171 lines
5.4 KiB
Python
Executable File
171 lines
5.4 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
from flask import Flask, request, abort, make_response, \
|
|
render_template, redirect, url_for, \
|
|
json, jsonify, session, flash
|
|
from werkzeug import secure_filename
|
|
from multiprocessing import Process
|
|
from urllib.parse import unquote
|
|
|
|
import hashlib
|
|
import random
|
|
import shutil
|
|
import time
|
|
import re
|
|
import os
|
|
|
|
from subprocess import check_call, call
|
|
|
|
#app = Flask("ISABEL-2 Verifier") # That app name breaks Ubuntu 14.04 :-o
|
|
app = Flask("main")
|
|
app.secret_key = "6ab77f3c45447429c2ae163c260a626029519a66450e474c"
|
|
debug = True
|
|
|
|
users_file = "/etc/freeradius/users.dpto2"
|
|
|
|
def reload_freeradius():
|
|
call("./reload_freeradius")
|
|
|
|
def delete_user(deluser):
|
|
f = open(users_file)
|
|
lines = f.readlines()
|
|
f.close()
|
|
f = open(users_file,"w")
|
|
for line in lines:
|
|
if line.startswith(deluser):
|
|
continue
|
|
f.write(line)
|
|
f.close()
|
|
reload_freeradius()
|
|
|
|
def create_user(username, password):
|
|
nthash = hashlib.new('md4',password.encode('utf-16le')).hexdigest().upper()
|
|
f = open(users_file,"a")
|
|
f.write('{} NT-Password := "{}"\n'.format(username, nthash))
|
|
f.close()
|
|
reload_freeradius()
|
|
|
|
@app.route("/")
|
|
def index():
|
|
f = open(users_file)
|
|
guestpass = "?"
|
|
for line in f:
|
|
if line.startswith("guest"):
|
|
m = re.search(':=\s+"(.+?)"\s*$',line)
|
|
if m:
|
|
guestpass = m.group(1)
|
|
break
|
|
|
|
return render_template("index.html", guestpass=guestpass)
|
|
|
|
|
|
@app.route("/login",methods=['GET','POST'])
|
|
def login():
|
|
if session.get('logged_in',False):
|
|
return redirect(url_for('admin'))
|
|
if request.method == 'GET':
|
|
return render_template("login.html")
|
|
if request.method == 'POST':
|
|
username = request.form.get("username",None)
|
|
password = request.form.get("password",None)
|
|
if username is None or password is None:
|
|
return render_template("login.html",error=True,errormsg="invalid username or password")
|
|
|
|
try:
|
|
check_call(["radtest",username,password,"localhost","0","testing123"])
|
|
except:
|
|
return render_template("login.html",error=True,errormsg="invalid username or password")
|
|
|
|
if username == 'guest':
|
|
return render_template("login.html",error=True,errormsg="guest user has no admin privileges")
|
|
|
|
session['logged_in'] = True
|
|
return redirect(url_for('admin'))
|
|
|
|
@app.route("/admin",methods=['GET','POST'])
|
|
def admin():
|
|
if not session.get('logged_in', False):
|
|
return redirect(url_for('login'))
|
|
if request.method == 'POST':
|
|
deluser = request.form.get('deluser',None)
|
|
if deluser is not None:
|
|
if deluser == 'guest':
|
|
return render_template("admin.html", delete_error=True, errormsg="Cannot delete guest user")
|
|
delete_user(deluser)
|
|
flash("User deleted succesfully")
|
|
|
|
username = request.form.get('username',None)
|
|
pass1 = request.form.get('password1',None)
|
|
pass2 = request.form.get('password2',None)
|
|
if username is not None:
|
|
if username == 'guest':
|
|
return render_template("admin.html", create_error=True, errormsg="Cannot create guest user")
|
|
if pass1 is None or \
|
|
pass2 is None or \
|
|
pass1 != pass2:
|
|
return render_template("admin.html", create_error=True, errormsg="Password do not match")
|
|
create_user(username,pass1)
|
|
flash("User created successfully")
|
|
|
|
return render_template("admin.html")
|
|
|
|
@app.route("/logout")
|
|
def logout():
|
|
session.pop("logged_in",None)
|
|
return redirect(url_for("index"))
|
|
|
|
#@app.route("/upload",methods=['GET','POST'])
|
|
#def upload():
|
|
# if request.method == 'POST':
|
|
# f = request.files['circuit']
|
|
# if len(f.filename) == 0:
|
|
# return render_template("emptyupload.html")
|
|
# if f and len(f.filename) > 0:
|
|
# sid = new_id()
|
|
# session_dir = os.path.join('sessions',sid)
|
|
# shutil.copytree('skel',session_dir)
|
|
# old_dir = os.getcwd()
|
|
# os.chdir(session_dir)
|
|
# try:
|
|
# skipcookie = unquote(request.cookies.get('skip_tests',''))
|
|
# skip = set(int(n) for n in skipcookie.split(','))
|
|
# except:
|
|
# skip = set()
|
|
# options = {'skip_tests': skip}
|
|
# try:
|
|
# filename = secure_filename(f.filename)
|
|
# f.save(filename)
|
|
# p = Process(target=Verifier, args=(filename, ), kwargs={'options': options})
|
|
# p.start()
|
|
# except:
|
|
# os.chdir(old_dir)
|
|
# raise
|
|
# os.chdir(old_dir)
|
|
# return redirect(url_for('tests',sid=sid))
|
|
# return "Ocurrió algún error haciendo upload"
|
|
|
|
|
|
#@app.route("/details")
|
|
#def details():
|
|
# sid = request.args.get('sid','')
|
|
# filename = request.args.get('file','')
|
|
# if len(sid) == 0:
|
|
# return ''
|
|
# if len(filename) == 0:
|
|
# return ''
|
|
# filename = secure_filename(filename)
|
|
# session_dir = os.path.join('sessions',sid)
|
|
# try:
|
|
# f = open(os.path.join(session_dir,filename), encoding="utf8")
|
|
# s = f.read()
|
|
# f.close()
|
|
# except FileNotFoundError:
|
|
# s = ""
|
|
# resp = make_response(s)
|
|
# resp.mimetype = 'text/plain'
|
|
# return resp
|
|
|
|
if __name__ == '__main__':
|
|
app.debug = True
|
|
app.run(host="0.0.0.0")
|