def set_password(user, password): user.password = generate_password_hash(password, method='pbkdf2:sha256:20000') user.api_key = User.generate_api_key() user.session_token = generate_session_token(user) userLogger.info("User password changed : %s", user.username) return user
def index(self): if request.method == "POST": lines = [] obs = {} if request.files.get("bulk-file"): # request files lines = request.files.get("bulk-file").readlines() else: lines = request.form["bulk-text"].split("\n") invalid_observables = 0 if bool(request.form.get("add", False)) and current_user.has_permission( "observable", "write" ): tags = request.form.get("tags", "").split(",") for l in lines: try: txt = l.strip() if txt: if ( request.form["force-type"] and request.form["force-type"] in globals() and issubclass( globals()[request.form["force-type"]], Observable ) ): print(globals()[request.form["force-type"]]) o = globals()[request.form["force-type"]].get_or_create( value=txt ) else: o = Observable.add_text(txt) o.tag(tags) obs[o.value] = o except (ObservableValidationError, ValueError) as e: logging.error("Error validating {}: {}".format(txt, e)) invalid_observables += 1 continue else: for l in lines: obs[l.strip()] = l, None if len(obs) > 0: data = match_observables(obs.keys()) userLogger.info( "User %s add observable : value=%s", current_user.username, data ) return render_template("observable/search_results.html", data=data) else: if invalid_observables: flash( "Type guessing failed for {} observables. Try setting it manually.".format( invalid_observables ), "danger", ) return render_template("observable/search.html") return render_template("observable/search.html")
def get_default_user(): try: # Assume authentication is anonymous if only 1 user if User.objects.count() < 2: userLogger.info("Default user logged in : yeti") return User.objects.get(username="******") return AnonymousUserMixin() except DoesNotExist: return create_user("yeti", "yeti", admin=True)
def search(self, query): fltr = query.get('filter', {}) params = query.get('params', {}) regex = params.pop('regex', False) ignorecase = params.pop('ignorecase', False) page = params.pop('page', 1) - 1 rng = params.pop('range', 50) userLogger.info("User %s search : filter=%s params=%s regex=%s",current_user.username,fltr,params,regex) return list( get_queryset(self.objectmanager, fltr, regex, ignorecase)[page * rng:(page + 1) * rng])
def authenticate(username, password): try: u = User.objects.get(username=username) if check_password_hash(u.password, password): userLogger.info("User logged in : %s", username) return u else: userLogger.warn("Attempt to log in to : %s", username) return False except DoesNotExist: return False