j3d1/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2024-12-25 23:55:24 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #392 from catborise/master

Browse source 
security update
This commit is contained in:
catborise 2020-11-20 15:36:38 +03:00 committed by GitHub
commit 82ded115b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/linter.yml vendored
View file

@ -71,6 +71,7 @@ jobs:
FILTER_REGEX_EXCLUDE: .*(static|scss|venv|locale)/.* FILTER_REGEX_EXCLUDE: .*(static|scss|venv|locale)/.*
DEFAULT_BRANCH: master DEFAULT_BRANCH: master
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VALIDATE_ALL_CODEBASE: false
VALIDATE_ANSIBLE: false VALIDATE_ANSIBLE: false
VALIDATE_CLOJURE: false VALIDATE_CLOJURE: false
VALIDATE_COFFEE: false VALIDATE_COFFEE: false

22
console/views.py
View file

@ -1,8 +1,13 @@
import re import re
from vrtManager.util import randomUUID
from django.http.response import HttpResponseServerError
from django.shortcuts import render from django.shortcuts import render
from django.utils.translation import gettext_lazy as _
from libvirt import libvirtError from libvirt import libvirtError
from accounts.models import UserInstance
from appsettings.settings import app_settings from appsettings.settings import app_settings
from instances.models import Instance from instances.models import Instance
from vrtManager.instance import wvmInstance from vrtManager.instance import wvmInstance
@ -35,7 +40,20 @@ def console(request):
temptoken = token.split("-", 1) temptoken = token.split("-", 1)
host = int(temptoken[0]) host = int(temptoken[0])
uuid = temptoken[1] uuid = temptoken[1]
if not request.user.is_superuser:
try:
userInstance = UserInstance.objects.get(
instance__compute_id=host, instance__uuid=uuid, user__id=request.user.id
)
instance = Instance.objects.get(compute_id=host, uuid=uuid) instance = Instance.objects.get(compute_id=host, uuid=uuid)
except UserInstance.DoesNotExist:
instance = None
console_error = _("User does not have permission to access console or host/instance not exist")
return HttpResponseServerError(console_error)
else:
instance = Instance.objects.get(compute_id=host, uuid=uuid)
conn = wvmInstance( conn = wvmInstance(
instance.compute.hostname, instance.compute.hostname,
instance.compute.login, instance.compute.login,
@ -63,9 +81,9 @@ def console(request):
response = render(request, console_page, locals()) response = render(request, console_page, locals())
else: else:
if console_type is None: if console_type is None:
console_error = "Fail to get console. Please check the console configuration of your VM." console_error = _("Fail to get console. Please check the console configuration of your VM.")
else: else:
console_error = "Console type '%(type)s' has not support" % {"type": console_type} console_error = _("Console type '%(type)s' has not support") % {"type": console_type}
response = render(request, "console-vnc-lite.html", locals()) response = render(request, "console-vnc-lite.html", locals())
response.set_cookie("token", token) response.set_cookie("token", token)