easyengine/ee/cli/plugins/secure.py

from cement.core.controller import CementBaseController, expose
from cement.core import handler, hook
from ee.core.shellexec import EEShellExec
from ee.core.variables import EEVariables
from ee.core.logging import Log
import string
import random
import sys
import hashlib
import getpass


def secure_plugin_hook(app):
    # do something with the ``app`` object here.
    pass


class EESecureController(CementBaseController):
    class Meta:
        label = 'secure'
        stacked_on = 'base'
        stacked_type = 'nested'
        description = ('clean command cleans different cache ')
        arguments = [
            (['--auth'],
                dict(help='secure auth', action='store_true')),
            (['--port'],
                dict(help='secure port', action='store_true')),
            (['--ip'],
                dict(help='secure ip', action='store_true'))
            ]

    @expose(hide=True)
    def default(self):
            if self.app.pargs.auth:
                self.secure_auth()
            if self.app.pargs.port:
                self.secure_port()
            if self.app.pargs.ip:
                self.secure_ip()

    @expose(hide=True)
    def secure_auth(self):
        passwd = ''.join([random.choice
                         (string.ascii_letters + string.digits)
                         for n in range(6)])
        username = input("Provide HTTP authentication user "
                         "name [{0}] :".format(EEVariables.ee_user))
        password = input("Provide HTTP authentication "
                         "password [{0}]".format(passwd))
        if username == "":
            username = EEVariables.ee_user
            Log.info(self, "HTTP authentication username:{username}"
                     .format(username=username))
        if password == "":
            password = passwd
            Log.info(self, "HTTP authentication password:{password}"
                     .format(password=password))
        EEShellExec.cmd_exec(self, "printf \"{username}:"
                             "$(openssl passwd -crypt "
                             "{password} 2> /dev/null)\n\""
                             "> /etc/nginx/htpasswd-ee 2>/dev/null"
                             .format(username=username,
                                     password=password))

    @expose(hide=True)
    def secure_port(self):
        port = input("EasyEngine admin port [22222]:")
        if port == "":
            port = 22222
        if EEVariables.ee_platform_distro == 'Ubuntu':
            EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
                                 "{port} default_server ssl spdy;/\" "
                                 "/etc/nginx/sites-available/22222.conf"
                                 .format(port=port))
        if EEVariables.ee_platform_distro == 'Debian':
            EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "
                                 "{port} default_server ssl;/\" "
                                 "/etc/nginx/sites-available/22222"
                                 .format(port=port))

    @expose(hide=True)
    def secure_ip(self):
        # TODO:remaining with ee.conf updation in file
        newlist = []
        ip = input("Enter the comma separated IP addresses "
                   "to white list [127.0.0.1]:")
        try:
            user_list_ip = ip.split(',')
        except Exception as e:
            ip = ['127.0.0.1']
        self.app.config.set('mysql', 'grant-host', "hello")
        exist_ip_list = self.app.config.get('stack', 'ip-address').split()
        for check_ip in user_list_ip:
            if check_ip not in exist_ip_list:
                newlist.extend(exist_ip_list)
            # changes in acl.conf file
            if len(newlist) != 0:
                EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx"
                                     "/common/acl.conf")
            for whitelist_adre in newlist:
                EEShellExec.cmd_exec(self, "sed -i \"/deny/i "
                                     "echo allow {whitelist_adre}\\;\" "
                                     "/etc/nginx/common/acl.conf"
                                     .format(whitelist_adre=whitelist_adre))


def load(app):
    # register the plugin class.. this only happens if the plugin is enabled
    handler.register(EESecureController)
    # register a hook (function) to run after arguments are parsed.
    hook.register('post_argument_parsing', secure_plugin_hook)
ee secure command 10 years ago			`from cement.core.controller import CementBaseController, expose`
			`from cement.core import handler, hook`
			`from ee.core.shellexec import EEShellExec`
			`from ee.core.variables import EEVariables`
Changed some display messages 10 years ago			`from ee.core.logging import Log`
ee secure command 10 years ago			`import string`
			`import random`
			`import sys`
			`import hashlib`
			`import getpass`


			`def secure_plugin_hook(app):`
			# do something with the ``app`` object here.
			`pass`


Changed some display messages 10 years ago			`class EESecureController(CementBaseController):`
ee secure command 10 years ago			`class Meta:`
			`label = 'secure'`
			`stacked_on = 'base'`
			`stacked_type = 'nested'`
updated log messages 10 years ago			`description = ('clean command cleans different cache ')`
ee secure command 10 years ago			`arguments = [`
			`(['--auth'],`
			`dict(help='secure auth', action='store_true')),`
			`(['--port'],`
			`dict(help='secure port', action='store_true')),`
			`(['--ip'],`
			`dict(help='secure ip', action='store_true'))`
			`]`

			`@expose(hide=True)`
			`def default(self):`
			`if self.app.pargs.auth:`
			`self.secure_auth()`
			`if self.app.pargs.port:`
			`self.secure_port()`
			`if self.app.pargs.ip:`
			`self.secure_ip()`

			`@expose(hide=True)`
			`def secure_auth(self):`
			`passwd = ''.join([random.choice`
Changed some display messages 10 years ago			`(string.ascii_letters + string.digits)`
			`for n in range(6)])`
ee secure command 10 years ago			`username = input("Provide HTTP authentication user "`
			`"name [{0}] :".format(EEVariables.ee_user))`
			`password = input("Provide HTTP authentication "`
			`"password [{0}]".format(passwd))`
			`if username == "":`
			`username = EEVariables.ee_user`
added log messages 10 years ago			`Log.info(self, "HTTP authentication username:{username}"`
			`.format(username=username))`
added log message in secure.py 10 years ago			`if password == "":`
			`password = passwd`
added log messages 10 years ago			`Log.info(self, "HTTP authentication password:{password}"`
			`.format(password=password))`
ee secure command 10 years ago			`EEShellExec.cmd_exec(self, "printf \"{username}:"`
			`"$(openssl passwd -crypt "`
			`"{password} 2> /dev/null)\n\""`
			`"> /etc/nginx/htpasswd-ee 2>/dev/null"`
			`.format(username=username,`
			`password=password))`

			`@expose(hide=True)`
			`def secure_port(self):`
			`port = input("EasyEngine admin port [22222]:")`
			`if port == "":`
			`port = 22222`
			`if EEVariables.ee_platform_distro == 'Ubuntu':`
			`EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "`
			`"{port} default_server ssl spdy;/\" "`
Fix error of file clean.py and secure.py and added test cases 10 years ago			`"/etc/nginx/sites-available/22222.conf"`
ee secure command 10 years ago			`.format(port=port))`
added log messages 10 years ago			`if EEVariables.ee_platform_distro == 'Debian':`
ee secure command 10 years ago			`EEShellExec.cmd_exec(self, "sed -i \"s/listen.*/listen "`
			`"{port} default_server ssl;/\" "`
			`"/etc/nginx/sites-available/22222"`
			`.format(port=port))`

			`@expose(hide=True)`
			`def secure_ip(self):`
Changed some display messages 10 years ago			`# TODO:remaining with ee.conf updation in file`
ee secure command 10 years ago			`newlist = []`
			`ip = input("Enter the comma separated IP addresses "`
			`"to white list [127.0.0.1]:")`
			`try:`
			`user_list_ip = ip.split(',')`
			`except Exception as e:`
			`ip = ['127.0.0.1']`
			`self.app.config.set('mysql', 'grant-host', "hello")`
			`exist_ip_list = self.app.config.get('stack', 'ip-address').split()`
			`for check_ip in user_list_ip:`
			`if check_ip not in exist_ip_list:`
			`newlist.extend(exist_ip_list)`
Changed some display messages 10 years ago			`# changes in acl.conf file`
ee secure command 10 years ago			`if len(newlist) != 0:`
			`EEShellExec.cmd_exec(self, "sed -i \"/allow.*/d\" /etc/nginx"`
			`"/common/acl.conf")`
			`for whitelist_adre in newlist:`
			`EEShellExec.cmd_exec(self, "sed -i \"/deny/i "`
			`"echo allow {whitelist_adre}\\;\" "`
			`"/etc/nginx/common/acl.conf"`
			`.format(whitelist_adre=whitelist_adre))`


			`def load(app):`
			`# register the plugin class.. this only happens if the plugin is enabled`
Changed some display messages 10 years ago			`handler.register(EESecureController)`
ee secure command 10 years ago			`# register a hook (function) to run after arguments are parsed.`
			`hook.register('post_argument_parsing', secure_plugin_hook)`