pywebexec 1.7.3__py3-none-any.whl → 1.7.5__py3-none-any.whl

pywebexec/pywebexec.py

@@ -33,6 +33,8 @@ if os.environ.get('PYWEBEXEC_LDAP_SERVER'):
 app = Flask(__name__)
 app.secret_key = os.urandom(24)  # Secret key for session management
 app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'  # Add SameSite attribute to session cookies
+app.config['SESSION_COOKIE_SECURE'] = True
+app.config['SESSION_COOKIE_HTTPONLY'] = True
 auth = HTTPBasicAuth()
 
 app.config['LDAP_SERVER'] = os.environ.get('PYWEBEXEC_LDAP_SERVER')
@@ -112,7 +114,7 @@ def generate_selfsigned_cert(hostname, ip_addresses=None, key=None):
     from cryptography.hazmat.backends import default_backend
     from cryptography.hazmat.primitives import serialization
     from cryptography.hazmat.primitives.asymmetric import rsa
-    
+
     # Generate our key
     if key is None:
         key = rsa.generate_private_key(
@@ -120,16 +122,16 @@ def generate_selfsigned_cert(hostname, ip_addresses=None, key=None):
             key_size=2048,
             backend=default_backend(),
         )
-    
+
     name = x509.Name([
         x509.NameAttribute(NameOID.COMMON_NAME, hostname)
     ])
- 
-    # best practice seem to be to include the hostname in the SAN, which *SHOULD* mean COMMON_NAME is ignored.    
+
+    # best practice seem to be to include the hostname in the SAN, which *SHOULD* mean COMMON_NAME is ignored.
     alt_names = [x509.DNSName(hostname)]
     alt_names.append(x509.DNSName("localhost"))
-    
-    # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios 
+
+    # allow addressing by IP, for when you don't have real DNS (common in most testing scenarios
     if ip_addresses:
         for addr in ip_addresses:
             # openssl wants DNSnames for ips...
@@ -138,7 +140,7 @@ def generate_selfsigned_cert(hostname, ip_addresses=None, key=None):
             # note: older versions of cryptography do not understand ip_address objects
             alt_names.append(x509.IPAddress(ipaddress.ip_address(addr)))
     san = x509.SubjectAlternativeName(alt_names)
-    
+
     # path_len=0 means this cert can only sign itself, not other certs.
     basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
     now = datetime.now(timezone.utc)
@@ -225,7 +227,7 @@ def get_last_line(file_path, cols=None, rows=None, maxsize=2048):
         except OSError:
             fd.seek(0)
         return get_visible_output(fd.read(), cols, rows)
-    
+
 
 def start_gunicorn(daemonized=False, baselog=None):
     check_processes()
@@ -304,7 +306,7 @@ def daemon_d(action, pidfilepath, silent=False, hostname=None, args=None):
 def start_term():
     os.environ["PYWEBEXEC"] = " (shared)"
     os.chdir(CWD)
-    start_time = datetime.now().isoformat()
+    start_time = datetime.now(timezone.utc).isoformat()
     user = pwd.getpwuid(os.getuid())[0]
     print(f"Starting terminal session for {user} : {term_command_id}")
     update_command_status(term_command_id, {
@@ -316,7 +318,7 @@ def start_term():
     })
     output_file_path = get_output_file_path(term_command_id)
     res = script(output_file_path)
-    end_time = datetime.now().isoformat()
+    end_time = datetime.now(timezone.utc).isoformat()
     update_command_status(term_command_id, {
         'status': 'success',
         'end_time': end_time,
@@ -488,7 +490,7 @@ def script(output_file):
         sigwinch_passthrough(None, None)
         signal.signal(signal.SIGWINCH, sigwinch_passthrough)
         p.interact()
-    
+
 
 def run_command(fromip, user, command, params, command_id):
     # app.logger.info(f'{fromip} run_command {command_id} {user}: {command} {params}')
@@ -663,7 +665,7 @@ def check_authentication():
         if request.args.get('token') == token:
             return
         return jsonify({'error': 'Forbidden'}), 403
-    
+
     if not app.config['USER'] and not app.config['LDAP_SERVER']:
         return
 
@@ -704,7 +706,7 @@ def verify_ldap(username, password):
             user_dn = conn.entries[0].entry_dn
         finally:
             conn.unbind()
-        
+
         # Bind with the user DN and password to verify credentials
         conn = Connection(server, user=user_dn, password=password, authentication=SIMPLE, auto_bind=True, read_only=True)
         try:

pywebexec/static/js/popup.js

@@ -117,7 +117,7 @@ async function fetchOutput(url) {
     try {
         const response = await fetch(url);
         if (!response.ok) {
-            document.getElementById('dimmer').style.display = 'none';
+            document.getElementById('dimmer').style.display = 'block';
             return;
         }
         const data = await response.json();
@@ -151,6 +151,7 @@ async function fetchOutput(url) {
                 toggleButton.style.display = 'block';
                 setCommandStatus(data.status)
             }
+            document.getElementById('dimmer').style.display = 'none';
         }
     } catch (error) {
         document.getElementById('dimmer').style.display = 'block';

pywebexec/static/js/script.js

@@ -361,7 +361,7 @@ async function stopCommand(command_id, event) {
 function formatTime(time) {
     if (!time || time === 'N/A') return 'N/A';
     const date = new Date(time);
-    return date.toISOString().slice(0, 16).replace('T', ' ');
+    return date.toLocaleString("sv-SE", { hour12: false, timeStyle: 'short', dateStyle: 'short' }).slice(5);
 }
 
 function formatDuration(startTime, endTime) {
@@ -370,8 +370,8 @@ function formatDuration(startTime, endTime) {
     const end = new Date(endTime);
     const duration = (end - start) / 1000;
     const hours = Math.floor(duration / 3600);
-    const minutes = Math.floor((duration % 3600) / 60);
-    const seconds = Math.floor(duration % 60);
+    const minutes = Math.floor((duration % 3600) / 60).toString().padStart(2, '0');
+    const seconds = Math.floor(duration % 60).toString().padStart(2, '0');
     return `${hours}h ${minutes}m ${seconds}s`;
 }
 

pywebexec/version.py

@@ -12,5 +12,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '1.7.3'
-__version_tuple__ = version_tuple = (1, 7, 3)
+__version__ = version = '1.7.5'
+__version_tuple__ = version_tuple = (1, 7, 5)

{pywebexec-1.7.3.dist-info → pywebexec-1.7.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pywebexec
-Version: 1.7.3
+Version: 1.7.5
 Summary: Simple Python HTTP Exec Server
 Home-page: https://github.com/joknarf/pywebexec
 Author: Franck Jouvanceau
@@ -153,8 +153,9 @@ $ pywebexec -u myuser [-P mypass]
 Generated password is given if no `--pasword` option
 
 * ldap(s) password check / group member
+ldap server must accept memberOf attribute for group members
 ```shell
-$ export PYWEBEXEC_LDAP_SERVER=ldap://ldap.forumsys.com:389
+$ export PYWEBEXEC_LDAP_SERVER=ldaps://ldap.mydomain.com:389
 $ export PYWEBEXEC_LDAP_BIND_DN="cn=read-only-admin,dc=example,dc=com"
 $ export PYWEBEXEC_LDAP_BIND_PASSWORD="password"
 $ export PYWEBEXEC_LDAP_BASE_DN="dc=example,dc=com"

{pywebexec-1.7.3.dist-info → pywebexec-1.7.5.dist-info}/RECORD

@@ -1,6 +1,6 @@
 pywebexec/__init__.py,sha256=4spIsVaF8RJt8S58AG_wWoORRNkws9Iwqprj27C3ljM,99
-pywebexec/pywebexec.py,sha256=YlPtbHqISlpQN5S0gPVk0gRbvuJtg1rXrF2SPzgUXjA,33456
-pywebexec/version.py,sha256=Lv0gR-NbC-8DxwfmwXEmOzSq6Hgx6MH4xF1fYh_opXo,411
+pywebexec/pywebexec.py,sha256=VBR6KmRiHNCd0ZvGEu_5sTqzVrUEPBhM8Hi6knS1QcA,33526
+pywebexec/version.py,sha256=1PmSWdbIl6FG3GO33tTDihvotemU0-1S8uTOfaXKRIY,411
 pywebexec/static/css/Consolas NF.ttf,sha256=DJEOzF0eqZ-kxu3Gs_VE8X0NJqiobBzmxWDGpdgGRxI,1313900
 pywebexec/static/css/style.css,sha256=3s7QgbCh4wb7kfZ7Pjo-B6o3lDIBogZ-3j6AfaPdpzU,8209
 pywebexec/static/css/xterm.css,sha256=uo5phWaUiJgcz0DAzv46uoByLLbJLeetYosL1xf68rY,5559
@@ -21,8 +21,8 @@ pywebexec/static/images/resume.svg,sha256=99LP1Ya2JXakRCO9kW8JMuT_4a_CannF65Eiuw
 pywebexec/static/images/running.svg,sha256=fBCYwYb2O9K4N3waC2nURP25NRwZlqR4PbDZy6JQMww,610
 pywebexec/static/images/success.svg,sha256=NVwezvVMplt46ElW798vqGfrL21Mw_DWHUp_qiD_FU8,489
 pywebexec/static/js/commands.js,sha256=h2fkd9qpypLBxvhEEbay23nwuqUwcKJA0vHugcyL8pU,7961
-pywebexec/static/js/popup.js,sha256=UPKtjPLIR5KaAV2i1iWUGwcCTX1tT3vnOIMc8VKQqag,9311
-pywebexec/static/js/script.js,sha256=yO2PEsyO1F5w3lSCJyKkAtp21Tb7I3MQMPibxvdmFOc,18198
+pywebexec/static/js/popup.js,sha256=oVkwnOKHae11omBiTZs-00NVeS9HGNEiUo71JSwOqn4,9382
+pywebexec/static/js/script.js,sha256=TtniIzVgYa9A0nXPS13MpcGyGZfrM-r8eb0pmpqgXJA,18301
 pywebexec/static/js/xterm/LICENSE,sha256=EU1P4eXTull-_T9I80VuwnJXubB-zLzUl3xpEYj2T1M,1083
 pywebexec/static/js/xterm/addon-canvas.js,sha256=ez6QTVvsmLVNJmdJlM-ZQ5bErwlxAQ_9DUmDIptl2TM,94607
 pywebexec/static/js/xterm/addon-canvas.js.map,sha256=ECBA4B-BqUpdFeRzlsEWLSQnudnhLP-yPQJ8_hKquMo,379537
@@ -35,9 +35,9 @@ pywebexec/static/js/xterm/xterm.js.map,sha256=Y7O2Pb-fIS7Z8AC1D5s04_aiW_Jf1f4mCf
 pywebexec/templates/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pywebexec/templates/index.html,sha256=2fEN8cggHBEd8-RamDFpnekVJtIbRembFSw0-1YEptc,2979
 pywebexec/templates/popup.html,sha256=GT2jY7oOxpCaBaRl924QJWdFBmfSOP952T13d37R_pY,1506
-pywebexec-1.7.3.dist-info/LICENSE,sha256=gRJf0JPT_wsZJsUGlWPTS8Vypfl9vQ1qjp6sNbKykuA,1064
-pywebexec-1.7.3.dist-info/METADATA,sha256=-JC0TqKo6F5B43R4TKYjxzoyXvL986W-djlTshi6dUM,8060
-pywebexec-1.7.3.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-pywebexec-1.7.3.dist-info/entry_points.txt,sha256=l52GBkPCXRkmlHfEyoVauyfBdg8o-CAtC8qQpOIjJK0,55
-pywebexec-1.7.3.dist-info/top_level.txt,sha256=vHoHyzngrfGdm_nM7Xn_5iLmaCrf10XO1EhldgNLEQ8,10
-pywebexec-1.7.3.dist-info/RECORD,,
+pywebexec-1.7.5.dist-info/LICENSE,sha256=gRJf0JPT_wsZJsUGlWPTS8Vypfl9vQ1qjp6sNbKykuA,1064
+pywebexec-1.7.5.dist-info/METADATA,sha256=ueE1L7xvCOkQEjAF480gyouw1IiRKk0tVOUahe1dxU4,8122
+pywebexec-1.7.5.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+pywebexec-1.7.5.dist-info/entry_points.txt,sha256=l52GBkPCXRkmlHfEyoVauyfBdg8o-CAtC8qQpOIjJK0,55
+pywebexec-1.7.5.dist-info/top_level.txt,sha256=vHoHyzngrfGdm_nM7Xn_5iLmaCrf10XO1EhldgNLEQ8,10
+pywebexec-1.7.5.dist-info/RECORD,,