def create_new_session():
data = json.loads(request.data)
data["password"] = hash_password(data["password"])
if g.db.get_specific_user(data["username"], data["password"]) == []:
return create_error_response("IncorrectLogin", "Either the user does not exist or password is incorrect.")
try:
login_user(User(data["username"]), remember=True)
except BaseException, e:
return create_error_response(type(e).__name__, e.message)
def create_manual_check(team_id):
data = json.loads(request.data)
if len(g.db.get_specific_manual_check_for_team(data['id'], team_id)) != 0:
return create_error_response("Exists", "A manual check with the id '{}' for team '{}' already exists".format(data['id'], team_id))
try:
data['score'] = int(data['score'])
except ValueError:
return create_error_response("InvalidParameter", "Parameter 'score' must be an integer.")
g.db.create_manual_check(data['id'], data['description'], data['comments'], data['inject_number'], team_id, data['score'], data['timestamp'])
resp = redirect(url_for(".get_specific_manual_check_for_team", check_id=data['id'], team_id=team_id), code=201)
return resp
def create_machine():
data = json.loads(request.data)
if len(g.db.get_specific_machine(data['id'])) != 0:
return create_error_response("Exists", "A machine with the id '{}' already exists".format(data['id']))
g.db.create_machine(data['id'], data['general_ip'])
resp = redirect(url_for(".get_machine", machine_id=data['id']), code=201)
return resp
def create_team_config_for_machine(team_id):
data = json.loads(request.data)
if len(g.db.get_team_config_for_machine(team_id, data['machine_id'])) != 0:
return create_error_response("Exists", "A config for team '{}' machine '{}' already exists".format(team_id, data['machine_id']))
g.db.create_team_config_for_machine(team_id, **data)
resp = redirect(url_for(".get_config_for_team", team_id=team_id, machine_id=data['machine_id']), code=201)
return resp
def archive_current_scoring_session():
data = json.loads(request.data)
if len(g.db.get_specific_archived_scoring_session(data['id'])) != 0:
return create_error_response("Exists", "An archived scoring session with the id '{}' already exists".format(data['id']))
g.db.archive_current_scoring_session(data['id'])
resp = redirect(url_for(".get_specific_archived_scoring_session", session_id=data['id']), code=201)
return resp
def create_team():
data = json.loads(request.data)
if len(g.db.get_specific_team(data["id"])) != 0:
return create_error_response("Exists", "A team with the id '{}' already exists".format(data["id"]))
g.db.create_team(data["name"], data["id"])
g.redis.publish(g.daemon_channel, "changed team {}".format(data["id"]))
resp = redirect(url_for(".get_team", team_id=data["id"]), code=201)
return resp
def create_service_check():
data = json.loads(request.data)
if len(g.db.get_specific_service_check(data['id'])) != 0:
return create_error_response("Exists", "A service check with the id '{}' already exists".format(data['id']))
g.db.create_service_check(data['id'], data['description'], data['machine'], data['class_name'])
g.redis.publish(g.daemon_channel, 'changed all')
resp = redirect(url_for(".get_specific_service_check", check_id=data['id']), code=201)
return resp
def create_attack_check_for_team(team_id):
data = json.loads(request.data)
if len(g.db.get_specific_attacker_check(data['id'], team_id)) != 0:
return create_error_response("Exists", "An attacker check with the id '{}' for team '{}' already exists".format(data['id'], team_id))
g.db.create_attacker_check(data['id'], data['description'], data['machine'], team_id, data['class_name'])
g.redis.publish(g.daemon_channel, 'changed team {}'.format(team_id))
resp = redirect(url_for(".get_specific_attack_check_for_team", team_id=team_id, check_id=data['id']), code=201)
return resp
def create_new_session():
data = json.loads(request.data)
#data['password'] = hash_password(data['password'])
incorrect_login_desc = 'Either the user does not exist or password is incorrect.'
incorrect_login_err = 'IncorrectLogin'
user_data = g.db.get_specific_user_with_password(data['username'])
if user_data == []:
return create_error_response(incorrect_login_desc, incorrect_login_err)
unhashed_password = data['password']
hashed_password = user_data[0][u'password']
valid_password = check_password(unhashed_password, hashed_password)
if not valid_password:
return create_error_response(incorrect_login_desc, incorrect_login_err)
try:
login_user(User(data['username']), remember=True)
except BaseException, e:
return create_error_response(type(e).__name__, e.message)
def create_user():
data = json.loads(request.data)
if len(g.db.get_specific_user(data['id'])) != 0:
return create_error_response("Exists", "A user with the id '{}' already exists".format(data['id']))
if data['role'] in ('administrator', 'organizer', 'attacker'):
g.db.create_user(data['id'], hash_password(data['password']), data['email'], data['role'])
resp = redirect(url_for(".get_user", user_id=data['id']), code=201)
return resp
elif data['role'] == 'team':
if 'team' not in data:
return create_error_response('IllegalParameter', 'Users with role "team" must have the "team" parameter.')
else:
g.db.create_user(data['id'], hash_password(data['password']), data['email'], data['role'], team=data['team'])
resp = redirect(url_for(".get_user", user_id=data['id']), code=201)
return resp
else:
return create_error_response('InvalidRole', 'Users can only have roles "administrator", "organizer", "attacker", or "team".')
def create_team_config_for_machine():
team_id = g.db.get_specific_user(current_user.get_id())[0]['team']
data = json.loads(request.data)
if len(g.db.get_team_config_for_machine(team_id, data['machine_id'])) != 0:
return create_error_response("Exists", "A config for team '{}' machine '{}' already exists".format(team_id, data['machine_id']))
g.db.create_team_config_for_machine(team_id, **data)
resp = redirect(url_for(".get_config_for_team", machine_id=data['machine_id']), code=201)
return resp
def create_inject_check():
data = json.loads(request.data)
if len(g.db.get_specific_inject_check(data['id'])) != 0:
return create_error_response("Exists", "A inject check with the id '{}' already exists".format(data['id']))
convert_all_timestamp_to_datetime(data, ['time_to_check'])
g.db.create_inject_check(data['id'], data['description'], data['machine'], data['class_name'], data['inject_number'], data['time_to_check'])
g.redis.publish(g.daemon_channel, 'changed all')
resp = redirect(url_for(".get_specific_inject_check", check_id=data['id']), code=201)
return resp
def modify_user(user_id):
data = json.loads(request.data)
orig_data = g.db.get_specific_user(user_id)
if len(orig_data) == 0:
return Response(status=404)
if 'role' in data:
role = data['role']
else:
role = orig_data[0]['role']
if role in ('administrator', 'organizer', 'attacker') and 'team' in data:
return create_error_response('IllegalParameter', 'Only users with the "team" role can have the "team" parameter.')
g.db.modify_user(user_id, **data)
resp = Response(status=204)
return resp
def unauthenticated_request():
return create_error_response("NotLoggedIn", "You must log in to access this resource.", status_code=401)
def https_only():
if app.config['HTTPS_ONLY'] == 'True' and not request.base_url.split('://')[0] == 'https':
return create_error_response("HttpsOnly", "This engine is configured to only be accessed through HTTPS.")
