def register():
if request.method.upper() == 'GET':
db = Database()
questions = db.list_questions()
return render_template('register.html', questions=questions)
elif request.method.upper() == 'POST':
username = request.form['username']
password = request.form['password']
password2 = request.form['confirm_password']
question1 = request.form['question1']
question2 = request.form['question2']
question3 = request.form['question3']
answer1 = request.form['answer1']
answer2 = request.form['answer2']
answer3 = request.form['answer3']
if password != password2:
flash('Passwords are not the same', 'danger')
return redirect_to_referrer()
db = Database()
if db.does_username_exist(username):
flash('Username already exists', 'danger')
return redirect_to_referrer()
if len([question1, question2, question3]) != len(
list(set([question1, question2, question3]))):
flash('Questions are the same', 'danger')
return redirect_to_referrer()
first_name = request.form['first_name']
last_name = request.form['last_name']
email_address = request.form['email_address']
if len(first_name) == 0:
first_name = None
if len(last_name) == 0:
last_name = None
if len(email_address) == 0:
email_address = None
userId = db.create_user(db.get_user_role_id(), username, password,
first_name, last_name, email_address)
user = db.get_user(username, password)
db.create_answer(userId, question1, answer1)
db.create_answer(userId, question2, answer2)
db.create_answer(userId, question3, answer3)
for key in user.keys():
flask_session[key] = user[key]
questions = db.list_questions()
return render_template('user_settings.html',
questions=questions,
success_message='Account created successfully')
def view_sessions():
db = Database()
is_admin = False
if is_logged_in() and db.is_user_id_administrator(
flask_session['user_id']):
is_admin = True
sessions = []
for db_session in db.get_all_sessions():
session = {
'name': db_session['name'],
'session_id': db_session['session_id'],
'time_created': db_session['time_created']
}
if is_logged_in():
session['can_resume'] = True
if is_admin or flask_session['user_id'] == db_session['creator_id']:
session['has_control'] = True
else:
session['has_control'] = False
last_modified = db.last_modified(db_session['session_id'])[0]
if (last_modified != None):
session['last_modified'] = last_modified
else:
session['last_modified'] = ''
sessions.append(session)
return render_template('view_sessions.html', sessions=sessions)
def create_session():
if not is_logged_in():
flash('You must be logged in to perform this operation.', 'danger')
return redirect('/')
if request.method.upper() == 'GET':
return render_template('create_session.html')
elif request.method.upper() == 'POST':
session_name = request.form['session_name']
if session_name is None or len(session_name) == 0:
flash('Invalid session name.', 'danger')
return redirect('/')
else:
db = Database()
if db.does_session_name_exist(session_name):
flash('Session name already exists.', 'danger')
return redirect('/')
else:
session_id = db.create_session(session_name,
flask_session['user_id'])
set_current_session(session_id, session_name)
return redirect('/')
def show_current_session(session_id=None):
if session_id is None:
return redirect('/session/viewall')
db = Database()
# get all current entries and load up
session_name = db.get_session_name(session_id)
entries = []
for db_entry in db.get_entries_for_session(session_id):
entry = {
'entry_id': db_entry['entry_id'],
'value': db_entry['value'],
'time_created': db_entry['time_created']
}
if not is_logged_in():
entry['can_update'] = False
else:
if db.is_user_id_administrator(
flask_session['user_id']
) or db_entry['creator_id'] == flask_session['user_id']:
entry['can_update'] = True
entries.append(entry)
return render_template('view_session.html',
session_name=session_name,
entries=entries)
def delete_user(user_id):
db = Database()
if is_logged_in() and db.is_user_id_administrator(
flask_session['user_id']):
db.delete_user(user_id)
return redirect_to_referrer()
def settings():
if not is_logged_in(): # REDIRECT TO LOGIN
flash('You must be logged in to view this.', 'danger')
return redirect('/error')
db = Database()
questions = db.list_questions()
return render_template('user_settings.html', questions=questions)
def refresh_cache():
if is_logged_in():
user_id = get_current_user_id()
db = Database()
user = db.get_user_by_id(user_id)
for key in user.keys():
flask_session[key] = user[key]
pass
def console():
if not is_logged_in(): # REDIRECT TO LOGIN
flash('You must be logged in to view this.', 'danger')
return redirect('/')
if not is_current_session_set(): # REDIRECT TO VIEW SESSIONS PAGE
flash('You must have a current session set to view this.', 'danger')
return redirect('/')
db = Database()
actions_ul = []
actions_ur = []
actions_ll = []
for action in db.get_entry_options_by_category_id(1):
actions_ul.append({
'value': action['value'],
'color_class': action['color_class'],
'category': action['category_name']
})
for action in db.get_entry_options_by_category_id(2):
actions_ur.append({
'value': action['value'],
'color_class': action['color_class'],
'category': action['category_name']
})
for action in db.get_entry_options_by_category_id(3):
actions_ll.append({
'value': action['value'],
'color_class': action['color_class'],
'category': action['category_name']
})
actions_ul.append({
'value': action['value'],
'color_class': action['color_class'],
'category': action['category_name']
})
session_id = session['current_session_id']
dates = []
for db_entry in db.get_entries_for_session(session_id):
dates += [getDate(db_entry['time_created'])]
dates = list(sorted(set(dates), key=dates.index))
data = getData(dates, db.get_internal_entries_for_session(session_id))
return render_template('console.html',
actions_ul=actions_ul,
actions_ur=actions_ur,
actions_ll=actions_ll,
data=data)
def user_questions(username):
db = Database()
try:
userId = db.get_user_id(username)
questionsID = db.get_user_questionsId(userId)
for i in range(len(questionsID)):
questionsID[i] = questionsID[i]['question_id']
questions = db.get_questions(questionsID)
for j in range(len(questions)):
questions[j] = questions[j]['question']
questions_guess = db.get_user_questions_guess(userId)
question = questions[questions_guess - 1]
if request.method.upper() == 'GET':
if questions_guess > 0:
return render_template('questions.html',
question=question,
username=username,
questions_guess=questions_guess)
else:
flash(
'No additional password recovery mechanism attempts remaining.',
'danger')
flash(
'Please contact your system administrator to reset your password.',
'danger')
return redirect('/')
elif request.method.upper() == 'POST':
req = request.form
userAnswer = req.get('answer')
realAnswer = db.get_user_answer(questionsID[questions_guess - 1],
userId)
if (userAnswer == realAnswer):
session['userId'] = userId
return redirect('/reset_password')
else:
if (questions_guess < 1):
flash('Failed security questions too many times', 'danger')
flash('Contact administrator at: [email protected]', 'danger')
return redirect('/')
else:
flash('The answer you gave is incorrect', 'danger')
db.update_user_question_guess(userId, questions_guess - 1)
return redirect('/questions/' + username)
return render_template('questions.html',
question=question,
username=username,
questions_guess=questions_guess + 1)
except Exception as e:
flash('Username not found', "danger")
print(e, file=sys.stderr)
return redirect('/questions')
def delete_entry(entry_id):
if not is_logged_in():
return 'User is not logged in; creator_id is not set'
db = Database()
db_entry = db.get_entry(entry_id)
if db_entry['creator_id'] == get_current_user_id(
) or db.is_user_id_administrator(get_current_user_id()):
db.disable_entry(entry_id)
else:
return "Invalid permissions"
return redirect_to_referrer()
def add_freetext():
if not is_logged_in():
return 'User is not logged in; creator_id is not set'
if not is_current_session_set():
return 'Current session is not set'
db = Database()
value = request.data.decode()
category_id = db.get_category_id_by_name("FREETEXT")
db.add_entry_with_category(get_current_session_id(), get_current_user_id(),
category_id, value)
return "OK"
def update_settings():
if not is_logged_in():
flash('You must be logged in to perform this operation.', 'danger')
return redirect('/')
user_id = get_current_user_id()
first_name = request.form['first_name']
last_name = request.form['last_name']
email = request.form['email']
db = Database()
db.update_user_first_name(user_id, first_name)
db.update_user_last_name(user_id, last_name)
db.update_user_email_address(user_id, email)
answer1 = request.form['answer1']
answer2 = request.form['answer2']
answer3 = request.form['answer3']
if (answer1 or answer2 or answer3):
question1 = request.form['question1']
question2 = request.form['question2']
question3 = request.form['question3']
if len([question1, question2, question3]) != len(
list(set([question1, question2, question3]))):
flash('Questions are the same', 'danger')
return redirect_to_referrer()
db.delete_user_answers(user_id)
db.create_answer(user_id, question1, answer1)
db.create_answer(user_id, question2, answer2)
db.create_answer(user_id, question3, answer3)
refresh_cache()
password = request.form['password']
password2 = request.form['confirm_password']
if len(password) > 0 and len(password2) > 0:
if password == password2:
db.update_user_password(user_id, password)
else:
flash('There was an issue; passwords were not updated.', 'danger')
return redirect('/settings')
questions = db.list_questions()
return render_template('user_settings.html',
success_message='Settings updated successfully',
questions=questions)
def ext_get_alerts(api_key, session_id):
if session_id is None or session_id == '':
return "No unique session identifier provided", HTTPStatus.BAD_REQUEST.value
db = Database()
# db_alerts = db.get_all_alerts_and_disable_for_session_id(get_current_session_id())
db_alerts = db.get_all_alerts_and_disable_for_session_id(session_id)
alerts = []
for db_alert in db_alerts:
alert = {
'value': db_alert['value'],
'time_created': db_alert['time_created']
}
alerts.append(alert)
return json.dumps(alerts)
def reset_password():
if request.method.upper() == 'GET':
return render_template('reset_password.html')
else:
db = Database()
userId = session['userId']
password = request.form['password']
password2 = request.form['confirm_password']
if len(password) > 0 and len(password2) > 0:
if password == password2:
db.update_user_question_guess(userId, 3)
db.update_user_password(userId, password)
flash('Password was successfully updated', 'success')
return redirect('/')
else:
flash('There was an issue; passwords were not updated',
'danger')
return redirect(request.url)
return render_template('questions.html')
def toggle_admin_for_user(user_id):
db = Database()
if is_logged_in() and db.is_user_id_administrator(
flask_session['user_id']):
user = db.get_user_by_id(user_id)
role_id = user['role_id']
if role_id == db.get_administrator_role_id():
role_id = db.get_user_role_id()
else:
role_id = db.get_administrator_role_id()
db.update_users_role(user_id, role_id)
return redirect_to_referrer()
else:
flash(
'You must be logged in as an administrator to perform this operation.',
'danger')
return redirect_to_referrer()
def ext_create_new_session(api_key):
logging.debug("EXTERNAL: Create new Session")
db = Database()
user = db.get_user_by_api_key(api_key)
if user is None:
return "Provided API key ('{}') is not associated with any registered user".format(
api_key), HTTPStatus.UNAUTHORIZED.value
session_name = datetime.datetime.fromtimestamp(
time.time()).strftime('%Y-%m-%d %H:%M:%S')
logging.debug("Creating new session: %s (userid: %s)", session_name,
user['user_id'])
session_id = db.create_session(session_name, user['user_id'])
logging.debug("New session id: %s", session_id)
set_current_session(session_id, session_name)
return "New Session ID: '{}'".format(session_id)
def login():
if request.method.upper() == 'GET':
return render_template('/session/viewall.html')
elif request.method.upper() == 'POST':
username = request.form['username']
password = request.form['password']
db = Database()
user = db.get_user(username, password)
if user is None:
flash('Invalid Credentials.', 'danger')
return redirect('/error')
else:
for key in user.keys():
flask_session[key] = user[key]
flash('Successfully logged in', "success")
db.update_user_question_guess(user['user_id'], 3)
return redirect('/session/viewall')
else:
redirect_to_referrer()
def ext_create_new_session_name(api_key, session_name):
logging.debug("EXTERNAL: Create new Session with name")
db = Database()
user = db.get_user_by_api_key(api_key)
if user is None:
return "Provided API key ('{}') is not associated with any registered user".format(
api_key), HTTPStatus.UNAUTHORIZED.value
if db.does_session_name_exist(session_name):
return "Provided session name ('{}') already exists".format(
session_name), HTTPStatus.UNAUTHORIZED.value
logging.debug("Creating new session: %s (userid: %s)", session_name,
user['user_id'])
session_id = db.create_session(session_name, user['user_id'])
logging.debug("New session id: %s", session_id)
set_current_session(session_id, session_name)
return "New Session ID: '{}'".format(session_id)
def modify_entry(entry_id):
if not is_logged_in():
return 'User is not logged in; creator_id is not set'
if not is_current_session_set():
return 'Session_id is not set'
db = Database()
db_entry = db.get_entry(entry_id)
if db_entry['creator_id'] == get_current_user_id(
) or db.is_user_id_administrator(get_current_user_id()):
new_value = request.data.decode('utf-8')
db.update_entry(entry_id, new_value)
return "OK"
# clear entry_option_id
# clear category_id??
# update user id?? (if admin changed it)
else:
return "Invalid permissions"
def ext_post_event(api_key, session_id):
logging.debug("EXTERNAL: Event posted")
payload = request.data
if len(payload) == 0:
return "No payload / message body received", HTTPStatus.BAD_REQUEST.value
db = Database()
user = db.get_user_by_api_key(api_key)
if user is None:
return "Provided API key ('{}') is not associated with any registered user".format(
api_key), HTTPStatus.UNAUTHORIZED.value
try:
parsed = json.loads(payload)
except json.decoder.JSONDecodeError as ex:
return ex.msg, HTTPStatus.BAD_REQUEST.value
if session_id is None:
return "No unique session identifier provided", HTTPStatus.BAD_REQUEST.value
# if get_current_session_id() is None:
# ext_create_new_session(api_key)
# session_name = datetime.datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S')
# logging.debug("Creating new session: %s (userid: %s)", session_name, user['user_id'])
# session_id = db.create_session(session_name, user['user_id'])
# logging.debug("New session id: %s", session_id)
# set_current_session(session_id, session_name)
for message in parsed:
try:
print(message)
db.add_entry(session_id, user['user_id'], message['message_data'])
except (TypeError, KeyError) as ex:
print(ex)
return "Payload / message body has invalid formatting", HTTPStatus.BAD_REQUEST.value
return "OK"
def add_event():
if not is_logged_in():
return 'User is not logged in; creator_id is not set'
if not is_current_session_set():
return 'Current session is not set'
data = request.data.decode()
category = data[data.index('=') + 1:data.index('\n')]
data = data[data.index('\n') + 1:]
db = Database()
if category.upper() == "ALERT":
logging.info("ALERT posted")
db.add_alert(get_current_session_id(), get_current_user_id(), data)
else:
logging.info("EVENT posted")
db.add_entry_with_category(get_current_session_id(),
get_current_user_id(),
db.get_category_id_by_name(category), data)
return 'OK'
def view_all_users():
db = Database()
if is_logged_in() and db.is_user_id_administrator(
flask_session['user_id']):
users = []
for db_user in db.get_all_users():
is_admin = db.is_user_id_administrator(db_user['user_id'])
user = {
'user_id': db_user['user_id'],
'username': db_user['username'],
'first_name': db_user['first_name'],
'last_name': db_user['last_name'],
'admin': 1 if is_admin else 0
}
users.append(user)
return render_template('view_users.html', users=users)
else:
flash('You must be logged in as an administrator to view this page.',
'danger')
return redirect('/')
def select_session(session_id):
db = Database()
name = db.get_session_name(session_id)
set_current_session(session_id, name)
session['session_id'] = session_id
return redirect('/session/console')
def set_session(session_id):
db = Database()
name = db.get_session_name(session_id)
set_current_session(session_id, name)
session['session_id'] = session_id
return redirect('/session/view/' + str(session_id))
def delete_session(session_id):
db = Database()
db.disable_session(session_id)
if is_current_session_set() and (get_current_session_id() == session_id):
clear_current_session()
return redirect_to_referrer()
