def create_user():
missing = User.check_required(request.json)
if missing:
return error_response(apierrors.API_FIELDS_MISSING.format(missing),
400)
else:
user = get_datastore().create_user(email=request.json.get('email'),
password=encrypt_password(
request.json.get('password')))
userrole = user_datastore.find_role('admin')
user_datastore.add_role_to_user(user, userrole)
try:
db.session.add(user)
db.session.flush()
apikey = ApiKey(user_id=user.id,
api_key=str(uuid.uuid4()).replace("-", ""))
db.session.add(apikey)
db.session.commit()
except IntegrityError:
return error_response(errors.AUTH_USERNAME_EXISTS, 400)
else:
return jsonify(user.to_dict())
def reset_passwd_request():
if 'email' not in request.json:
return error_response(errors.AUTH_EMAIL_MISSING, 400)
email = request.json['email']
user = User.query.filter_by(email=email).first()
if not user:
return error_response(errors.AUTH_NOT_FOUND.format(email), 404)
hashstr = hashlib.sha1(str(random.getrandbits(128)) +
user.email).hexdigest()
# Deactivate all other password resets for this user.
PasswdReset.query.filter_by(user=user).update({'active': False})
reset = PasswdReset(hashstr=hashstr, active=True, user=user)
db.session.add(reset)
db.session.commit()
# Send password reset email to user.
from mhn import mhn
msg = Message(html=reset.email_body,
subject='MHN Password reset',
recipients=[user.email],
sender=mhn.config['DEFAULT_MAIL_SENDER'])
try:
mail.send(msg)
except:
return error_response(errors.AUTH_SMTP_ERROR, 500)
else:
return jsonify({})
def reset_passwd_request():
if "email" not in request.json:
return error_response(errors.AUTH_EMAIL_MISSING, 400)
email = request.json["email"]
user = User.query.filter_by(email=email).first()
if not user:
return error_response(errors.AUTH_NOT_FOUND.format(email), 404)
hashstr = hashlib.sha1(str(datetime.utcnow()) + user.email).hexdigest()
# Deactivate all other password resets for this user.
PasswdReset.query.filter_by(user=user).update({"active": False})
reset = PasswdReset(hashstr=hashstr, active=True, user=user)
db.session.add(reset)
db.session.commit()
# Send password reset email to user.
from mhn import mhn
msg = Message(
html=reset.email_body,
subject="MHN Password reset",
recipients=[user.email],
sender=mhn.config["DEFAULT_MAIL_SENDER"],
)
try:
mail.send(msg)
except:
return error_response(errors.AUTH_SMTP_ERROR, 500)
else:
return jsonify({})
def change_passwd():
password = request.json.get('password')
password_repeat = request.json.get('password_repeat')
if not password or not password_repeat:
# Request body is not complete.
return error_response(errors.AUTH_RESET_MISSING, 400)
if password != password_repeat:
# Password do not match.
return error_response(errors.AUTH_PASSWD_MATCH, 400)
if current_user.is_authenticated:
# No need to check password hash object or email.
user = current_user
else:
email = request.json.get('email')
hashstr = request.json.get('hashstr')
if not email or not hashstr:
# Request body is not complete for not authenticated
# request, ie, uses password reset hash.
return error_response(errors.AUTH_RESET_MISSING, 400)
reset = db.session.query(PasswdReset).join(User).\
filter(User.email == email, PasswdReset.active == True).\
filter(PasswdReset.hashstr == hashstr).\
first()
if not reset:
return error_response(errors.AUTH_RESET_HASH, 404)
db.session.add(reset)
reset.active = False
user = reset.user
user.password = encrypt_password(password)
db.session.add(user)
db.session.commit()
return jsonify({})
def update_rule(rule_id):
rule = Rule.query.filter_by(id=rule_id).first_or_404()
for field in request.json.keys():
if field in Rule.editable_fields():
setattr(rule, field, request.json[field])
elif field in Rule.fields():
return error_response(errors.API_FIELD_NOT_EDITABLE.format(field), 400)
else:
return error_response(errors.API_FIELD_INVALID.format(field), 400)
else:
db.session.commit()
return jsonify(rule.to_dict())
def update_rule(rule_id):
rule = Rule.query.filter_by(id=rule_id).first_or_404()
for field in request.json.keys():
if field in Rule.editable_fields():
setattr(rule, field, request.json[field])
elif field in Rule.fields():
return error_response(errors.API_FIELD_NOT_EDITABLE.format(field),
400)
else:
return error_response(errors.API_FIELD_INVALID.format(field), 400)
else:
db.session.commit()
return jsonify(rule.to_dict())
def create_rule_source():
missing = RuleSource.check_required(request.json)
if missing:
return error_response(errors.API_FIELDS_MISSING.format(missing), 400)
else:
rsource = RuleSource(**request.json)
try:
db.session.add(rsource)
db.session.commit()
except IntegrityError:
return error_response(errors.API_SOURCE_EXISTS.format(request.json["uri"]), 400)
else:
return jsonify(rsource.to_dict())
def create_rule_source():
missing = RuleSource.check_required(request.json)
if missing:
return error_response(errors.API_FIELDS_MISSING.format(missing), 400)
else:
rsource = RuleSource(**request.json)
try:
db.session.add(rsource)
db.session.commit()
except IntegrityError:
return error_response(
errors.API_SOURCE_EXISTS.format(request.json['uri']), 400)
else:
return jsonify(rsource.to_dict())
def login_user():
if "email" not in request.json:
return error_response(errors.AUTH_EMAIL_MISSING, 400)
if "password" not in request.json:
return error_response(errors.AUTH_PSSWD_MISSING, 400)
# email and password are in the posted data.
user = User.query.filter_by(email=request.json.get("email")).first()
psswd_check = False
if user:
psswd_check = verify_and_update_password(request.json.get("password"), user)
if user and psswd_check:
login(user, remember=True)
return jsonify(user.to_dict())
else:
return error_response(errors.AUTH_INCORRECT_CREDENTIALS, 401)
def update_sensor(uuid):
sensor = Sensor.query.filter_by(uuid=uuid).first_or_404()
for field in request.json.keys():
if field in Sensor.editable_fields():
setattr(sensor, field, request.json[field])
elif field in Sensor.fields():
return error_response(errors.API_FIELD_NOT_EDITABLE.format(field), 400)
else:
return error_response(errors.API_FIELD_INVALID.format(field), 400)
else:
try:
db.session.commit()
except IntegrityError:
return error_response(errors.API_SENSOR_EXISTS.format(request.json["name"]), 400)
return jsonify(sensor.to_dict())
def login_user():
if 'email' not in request.json:
return error_response(errors.AUTH_EMAIL_MISSING, 400)
if 'password' not in request.json:
return error_response(errors.AUTH_PSSWD_MISSING, 400)
# email and password are in the posted data.
user = User.query.filter_by(email=request.json.get('email')).first()
psswd_check = False
if user:
psswd_check = verify_and_update_password(request.json.get('password'),
user)
if user and psswd_check:
login(user, remember=True)
return jsonify(user.to_dict())
else:
return error_response(errors.AUTH_INCORRECT_CREDENTIALS, 401)
def create_sensor():
missing = Sensor.check_required(request.json)
if missing:
return error_response(errors.API_FIELDS_MISSING.format(missing), 400)
else:
sensor = Sensor(**request.json)
sensor.uuid = str(uuid1())
sensor.ip = request.remote_addr
Clio().authkey.new(**sensor.new_auth_dict()).post()
try:
db.session.add(sensor)
db.session.commit()
except IntegrityError:
return error_response(errors.API_SENSOR_EXISTS.format(request.json["name"]), 400)
else:
return jsonify(sensor.to_dict())
def delete_user(user_id):
user = User.query.get(user_id)
if not user:
return error_response(errors.AUTH_NOT_FOUND.format(user_id), 404)
user.active= False
db.session.add(user)
db.session.commit()
return jsonify({})
def create_sensor():
missing = Sensor.check_required(request.json)
if missing:
return error_response(errors.API_FIELDS_MISSING.format(missing), 400)
else:
sensor = Sensor(**request.json)
sensor.uuid = str(uuid1())
sensor.ip = request.remote_addr
Clio().authkey.new(**sensor.new_auth_dict()).post()
try:
db.session.add(sensor)
db.session.commit()
except IntegrityError:
return error_response(
errors.API_SENSOR_EXISTS.format(request.json['name']), 400)
else:
return jsonify(sensor.to_dict())
def update_sensor(uuid):
sensor = Sensor.query.filter_by(uuid=uuid).first_or_404()
for field in request.json.keys():
if field in Sensor.editable_fields():
setattr(sensor, field, request.json[field])
elif field in Sensor.fields():
return error_response(errors.API_FIELD_NOT_EDITABLE.format(field),
400)
else:
return error_response(errors.API_FIELD_INVALID.format(field), 400)
else:
try:
db.session.commit()
except IntegrityError:
return error_response(
errors.API_SENSOR_EXISTS.format(request.json['name']), 400)
return jsonify(sensor.to_dict())
def _get_one_resource(resource, res_id):
try:
res = resource.get(_id=res_id)
except InvalidId:
res = None
if not res:
return error_response(errors.API_RESOURCE_NOT_FOUND, 404)
else:
return jsonify(res.to_dict())
def create_user():
missing = User.check_required(request.json)
if missing:
return error_response(
apierrors.API_FIELDS_MISSING.format(missing), 400)
else:
user = get_datastore().create_user(
email=request.json.get('email'),
password=encrypt_password(request.json.get('password')))
userrole = user_datastore.find_role('admin')
user_datastore.add_role_to_user(user, userrole)
try:
db.session.add(user)
db.session.commit()
except IntegrityError:
return error_response(errors.AUTH_USERNAME_EXISTS, 400)
else:
return jsonify(user.to_dict())
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
elif 'deploy_key' in request.json:
server_key = current_app.config['DEPLOY_KEY']
passed_key = request.json['deploy_key']
if server_key == passed_key:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def _get_one_resource(resource, res_id):
try:
res = resource.get(_id=res_id)
except InvalidId:
res = None
if not res:
return error_response(errors.API_RESOURCE_NOT_FOUND, 404)
else:
return jsonify(res.to_dict())
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
elif request.authorization:
auth = request.authorization
if auth and auth.get('username') == auth.get('password') and\
Sensor.query.filter_by(uuid=auth.get('username')).count() == 1:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
elif request.authorization:
auth = request.authorization
if auth and auth.get('username') == auth.get('password') and\
Sensor.query.filter_by(uuid=auth.get('username')).count() == 1:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
elif 'deploy_key' in request.json:
server_key = current_app.config['DEPLOY_KEY']
passed_key = request.json['deploy_key']
if server_key == passed_key:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def create_script():
missing = Script.check_required(request.json)
if missing:
return error_response(errors.API_FIELDS_MISSING.format(missing), 400)
else:
script = Script(**request.json)
script.user = current_user
db.session.add(script)
db.session.commit()
return jsonify(script.to_dict())
def create_script():
missing = Script.check_required(request.json)
if missing:
return error_response(errors.API_FIELDS_MISSING.format(missing), 400)
else:
script = Script(**request.json)
script.user = current_user
db.session.add(script)
db.session.commit()
return jsonify(script.to_dict())
def get_script():
if request.args.get('script_id'):
script = DeployScript.query.get(request.args.get('script_id'))
else:
return error_response(errors.API_RESOURCE_NOT_FOUND, 404)
if request.args.get('text') in ['1', 'true']:
resp = make_response(script.script)
resp.headers['Content-Disposition'] = "attachment; filename=deploy.sh"
return resp
else:
return jsonify(script.to_dict())
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
api_key = request.args.get('api_key', '')
if api_key:
key = ApiKey.query.filter_by(api_key=api_key).first()
if key:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
api_key = request.args.get('api_key', '')
if api_key:
key = ApiKey.query.filter_by(api_key=api_key).first()
if key:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def get_script():
if request.args.get('script_id'):
script = DeployScript.query.get(request.args.get('script_id'))
else:
return error_response(errors.API_RESOURCE_NOT_FOUND, 404)
if request.args.get('text') in ['1', 'true']:
resp = make_response(script.script)
resp.headers['Content-Disposition'] = "attachment; filename=deploy.sh"
return resp
else:
return jsonify(script.to_dict())
def create_user():
missing = User.check_required(request.json)
if missing:
return error_response(apierrors.API_FIELDS_MISSING.format(missing), 400)
else:
user = get_datastore().create_user(
email=request.json.get("email"), password=encrypt_password(request.json.get("password"))
)
userrole = user_datastore.find_role("admin")
user_datastore.add_role_to_user(user, userrole)
try:
db.session.add(user)
db.session.flush()
apikey = ApiKey(user_id=user.id, api_key=str(uuid.uuid4()).replace("-", ""))
db.session.add(apikey)
db.session.commit()
except IntegrityError:
return error_response(errors.AUTH_USERNAME_EXISTS, 400)
else:
return jsonify(user.to_dict())
