mirror of
https://github.com/peeringdb/peeringdb.git
synced 2024-05-11 05:55:09 +00:00
8cc0f13ec1
* install django-grainy * nsp to grainy first iteration * nsp to grainy second iteration * grainy and django-grainy pinned to latest releases * Fix typo * Update djangorestframework, peeringdb, django-ratelimit * Rewrite login view ratelimit decorator * Relock pipfile * add list() to make copy of dictionaries before iterating * relock pipfile with python3.9 change docker to use python3.9 * add ordering to admin search queryset for deskproticket and email * add org api key and begin to write tests * additional key tests * add drf-api-keys to pipfile * Wire orgapikey to modelviewsetpermissions * Update api key helper functions * add put test * Add Org API key tab to frontend * Add user api key model * Update user key handling and tests * Update APIPermissionsApplicator to make it work w requests * Add org api key perm panel * add org key permissions * Add user api key views * Add templates for handling user api key (adding, not revoking) * relock pipfile * assorted fixes and tweaks * Add general user group permissions and org user group perms * refactor org api key perms * Add tests for api keys * Add docstrings to permissions helpers * Add api key examples * squash migrations * remove custom api key header config * Change api key test setup * Update permissions for grainy change * Bump up pipfile and pipfile.lock * Add API Key to Verification Queue Item * Delete travis * Add workaround to Dockerfile * update pipfile and sort out migrations * Add comment to Dockerfile * Re-add API Key migrations * Add locale to .gitignore * remove suggest functionality from ix * Update test to recognize that IX api no longer has suggest function * Add test to outlaw POSTing an IX w its org equal to the suggest entity org * Add meta information geowarning * Add alert to demonstrate UI * Add error to fac update * Add template warning for geovalidation * Add geowarning meta js * cover absent meta_response test case * Update styles for geowarning * refactor geotag warning implementation * null lat and long on unsuccessful geo locate * modify geovalidation frontend update * Add deskproticket model email field * Add missing span * add email to org keys * Add email to org key tests * update serializer with rdap validation wrapper * update admin for api keys * Enable writing an email as part of org key creation * Add email validation to org api key form * fix css style on perm row * Add suggested info to api response * display suggested address on frontend * add needs geocode to serializer * save lat long on forward geonormalization * add address suggestion submit button * Add suggested address popin to ADD facility form * Fix css * add lat and long rounding to geocodenabled model clean method * add migration and regression test for lat long decimal db constraint * Add another regression test for model decimal places * Get deskpro functions passing isort and flake * Update ticket_queue_deletion_prevented * update ticket_queue_deletion_prevented for use with org api key * add template for org key dpt from asnauto skipvq * Update deskproticket for rdap error * add facility aka * add aka to serializer and views * black and isort test api keys * fix typo in org key deskpro template * skip or rewrite unapplicable org key tests, and add as_set tests * adjust api key test comments * Add vqi_notify to signals * Add reversion comments for api keys and helper function * update how org keys are added to verification queue items * rename verification queue item fk from api_key to org_key * fix group id error * update key tests with correct http header info * check both user and key, not just user * templates fiex * adapt deskpro integration to work with email only * make org api keys editable for desc and email * pipfile relock * edit test setupdata settings for groups * Change comment to signify we don't need to remove code * address untranslated accept button * Add docstrings to the serializer functions * Add loading shim * Add migration for all longname and aka * Add aka and long name to views and serializers * delete migration w decimals * standardize serializer lat and long fields * Add clean rounding for lat and long * fix serializer error * api key admin improvements * fix linebreak in user api key form * remove debug prints * Add rounding util * Add rounding to lat and long fields * remove 'clean' from geocode method (logic now in admin form) * remove erroneous tests * revert serializer changes * Fix migrations * Add long name and aka to admin models * Update API key docs * Add documentation for api keys * fix typo * fix org api key revoke broken by editable api keys * doc tweaks * doc tweaks * doc tweaks * black format * fix migration hierarchy * docs * docs * api key permissions screenshot * formatting * formatting * padding fixed * remove one image * fix get_user_from_request type checking take out POST only valdiator for entity suggest * didnt mean to commit the django-peeringdb mount * fix suggest on PUT net fix tests * black formatting * update org key permission template * install rust for cryptography * pipfile relock (django-peeringdb to 2.6) Co-authored-by: Stefan Pratter <stefan@20c.com> Co-authored-by: Elliot Frank <elliot@20c.com>
467 lines
16 KiB
Python
467 lines
16 KiB
Python
from grainy.const import *
|
|
from datetime import datetime, timezone
|
|
import django.urls
|
|
from django.db.models.signals import post_save, pre_delete, pre_save
|
|
from django.contrib.contenttypes.models import ContentType
|
|
from django_grainy.models import Group, GroupPermission
|
|
from django.template import loader
|
|
from django.conf import settings
|
|
from django.dispatch import receiver
|
|
import reversion
|
|
from allauth.account.signals import user_signed_up
|
|
|
|
from corsheaders.signals import check_request_enabled
|
|
|
|
from django_peeringdb.models.abstract import AddressModel
|
|
|
|
from peeringdb_server.inet import RdapLookup, RdapException
|
|
|
|
from peeringdb_server.deskpro import (
|
|
ticket_queue,
|
|
ticket_queue_asnauto_affil,
|
|
ticket_queue_asnauto_create,
|
|
ticket_queue_vqi_notify,
|
|
)
|
|
|
|
from peeringdb_server.models import (
|
|
QUEUE_ENABLED,
|
|
QUEUE_NOTIFY,
|
|
UserOrgAffiliationRequest,
|
|
is_suggested,
|
|
VerificationQueueItem,
|
|
Organization,
|
|
InternetExchange,
|
|
Facility,
|
|
Network,
|
|
NetworkContact,
|
|
NetworkIXLan,
|
|
NetworkFacility,
|
|
)
|
|
|
|
from peeringdb_server.util import PERM_CRUD
|
|
|
|
import peeringdb_server.settings as pdb_settings
|
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
from django.utils.translation import override
|
|
|
|
|
|
def disable_auto_now_and_save(entity):
|
|
updated_field = entity._meta.get_field("updated")
|
|
updated_field.auto_now = False
|
|
entity.save()
|
|
updated_field.auto_now = True
|
|
|
|
|
|
def update_network_attribute(instance, attribute):
|
|
"""Updates 'attribute' field in Network whenever it's called."""
|
|
if getattr(instance, "id"):
|
|
network = instance.network
|
|
setattr(network, attribute, datetime.now(timezone.utc))
|
|
disable_auto_now_and_save(network)
|
|
|
|
|
|
def network_post_revision_commit(**kwargs):
|
|
for vs in kwargs.get("versions"):
|
|
if vs.object.HandleRef.tag in ["netixlan", "poc", "netfac"]:
|
|
update_network_attribute(vs.object, f"{vs.object.HandleRef.tag}_updated")
|
|
|
|
|
|
reversion.signals.post_revision_commit.connect(network_post_revision_commit)
|
|
|
|
|
|
def addressmodel_save(sender, instance=None, **kwargs):
|
|
"""
|
|
Mark address model objects for geocode sync if one of the address
|
|
fields is updated
|
|
"""
|
|
|
|
if instance.id:
|
|
# instance is being updated
|
|
old = sender.objects.get(id=instance.id)
|
|
for field in AddressModel._meta.get_fields():
|
|
if field.name in ["latitude", "longitude"]:
|
|
continue
|
|
a = getattr(instance, field.name)
|
|
b = getattr(old, field.name)
|
|
if a != b:
|
|
# print("Change in field '%s' - '%s'(%s) to '%s'(%s) - marking %s for geocode sync" % (field.name, a, type(a), b, type(b), instance))
|
|
# address model field has changed, mark for geocode sync
|
|
instance.geocode_status = False
|
|
|
|
|
|
pre_save.connect(addressmodel_save, sender=Facility)
|
|
|
|
|
|
def org_save(sender, **kwargs):
|
|
"""
|
|
we want to create a user group for an organization when that
|
|
organization is created
|
|
"""
|
|
|
|
inst = kwargs.get("instance")
|
|
|
|
# make the general member group for the org
|
|
try:
|
|
group = Group.objects.get(name=inst.group_name)
|
|
except Group.DoesNotExist:
|
|
group = Group(name=inst.group_name)
|
|
group.save()
|
|
|
|
perm = GroupPermission(
|
|
group=group, namespace=inst.grainy_namespace, permission=PERM_READ
|
|
)
|
|
perm.save()
|
|
|
|
GroupPermission(
|
|
group=group,
|
|
namespace=f"{inst.grainy_namespace}.network.*.poc_set.private",
|
|
permission=PERM_READ,
|
|
).save()
|
|
|
|
GroupPermission(
|
|
group=group,
|
|
namespace=f"{inst.grainy_namespace}.internetexchange.*.ixf_ixp_member_list_url.private",
|
|
permission=PERM_READ,
|
|
).save()
|
|
|
|
# make the admin group for the org
|
|
try:
|
|
group = Group.objects.get(name=inst.admin_group_name)
|
|
except Group.DoesNotExist:
|
|
group = Group(name=inst.admin_group_name)
|
|
group.save()
|
|
|
|
perm = GroupPermission(
|
|
group=group, namespace=inst.grainy_namespace, permission=PERM_CRUD
|
|
)
|
|
perm.save()
|
|
|
|
GroupPermission(
|
|
group=group, namespace=inst.grainy_namespace_manage, permission=PERM_CRUD
|
|
).save()
|
|
|
|
GroupPermission(
|
|
group=group,
|
|
namespace=f"{inst.grainy_namespace}.network.*.poc_set.private",
|
|
permission=PERM_CRUD,
|
|
).save()
|
|
|
|
GroupPermission(
|
|
group=group,
|
|
namespace=f"{inst.grainy_namespace}.internetexchange.*.ixf_ixp_member_list_url.private",
|
|
permission=PERM_CRUD,
|
|
).save()
|
|
|
|
if inst.status == "deleted":
|
|
for ar in inst.affiliation_requests.all():
|
|
ar.delete()
|
|
|
|
|
|
post_save.connect(org_save, sender=Organization)
|
|
|
|
|
|
def org_delete(sender, instance, **kwargs):
|
|
"""
|
|
When an organization is HARD deleted we want to also remove any
|
|
usergroups tied to the organization
|
|
"""
|
|
|
|
try:
|
|
instance.usergroup.delete()
|
|
except Group.DoesNotExist:
|
|
pass
|
|
|
|
try:
|
|
instance.admin_usergroup.delete()
|
|
except Group.DoesNotExist:
|
|
pass
|
|
|
|
for ar in instance.affiliation_requests.all():
|
|
ar.delete()
|
|
|
|
|
|
pre_delete.connect(org_delete, sender=Organization)
|
|
|
|
|
|
@receiver(user_signed_up, dispatch_uid="allauth.user_signed_up")
|
|
def new_user_to_guests(request, user, sociallogin=None, **kwargs):
|
|
"""
|
|
When a user is created via oauth login put them in the guest
|
|
group for now.
|
|
|
|
Unless pdb_settings.AUTO_VERIFY_USERS is toggled on in settings, in which
|
|
case users get automatically verified (note that this does
|
|
not include email verification, they will still need to do that)
|
|
"""
|
|
|
|
if pdb_settings.AUTO_VERIFY_USERS:
|
|
user.set_verified()
|
|
else:
|
|
user.set_unverified()
|
|
|
|
|
|
# USER TO ORGANIZATION AFFILIATION
|
|
|
|
|
|
def uoar_creation(sender, instance, created=False, **kwargs):
|
|
"""
|
|
When a user to organization affiliation request is created
|
|
we want to notify the approporiate management entity
|
|
|
|
We also want to attempt to derive the targeted organization
|
|
from the ASN the user provided
|
|
"""
|
|
|
|
if created:
|
|
|
|
if instance.asn and not instance.org_id:
|
|
network = Network.objects.filter(asn=instance.asn).first()
|
|
if network:
|
|
# network with targeted asn found, set org
|
|
instance.org = network.org
|
|
|
|
instance.status = "pending"
|
|
instance.save()
|
|
|
|
if instance.org_id and instance.org.admin_usergroup.user_set.count() > 0:
|
|
|
|
# check that user is not already a member of that org
|
|
if instance.user.groups.filter(name=instance.org.usergroup.name).exists():
|
|
instance.approve()
|
|
return
|
|
|
|
# organization exists already and has admins, notify organization
|
|
# admins
|
|
for user in instance.org.admin_usergroup.user_set.all():
|
|
with override(user.locale):
|
|
user.email_user(
|
|
_(
|
|
"User %(u_name)s wishes to be affiliated to your Organization"
|
|
)
|
|
% {"u_name": instance.user.full_name},
|
|
loader.get_template(
|
|
"email/notify-org-admin-user-affil.txt"
|
|
).render(
|
|
{
|
|
"user": instance.user,
|
|
"org": instance.org,
|
|
"org_management_url": "%s/org/%d#users"
|
|
% (settings.BASE_URL, instance.org.id),
|
|
}
|
|
),
|
|
)
|
|
else:
|
|
request_type = "be affiliated to"
|
|
rdap_data = {"emails": []}
|
|
org_created = False
|
|
net_created = False
|
|
rdap_lookup = None
|
|
if instance.asn and not instance.org_id:
|
|
# ASN specified in request, but no network found
|
|
# Lookup RDAP information
|
|
try:
|
|
rdap_lookup = rdap = RdapLookup().get_asn(instance.asn)
|
|
ok = rdap_lookup.emails
|
|
except RdapException as inst:
|
|
instance.deny()
|
|
raise
|
|
|
|
# create organization
|
|
instance.org, org_created = Organization.create_from_rdap(
|
|
rdap, instance.asn, instance.org_name
|
|
)
|
|
instance.save()
|
|
|
|
# create network
|
|
net, net_created = Network.create_from_rdap(
|
|
rdap, instance.asn, instance.org
|
|
)
|
|
|
|
# if affiliate auto appove is on, auto approve at this point
|
|
if pdb_settings.AUTO_APPROVE_AFFILIATION:
|
|
instance.approve()
|
|
return
|
|
|
|
ticket_queue_asnauto_create(
|
|
instance.user,
|
|
instance.org,
|
|
net,
|
|
rdap,
|
|
net.asn,
|
|
org_created=org_created,
|
|
net_created=net_created,
|
|
)
|
|
|
|
# if user's relationship to network can be validated now
|
|
# we can approve the ownership request right away
|
|
if instance.user.validate_rdap_relationship(rdap):
|
|
instance.approve()
|
|
ticket_queue_asnauto_affil(instance.user, instance.org, net, rdap)
|
|
return
|
|
|
|
if instance.org:
|
|
# organization has been set on affiliation request
|
|
entity_name = instance.org.name
|
|
if not instance.org.owned:
|
|
# organization is currently not owned
|
|
request_type = "request ownership of"
|
|
|
|
# if affiliate auto appove is on, auto approve at this point
|
|
if pdb_settings.AUTO_APPROVE_AFFILIATION:
|
|
instance.approve()
|
|
return
|
|
|
|
# if user's relationship to the org can be validated by
|
|
# checking the rdap information of the org's networks
|
|
# we can approve the affiliation (ownership) request right away
|
|
for asn, rdap in list(instance.org.rdap_collect.items()):
|
|
rdap_data["emails"].extend(rdap.emails)
|
|
if instance.user.validate_rdap_relationship(rdap):
|
|
ticket_queue_asnauto_affil(
|
|
instance.user,
|
|
instance.org,
|
|
Network.objects.get(asn=asn),
|
|
rdap,
|
|
)
|
|
instance.approve()
|
|
return
|
|
else:
|
|
entity_name = instance.org_name
|
|
|
|
if pdb_settings.AUTO_APPROVE_AFFILIATION:
|
|
org = Organization.objects.create(
|
|
name=instance.org_name, status="ok"
|
|
)
|
|
instance.org = org
|
|
instance.approve()
|
|
return
|
|
|
|
# organization has no owners and RDAP information could not verify the user's relationship to the organization, notify pdb staff for review
|
|
ticket_queue(
|
|
"User %s wishes to %s %s"
|
|
% (instance.user.username, request_type, entity_name),
|
|
loader.get_template("email/notify-pdb-admin-user-affil.txt").render(
|
|
{
|
|
"user": instance.user,
|
|
"instance": instance,
|
|
"base_url": settings.BASE_URL,
|
|
"org_add_url": "%s%s"
|
|
% (
|
|
settings.BASE_URL,
|
|
django.urls.reverse(
|
|
"admin:peeringdb_server_organization_add"
|
|
),
|
|
),
|
|
"net_add_url": "%s%s"
|
|
% (
|
|
settings.BASE_URL,
|
|
django.urls.reverse("admin:peeringdb_server_network_add"),
|
|
),
|
|
"review_url": "%s%s"
|
|
% (
|
|
settings.BASE_URL,
|
|
django.urls.reverse(
|
|
"admin:peeringdb_server_user_change",
|
|
args=(instance.user.id,),
|
|
),
|
|
),
|
|
"approve_url": "%s%s"
|
|
% (
|
|
settings.BASE_URL,
|
|
django.urls.reverse(
|
|
"admin:peeringdb_server_userorgaffiliationrequest_actions",
|
|
args=(instance.id, "approve_and_notify"),
|
|
),
|
|
),
|
|
"emails": list(set(rdap_data["emails"])),
|
|
"rdap_lookup": rdap_lookup,
|
|
}
|
|
),
|
|
instance.user,
|
|
)
|
|
|
|
elif instance.status == "approved" and instance.org_id:
|
|
|
|
# uoar was not created, and status is now approved, call approve
|
|
# to finalize
|
|
|
|
instance.approve()
|
|
|
|
|
|
post_save.connect(uoar_creation, sender=UserOrgAffiliationRequest)
|
|
|
|
# VERIFICATION QUEUE
|
|
|
|
if getattr(settings, "DISABLE_VERIFICATION_QUEUE", False) is False:
|
|
|
|
def verification_queue_update(sender, instance, **kwargs):
|
|
if instance.status == "pending":
|
|
try:
|
|
VerificationQueueItem.objects.get(
|
|
content_type=ContentType.objects.get_for_model(sender),
|
|
object_id=instance.id,
|
|
)
|
|
except VerificationQueueItem.DoesNotExist:
|
|
q = VerificationQueueItem(item=instance)
|
|
q.save()
|
|
else:
|
|
try:
|
|
q = VerificationQueueItem.objects.get(
|
|
content_type=ContentType.objects.get_for_model(sender),
|
|
object_id=instance.id,
|
|
)
|
|
q.delete()
|
|
except VerificationQueueItem.DoesNotExist:
|
|
pass
|
|
|
|
def verification_queue_delete(sender, instance, **kwargs):
|
|
try:
|
|
q = VerificationQueueItem.objects.get(
|
|
content_type=ContentType.objects.get_for_model(sender),
|
|
object_id=instance.id,
|
|
)
|
|
q.delete()
|
|
except VerificationQueueItem.DoesNotExist:
|
|
pass
|
|
|
|
def verification_queue_notify(sender, instance, **kwargs):
|
|
# notification was already sent
|
|
if instance.notified:
|
|
return
|
|
|
|
# no contact point exists
|
|
if not instance.user_id and not instance.org_key:
|
|
return
|
|
|
|
item = instance.item
|
|
|
|
if type(item) in QUEUE_NOTIFY and not getattr(
|
|
settings, "DISABLE_VERIFICATION_QUEUE_EMAILS", False
|
|
):
|
|
|
|
if type(item) == Network:
|
|
rdap = RdapLookup().get_asn(item.asn)
|
|
else:
|
|
rdap = None
|
|
|
|
ticket_queue_vqi_notify(instance, rdap)
|
|
instance.notified = True
|
|
instance.save()
|
|
|
|
post_save.connect(verification_queue_notify, sender=VerificationQueueItem)
|
|
|
|
for model in QUEUE_ENABLED:
|
|
post_save.connect(verification_queue_update, sender=model)
|
|
pre_delete.connect(verification_queue_delete, sender=model)
|
|
|
|
|
|
def cors_allow_api_get_to_everyone(sender, request, **kwargs):
|
|
# FIXME: path name to look for should come from config
|
|
return (
|
|
request.path == "/api" or request.path.startswith("/api/")
|
|
) and request.method in ["GET", "OPTIONS"]
|
|
|
|
|
|
check_request_enabled.connect(cors_allow_api_get_to_everyone)
|