def set_password(user, password):
user.password = generate_password_hash(password,
method='pbkdf2:sha256:20000')
user.api_key = User.generate_api_key()
user.session_token = generate_session_token(user)
userLogger.info("User password changed : %s", user.username)
return user
def index(self):
if request.method == "POST":
lines = []
obs = {}
if request.files.get("bulk-file"): # request files
lines = request.files.get("bulk-file").readlines()
else:
lines = request.form["bulk-text"].split("\n")
invalid_observables = 0
if bool(request.form.get("add", False)) and current_user.has_permission(
"observable", "write"
):
tags = request.form.get("tags", "").split(",")
for l in lines:
try:
txt = l.strip()
if txt:
if (
request.form["force-type"]
and request.form["force-type"] in globals()
and issubclass(
globals()[request.form["force-type"]], Observable
)
):
print(globals()[request.form["force-type"]])
o = globals()[request.form["force-type"]].get_or_create(
value=txt
)
else:
o = Observable.add_text(txt)
o.tag(tags)
obs[o.value] = o
except (ObservableValidationError, ValueError) as e:
logging.error("Error validating {}: {}".format(txt, e))
invalid_observables += 1
continue
else:
for l in lines:
obs[l.strip()] = l, None
if len(obs) > 0:
data = match_observables(obs.keys())
userLogger.info(
"User %s add observable : value=%s", current_user.username, data
)
return render_template("observable/search_results.html", data=data)
else:
if invalid_observables:
flash(
"Type guessing failed for {} observables. Try setting it manually.".format(
invalid_observables
),
"danger",
)
return render_template("observable/search.html")
return render_template("observable/search.html")
def get_default_user():
try:
# Assume authentication is anonymous if only 1 user
if User.objects.count() < 2:
userLogger.info("Default user logged in : yeti")
return User.objects.get(username="******")
return AnonymousUserMixin()
except DoesNotExist:
return create_user("yeti", "yeti", admin=True)
def search(self, query):
fltr = query.get('filter', {})
params = query.get('params', {})
regex = params.pop('regex', False)
ignorecase = params.pop('ignorecase', False)
page = params.pop('page', 1) - 1
rng = params.pop('range', 50)
userLogger.info("User %s search : filter=%s params=%s regex=%s",current_user.username,fltr,params,regex)
return list(
get_queryset(self.objectmanager, fltr, regex,
ignorecase)[page * rng:(page + 1) * rng])
def authenticate(username, password):
try:
u = User.objects.get(username=username)
if check_password_hash(u.password, password):
userLogger.info("User logged in : %s", username)
return u
else:
userLogger.warn("Attempt to log in to : %s", username)
return False
except DoesNotExist:
return False
