tardis.apps.sftp package¶
Subpackages¶
Submodules¶
tardis.apps.sftp.admin module¶
tardis.apps.sftp.api module¶
-
class
tardis.apps.sftp.api.
SFTPACLAuthorization
¶ Bases:
tastypie.authorization.Authorization
-
create_detail
(object_list, bundle)¶ Returns either
True
if the user is allowed to create the object in question or throwUnauthorized
if they are not.Returns
True
by default.
-
delete_detail
(object_list, bundle)¶ Returns either
True
if the user is allowed to delete the object in question or throwUnauthorized
if they are not.Returns
True
by default.
-
read_detail
(object_list, bundle)¶ Returns either
True
if the user is allowed to read the object in question or throwUnauthorized
if they are not.Returns
True
by default.
-
read_list
(object_list, bundle)¶ Returns a list of all the objects a user is allowed to read.
Should return an empty list if none are allowed.
Returns the entire list by default.
-
-
class
tardis.apps.sftp.api.
SFTPPublicKeyAppResource
(api_name=None)¶ Bases:
tastypie.resources.ModelResource
Tastypie model resource for SFTPPublicKey model
-
class
Meta
¶ Bases:
object
-
authentication
= <tardis.tardis_portal.api.MyTardisAuthentication object>¶
-
detail_allowed_methods
= ['get', 'delete']¶
-
filtering
= {'id': ('exact',), 'name': ('exact',)}¶
-
list_allowed_methods
= ['get', 'post']¶
-
object_class
¶
-
queryset
¶
-
resource_name
= 'publickey'¶
-
validation
= <tastypie.validation.FormValidation object>¶
-
-
base_fields
= {'added': <tastypie.fields.DateField object>, 'id': <tastypie.fields.IntegerField object>, 'key_type': <tastypie.fields.CharField object>, 'name': <tastypie.fields.CharField object>, 'public_key': <tastypie.fields.CharField object>, 'resource_uri': <tastypie.fields.CharField object>}¶
-
declared_fields
= {}¶
-
dehydrate
(bundle)¶ A hook to allow a final manipulation of data once all fields/methods have built out the dehydrated data.
Useful if you need to access more than one dehydrated field or want to annotate on additional data.
Must return the modified bundle.
-
hydrate
(bundle)¶ A hook to allow an initial manipulation of data before all methods/fields have built out the hydrated data.
Useful if you need to access more than one hydrated field or want to annotate on additional data.
Must return the modified bundle.
-
class
tardis.apps.sftp.apps module¶
-
class
tardis.apps.sftp.apps.
SFTPConfig
(app_name, app_module)¶ Bases:
tardis.app_config.AbstractTardisAppConfig
-
name
= 'tardis.apps.sftp'¶
-
verbose_name
= 'SFTP'¶
-
tardis.apps.sftp.default_settings module¶
-
tardis.apps.sftp.default_settings.
REQUIRE_SSL_TO_GENERATE_KEY
= True¶ Require a secure connection (i.e., HTTPS) to allow key generation.
-
tardis.apps.sftp.default_settings.
SFTP_USERNAME_ATTRIBUTE
= 'email'¶ The attribute from the User model (‘email’ or ‘username’) used to generate the SFTP login example on the sftp_access help page.
tardis.apps.sftp.forms module¶
-
class
tardis.apps.sftp.forms.
KeyAddForm
(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=<class 'django.forms.utils.ErrorList'>, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None)¶ Bases:
django.forms.forms.Form
-
base_fields
= {'key_type': <django.forms.fields.CharField object>, 'name': <django.forms.fields.CharField object>, 'public_key': <django.forms.fields.CharField object>}¶
-
clean
()¶ Hook for doing any extra form-wide cleaning after Field.clean() has been called on every field. Any ValidationError raised by this method will not be associated with a particular field; it will have a special-case association with the field named ‘__all__’.
-
declared_fields
= {'key_type': <django.forms.fields.CharField object>, 'name': <django.forms.fields.CharField object>, 'public_key': <django.forms.fields.CharField object>}¶
-
media
¶
-
-
class
tardis.apps.sftp.forms.
KeyGenerateForm
(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=<class 'django.forms.utils.ErrorList'>, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None)¶ Bases:
django.forms.forms.Form
-
base_fields
= {'name': <django.forms.fields.CharField object>}¶
-
declared_fields
= {'name': <django.forms.fields.CharField object>}¶
-
media
¶
-
tardis.apps.sftp.models module¶
-
class
tardis.apps.sftp.models.
SFTPPublicKey
(*args, **kwargs)¶ Bases:
django.db.models.base.Model
Model for associated SFTP public keys with users
Parameters: - user (ForeignKey for User) – user who owns this public key
- name (string) – name for this public key
- public_key (string) – OpenSSH formatted public key
- added (date) – date the public key was added (Optional)
-
exception
DoesNotExist
¶
-
exception
MultipleObjectsReturned
¶
-
added
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
get_next_by_added
(*, field=<django.db.models.fields.DateField: added>, is_next=True, **kwargs)¶
-
get_previous_by_added
(*, field=<django.db.models.fields.DateField: added>, is_next=False, **kwargs)¶
-
id
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
key_type
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
name
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
objects
= <django.db.models.manager.Manager object>¶
-
public_key
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
user
¶ Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.
In the example:
class Child(Model): parent = ForeignKey(Parent, related_name='children')
Child.parent
is aForwardManyToOneDescriptor
instance.
-
user_id
¶
tardis.apps.sftp.sftp module¶
SFTP Server
-
class
tardis.apps.sftp.sftp.
DynamicTree
(host_obj=None)¶ Bases:
object
-
add_child
(name, obj=None)¶
-
add_path
(path)¶
-
add_path_elems
(elems)¶
-
clear_children
()¶
-
get_leaf
(path, update=False)¶
-
update_all_files
()¶
-
update_dataset_files
()¶
-
update_datasets
()¶
-
update_experiments
()¶
-
update_nothing
()¶
-
-
class
tardis.apps.sftp.sftp.
MyTSFTPHandle
(df, flags=0, optional_args=None)¶ Bases:
paramiko.sftp_handle.SFTPHandle
SFTP File Handle
-
stat
()¶ Return an L{SFTPAttributes} object referring to this open file, or an error code. This is equivalent to L{SFTPServerInterface.stat}, except it’s called on an open file instead of a path.
@return: an attributes object for the given file, or an SFTP error code (like L{SFTP_PERMISSION_DENIED}). @rtype: L{SFTPAttributes} I{or error code}
-
-
class
tardis.apps.sftp.sftp.
MyTSFTPRequestHandler
(request, client_address, server)¶ Bases:
socketserver.BaseRequestHandler
-
auth_timeout
= 60¶
-
handle
()¶
-
handle_timeout
()¶
-
setup
()¶
-
timeout
= 60¶
-
-
class
tardis.apps.sftp.sftp.
MyTSFTPServer
(*args, **kwargs)¶ Bases:
paramiko.sftp_server.SFTPServer
override SFTPServer to provide channel information to the SFTP subsystem
-
class
tardis.apps.sftp.sftp.
MyTSFTPServerInterface
(server, *args, **kwargs)¶ Bases:
paramiko.sftp_si.SFTPServerInterface
MyTardis data via SFTP
-
canonicalize
(path)¶ Return the canonical form of a path on the server.
-
experiments
¶
-
list_folder
(path)¶ Returns a list of files within a given folder. The C{path} will use posix notation (C{“/”} separates folder names) and may be an absolute or relative path.
The list of files is expected to be a list of L{SFTPAttributes} objects, which are similar in structure to the objects returned by C{os.stat}. In addition, each object should have its C{filename} field filled in, since this is important to a directory listing and not normally present in C{os.stat} results.
In case of an error, you should return one of the C{SFTP_*} error codes, such as L{SFTP_PERMISSION_DENIED}.
@param path: the requested path (relative or absolute) to be listed. @type path: str @return: a list of the files in the given folder, using L{SFTPAttributes} objects. @rtype: list of L{SFTPAttributes} I{or error code}
-
lstat
(path)¶ symbolic links are not supported
-
open
(path, flags, attr)¶ Open a file on the server and create a handle for future operations on that file. On success, a new object subclassed from L{SFTPHandle} should be returned. This handle will be used for future operations on the file (read, write, etc). On failure, an error code such as L{SFTP_PERMISSION_DENIED} should be returned.
C{flags} contains the requested mode for opening (read-only, write-append, etc) as a bitset of flags from the C{os} module:
- C{os.O_RDONLY}
- C{os.O_WRONLY}
- C{os.O_RDWR}
- C{os.O_APPEND}
- C{os.O_CREAT}
- C{os.O_TRUNC}
- C{os.O_EXCL}
(One of C{os.O_RDONLY}, C{os.O_WRONLY}, or C{os.O_RDWR} will always be set.)
The C{attr} object contains requested attributes of the file if it has to be created. Some or all attribute fields may be missing if the client didn’t specify them.
@note: The SFTP protocol defines all files to be in “binary” mode. There is no equivalent to python’s “text” mode.
Parameters: - path (basestring) – the requested datafile path
- flags (int) – flags or’d together from the C{os} module indicating the requested mode for opening the file.
- attr (SFTPAttributes) – requested attributes of the file if it is newly created.
Returns: a new L{SFTPHandle} I{or error code}.
Return type: SFTPHandle
-
session_ended
()¶ run cleanup on exceptions or disconnection. idea: collect stats and store them in this function
-
session_started
()¶ run on connection initialisation
-
stat
(path)¶ Return an L{SFTPAttributes} object for a path on the server, or an error code. If your server supports symbolic links (also known as “aliases”), you should follow them. (L{lstat} is the corresponding call that doesn’t follow symlinks/aliases.)
@param path: the requested path (relative or absolute) to fetch file statistics for. @type path: str
@return: an attributes object for the given file, or an SFTP error code (like L{SFTP_PERMISSION_DENIED}). @rtype: L{SFTPAttributes} I{or error code}
-
-
class
tardis.apps.sftp.sftp.
MyTSFTPTCPServer
(address, host_key, RequestHandlerClass=None)¶ Bases:
socketserver.TCPServer
-
allow_reuse_address
= True¶
-
close_request
(request)¶ Called to clean up an individual request.
-
shutdown_request
(request)¶ Called to shutdown and close an individual request.
-
-
class
tardis.apps.sftp.sftp.
MyTServerInterface
¶ Bases:
paramiko.server.ServerInterface
-
check_auth_interactive
(username, submethods)¶ Begin an interactive authentication challenge, if supported. You should override this method in server mode if you want to support the
"keyboard-interactive"
auth type, which requires you to send a series of questions for the client to answer.Return
AUTH_FAILED
if this auth method isn’t supported. Otherwise, you should return an .InteractiveQuery object containing the prompts and instructions for the user. The response will be sent via a call to check_auth_interactive_response.The default implementation always returns
AUTH_FAILED
.Parameters: Returns: AUTH_FAILED
if this auth method isn’t supported; otherwise an object containing queries for the userReturn type: int or .InteractiveQuery
-
check_auth_interactive_response
(responses)¶ Continue or finish an interactive authentication challenge, if supported. You should override this method in server mode if you want to support the
"keyboard-interactive"
auth type.Return
AUTH_FAILED
if the responses are not accepted,AUTH_SUCCESSFUL
if the responses are accepted and complete the authentication, orAUTH_PARTIALLY_SUCCESSFUL
if your authentication is stateful, and this set of responses is accepted for authentication, but more authentication is required. (In this latter case, get_allowed_auths will be called to report to the client what options it has for continuing the authentication.)If you wish to continue interactive authentication with more questions, you may return an .InteractiveQuery object, which should cause the client to respond with more answers, calling this method again. This cycle can continue indefinitely.
The default implementation always returns
AUTH_FAILED
.Parameters: responses – list of str responses from the client Returns: AUTH_FAILED
if the authentication fails;AUTH_SUCCESSFUL
if it succeeds;AUTH_PARTIALLY_SUCCESSFUL
if the interactive auth is successful, but authentication must continue; otherwise an object containing queries for the userReturn type: int or .InteractiveQuery
-
check_auth_password
(username, password)¶ Determine if a given username and password supplied by the client is acceptable for use in authentication.
Return
AUTH_FAILED
if the password is not accepted,AUTH_SUCCESSFUL
if the password is accepted and completes the authentication, orAUTH_PARTIALLY_SUCCESSFUL
if your authentication is stateful, and this key is accepted for authentication, but more authentication is required. (In this latter case, get_allowed_auths will be called to report to the client what options it has for continuing the authentication.)The default implementation always returns
AUTH_FAILED
.Parameters: Returns: AUTH_FAILED
if the authentication fails;AUTH_SUCCESSFUL
if it succeeds;AUTH_PARTIALLY_SUCCESSFUL
if the password auth is successful, but authentication must continue.Return type:
-
check_auth_publickey
(username, key)¶ Determine if a given key supplied by the client is acceptable for use in authentication. You should override this method in server mode to check the username and key and decide if you would accept a signature made using this key.
Return
AUTH_FAILED
if the key is not accepted,AUTH_SUCCESSFUL
if the key is accepted and completes the authentication, orAUTH_PARTIALLY_SUCCESSFUL
if your authentication is stateful, and this password is accepted for authentication, but more authentication is required. (In this latter case, get_allowed_auths will be called to report to the client what options it has for continuing the authentication.)Note that you don’t have to actually verify any key signtature here. If you’re willing to accept the key, Paramiko will do the work of verifying the client’s signature.
The default implementation always returns
AUTH_FAILED
.Parameters: - username (str) – the username of the authenticating client
- key (PKey) – the key object provided by the client
Returns: AUTH_FAILED
if the client can’t authenticate with this key;AUTH_SUCCESSFUL
if it can;AUTH_PARTIALLY_SUCCESSFUL
if it can authenticate with this key but must continue with authenticationReturn type:
-
check_channel_request
(kind, chanid)¶ Determine if a channel request of a given type will be granted, and return
OPEN_SUCCEEDED
or an error code. This method is called in server mode when the client requests a channel, after authentication is complete.If you allow channel requests (and an ssh server that didn’t would be useless), you should also override some of the channel request methods below, which are used to determine which services will be allowed on a given channel:
- check_channel_pty_request
- check_channel_shell_request
- check_channel_subsystem_request
- check_channel_window_change_request
- check_channel_x11_request
- check_channel_forward_agent_request
The
chanid
parameter is a small number that uniquely identifies the channel within a .Transport. A .Channel object is not created unless this method returnsOPEN_SUCCEEDED
– once a .Channel object is created, you can call .Channel.get_id to retrieve the channel ID.The return value should either be
OPEN_SUCCEEDED
(or0
) to allow the channel request, or one of the following error codes to reject it:OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
OPEN_FAILED_CONNECT_FAILED
OPEN_FAILED_UNKNOWN_CHANNEL_TYPE
OPEN_FAILED_RESOURCE_SHORTAGE
The default implementation always returns
OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
.Parameters: Returns: an int success or failure code (listed above)
-
get_allowed_auths
(username)¶ Return a list of authentication methods supported by the server. This list is sent to clients attempting to authenticate, to inform them of authentication methods that might be successful.
The “list” is actually a string of comma-separated names of types of authentication. Possible values are
"password"
,"publickey"
, and"none"
.The default implementation always returns
"password"
.Parameters: username (str) – the username requesting authentication. Returns: a comma-separated str of authentication types
-
myt_auth
(username, password)¶
-
-
tardis.apps.sftp.sftp.
start_server
(host=None, port=None, keyfile=None)¶ The SFTP_HOST_KEY setting is required for configuring SFTP access. The SFTP_PORT setting defaults to 2200.
See: tardis/default_settings/sftp.py
tardis.apps.sftp.urls module¶
tardis.apps.sftp.views module¶
-
tardis.apps.sftp.views.
cybderduck_connection_window
(request)¶
-
tardis.apps.sftp.views.
sftp_access
(request)¶ Show dynamically generated instructions on how to connect to SFTP :param Request request: HttpRequest :return: HttpResponse :rtype: HttpResponse
-
tardis.apps.sftp.views.
sftp_keys
(request)¶ Generate an RSA key pair for a user.
Generates a key pair, stores the public part of the key and provides a one time opportunity for the user to download the private part of the key.
Parameters: request (HttpRequest) – http request Returns: either returns form on GET request or private key download on POST request Return type: HttpResponse