Merge branch 'william' into 'master'

Add view to check if the vm belongs to a user (for ungleich-cli)

See merge request ungleich-public/dynamicweb!705

datacenterlight/utils.py

@@ -1,5 +1,8 @@
 import logging
+import pyotp
+import requests
 from django.contrib.sites.models import Site
+from django.conf import settings
 
 from datacenterlight.tasks import create_vm_task
 from hosting.models import HostingOrder, HostingBill, OrderDetail
@@ -11,7 +14,6 @@ from .models import VMPricing, VMTemplate
 
 logger = logging.getLogger(__name__)
 
-
 def get_cms_integration(name):
     current_site = Site.objects.get_current()
     try:
@@ -100,3 +102,22 @@ def clear_all_session_vars(request):
                             'generic_payment_details', 'product_id']:
             if session_var in request.session:
                 del request.session[session_var]
+
+
+def check_otp(name, realm, token):
+    data = {
+        "auth_name": settings.AUTH_NAME,
+        "auth_token": pyotp.TOTP(settings.AUTH_SEED).now(),
+        "auth_realm": settings.AUTH_REALM,
+        "name": name,
+        "realm": realm,
+        "token": token
+    }
+    response = requests.post(
+        "https://{OTP_SERVER}{OTP_VERIFY_ENDPOINT}".format(
+            OTP_SERVER=settings.OTP_SERVER,
+            OTP_VERIFY_ENDPOINT=settings.OTP_VERIFY_ENDPOINT
+        ),
+        data=data
+    )
+    return response.status_code

dynamicweb/settings/base.py

@@ -721,6 +721,14 @@ X_FRAME_OPTIONS = ('SAMEORIGIN' if X_FRAME_OPTIONS_ALLOW_FROM_URI is None else
 
 DEBUG = bool_env('DEBUG')
 
+ACCOUNT_NAME = env('ACCOUNT_NAME')
+AUTH_NAME = env('AUTH_NAME')
+AUTH_SEED = env('AUTH_SEED')
+AUTH_REALM = env('AUTH_REALM')
+OTP_SERVER = env('OTP_SERVER')
+OTP_VERIFY_ENDPOINT = env('OTP_VERIFY_ENDPOINT')
+
+
 if DEBUG:
     from .local import *  # flake8: noqa
 else:

hosting/urls.py

@@ -9,13 +9,14 @@ from .views import (
     HostingPricingView, CreateVirtualMachinesView, HostingBillListView,
     HostingBillDetailView, SSHKeyDeleteView, SSHKeyCreateView, SSHKeyListView,
     SSHKeyChoiceView, DashboardView, SettingsView, ResendActivationEmailView,
-    InvoiceListView, InvoiceDetailView
+    InvoiceListView, InvoiceDetailView, CheckUserVM
 )
 
 
 urlpatterns = [
     url(r'index/?$', IndexView.as_view(), name='index'),
     url(r'django/?$', DjangoHostingView.as_view(), name='djangohosting'),
+    url(r'checkvm/?$', CheckUserVM.as_view(), name='check_vm'),
     url(r'dashboard/?$', DashboardView.as_view(), name='dashboard'),
     url(r'nodejs/?$', NodeJSHostingView.as_view(), name='nodejshosting'),
     url(r'rails/?$', RailsHostingView.as_view(), name='railshosting'),

hosting/views.py

@@ -26,6 +26,9 @@ from django.views.generic import (
     View, CreateView, FormView, ListView, DetailView, DeleteView,
     TemplateView, UpdateView
 )
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework.renderers import JSONRenderer
 from guardian.mixins import PermissionRequiredMixin
 from oca.pool import WrongIdError
 from stored_messages.api import mark_read
@@ -34,7 +37,7 @@ from stored_messages.settings import stored_messages_settings
 
 from datacenterlight.cms_models import DCLCalculatorPluginModel
 from datacenterlight.models import VMTemplate, VMPricing
-from datacenterlight.utils import create_vm, get_cms_integration
+from datacenterlight.utils import create_vm, get_cms_integration, check_otp
 from hosting.models import UserCardDetail
 from membership.models import CustomUser, StripeCustomer
 from opennebula_api.models import OpenNebulaManager
@@ -66,9 +69,12 @@ from .models import (
 
 logger = logging.getLogger(__name__)
 
+
 CONNECTION_ERROR = "Your VMs cannot be displayed at the moment due to a \
                     backend connection error. please try again in a few \
                     minutes."
+
+
 decorators = [never_cache]
 
 
@@ -1755,3 +1761,30 @@ def forbidden_view(request, exception=None, reason=''):
                 'again.')
     messages.add_message(request, messages.ERROR, err_msg)
     return HttpResponseRedirect(request.get_full_path())
+
+
+class CheckUserVM(APIView):
+    renderer_classes = (JSONRenderer, )
+
+    def get(self, request):
+        try:
+            email = request.data['email']
+            ip = request.data['ip']
+            user = request.data['user']
+            realm = request.data['realm']
+            token = request.data['token']
+            if user != settings.ACCOUNT_NAME:
+                return Response("User not allowed", 403)
+            response = check_otp(user, realm, token)
+            if response != 200:
+                return Response('Invalid token', 403)
+            uservms = VMDetail.objects.filter(user__email=email)
+            if len(uservms) > 0:
+                for i in range(len(uservms)):
+                    if uservms[i].ipv4 == ip or uservms[i].ipv6 == ip:
+                        return Response('success', 200)
+                return Response('No VM found matching the ip address provided', 404)
+            else:
+                return Response('No VM found with the given email address', 404)
+        except KeyError:
+            return Response('Not enough data provided', 400)

requirements.txt

@@ -98,3 +98,4 @@ amqp==2.2.1
 vine==1.1.4
 cdist==5.0.1
 git+https://github.com/ungleich/djangocms-multisite.git#egg=djangocms_multisite
+pyotp