from django.shortcuts import render, get_object_or_404, redirect from django.http import HttpResponse from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm, AdminPasswordChangeForm from django.db.models import Q from django.views.decorators.csrf import csrf_exempt from django.utils import timezone from django.core.files import File from django.db.models.fields.files import FieldFile from django.contrib.auth.models import User from django.contrib.auth.decorators import login_required, user_passes_test from django.db.models.signals import post_save from django.dispatch import receiver from django.conf import settings from django.contrib.auth.forms import PasswordResetForm from django.urls import reverse from .models import Device, Organization, Network, Model, Wifi, UserStatus from .signals import * from .forms import * from .device import makewificonfig, heartbeathandler from .tasks import mkfirmware from distutils.dir_util import copy_tree from celery.exceptions import TimeoutError import glob import sys import subprocess import os import socket import tempfile import crypt import tarfile import datetime import time import uuid def is_superuser(user): return user.is_superuser def is_staff(user): return user.is_staff @login_required def index(request): return redirect(reverse("devices")) @csrf_exempt def heartbeat(request): device = get_object_or_404(Device, secret=request.POST.get("secret", "")) ip = request.POST.get("ip", "") return HttpResponse(heartbeathandler(device, ip)) @csrf_exempt def wireless(request): device = get_object_or_404(Device, secret=request.POST.get("secret", "")) device.wireless = timezone.now() device.save() return HttpResponse(makewificonfig(device)) @csrf_exempt def hosts(request): device = get_object_or_404(Device, secret=request.POST.get("secret", "")) sigRebootDevice(device.serial, None, False) device.reboot = False device.save() return render(request, "manager/hosts", {"device": device}) @csrf_exempt def update(request): FWDIR = "/opt/vpnmanager/images/" device = get_object_or_404(Device, secret=request.POST.get("secret", "")) try: if not mkfirmware.apply_async((device, FWDIR), serializer='pickle').get(timeout=300): return HttpResponse(status=503) except TimeoutError: return HttpResponse(status=503) sigUpdateDevice(device.serial, None, False) device.update = False device.save() with open("%s/%s.bin" % (FWDIR, device.id), "rb") as download: response = HttpResponse(download.read(), content_type="application/octet-stream") response['Content-Disposition'] = 'inline; filename=%s.bin' % device.serial return response def ping(request, device_id): if request.user.is_authenticated: try: device = Device.objects.get(id=device_id, organization__in=request.user.organization_set.all()) except: device = None ajax = '{\n "status": ' if not device: ajax += "-1" else: try: if device.curip: socket.inet_aton(device.curip) except Exception as e: ajax += "-3" else: try: ajax += str(1 if (device.curip and (timezone.now() - device.lasttime).total_seconds() < 300 and not os.WEXITSTATUS(os.system("ping -c1 -w1 " + device.curip + " > /dev/null 2>&1"))) else 2 if (True if not device.lasttime else (timezone.now() - device.lasttime).total_seconds() > 120) and (timezone.now() - device.lastbeat).total_seconds() < 60 else 0) except Exception as e: ajax += str(e) ajax += "-4" else: ajax += ',\n "serial": "%s"' % device.serial ajax += ',\n "name": "%s"' % device.name if device.name else "" ajax += ',\n "ip": "%s"' % device.curip if device.curip else "" ajax += ',\n "time": "%s"' % (None if not device.lasttime else str(int(time.mktime(timezone.make_naive(device.lasttime, timezone.get_current_timezone()).timetuple())) * 1000)) ajax += ',\n "lastbeat": "%s"' % (None if not device.lastbeat else str(int(time.mktime(timezone.make_naive(device.lastbeat, timezone.get_current_timezone()).timetuple())) * 1000)) ajax += ',\n "reboot": %i' % (1 if device.reboot else 0) ajax += ',\n "update": %i' % (1 if device.update else 0) ajax += ',\n "network": {' ajax += '\n "intip": "%s"' % device.network.intip ajax += ',\n "extip": "%s"' % device.network.extip ajax += ',\n "name": "%s"' % (device.network.name if device.network.name else "") ajax += '\n }' else: ajax += "-2" ajax += "\n}" return HttpResponse(ajax, content_type="application/json") @login_required def devices(request, code=200, exception=None): return render(request, "manager/index.html", {"title": "Device Administration", "exception": exception}, status=code) @login_required def editdevice(request, device_id): device = get_object_or_404(Device, id=device_id, organization__in=request.user.organization_set.all()) subnets = Network.objects.filter(organization=device.organization) wifis = Wifi.objects.filter(organization=device.organization) form = DeviceForm(request.POST if request.method == "POST" else None, instance=device) form.fields["mac"].disabled = True form.fields["serial"].disabled = True form.fields["secret"].disabled = True form.fields["model"].disabled = True form.fields["password"].disabled = True if request.method == "POST" and form.is_valid(): form.save() return redirect(reverse("devices")) return render(request, "manager/form.html", { "title": "Edit Device", "form": form }) @user_passes_test(is_superuser) def makeuser(request): if request.POST.get("username", ""): user = User.objects.create_user( username=request.POST.get("username", ""), password=str(uuid.uuid4().hex), first_name=request.POST.get("firstname", ""), last_name=request.POST.get("lastname", ""), is_staff=request.POST.get("staff", "0") == "True", is_superuser=request.POST.get("superuser", "0") == "True", email=request.POST.get("email", "") ) user.organization_set.set(set(request.POST.getlist("orga", []))) form = PasswordResetForm({"email": user.email}) if form.is_valid(): form.save( request=request, use_https=True, email_template_name='registration/add_user.html') return redirect(reverse("users")) else: return render(request, "manager/adduser.html", {"title": "Add User"}) @login_required def edituser(request, user_id): if request.user.is_staff or request.user.id == user_id: orgas = request.user.organization_set.all() user = request.user if request.user.id == user_id else User.objects.distinct().get(id=user_id, organization__in=orgas) if not user: return redirect(reverse("users")) if request.POST.get("form", ""): newfirst = request.POST.get("firstname", "") newlast = request.POST.get("lastname", "") if newlast != user.last_name or newfirst != user.first_name: sigRenameUser(user.username, request.user.username, "%s %s" % (user.first_name, user.last_name), "%s %s" % (newfirst, newlast)) user.first_name = request.POST.get("firstname", "") user.last_name = request.POST.get("lastname", "") if request.user.is_staff or request.user.is_superuser: newstaff = request.POST.get("staff", "0") == "True" if newstaff != user.is_staff: sigStaffUser(user.username, request.user.username, newstaff) user.is_staff = newstaff if request.user.is_superuser: newsuper = request.POST.get("superuser", "0") == "True" if newsuper != user.is_superuser: sigSuperUser(user.username, request.user.username, newsuper) user.is_superuser = newsuper neworgas = set(request.POST.getlist("orga", [])) oldorgas = set(user.organization_set.all()) if neworgas != oldorgas: sigOrgaUser(user.username, request.user.username, oldorgas, neworgas) user.organization_set.set(neworgas) newmail = request.POST.get("email", "") if newmail != user.email: sigMailUser(user.username, request.user.username, user.email, newmail) user.email = newmail user.save() return redirect(reverse("users")) return render(request, "manager/edituser.html", { "title": "Edit User", "auser": user } ) else: return redirect(reverse("two_factor:login", kwargs={'next': request.path})) @login_required def editwifi(request, wifi_id): wifi = get_object_or_404(Wifi, id=wifi_id, organization__in=request.user.organization_set.all()) form = WifiForm(request.POST if request.method == "POST" else None, instance=wifi) form.fields["organization"].queryset = request.user.organization_set.all() if request.method == "POST" and form.is_valid(): form.save() return redirect(reverse("wifi")) return render(request, "manager/form.html", { "title": "Edit WiFi", "form": form }) @user_passes_test(is_superuser) def getconfig(request, device_id): FWDIR = "/opt/vpnmanager/images/" device = get_object_or_404(Device, id=device_id) files = glob.glob("%s/%s.bin" % (FWDIR, device_id)) if not ((files and datetime.datetime.fromtimestamp(os.path.getmtime(files[0]), timezone.get_current_timezone()) > device.model.firmware) or mkfirmware.apply_async((device, FWDIR), serializer='pickle').get(timeout=300)): return HttpResponse(status=503) sigUpdateDevice(device.serial, None, False) device.update = False device.save() with open("%s/%s.bin" % (FWDIR, device.id), "rb") as download: response = HttpResponse(download.read(), content_type="application/octet-stream") response['Content-Disposition'] = 'inline; filename=%s.bin' % device.serial return response @login_required def rebootdevice(request, device_id): device = get_object_or_404(Device, id=device_id, organization__in=request.user.organization_set.all()) if not device.reboot: sigRebootDevice(device.serial, request.user.username, True) device.reboot = True device.save() return redirect(reverse("devices")) @user_passes_test(is_staff) def updatedevice(request, device_id): device = get_object_or_404(Device, id=device_id, organization__in=request.user.organization_set.all()) if not device.update: sigUpdateDevice(device.serial, request.user.username, True) device.update = True device.save() return redirect(reverse("devices")) @user_passes_test(is_superuser) def deletedevice(request, device_id): CADIR = "/etc/openvpn/ca/" BEFORE = os.getcwd() device = get_object_or_404(Device, id=device_id) os.chdir(CADIR) subprocess.call(CADIR + "/revoke " + device.serial, shell=True) os.system("rm " + CADIR + "/keys/" + device.serial + ".{crt,csr,key}") os.chdir(BEFORE) device.delete() return redirect(reverse("devices")) @user_passes_test(is_staff) def deletewifi(request, wifi_id): wifi = get_object_or_404(Wifi, id=wifi_id, organization__in=request.user.organization_set.all()) wifi.delete() return redirect(reverse("wifi")) @user_passes_test(is_superuser) def deleteuser(request, user_id): user = get_object_or_404(User, id=user_id) user.delete() return redirect(reverse("users")) @user_passes_test(is_superuser) def deletenetwork(request, network_id): network = get_object_or_404(Network, id=network_id) network.delete() return redirect(reverse("networks")) @user_passes_test(is_superuser) def deleteorga(request, orga_id): orga = get_object_or_404(Organization, id=orga_id) orga.delete() return redirect(reverse("organizations")) @login_required def makewifi(request): form = WifiForm(request.POST if request.method == "POST" else None, initial={"organization": request.user.userstatus.orga} if request.method == "GET" else None) form.fields["organization"].queryset = request.user.organization_set.all() if request.method == "POST" and form.is_valid(): form.save() return redirect(reverse("wifi")) return render(request, "manager/form.html", { "title": "Add WiFi", "form": form }) @user_passes_test(is_superuser) def makenetwork(request): if request.method == "POST": form = NetworkForm(request.POST) if form.is_valid(): form.save() return redirect(reverse("networks")) else: form = NetworkForm() return render(request, "manager/form.html", { "title": "Add Network", "form": form }) @user_passes_test(is_superuser) def editnetwork(request, network_id): net = get_object_or_404(Network, id=network_id) form = NetworkForm(request.POST if request.method == "POST" else None, instance=net) form.fields["intip"].disabled = True form.fields["extip"].disabled = True if request.method == "POST" and form.is_valid(): form.save() return redirect(reverse("networks")) return render(request, "manager/form.html", { "title": "Edit Network", "form": form }) @login_required def setactiveorga(request, orga_id): request.user.userstatus.orga = get_object_or_404(Organization, id=orga_id, users=request.user) request.user.userstatus.save() return HttpResponse("") @user_passes_test(is_superuser) def makeorganization(request): if request.method == "POST": form = OrgaForm(request.POST) if form.is_valid(): orga = form.save() request.user.organization_set.add(orga) Network.objects.get(intip="No VPN").organization.add(orga) return redirect(reverse("organizations")) else: form = OrgaForm() return render(request, "manager/form.html", { "title": "Add Organization", "form": form }) @user_passes_test(is_superuser) def editorganization(request, orga_id): orga = get_object_or_404(Organization, id=orga_id) if request.method == "POST": form = OrgaForm(request.POST, instance=orga) if form.is_valid(): form.save() return redirect(reverse("organizations")) else: form = OrgaForm(instance=orga) return render(request, "manager/form.html", { "title": "Change Organization", "form": form }) @user_passes_test(is_superuser) def makedevice(request): CADIR = "/etc/openvpn/ca/" CONFIGDIR = "/etc/openvpn/client-configs/" BEFORE = os.getcwd() device_serial = request.POST.get("serial", "").replace(" ", "_") device_name = request.POST.get("name", "") device_organization = request.POST.get("organization", "") device_model = request.POST.get("model", "") device_ssid = request.POST.get("ssid", device_serial) device_key = request.POST.get("key", "") device_mac = request.POST.get("mac", "") if not device_serial: orga = Organization.objects.all() models = Model.objects.all() return render(request, "manager/add.html", { "title": "Add Device", "organizations": orga, "models": models } ) if glob.glob(CADIR + "/keys/" + device_serial + "*"): return HttpResponse("This key already exists.") os.chdir(CADIR) if subprocess.call(CADIR + "/generate-key " + device_serial, shell=True): os.chdir(BEFORE) return HttpResponse("Something went wrong trying to generate the key.") if glob.glob(CONFIGDIR + "/files/" + device_serial + "*"): os.chdir(BEFORE) return HttpResponse("This configuration file already exists.") os.chdir(CONFIGDIR) if subprocess.call(CONFIGDIR + "/make_config " + device_serial, shell=True): os.chdir(BEFORE) return HttpResponse("Something went wrong trying to generate the config file.") os.chdir(BEFORE) device = Device.objects.create( serial=device_serial, name=device_name, ssid=device_ssid, key=device_key, model=Model.objects.filter(id=device_model)[0], network=Network.objects.filter(intip="No VPN")[0], organization=Organization.objects.filter(id=device_organization)[0], vpnconfig = open(CONFIGDIR + "/files/" + device_serial + ".ovpn").read(), mac = device_mac or None, changed = timezone.now() ) return redirect(reverse("devices")) @receiver(post_save, sender=settings.AUTH_USER_MODEL) def createUserStatus(sender, instance, created, **kwargs): if created: UserStatus.objects.create(user=instance) @receiver(post_save, sender=settings.AUTH_USER_MODEL) def saveUserStatus(sender, instance, **kwargs): try: instance.userstatus.save() except: UserStatus.objects.create(user=instance) def errorhandler(request, code, exception): if code == 403: exception.human = "You have no permission to access the requested page." elif code == 400: exception.human = "Something seems to be wrong with the request you sent. Please try again." elif code == 404: exception.human = "Sorry, we were unable to find the page you requested. Please check the address and try again." elif code == 500: exception.human = "Sorry, something seems to be wrong on our end. Please try again later or contact support if the problem persists." return devices(request, code=code, exception=exception) def handler400(request, exception): return errorhandler(request, 400, exception) def handler403(request, exception): return errorhandler(request, 403, exception) def handler404(request, exception): return errorhandler(request, 404, exception) def handler500(request): return errorhandler(request, 500, Exception("Please check the server logs for additional information."))