Revision b436bd51 flowspec/views.py
b/flowspec/views.py | ||
---|---|---|
54 | 54 |
|
55 | 55 |
from django.views.decorators.cache import never_cache |
56 | 56 |
from django.conf import settings |
57 |
from django.core.mail.message import EmailMessage |
|
58 | 57 |
from django.template.defaultfilters import slugify |
58 |
from flowspec.helpers import send_new_mail, get_peer_techc_mails |
|
59 | 59 |
import datetime |
60 | 60 |
import os |
61 | 61 |
|
... | ... | |
127 | 127 |
jresp['aaData'] = routes |
128 | 128 |
return HttpResponse(json.dumps(jresp), mimetype='application/json') |
129 | 129 |
|
130 |
|
|
130 | 131 |
@login_required |
131 | 132 |
@never_cache |
132 | 133 |
def overview_routes_ajax(request): |
... | ... | |
147 | 148 |
jresp['aaData'] = routes |
148 | 149 |
return HttpResponse(json.dumps(jresp), mimetype='application/json') |
149 | 150 |
|
151 |
|
|
150 | 152 |
def build_routes_json(groutes): |
151 | 153 |
routes = [] |
152 | 154 |
for r in groutes: |
... | ... | |
170 | 172 |
routes.append(rd) |
171 | 173 |
return routes |
172 | 174 |
|
175 |
|
|
173 | 176 |
@login_required |
174 | 177 |
@never_cache |
175 | 178 |
def add_route(request): |
... | ... | |
178 | 181 |
if request.user.is_superuser: |
179 | 182 |
applier_peer_networks = PeerRange.objects.all() |
180 | 183 |
if not applier_peer_networks: |
181 |
messages.add_message(request, messages.WARNING, |
|
182 |
_("Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")) |
|
183 |
return HttpResponseRedirect(reverse("group-routes")) |
|
184 |
messages.add_message( |
|
185 |
request, |
|
186 |
messages.WARNING, |
|
187 |
('Insufficient rights on administrative networks. Cannot add rule. Contact your administrator') |
|
188 |
) |
|
189 |
return HttpResponseRedirect(reverse("group-routes")) |
|
184 | 190 |
if request.method == "GET": |
185 | 191 |
form = RouteForm(initial={'applier': applier}) |
186 | 192 |
if not request.user.is_superuser: |
... | ... | |
201 | 207 |
pass |
202 | 208 |
form = RouteForm(request_data) |
203 | 209 |
if form.is_valid(): |
204 |
route=form.save(commit=False)
|
|
210 |
route = form.save(commit=False)
|
|
205 | 211 |
if not request.user.is_superuser: |
206 | 212 |
route.applier = request.user |
207 | 213 |
route.status = "PENDING" |
208 | 214 |
route.response = "Applying" |
209 |
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed |
|
210 |
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed |
|
215 |
route.source = IPNetwork('%s/%s' % (IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed |
|
216 |
route.destination = IPNetwork('%s/%s' % (IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed |
|
217 |
route.requesters_address = request.META['HTTP_X_FORWARDED_FOR'] |
|
211 | 218 |
route.save() |
212 | 219 |
form.save_m2m() |
213 |
route.commit_add() |
|
214 |
requesters_address = request.META['HTTP_X_FORWARDED_FOR'] |
|
215 |
fqdn = Site.objects.get_current().domain |
|
216 |
admin_url = "https://%s%s" % (fqdn, reverse("edit-route", kwargs={'route_slug': route.name })) |
|
217 |
mail_body = render_to_string("rule_action.txt", |
|
218 |
{"route": route, "address": requesters_address, "action": "creation", "url": admin_url}) |
|
219 |
user_mail = "%s" %route.applier.email |
|
220 |
user_mail = user_mail.split(';') |
|
221 |
send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username), |
|
222 |
mail_body, settings.SERVER_EMAIL, user_mail, |
|
223 |
get_peer_techc_mails(route.applier)) |
|
224 |
d = { 'clientip' : "%s"%requesters_address, 'user' : route.applier.username } |
|
225 |
logger.info(mail_body, extra=d) |
|
226 | 220 |
return HttpResponseRedirect(reverse("group-routes")) |
227 | 221 |
else: |
228 | 222 |
if not request.user.is_superuser: |
229 | 223 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
230 | 224 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False) |
231 |
return render_to_response('apply.html', {'form': form, 'applier':applier}, |
|
232 |
context_instance=RequestContext(request)) |
|
225 |
return render_to_response( |
|
226 |
'apply.html', |
|
227 |
{ |
|
228 |
'form': form, |
|
229 |
'applier': applier |
|
230 |
}, |
|
231 |
context_instance=RequestContext(request) |
|
232 |
) |
|
233 |
|
|
233 | 234 |
|
234 | 235 |
@login_required |
235 | 236 |
@never_cache |
... | ... | |
239 | 240 |
route_edit = get_object_or_404(Route, name=route_slug) |
240 | 241 |
route_edit_applier_peer = route_edit.applier.get_profile().peer |
241 | 242 |
if applier_peer != route_edit_applier_peer and (not request.user.is_superuser): |
242 |
messages.add_message(request, messages.WARNING, |
|
243 |
_("Insufficient rights to edit rule %s") %(route_slug)) |
|
243 |
messages.add_message( |
|
244 |
request, |
|
245 |
messages.WARNING, |
|
246 |
('Insufficient rights to edit rule %s') % (route_slug) |
|
247 |
) |
|
244 | 248 |
return HttpResponseRedirect(reverse("group-routes")) |
245 | 249 |
# if route_edit.status == "ADMININACTIVE" : |
246 | 250 |
# messages.add_message(request, messages.WARNING, |
... | ... | |
250 | 254 |
# messages.add_message(request, messages.WARNING, |
251 | 255 |
# "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug)) |
252 | 256 |
# return HttpResponseRedirect(reverse("group-routes")) |
253 |
if route_edit.status == "PENDING" : |
|
254 |
messages.add_message(request, messages.WARNING, |
|
255 |
_("Cannot edit a pending rule: %s.") %(route_slug)) |
|
257 |
if route_edit.status == 'PENDING': |
|
258 |
messages.add_message( |
|
259 |
request, |
|
260 |
messages.WARNING, |
|
261 |
('Cannot edit a pending rule: %s.') % (route_slug) |
|
262 |
) |
|
256 | 263 |
return HttpResponseRedirect(reverse("group-routes")) |
257 | 264 |
route_original = deepcopy(route_edit) |
258 | 265 |
if request.POST: |
... | ... | |
265 | 272 |
del request_data['issuperuser'] |
266 | 273 |
except: |
267 | 274 |
pass |
268 |
form = RouteForm(request_data, instance = route_edit) |
|
275 |
form = RouteForm( |
|
276 |
request_data, |
|
277 |
instance=route_edit |
|
278 |
) |
|
269 | 279 |
critical_changed_values = ['source', 'destination', 'sourceport', 'destinationport', 'port', 'protocol', 'then', 'fragmenttype'] |
270 | 280 |
if form.is_valid(): |
271 | 281 |
changed_data = form.changed_data |
272 |
route=form.save(commit=False)
|
|
282 |
route = form.save(commit=False)
|
|
273 | 283 |
route.name = route_original.name |
274 | 284 |
route.status = route_original.status |
275 | 285 |
route.response = route_original.response |
... | ... | |
278 | 288 |
if bool(set(changed_data) & set(critical_changed_values)) or (not route_original.status == 'ACTIVE'): |
279 | 289 |
route.status = "PENDING" |
280 | 290 |
route.response = "Applying" |
281 |
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed |
|
282 |
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed |
|
291 |
route.source = IPNetwork('%s/%s' % (IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed |
|
292 |
route.destination = IPNetwork('%s/%s' % (IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed |
|
293 |
route.requesters_address = self.request.META['HTTP_X_FORWARDED_FOR'] |
|
283 | 294 |
route.save() |
284 | 295 |
if bool(set(changed_data) & set(critical_changed_values)) or (not route_original.status == 'ACTIVE'): |
285 | 296 |
form.save_m2m() |
286 |
route.commit_edit() |
|
287 |
requesters_address = request.META['HTTP_X_FORWARDED_FOR'] |
|
288 |
fqdn = Site.objects.get_current().domain |
|
289 |
admin_url = "https://%s%s" % (fqdn, reverse("edit-route", kwargs={'route_slug': route.name })) |
|
290 |
mail_body = render_to_string("rule_action.txt", |
|
291 |
{"route": route, "address": requesters_address, "action": "edit", "url": admin_url}) |
|
292 |
user_mail = "%s" %route.applier.email |
|
293 |
user_mail = user_mail.split(';') |
|
294 |
send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username), |
|
295 |
mail_body, settings.SERVER_EMAIL, user_mail, |
|
296 |
get_peer_techc_mails(route.applier)) |
|
297 |
d = { 'clientip' : requesters_address, 'user' : route.applier.username } |
|
298 |
logger.info(mail_body, extra=d) |
|
297 |
# route.commit_edit() |
|
299 | 298 |
return HttpResponseRedirect(reverse("group-routes")) |
300 | 299 |
else: |
301 | 300 |
if not request.user.is_superuser: |
302 | 301 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
303 | 302 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False) |
304 |
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier}, |
|
305 |
context_instance=RequestContext(request)) |
|
303 |
return render_to_response( |
|
304 |
'apply.html', |
|
305 |
{ |
|
306 |
'form': form, |
|
307 |
'edit': True, |
|
308 |
'applier': applier |
|
309 |
}, |
|
310 |
context_instance=RequestContext(request) |
|
311 |
) |
|
306 | 312 |
else: |
307 | 313 |
if (not route_original.status == 'ACTIVE'): |
308 |
route_edit.expires = datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET)
|
|
314 |
route_edit.expires = datetime.date.today() + datetime.timedelta(days=settings.EXPIRATION_DAYS_OFFSET)
|
|
309 | 315 |
dictionary = model_to_dict(route_edit, fields=[], exclude=[]) |
310 | 316 |
if request.user.is_superuser: |
311 | 317 |
dictionary['issuperuser'] = request.user.username |
... | ... | |
318 | 324 |
if not request.user.is_superuser: |
319 | 325 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
320 | 326 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False) |
321 |
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier}, |
|
322 |
context_instance=RequestContext(request)) |
|
327 |
return render_to_response( |
|
328 |
'apply.html', |
|
329 |
{ |
|
330 |
'form': form, |
|
331 |
'edit': True, |
|
332 |
'applier': applier |
|
333 |
}, |
|
334 |
context_instance=RequestContext(request) |
|
335 |
) |
|
336 |
|
|
323 | 337 |
|
324 | 338 |
@login_required |
325 | 339 |
@never_cache |
... | ... | |
334 | 348 |
if not request.user.is_superuser: |
335 | 349 |
route.applier = request.user |
336 | 350 |
route.response = "Deactivating" |
351 |
route.requesters_address = request.META['HTTP_X_FORWARDED_FOR'] |
|
337 | 352 |
route.save() |
338 |
route.commit_delete() |
|
339 |
requesters_address = request.META['HTTP_X_FORWARDED_FOR'] |
|
340 |
fqdn = Site.objects.get_current().domain |
|
341 |
admin_url = "https://%s%s" % (fqdn, reverse("edit-route", kwargs={'route_slug': route.name })) |
|
342 |
mail_body = render_to_string("rule_action.txt", |
|
343 |
{"route": route, "address": requesters_address, "action": "removal", "url": admin_url}) |
|
344 |
user_mail = "%s" %route.applier.email |
|
345 |
user_mail = user_mail.split(';') |
|
346 |
send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username), |
|
347 |
mail_body, settings.SERVER_EMAIL, user_mail, |
|
348 |
get_peer_techc_mails(route.applier)) |
|
349 |
d = { 'clientip' : requesters_address, 'user' : route.applier.username } |
|
350 |
logger.info(mail_body, extra=d) |
|
353 |
# route.commit_delete() |
|
351 | 354 |
html = "<html><body>Done</body></html>" |
352 | 355 |
return HttpResponse(html) |
353 | 356 |
else: |
354 | 357 |
return HttpResponseRedirect(reverse("group-routes")) |
355 | 358 |
|
359 |
|
|
356 | 360 |
@login_required |
357 | 361 |
@never_cache |
358 | 362 |
def user_profile(request): |
... | ... | |
577 | 581 |
return render_to_response('%s.js' % file, {'timeout': long_polling_timeout}, context_instance=RequestContext(request), mimetype="text/javascript") |
578 | 582 |
|
579 | 583 |
|
580 |
def get_peer_techc_mails(user): |
|
581 |
mail = [] |
|
582 |
additional_mail = [] |
|
583 |
techmails_list = [] |
|
584 |
user_mail = "%s" %user.email |
|
585 |
user_mail = user_mail.split(';') |
|
586 |
techmails = user.get_profile().peer.techc_emails.all() |
|
587 |
if techmails: |
|
588 |
for techmail in techmails: |
|
589 |
techmails_list.append(techmail.email) |
|
590 |
if settings.NOTIFY_ADMIN_MAILS: |
|
591 |
additional_mail = settings.NOTIFY_ADMIN_MAILS |
|
592 |
mail.extend(additional_mail) |
|
593 |
mail.extend(techmails_list) |
|
594 |
return mail |
|
595 |
|
|
596 |
def send_new_mail(subject, message, from_email, recipient_list, bcc_list): |
|
597 |
return EmailMessage(subject, message, from_email, recipient_list, bcc_list).send() |
|
598 |
|
|
599 |
|
|
600 | 584 |
def lookupShibAttr(attrmap, requestMeta): |
601 | 585 |
for attr in attrmap: |
602 | 586 |
if (attr in requestMeta.keys()): |
Also available in: Unified diff