks the next ID based on
|
||||
# how many requests we already have saved
|
||||
# to disk
|
||||
# this checks how many requests we have
|
||||
# and gives us a free ID so we can save
|
||||
# our request
|
||||
# This sets the ID of the request we're
|
||||
# abou to save to dsik
|
||||
if(len(glob.glob(ACCOUNT_DIR + str("[0-9]*ident*"))) == 0):
|
||||
new_id = int(INIT_REQ_ID)
|
||||
new_id_str = INIT_REQ_ID
|
||||
else:
|
||||
max_id = max(
|
||||
list(map(
|
||||
lambda path : path.split("/")[-1].split(".")[0],
|
||||
glob.glob(str(ACCOUNT_DIR) + "[0-9]*ident*")))
|
||||
)
|
||||
max_id = max(list(map( lambda path : path.split("/")[-1].split(".")[0] , glob.glob(str(ACCOUNT_DIR) + "[0-9]*ident*"))))
|
||||
# max_id = max(list(map( lambda path : path.split("/")[-1].split(".")[0] , glob.glob("./test/[0-9]*ident*"))))
|
||||
zpad = len(max_id)
|
||||
new_id = int(max_id)+1
|
||||
new_id_str = str(new_id).zfill(zpad)
|
||||
|
||||
@ -1,2 +1 @@
|
||||
Flask==1.1.2
|
||||
sshpubkeys==3.1.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user