From 8c525397f52366a5ec374b16c939feb2afadd24f Mon Sep 17 00:00:00 2001
From: Nicolas Beguier <nicolas.beguier@schibsted.com>
Date: Thu, 9 Aug 2018 16:10:54 +0200
Subject: [PATCH] [CASSH WEBUI] Upgrade to 1.5.0

---
 server/web/cassh_web.py | 101 +++++++++++++++++++---------------------
 1 file changed, 47 insertions(+), 54 deletions(-)

diff --git a/server/web/cassh_web.py b/server/web/cassh_web.py
index 015ccde..a7eb985 100755
--- a/server/web/cassh_web.py
+++ b/server/web/cassh_web.py
@@ -7,13 +7,13 @@
 from base64 import urlsafe_b64decode, urlsafe_b64encode
 from datetime import datetime
 from functools import wraps
-from json import dumps, loads
+from json import loads
 from os import getenv, path
 from ssl import PROTOCOL_TLSv1_2, SSLContext
 
 # Third party library imports
-from flask import Flask, render_template, request, Response, redirect, url_for, send_from_directory
-from requests import get, post, put
+from flask import Flask, render_template, request, Response, redirect, send_from_directory
+from requests import post, put
 from requests.exceptions import ConnectionError
 from urllib3 import disable_warnings
 from werkzeug import secure_filename
@@ -34,21 +34,6 @@ def allowed_file(filename):
     return '.' in filename and \
            filename.rsplit('.', 1)[1] in APP.config['ALLOWED_EXTENSIONS']
 
-def check_auth_by_status(auth):
-    try:
-        req = get(APP.config['CASSH_URL'] + '/client' + 
-            auth_url(auth.username, password=auth.password), verify=False)
-    except ConnectionError:
-        return Response('Connection error : %s' % APP.config['CASSH_URL'])
-    # If there is no account
-    if req.text == 'None':
-        return True
-    try:
-        result = loads(req.text)
-    except:
-        return False
-    return True
-
 def decode(key, enc):
     dec = []
     enc = urlsafe_b64decode(enc).decode()
@@ -83,52 +68,41 @@ def decorated(*args, **kwargs):
         return func(current_user=current_user, *args, **kwargs)
     return decorated
 
-def auth_url(realname, password=None, prefix=None):
-    """
-    Return a ?xxx=xxx to put at the end of a GET request.
-    """
-    if APP.config['ENABLE_LDAP']:
-        if prefix is None:
-            return '?realname=%s&password=%s'\
-                % (realname, password)
-        else:
-            return prefix + '&realname=%s&password=%s'\
-                % (realname, password)
-    else:
-        if prefix is None:
-            return ''
-        else:
-            return prefix
-
-
 @APP.route('/')
 @requires_auth
 def index(current_user=None):
     """ Display home page """
     return render_template('homepage.html', username=current_user['name'], \
         logged_in=current_user['is_authenticated'], \
-        display_error=request.cookies.get('last_attempt_error')=='True', \
+        display_error=request.cookies.get('last_attempt_error') == 'True', \
         login_banner=APP.config['LOGIN_BANNER'])
 
 @APP.route('/login', methods=['POST'])
 @requires_auth
 def login(current_user=None):
+    """
+    Authentication
+    """
+    del current_user
     username = request.form['username']
     password = request.form['password']
     last_attempt_error = False
     redirect_to_index = redirect('/')
     response = APP.make_response(redirect_to_index)
     try:
-        req = get(APP.config['CASSH_URL'] + '/test_auth' +
-            auth_url(username, password=password), verify=False)
+        payload = {}
+        payload.update({'realname': username, 'password': password})
+        req = post(APP.config['CASSH_URL'] + '/test_auth', \
+                data=payload, \
+                verify=False)
     except:
         return Response('Connection error : %s' % APP.config['CASSH_URL'])
     if 'OK' in req.text:
-        response.set_cookie('username',value=username)
-        response.set_cookie('password',value=encode(APP.config['ENCRYPTION_KEY'], password))
+        response.set_cookie('username', value=username)
+        response.set_cookie('password', value=encode(APP.config['ENCRYPTION_KEY'], password))
     else:
         last_attempt_error = True
-    response.set_cookie('last_attempt_error',value=str(last_attempt_error))
+    response.set_cookie('last_attempt_error', value=str(last_attempt_error))
     return response
 
 @APP.route('/logout', methods=['POST'])
@@ -136,9 +110,9 @@ def login(current_user=None):
 def logout(current_user=None):
     redirect_to_index = redirect('/')
     response = APP.make_response(redirect_to_index)
-    response.set_cookie('username',value='Unknown')
-    response.set_cookie('password',value='Unknown')
-    response.set_cookie('last_attempt_error',value='False')
+    response.set_cookie('username', value='Unknown')
+    response.set_cookie('password', value='Unknown')
+    response.set_cookie('last_attempt_error', value='False')
     return response
 
 @APP.route('/add/')
@@ -158,10 +132,15 @@ def cassh_sign(current_user=None):
 @APP.route('/status/')
 @requires_auth
 def cassh_status(current_user=None):
-    """ Display status page """
+    """
+    CASSH status
+    """
     try:
-        req = get(APP.config['CASSH_URL'] + '/client' + 
-            auth_url(current_user['name'], password=current_user['password']), verify=False)
+        payload = {}
+        payload.update({'realname': current_user['name'], 'password': current_user['password']})
+        req = post(APP.config['CASSH_URL'] + '/client/status', \
+                data=payload, \
+                verify=False)
     except ConnectionError:
         return Response('Connection error : %s' % APP.config['CASSH_URL'])
     try:
@@ -182,12 +161,19 @@ def cassh_status(current_user=None):
 @APP.route('/sign/upload', methods=['POST'])
 @requires_auth
 def upload(current_user=None):
+    """
+    CASSH sign
+    """
     pubkey = request.files['file']
     username = request.form['username']
+    payload = {}
+    payload.update({'realname': current_user['name'], 'password': current_user['password']})
+    payload.update({'username': username})
+    payload.update({'pubkey': pubkey.read().decode('UTF-8').replace(' ', '%20')})
     try:
-        req = post(APP.config['CASSH_URL'] + '/client' +
-            auth_url(current_user['name'], password=current_user['password'], \
-                prefix='?username=%s' % username), data=pubkey, verify=False)
+        req = post(APP.config['CASSH_URL'] + '/client', \
+                data=payload, \
+                verify=False)
     except ConnectionError:
         return Response('Connection error : %s' % APP.config['CASSH_URL'])
     if 'Error' in req.text:
@@ -203,12 +189,19 @@ def upload(current_user=None):
 @APP.route('/add/send', methods=['POST'])
 @requires_auth
 def send(current_user=None):
+    """
+    CASSH add
+    """
     pubkey = request.files['file']
     username = request.form['username']
+    payload = {}
+    payload.update({'realname': current_user['name'], 'password': current_user['password']})
+    payload.update({'username': username})
+    payload.update({'pubkey': pubkey.read().decode('UTF-8').replace(' ', '%20')})
     try:
-        req = put(APP.config['CASSH_URL'] + '/client' +
-            auth_url(current_user['name'], password=current_user['password'], \
-                prefix='?username=%s' % username), data=pubkey, verify=False)
+        req = put(APP.config['CASSH_URL'] + '/client', \
+                data=payload, \
+                verify=False)
     except ConnectionError:
         return Response('Connection error : %s' % APP.config['CASSH_URL'])
     if 'Error' in req.text: