def new_user(): test_username = '******' user = User.query.filter_by(username=test_username).first() # create user in database if not user: hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8') user = User(username=test_username, password=hashed_password) db.session.add(user) db.session.commit() # create user directory user_dir = os.path.join(OUTPUT_DIR, user.username) if not os.path.exists(user_dir): os.makedirs(user_dir) # create user src directory src_dir = os.path.join(user_dir, 'src') if not os.path.exists(src_dir): os.makedirs(src_dir) # create user exfiltrated files directory files_dir = os.path.join(user_dir, 'files') if not os.path.exists(files_dir): os.makedirs(files_dir) yield user cleanup()
def new_user(): test_username = '******' user = User.query.filter_by(username=test_username).first() if not user: hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8') user = User(username=test_username, password=hashed_password) db.session.add(user) db.session.commit() yield user cleanup()
def account(): """Account configuration page.""" form = ResetPasswordForm() if form.validate_on_submit(): # update user's password in the database user = User.query.filter_by(username=current_user.username).first() hashed_password = bcrypt.generate_password_hash( form.password.data).decode('utf-8') user.password = hashed_password db.session.commit() flash("Your password has been updated.", "success") db.session.commit() return render_template("account.html", title="Account", form=form)
def register(): """Register user""" form = RegistrationForm() if form.validate_on_submit(): # only allow 1 user on locally hosted version if len(User.query.all()) == 0: # add user to database hashed_password = bcrypt.generate_password_hash( form.password.data).decode('utf-8') user = User(username=form.username.data, password=hashed_password) db.session.add(user) db.session.commit() # create user directory user_dir = os.path.join(OUTPUT_DIR, user.username) if not os.path.exists(user_dir): os.makedirs(user_dir) # create user src directory src_dir = os.path.join(user_dir, 'src') if not os.path.exists(src_dir): os.makedirs(src_dir) # create user exfiltrated files directory files_dir = os.path.join(user_dir, 'files') if not os.path.exists(files_dir): os.makedirs(files_dir) # initialize c2 session storage c2.sessions[user.username] = {} # notify user and redirect to login flash("You have successfully registered!", 'info') logout_user() return redirect(url_for('users.login')) else: flash("User already exists on this server.", 'danger') return render_template("register.html", form=form, title="Register")
def test_add_user(app_client): """ Given a username and hashed password, when the user_dao.add_user method is called, check the user data is added to the database correctly. """ try: test_username = '******' test_password = '******' test_hashed_password = bcrypt.generate_password_hash( test_password).decode('utf-8') user = user_dao.add_user(username=test_username, hashed_password=test_hashed_password) except Exception as e: pytest.fail("user_dao.add_user returned exception: " + str(e)) assert user.username == test_username assert user.password == test_hashed_password assert bcrypt.check_password_hash(user.password, test_password) # clean up User.query.delete() db.session.commit()