add option to disable access to instance
This commit is contained in:
Marvin Martinson
parent
ce0eb1a400
commit
a3e410f3a9
|
|
@ -0,0 +1,44 @@
|
|||
import falcon
|
||||
import logging
|
||||
import json
|
||||
import hashlib
|
||||
from pinecrypt.server import authority, errors, db
|
||||
from bson.objectid import ObjectId
|
||||
from pinecrypt.server.decorators import csrf_protection
|
||||
from .utils.firewall import login_required, authorize_admin
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class DisableEnableAccessToInstance(object):
|
||||
@csrf_protection
|
||||
@login_required
|
||||
@authorize_admin
|
||||
def on_post(self, req, resp, id):
|
||||
bool = req.get_param_as_bool("disable")
|
||||
|
||||
result = db.certificates.find_one_and_update({
|
||||
"_id": ObjectId(id)
|
||||
}, {
|
||||
"$set": {
|
||||
"disabled": bool
|
||||
}
|
||||
},
|
||||
upsert=True,
|
||||
return_document=db.return_new)
|
||||
|
||||
if not result:
|
||||
resp.text = "No certificate found with id %s" % id
|
||||
raise falcon.HTTPNotFound()
|
||||
|
||||
|
||||
@login_required
|
||||
@authorize_admin
|
||||
def on_get(self, req, resp, id):
|
||||
result = db.certificates.find_one({"_id": ObjectId(id)})
|
||||
|
||||
if not result:
|
||||
resp.text = "No certificate found with id %s" % id
|
||||
raise falcon.HTTPNotFound()
|
||||
|
||||
resp.text = str(result["disabled"])
|
||||
|
|
@ -66,6 +66,7 @@ async def view_event(request):
|
|||
async for event in stream:
|
||||
|
||||
if event.get("ns").get("coll") == "certidude_certificates":
|
||||
|
||||
if event.get("operationType") == "insert" and event["fullDocument"].get("status") == "csr":
|
||||
await resp.write("event: request-submitted\ndata: %s\n\n" % str(event["documentKey"].get("_id")))
|
||||
events_emitted.inc()
|
||||
|
|
@ -94,6 +95,10 @@ async def view_event(request):
|
|||
await resp.write("event: attribute-update\ndata: %s\n\n" % str(event["documentKey"].get("_id")))
|
||||
events_emitted.inc()
|
||||
|
||||
if event.get("operationType") == "update" and "disabled" in event.get("updateDescription").get("updatedFields"):
|
||||
await resp.write("event: instance-access-update\ndata: %s\n\n" % str(event["documentKey"].get("_id")))
|
||||
events_emitted.inc()
|
||||
|
||||
if event.get("ns").get("coll") == "certidude_logs":
|
||||
|
||||
from pinecrypt.server.decorators import MyEncoder
|
||||
|
|
|
|||
|
|
@ -92,6 +92,7 @@ class SessionResource(object):
|
|||
# TODO: dedup
|
||||
serialized = dict(
|
||||
id=str(cert_doc["_id"]),
|
||||
disabled=cert_doc["disabled"],
|
||||
serial="%x" % cert.serial_number,
|
||||
organizational_unit=cert.subject.native.get("organizational_unit_name"),
|
||||
common_name=cert_doc["common_name"],
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ import falcon
|
|||
import logging
|
||||
import json
|
||||
import hashlib
|
||||
from pinecrypt.server import authority, errors
|
||||
from pinecrypt.server import authority, errors, db
|
||||
from pinecrypt.server.decorators import csrf_protection
|
||||
from .utils.firewall import login_required, authorize_admin
|
||||
|
||||
|
|
|
|||
|
|
@ -406,6 +406,7 @@ def pinecone_serve_backend():
|
|||
from pinecrypt.server.api.revoked import RevokedCertificateDetailResource
|
||||
from pinecrypt.server.api.log import LogResource
|
||||
from pinecrypt.server.api.revoked import RevocationListResource
|
||||
from pinecrypt.server.api.access import DisableEnableAccessToInstance
|
||||
|
||||
app = falcon.App(middleware=NormalizeMiddleware())
|
||||
app.req_options.strip_url_path_trailing_slash = True
|
||||
|
|
@ -424,6 +425,7 @@ def pinecone_serve_backend():
|
|||
app.add_route("/api/revoked/{serial_number}", RevokedCertificateDetailResource())
|
||||
app.add_route("/api/log", LogResource())
|
||||
app.add_route("/api/revoked", RevocationListResource())
|
||||
app.add_route("/api/toggleaccess/id/{id}", DisableEnableAccessToInstance())
|
||||
|
||||
token_resource = None
|
||||
token_manager = None
|
||||
|
|
|
|||
Loading…
Reference in New Issue