def set_password(self, password):
salt = bcrypt.gensalt(14)
p_bytes = password.encode()
pw_hash = bcrypt.hashpw(p_bytes, salt)
self.password_hash = pw_hash.decode()
self.salt = salt.decode()
logger.upd_log(f'{self.username} changed password', 0)
return True
def get_backup():
if not current_user.is_superuser:
logger.upd_log(
f'{current_user.username} tried to download backups from IP: {request.access_route}',
2)
return '', 204
logger.upd_log(
f'Backup downloaded by: {current_user.username} from IP: {request.access_route}',
1)
return send_from_directory(directory=app.config['BACKUP_FOLDER'],
filename='backup.zip')
def del_user(data):
user = User.query.get(int(data['id']))
if not user:
logger.upd_log(
f'Unsuccess user delete from IP: {request.access_route}', 2)
return 1
else:
db.session.delete(user)
db.session.commit()
logger.upd_log(
f'User \"{user.username}\" deleted from IP: {request.access_route}',
0)
return 0
def addsu(suname, password):
if not hassu():
user = User()
user.username = suname
user.set_description('Adminisztrátor felhasználó')
user.set_contact('*****@*****.**')
user.set_password(password)
user.is_superuser = True
user.settings = ''
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
logger.upd_log(
f'First admin: {suname} added and logged in from IP: {request.access_route}',
1)
return redirect('/')
def reset_db():
for user in User.query.all():
if not user.is_superuser:
db.session.delete(user)
db.session.commit()
Module.query.delete()
Modaux.query.delete()
Testbattery.query.delete()
Testsession.query.delete()
Client.query.delete()
Clientlog.query.delete()
Result.query.delete()
Userlog.query.delete()
Message.query.delete()
db.session.commit()
logger.upd_log('Database wiped except superusers', 1)
return 0
def login():
if current_user.is_authenticated:
logger.upd_log(
f'{current_user.username} tried to reach loginsite, redirected to /',
1)
return redirect('/')
form = LoginForm()
if request.method == 'POST' and not current_user.is_authenticated:
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if not user:
mess = {}
mess['event'] = 1109
socket.emit('generic', mess)
logger.upd_log(
f'Login attempt with invalid username: {form.username.data} from IP: {request.access_route}',
2)
return '', 204
if user.check_password(form.password.data):
login_user(user, remember=form.remember_me.data)
logger.upd_log(
f'Successful login: {form.username.data} from IP: {request.access_route}',
0)
return redirect('/')
else:
mess = {}
mess['event'] = 1109
socket.emit('generic', mess)
logger.upd_log(
f'Login attempt with invalid password: {form.username.data} from IP: {request.access_route}',
2)
return '', 204
return render_template('/noauth/login.html', title='Belépés', form=form)
def get_log(log):
if not current_user.is_superuser:
logger.upd_log(
f'{current_user.username} tried to download logs from IP: {request.access_route}',
2)
return '', 204
if log == 'archive':
logger.upd_log(
f'Log archive downloaded by: {current_user.username} from IP: {request.access_route}',
1)
return send_from_directory(directory=app.config['LOG_FOLDER'],
filename='log_archive.zip')
if log == 'current':
logger.upd_log(
f'Current log downloaded by: {current_user.username} from IP: {request.access_route}',
1)
return send_from_directory(directory=app.config['LOG_FOLDER'],
filename='log.file')
else:
logger.upd_log(f'Log download failed from IP: {request.access_route}',
3)
return '', 204
def check_adduser(data):
u = User.query.filter(User.username == str(data['username'])).all()
num_of_su = len(User.query.filter(User.is_superuser).all())
if len(u) != 0:
logger.upd_log(f'Unsuccess user add from IP: {request.access_route}',
2)
return 1 #User exists
if not validate_password(str(data['password'])):
logger.upd_log(f'Unsuccess user add from IP: {request.access_route}',
2)
return 2 #invalid password
user = User()
user.username = str(data['username'])
user.set_password(str(data['password']))
user.set_description(str(data['description']))
user.set_contact(str(data['contact']))
if user.is_superuser and num_of_su < 5:
user.is_superuser = data['is_superuser']
elif user.is_superuser and num_of_su >= 5:
logger.upd_log(f'Unsuccess user add from IP: {request.access_route}',
2)
return 3 # su munber exceeded
db.session.add(user)
db.session.commit()
logger.upd_log(
f'User \"{user.username}\" added from IP: {request.access_route}', 0)
return 0
def index():
#if user is not autheticated, display noauth index.html
if not current_user.is_authenticated:
logger.upd_log(f'Non-auth visit from IP: {request.access_route}', 0)
return render_template('/noauth/index.html')
#else if user is superuser display admin index.html
elif current_user.is_authenticated and current_user.is_superuser:
adduserform = AddUserForm()
logger.upd_log(
f'Admin visit from IP: {request.access_route}, admin: {current_user.username}',
0)
return render_template('/admin/index-admin.html',
data=get_sudata(),
adduserform=adduserform)
# else if user is not superuser display user index.html
elif current_user.is_authenticated and not current_user.is_superuser:
logger.upd_log(
f'User visit from IP: {request.access_route}, user: {current_user.username}',
0)
return render_template('/user/index.html')
def logout():
logger.upd_log(
f'User logged out from ip: {request.access_route}, user: {current_user.username}',
0)
logout_user()
return redirect('/')
def new_admin_message(data):
if not current_user.is_authenticated or not current_user.is_superuser:
logger.upd_log(
f'Non-superuser tried to reach ws admin namespace from IP {request.access_route}',
2)
return False
# where to send the answer -> sid
sid = request.sid
#check adduser creditentials
if data['event'] == 2201:
mess = {}
mess['event'] = 1201
mess['status'] = check_adduser(data)
if mess['status'] == 0:
mess['new_users'] = json.dumps(json.loads(get_sudata())['users'])
socket.emit('admin', mess, room=sid)
logger.upd_log(
f'{current_user.username} adder new user with status code {mess["status"]}',
1)
return True
#del user by id
if data['event'] == 2251:
mess = {}
mess['event'] = 1251
mess['status'] = del_user(data)
mess['new_users'] = json.dumps(json.loads(get_sudata())['users'])
socket.emit('admin', mess, room=sid)
return True
#send test mail
if data['event'] == 2701:
mess = {}
mess['event'] = 1701
mess['status'] = sendmail_flaskmail(data)
socket.emit('admin', mess, room=sid)
return True
#request for refreshed logfile as json
if data['event'] == 2801:
mess = {}
mess['event'] = 1801
mess['data'] = logger.return_json()
socket.emit('admin', mess, room=sid)
return True
#backup entire db
if data['event'] == 2851:
mess = {}
mess['event'] = 1850
mess['status'] = bu.backup_all()
socket.emit('admin', mess, room=sid)
return True
#restore entire db
if data['event'] == 2871:
mess = {}
mess['event'] = 1871
mess['status'] = bu.restore_all()
socket.emit('admin', mess, room=sid)
return True
#init password change
if data['event'] == 2889:
mess = {}
mess['event'] = 1889
mess['status'] = bu.change_backup_password(iterates=100,
password_length=32)
socket.emit('admin', mess, room=sid)
return True
#reset entire db
if data['event'] == 2899:
mess = {}
mess['event'] = 1899
mess['status'] = reset_db()
socket.emit('admin', mess, room=sid)
return True
def get_sudata():
'''
return a json, format:
{
current_user{
id: <id>,
id : <id>,
username : <username>
description : <description> !
contact : <contact> !
is_superuser : <is_superuser>
settings : <settings>
added : <formatted string>
last_modified : <formatted string>
},
users : [
{
id : <id>,
username : <username>
description : <description> !
contact : <contact> !
is_superuser : <is_superuser>
settings : <settings>
added : <formatted string>
last_modified : <formatted string>
}
]
}
'''
data = {}
users = [] #DONE
modules = [] #DONE
modauxs = [] #DONE
testbatteries = [] #DONE
testsessions = [] #DONE
clients = [] #DONE
clientlogs = [] #DONE
results = [] #DONE
cu = {}
cu['id'] = current_user.id
cu['username'] = current_user.username
cu['description'] = current_user.get_description()
cu['contact'] = current_user.get_contact()
cu['is_superuser'] = current_user.is_superuser
cu['settings'] = current_user.settings
#cu['added'] = current_user.added
cu['added'] = current_user.added.strftime("%Y-%m-%dT%H:%M:%S")
#cu['last_modified'] = current_user.last_modified
cu['last_modified'] = current_user.last_modified.strftime(
"%Y-%m-%dT%H:%M:%S")
data['current_user'] = cu
for user in User.query.all():
u = {}
u['id'] = user.id
u['username'] = user.username
u['description'] = user.get_description()
u['contact'] = user.get_contact()
u['is_superuser'] = user.is_superuser
u['settings'] = user.settings
#u['added'] = user.added
u['added'] = user.added.strftime("%Y-%m-%dT%H:%M:%S")
#u['last_modified'] = user.last_modified
u['last_modified'] = user.last_modified.strftime("%Y-%m-%dT%H:%M:%S")
users.append(u)
data['users'] = users
for module in Module.query.all():
m = {}
m['id'] = module.id
m['uuid'] = module.uuid
m['short_name'] = module.short_name
m['verbose_name'] = module.verbose_name
m['description'] = module.description
m['attributes'] = module.attributes
m['added'] = module.added.strftime("%Y-%m-%dT%H:%M:%S")
m['last_modified'] = module.last_modified.strftime("%Y-%m-%dT%H:%M:%S")
modules.append(module)
data['modules'] = modules
for modaux in Modaux.query.all():
ma = {}
ma[id] = modaux.id
ma['user_id'] = module.user_id
ma['module_id'] = module.module_id
modauxs.append(ma)
data['modaux'] = modauxs
for testbattery in Testbattery.query.all():
tb = {}
tb['id'] = testbattery.id
tb['user_id'] = testbattery.user_id
tb['name'] = testbattery.name
tb['description'] = testbattery.description
tb['created'] = testbattery.created.strftime("%Y-%m-%dT%H:%M:%S")
tb['last_modified'] = testbattery.last_modified.strftime(
"%Y-%m-%dT%H:%M:%S")
tb['modules'] = testbattery.modules
testbatteries.append(tb)
data['testbatteries'] = testbatteries
for testsession in Testsession.query.all():
ts = {}
ts['id'] = testsession.id
ts['uuid'] = testsession.uuid
ts['user_id'] = testsession.user_id
ts['testbattery_id'] = testsession.testbattery_id
ts['created'] = testsession.created.strftime("%Y-%m-%dT%H:%M:%S")
ts['due'] = testsession.due.strftime("%Y-%m-%dT%H:%M:%S")
ts['state'] = testsession.state
ts['invitation_text'] = testsession.get_invitation()
ts['added'] = testsession.added.strftime("%Y-%m-%dT%H:%M:%S")
ts['last_modified'] = testsession.last_modified.strftime(
"%Y-%m-%dT%H:%M:%S")
testsessions.append(ts)
data['testsessions'] = testsessions
for client in Client.query.all():
c = {}
c['id'] = client.id
c['uuid'] = client.uuid
c['name'] = client.get_name()
c['email'] = client.get_email()
c['state'] = client.state
c['session_id'] = client.session_id
c['invitation_status'] = client.invitation_status
c['added'] = client.added.strftime("%Y-%m-%dT%H:%M:%S")
c['last_modified'] = client.last_modified.strftime("%Y-%m-%dT%H:%M:%S")
clients.append(c)
data['clients'] = clients
for clientlog in Clientlog.query.all():
cl = {}
cl['id'] = clientlog.id
cl['client_id'] = clientlog.client_id
cl['message'] = clientlog.message
cl['source'] = clientlog.source
cl['timestamp'] = clientlog.timestamp.strftime("%Y-%m-%dT%H:%M:%S")
clientlogs.append(cl)
data['clientlogs'] = clientlogs
for result in Result.query.all():
r = {}
r['id'] = result.id
r['client_id'] = result.client_id
r['session_id'] = result.session_id
r['module_id'] = result.module_id
r['timestamp'] = result.timestamp.strftime("%Y-%m-%dT%H:%M:%S")
r['result_raw'] = result.get_result()
r['added'] = result.added.strftime("%Y-%m-%dT%H:%M:%S")
r['last_modified'] = result.last_modified.strftime("%Y-%m-%dT%H:%M:%S")
results.append(r)
data['results'] = results
logger.upd_log(f'All data provided to IP: {request.access_route}', 1)
return json.dumps(data)