pythondjangoautomationsubprocessazure-app-service-envrmnt

Download and Install Software Application to client machine from hosted web application Django

I was working on scripts, I have added exe file to azure storage I have provided URL link on website, once local user click on that link, he should able to download and install application on his local machine. its was working fine when it was on development step because I was testing this on local webserver, once I hosted it was not working, It was downloading exe files on hosted virtual machine. if you guys have any idea or suggestions it would helps me alot,

@login_required(login_url='/')
def runcmd(request):
import os
import subprocess
import getpass
if request.method == 'POST':
    if 'app_url' in request.POST:
        app_dw_link = request.POST.get('app_url')
        app_obj = get_object_or_404(AppStore, id=int(app_dw_link))
        url = app_obj.app_file.url
        usrname = getpass.getuser()
        messages.success(request, usrname)
        folder = 'Temp'
        dir_path = os.path.dirname(os.path.realpath(__file__))
        messages.success(request, dir_path)
        destination = f"C:\\Users\\{usrname}\\AppData\\Local\\{folder}"
        if not os.path.exists(destination):
            os.makedirs(destination)
            destination = f'C:\\Users\\{usrname}\\AppData\\Local\\{folder}\\{app_obj.app_name}.exe' #add switches
            download = urlretrieve(url, destination)
            messages.success(request, download)
            subprocess.Popen([destination, '/Silent'], shell=True, stdout=subprocess.PIPE)
        else:
            destination = f'C:\\Users\\{usrname}\\AppData\\Local\\{folder}\\{app_obj.app_name}.exe' #add switches
            download = urlretrieve(url, destination)
            messages.success(request, download)
            subprocess.Popen([destination, '/Silent'], shell=True, stdout=subprocess.PIPE)
        messages.success(request, 'Download completed')
return redirect("selfservice:it_store")
Solution

  • As you may have already figured, that code only downloads and runs the installer on the machine actually running this code (i.e. the server). You can't force a client to download and install software from your web application due to security reasons. The best you can do is redirect them to a download URL where your installer is hosted and then just expect the user to manually install the software themselves. For example,

    return redirect("https://www.example.com/installer.exe")

    Then their browser will be redirected to that download link and may initiate download (the browser may ask user for permission depending on browser settings). Then it is up to the user to download and run the installer and follow all appropriate installation steps. This is as much control as you'll have on the process because it is a huge security vulnerability if websites could force-install software on your machine without your knowledge or permission.