def register(): if request.method.upper() == 'GET': db = Database() questions = db.list_questions() return render_template('register.html', questions=questions) elif request.method.upper() == 'POST': username = request.form['username'] password = request.form['password'] password2 = request.form['confirm_password'] question1 = request.form['question1'] question2 = request.form['question2'] question3 = request.form['question3'] answer1 = request.form['answer1'] answer2 = request.form['answer2'] answer3 = request.form['answer3'] if password != password2: flash('Passwords are not the same', 'danger') return redirect_to_referrer() db = Database() if db.does_username_exist(username): flash('Username already exists', 'danger') return redirect_to_referrer() if len([question1, question2, question3]) != len( list(set([question1, question2, question3]))): flash('Questions are the same', 'danger') return redirect_to_referrer() first_name = request.form['first_name'] last_name = request.form['last_name'] email_address = request.form['email_address'] if len(first_name) == 0: first_name = None if len(last_name) == 0: last_name = None if len(email_address) == 0: email_address = None userId = db.create_user(db.get_user_role_id(), username, password, first_name, last_name, email_address) user = db.get_user(username, password) db.create_answer(userId, question1, answer1) db.create_answer(userId, question2, answer2) db.create_answer(userId, question3, answer3) for key in user.keys(): flask_session[key] = user[key] questions = db.list_questions() return render_template('user_settings.html', questions=questions, success_message='Account created successfully')
def view_sessions(): db = Database() is_admin = False if is_logged_in() and db.is_user_id_administrator( flask_session['user_id']): is_admin = True sessions = [] for db_session in db.get_all_sessions(): session = { 'name': db_session['name'], 'session_id': db_session['session_id'], 'time_created': db_session['time_created'] } if is_logged_in(): session['can_resume'] = True if is_admin or flask_session['user_id'] == db_session['creator_id']: session['has_control'] = True else: session['has_control'] = False last_modified = db.last_modified(db_session['session_id'])[0] if (last_modified != None): session['last_modified'] = last_modified else: session['last_modified'] = '' sessions.append(session) return render_template('view_sessions.html', sessions=sessions)
def create_session(): if not is_logged_in(): flash('You must be logged in to perform this operation.', 'danger') return redirect('/') if request.method.upper() == 'GET': return render_template('create_session.html') elif request.method.upper() == 'POST': session_name = request.form['session_name'] if session_name is None or len(session_name) == 0: flash('Invalid session name.', 'danger') return redirect('/') else: db = Database() if db.does_session_name_exist(session_name): flash('Session name already exists.', 'danger') return redirect('/') else: session_id = db.create_session(session_name, flask_session['user_id']) set_current_session(session_id, session_name) return redirect('/')
def show_current_session(session_id=None): if session_id is None: return redirect('/session/viewall') db = Database() # get all current entries and load up session_name = db.get_session_name(session_id) entries = [] for db_entry in db.get_entries_for_session(session_id): entry = { 'entry_id': db_entry['entry_id'], 'value': db_entry['value'], 'time_created': db_entry['time_created'] } if not is_logged_in(): entry['can_update'] = False else: if db.is_user_id_administrator( flask_session['user_id'] ) or db_entry['creator_id'] == flask_session['user_id']: entry['can_update'] = True entries.append(entry) return render_template('view_session.html', session_name=session_name, entries=entries)
def delete_user(user_id): db = Database() if is_logged_in() and db.is_user_id_administrator( flask_session['user_id']): db.delete_user(user_id) return redirect_to_referrer()
def settings(): if not is_logged_in(): # REDIRECT TO LOGIN flash('You must be logged in to view this.', 'danger') return redirect('/error') db = Database() questions = db.list_questions() return render_template('user_settings.html', questions=questions)
def refresh_cache(): if is_logged_in(): user_id = get_current_user_id() db = Database() user = db.get_user_by_id(user_id) for key in user.keys(): flask_session[key] = user[key] pass
def console(): if not is_logged_in(): # REDIRECT TO LOGIN flash('You must be logged in to view this.', 'danger') return redirect('/') if not is_current_session_set(): # REDIRECT TO VIEW SESSIONS PAGE flash('You must have a current session set to view this.', 'danger') return redirect('/') db = Database() actions_ul = [] actions_ur = [] actions_ll = [] for action in db.get_entry_options_by_category_id(1): actions_ul.append({ 'value': action['value'], 'color_class': action['color_class'], 'category': action['category_name'] }) for action in db.get_entry_options_by_category_id(2): actions_ur.append({ 'value': action['value'], 'color_class': action['color_class'], 'category': action['category_name'] }) for action in db.get_entry_options_by_category_id(3): actions_ll.append({ 'value': action['value'], 'color_class': action['color_class'], 'category': action['category_name'] }) actions_ul.append({ 'value': action['value'], 'color_class': action['color_class'], 'category': action['category_name'] }) session_id = session['current_session_id'] dates = [] for db_entry in db.get_entries_for_session(session_id): dates += [getDate(db_entry['time_created'])] dates = list(sorted(set(dates), key=dates.index)) data = getData(dates, db.get_internal_entries_for_session(session_id)) return render_template('console.html', actions_ul=actions_ul, actions_ur=actions_ur, actions_ll=actions_ll, data=data)
def user_questions(username): db = Database() try: userId = db.get_user_id(username) questionsID = db.get_user_questionsId(userId) for i in range(len(questionsID)): questionsID[i] = questionsID[i]['question_id'] questions = db.get_questions(questionsID) for j in range(len(questions)): questions[j] = questions[j]['question'] questions_guess = db.get_user_questions_guess(userId) question = questions[questions_guess - 1] if request.method.upper() == 'GET': if questions_guess > 0: return render_template('questions.html', question=question, username=username, questions_guess=questions_guess) else: flash( 'No additional password recovery mechanism attempts remaining.', 'danger') flash( 'Please contact your system administrator to reset your password.', 'danger') return redirect('/') elif request.method.upper() == 'POST': req = request.form userAnswer = req.get('answer') realAnswer = db.get_user_answer(questionsID[questions_guess - 1], userId) if (userAnswer == realAnswer): session['userId'] = userId return redirect('/reset_password') else: if (questions_guess < 1): flash('Failed security questions too many times', 'danger') flash('Contact administrator at: [email protected]', 'danger') return redirect('/') else: flash('The answer you gave is incorrect', 'danger') db.update_user_question_guess(userId, questions_guess - 1) return redirect('/questions/' + username) return render_template('questions.html', question=question, username=username, questions_guess=questions_guess + 1) except Exception as e: flash('Username not found', "danger") print(e, file=sys.stderr) return redirect('/questions')
def delete_entry(entry_id): if not is_logged_in(): return 'User is not logged in; creator_id is not set' db = Database() db_entry = db.get_entry(entry_id) if db_entry['creator_id'] == get_current_user_id( ) or db.is_user_id_administrator(get_current_user_id()): db.disable_entry(entry_id) else: return "Invalid permissions" return redirect_to_referrer()
def add_freetext(): if not is_logged_in(): return 'User is not logged in; creator_id is not set' if not is_current_session_set(): return 'Current session is not set' db = Database() value = request.data.decode() category_id = db.get_category_id_by_name("FREETEXT") db.add_entry_with_category(get_current_session_id(), get_current_user_id(), category_id, value) return "OK"
def update_settings(): if not is_logged_in(): flash('You must be logged in to perform this operation.', 'danger') return redirect('/') user_id = get_current_user_id() first_name = request.form['first_name'] last_name = request.form['last_name'] email = request.form['email'] db = Database() db.update_user_first_name(user_id, first_name) db.update_user_last_name(user_id, last_name) db.update_user_email_address(user_id, email) answer1 = request.form['answer1'] answer2 = request.form['answer2'] answer3 = request.form['answer3'] if (answer1 or answer2 or answer3): question1 = request.form['question1'] question2 = request.form['question2'] question3 = request.form['question3'] if len([question1, question2, question3]) != len( list(set([question1, question2, question3]))): flash('Questions are the same', 'danger') return redirect_to_referrer() db.delete_user_answers(user_id) db.create_answer(user_id, question1, answer1) db.create_answer(user_id, question2, answer2) db.create_answer(user_id, question3, answer3) refresh_cache() password = request.form['password'] password2 = request.form['confirm_password'] if len(password) > 0 and len(password2) > 0: if password == password2: db.update_user_password(user_id, password) else: flash('There was an issue; passwords were not updated.', 'danger') return redirect('/settings') questions = db.list_questions() return render_template('user_settings.html', success_message='Settings updated successfully', questions=questions)
def ext_get_alerts(api_key, session_id): if session_id is None or session_id == '': return "No unique session identifier provided", HTTPStatus.BAD_REQUEST.value db = Database() # db_alerts = db.get_all_alerts_and_disable_for_session_id(get_current_session_id()) db_alerts = db.get_all_alerts_and_disable_for_session_id(session_id) alerts = [] for db_alert in db_alerts: alert = { 'value': db_alert['value'], 'time_created': db_alert['time_created'] } alerts.append(alert) return json.dumps(alerts)
def reset_password(): if request.method.upper() == 'GET': return render_template('reset_password.html') else: db = Database() userId = session['userId'] password = request.form['password'] password2 = request.form['confirm_password'] if len(password) > 0 and len(password2) > 0: if password == password2: db.update_user_question_guess(userId, 3) db.update_user_password(userId, password) flash('Password was successfully updated', 'success') return redirect('/') else: flash('There was an issue; passwords were not updated', 'danger') return redirect(request.url) return render_template('questions.html')
def toggle_admin_for_user(user_id): db = Database() if is_logged_in() and db.is_user_id_administrator( flask_session['user_id']): user = db.get_user_by_id(user_id) role_id = user['role_id'] if role_id == db.get_administrator_role_id(): role_id = db.get_user_role_id() else: role_id = db.get_administrator_role_id() db.update_users_role(user_id, role_id) return redirect_to_referrer() else: flash( 'You must be logged in as an administrator to perform this operation.', 'danger') return redirect_to_referrer()
def ext_create_new_session(api_key): logging.debug("EXTERNAL: Create new Session") db = Database() user = db.get_user_by_api_key(api_key) if user is None: return "Provided API key ('{}') is not associated with any registered user".format( api_key), HTTPStatus.UNAUTHORIZED.value session_name = datetime.datetime.fromtimestamp( time.time()).strftime('%Y-%m-%d %H:%M:%S') logging.debug("Creating new session: %s (userid: %s)", session_name, user['user_id']) session_id = db.create_session(session_name, user['user_id']) logging.debug("New session id: %s", session_id) set_current_session(session_id, session_name) return "New Session ID: '{}'".format(session_id)
def login(): if request.method.upper() == 'GET': return render_template('/session/viewall.html') elif request.method.upper() == 'POST': username = request.form['username'] password = request.form['password'] db = Database() user = db.get_user(username, password) if user is None: flash('Invalid Credentials.', 'danger') return redirect('/error') else: for key in user.keys(): flask_session[key] = user[key] flash('Successfully logged in', "success") db.update_user_question_guess(user['user_id'], 3) return redirect('/session/viewall') else: redirect_to_referrer()
def ext_create_new_session_name(api_key, session_name): logging.debug("EXTERNAL: Create new Session with name") db = Database() user = db.get_user_by_api_key(api_key) if user is None: return "Provided API key ('{}') is not associated with any registered user".format( api_key), HTTPStatus.UNAUTHORIZED.value if db.does_session_name_exist(session_name): return "Provided session name ('{}') already exists".format( session_name), HTTPStatus.UNAUTHORIZED.value logging.debug("Creating new session: %s (userid: %s)", session_name, user['user_id']) session_id = db.create_session(session_name, user['user_id']) logging.debug("New session id: %s", session_id) set_current_session(session_id, session_name) return "New Session ID: '{}'".format(session_id)
def modify_entry(entry_id): if not is_logged_in(): return 'User is not logged in; creator_id is not set' if not is_current_session_set(): return 'Session_id is not set' db = Database() db_entry = db.get_entry(entry_id) if db_entry['creator_id'] == get_current_user_id( ) or db.is_user_id_administrator(get_current_user_id()): new_value = request.data.decode('utf-8') db.update_entry(entry_id, new_value) return "OK" # clear entry_option_id # clear category_id?? # update user id?? (if admin changed it) else: return "Invalid permissions"
def ext_post_event(api_key, session_id): logging.debug("EXTERNAL: Event posted") payload = request.data if len(payload) == 0: return "No payload / message body received", HTTPStatus.BAD_REQUEST.value db = Database() user = db.get_user_by_api_key(api_key) if user is None: return "Provided API key ('{}') is not associated with any registered user".format( api_key), HTTPStatus.UNAUTHORIZED.value try: parsed = json.loads(payload) except json.decoder.JSONDecodeError as ex: return ex.msg, HTTPStatus.BAD_REQUEST.value if session_id is None: return "No unique session identifier provided", HTTPStatus.BAD_REQUEST.value # if get_current_session_id() is None: # ext_create_new_session(api_key) # session_name = datetime.datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S') # logging.debug("Creating new session: %s (userid: %s)", session_name, user['user_id']) # session_id = db.create_session(session_name, user['user_id']) # logging.debug("New session id: %s", session_id) # set_current_session(session_id, session_name) for message in parsed: try: print(message) db.add_entry(session_id, user['user_id'], message['message_data']) except (TypeError, KeyError) as ex: print(ex) return "Payload / message body has invalid formatting", HTTPStatus.BAD_REQUEST.value return "OK"
def add_event(): if not is_logged_in(): return 'User is not logged in; creator_id is not set' if not is_current_session_set(): return 'Current session is not set' data = request.data.decode() category = data[data.index('=') + 1:data.index('\n')] data = data[data.index('\n') + 1:] db = Database() if category.upper() == "ALERT": logging.info("ALERT posted") db.add_alert(get_current_session_id(), get_current_user_id(), data) else: logging.info("EVENT posted") db.add_entry_with_category(get_current_session_id(), get_current_user_id(), db.get_category_id_by_name(category), data) return 'OK'
def view_all_users(): db = Database() if is_logged_in() and db.is_user_id_administrator( flask_session['user_id']): users = [] for db_user in db.get_all_users(): is_admin = db.is_user_id_administrator(db_user['user_id']) user = { 'user_id': db_user['user_id'], 'username': db_user['username'], 'first_name': db_user['first_name'], 'last_name': db_user['last_name'], 'admin': 1 if is_admin else 0 } users.append(user) return render_template('view_users.html', users=users) else: flash('You must be logged in as an administrator to view this page.', 'danger') return redirect('/')
def select_session(session_id): db = Database() name = db.get_session_name(session_id) set_current_session(session_id, name) session['session_id'] = session_id return redirect('/session/console')
def set_session(session_id): db = Database() name = db.get_session_name(session_id) set_current_session(session_id, name) session['session_id'] = session_id return redirect('/session/view/' + str(session_id))
def delete_session(session_id): db = Database() db.disable_session(session_id) if is_current_session_set() and (get_current_session_id() == session_id): clear_current_session() return redirect_to_referrer()