def dummy_data():
# Dummy test users
User.new_user(email='*****@*****.**')
users = User.query.all()
for i in xrange(4):
RabbitMQAccount.new_user(
username='******'.format(i),
password='******',
owners=users[0])
rabbitmq_accounts = RabbitMQAccount.query.all()
# And some dummy queues
dummy_queue = Queue(name='dummy-empty-queue', size=0, owner=rabbitmq_accounts[0])
db_session.add(dummy_queue)
db_session.commit()
dummy_queue = Queue(name='dummy-non-empty-queue', size=config.warn_queue_size/5, owner=rabbitmq_accounts[0])
db_session.add(dummy_queue)
db_session.commit()
dummy_queue = Queue(name='dummy-warning-queue', size=config.warn_queue_size + 1, owner=rabbitmq_accounts[1])
db_session.add(dummy_queue)
db_session.commit()
dummy_queue = Queue(name='dummy-deletion-queue', size=int(config.del_queue_size * 1.2), owner=rabbitmq_accounts[2])
db_session.add(dummy_queue)
db_session.commit()
# Test admin user
User.new_user(email='*****@*****.**', admin=True)
logger.info('Finished generating dummy data.')
def test_pulse_odd_whitespace_ownership_list(self):
self.setup_3_users()
RabbitMQAccount.new_user(username="******",
owners=self.all_users,
password="******")
new_emails = self.set_rabbitmq_account_email_list(
"mick", ", {}, {},{},".format(*self.all_emails))
self.assertEqual(new_emails, set(self.all_emails))
def test_pulse_odd_whitespace_ownership_list(self):
self.setup_3_users()
RabbitMQAccount.new_user(username="******",
owners=self.all_users,
password="******")
new_emails = self.set_rabbitmq_account_email_list(
"mick", ", {}, {},{},".format(*self.all_emails))
self.assertEquals(new_emails, set(self.all_emails))
def test_rabbitmq_account_multiple_to_single_ownership(self):
self.setup_3_users()
RabbitMQAccount.new_user(username="******",
owners=self.all_users,
password="******")
new_emails = self.set_rabbitmq_account_email_list(
"mick", self.curr_email)
self.assertEqual(new_emails, {self.curr_email})
def test_rabbitmq_account_multiple_to_single_ownership(self):
self.setup_3_users()
RabbitMQAccount.new_user(username="******",
owners=self.all_users,
password="******")
new_emails = self.set_rabbitmq_account_email_list("mick",
self.curr_email)
self.assertEquals(new_emails, {self.curr_email})
def register_handler():
username = request.form['username']
password = request.form['password']
password_verification = request.form['password-verification']
owners = _clean_owners_str(request.form['owners-list'])
email = session['userinfo']['email']
errors = []
if password != password_verification:
errors.append("Password verification doesn't match the password.")
elif not RabbitMQAccount.strong_password(password):
errors.append("Your password must contain a mix of letters and "
"numerical characters and be at least 6 characters "
"long.")
if not re.match('^[a-zA-Z][a-zA-Z0-9._-]*$', username):
errors.append("The submitted username must start with an "
"alphabetical character and contain only alphanumeric "
"characters, periods, underscores, and hyphens.")
if config.reserved_users_regex and re.match(config.reserved_users_regex,
username):
errors.append("The submitted username is reserved. " +
config.reserved_users_message)
# Checking if a user exists in RabbitMQ OR in our db
try:
user_response = pulse_management.user(username=username)
in_rabbitmq = True
except pulse_management.PulseManagementException:
in_rabbitmq = False
else:
if 'error' in user_response:
in_rabbitmq = False
if (in_rabbitmq or RabbitMQAccount.query.filter(
RabbitMQAccount.username == username).first()):
errors.append("An account with the same username already exists.")
if errors:
return render_template('register.html',
email=email,
signup_errors=errors)
owner_users = list(User.query.filter(User.email.in_(owners)))
# Reject with error message if the owner list is unparse-able or contains
# no users that actualy exist.
if not owner_users:
return register(error="Invalid owners list: {}".format(
request.form['owners-list'] or "None"))
RabbitMQAccount.new_user(username, password, owner_users)
return redirect('/rabbitmq_accounts')
def register_handler():
username = request.form['username']
password = request.form['password']
password_verification = request.form['password-verification']
owners = _clean_owners_str(request.form['owners-list'])
email = session['userinfo']['email']
errors = []
if password != password_verification:
errors.append("Password verification doesn't match the password.")
elif not RabbitMQAccount.strong_password(password):
errors.append("Your password must contain a mix of letters and "
"numerical characters and be at least 6 characters "
"long.")
if not re.match('^[a-zA-Z][a-zA-Z0-9._-]*$', username):
errors.append("The submitted username must start with an "
"alphabetical character and contain only alphanumeric "
"characters, periods, underscores, and hyphens.")
if config.reserved_users_regex and re.match(config.reserved_users_regex,
username):
errors.append("The submitted username is reserved. "
+ config.reserved_users_message)
# Checking if a user exists in RabbitMQ OR in our db
try:
user_response = pulse_management.user(username=username)
in_rabbitmq = True
except pulse_management.PulseManagementException:
in_rabbitmq = False
else:
if 'error' in user_response:
in_rabbitmq = False
if (in_rabbitmq or
RabbitMQAccount.query.filter(
RabbitMQAccount.username == username).first()):
errors.append("An account with the same username already exists.")
if errors:
return render_template('register.html', email=email,
signup_errors=errors)
owner_users = list(User.query.filter(User.email.in_(owners)))
# Reject with error message if the owner list is unparse-able or contains
# no users that actualy exist.
if not owner_users:
return register(error="Invalid owners list: {}".format(
request.form['owners-list'] or "None"))
RabbitMQAccount.new_user(username, password, owner_users)
return redirect('/rabbitmq_accounts')
def setUp(self):
global pulse_cfg
self.proc = None
self.publisher = None
self.guardian = PulseGuardian(warn_queue_size=TEST_WARN_SIZE,
del_queue_size=TEST_DELETE_SIZE,
emails=False)
dbinit.init_and_clear_db()
self.consumer_cfg = pulse_cfg.copy()
self.consumer_cfg['applabel'] = str(uuid.uuid1())
# Configure/create the test user to be used for message consumption.
self.consumer_cfg['user'] = CONSUMER_USER
self.consumer_cfg['password'] = CONSUMER_PASSWORD
self.user = User.new_user(email=CONSUMER_EMAIL, admin=False)
# As a default owner for rabbitmq_account in some tests where an owner
# is not provided.
self.admin = User.new_user(email=ADMIN_EMAIL, admin=True)
db_session.add(self.user)
db_session.commit()
self.rabbitmq_account = RabbitMQAccount.new_user(
username=CONSUMER_USER,
password=CONSUMER_PASSWORD,
owners=self.user)
db_session.add(self.rabbitmq_account)
db_session.commit()
def update_info():
rabbitmq_username = request.form['rabbitmq-username']
new_password = request.form['new-password']
password_verification = request.form['new-password-verification']
new_owners = _clean_owners_str(request.form['owners-list'])
try:
rabbitmq_account = RabbitMQAccount.query.filter(
RabbitMQAccount.username == rabbitmq_username).one()
except sqlalchemy.orm.exc.NoResultFound:
return rabbitmq_accounts(messages=[
"RabbitMQ account {} not found.".format(rabbitmq_username)
])
if g.user not in rabbitmq_account.owners:
return rabbitmq_accounts(messages=[
"Invalid user: {} is not an owner.".format(g.user.email)
])
messages = []
error = None
if new_password:
if new_password != password_verification:
return rabbitmq_accounts(
error="Password verification doesn't match the password.")
if not RabbitMQAccount.strong_password(new_password):
return rabbitmq_accounts(
error="Your password must contain a mix of letters and "
"numerical characters and be at least 6 characters long.")
rabbitmq_account.change_password(new_password)
messages.append(
"Password updated for user {0}.".format(rabbitmq_username))
# Update the owners list, if needed.
old_owners = {user.email for user in rabbitmq_account.owners}
if new_owners and new_owners != old_owners:
# The list was changed. Do an update.
new_owner_users = list(User.query.filter(User.email.in_(new_owners)))
if new_owner_users:
# At least some of the new owners are real users in the db.
rabbitmq_account.owners = new_owner_users
db_session.commit()
updated_owners = {user.email for user in new_owner_users}
invalid_owners = sorted(new_owners - updated_owners)
if invalid_owners:
error = "Some user emails not found: {}".format(
', '.join(invalid_owners))
else:
messages = ["Email list updated."]
else:
error = ("Invalid owners: "
"Must be a comma-delimited list of existing user emails.")
if not error and not messages:
messages = ["No info updated."]
return rabbitmq_accounts(messages=messages, error=error)
def test_user(self):
user = User.new_user(email='*****@*****.**', admin=False)
db_session.add(user)
db_session.commit()
rabbitmq_account = RabbitMQAccount.new_user(username='******',
password='******',
owners=user,
create_rabbitmq_user=False)
db_session.add(rabbitmq_account)
db_session.commit()
self.assertTrue(user in User.query.all())
# Emails are normalized by putting them lower-case
self.assertEqual(
User.query.filter(User.email == '*****@*****.**').first(), user)
self.assertEqual(
RabbitMQAccount.query.filter(
RabbitMQAccount.username == 'dummy').first(),
rabbitmq_account)
self.assertEqual(
RabbitMQAccount.query.filter(
RabbitMQAccount.username == 'DUMMY').first(),
None)
def setUp(self):
global pulse_cfg
self.proc = None
self.publisher = None
self.guardian = PulseGuardian(warn_queue_size=TEST_WARN_SIZE,
del_queue_size=TEST_DELETE_SIZE,
emails=False)
dbinit.init_and_clear_db()
self.consumer_cfg = pulse_cfg.copy()
self.consumer_cfg['applabel'] = str(uuid.uuid1())
# Configure/create the test user to be used for message consumption.
self.consumer_cfg['user'] = CONSUMER_USER
self.consumer_cfg['password'] = CONSUMER_PASSWORD
self.user = User.new_user(email=CONSUMER_EMAIL, admin=False)
# As a default owner for rabbitmq_account in some tests where an owner
# is not provided.
self.admin = User.new_user(email=ADMIN_EMAIL, admin=True)
db_session.add(self.user)
db_session.commit()
self.rabbitmq_account = RabbitMQAccount.new_user(
username=CONSUMER_USER,
password=CONSUMER_PASSWORD,
owners=self.user)
db_session.add(self.rabbitmq_account)
db_session.commit()
def dummy_data():
# Dummy test users
User.new_user(email='*****@*****.**')
users = User.query.all()
for i in range(4):
RabbitMQAccount.new_user(username='******'.format(i),
password='******',
owners=users[0])
rabbitmq_accounts = RabbitMQAccount.query.all()
# And some dummy queues
dummy_queue = Queue(name='dummy-empty-queue',
size=0,
owner=rabbitmq_accounts[0])
db_session.add(dummy_queue)
db_session.commit()
dummy_queue = Queue(name='dummy-non-empty-queue',
size=config.warn_queue_size / 5,
owner=rabbitmq_accounts[0])
db_session.add(dummy_queue)
db_session.commit()
dummy_queue = Queue(name='dummy-warning-queue',
size=config.warn_queue_size + 1,
owner=rabbitmq_accounts[1])
db_session.add(dummy_queue)
db_session.commit()
dummy_queue = Queue(name='dummy-deletion-queue',
size=int(config.del_queue_size * 1.2),
owner=rabbitmq_accounts[2])
db_session.add(dummy_queue)
db_session.commit()
# Test admin user
User.new_user(email='*****@*****.**', admin=True)
logger.info('Finished generating dummy data.')
def test_user(self):
user = User.new_user(email='*****@*****.**', admin=False)
db_session.add(user)
db_session.commit()
rabbitmq_account = RabbitMQAccount.new_user(username='******',
password='******',
owners=user,
create_rabbitmq_user=False)
db_session.add(rabbitmq_account)
db_session.commit()
self.assertTrue(user in User.query.all())
# Emails are normalized by putting them lower-case
self.assertEqual(
User.query.filter(User.email == '*****@*****.**').first(), user)
self.assertEqual(
RabbitMQAccount.query.filter(
RabbitMQAccount.username == 'dummy').first(), rabbitmq_account)
self.assertEqual(
RabbitMQAccount.query.filter(
RabbitMQAccount.username == 'DUMMY').first(), None)
def update_queue_information(self, queue_data, all_bindings):
if 'messages' not in queue_data:
# FIXME: We should do something here, probably delete the queue,
# as it's in a weird state. More investigation is required.
# See bug 1066338.
return None
q_size, q_name, q_durable = (queue_data['messages'],
queue_data['name'],
queue_data['durable'])
queue = Queue.query.filter(Queue.name == q_name).first()
# If the queue doesn't exist in the db, create it.
if queue is None:
log_details = {
'queuename': q_name,
'queuesize': q_size,
'queuedurable': q_durable,
}
m = re.match('queue/([^/]+)/', q_name)
if not m:
log_details['valid'] = False
owner = None
elif (config.reserved_users_regex and
re.match(config.reserved_users_regex, m.group(1))):
# Ignore this queue entirely as we will see it again on the
# next iteration.
return None
else:
log_details['valid'] = True
owner_name = m.group(1)
owner = RabbitMQAccount.query.filter(
RabbitMQAccount.username == owner_name).first()
log_details['ownername'] = owner_name
log_details['newowner'] = not owner
# If the queue belongs to a pulse user that isn't in the
# pulseguardian database, add the user to the DB, owned by an
# admin.
if owner is None:
# RabbitMQAccount needs at least one owner as well, but
# since we have no way of knowing who really owns it, find
# the first admin, and set it to that.
user = User.query.filter(User.admin == True).first()
owner = RabbitMQAccount.new_user(owner_name, owners=user)
mozdef.log(
mozdef.NOTICE,
mozdef.OTHER,
'New queue.',
details=log_details,
tags=['queue'],
)
queue = Queue(name=q_name, owner=owner)
# add the queue bindings to the db.
bindings = self.get_queue_bindings(all_bindings, queue.name)
for binding in bindings:
db_binding = Binding.query.filter(
Binding.exchange == binding["source"],
Binding.routing_key == binding["routing_key"],
Binding.queue_name == queue.name
).first()
if not db_binding:
# need to create the binding in the DB
binding = Binding(exchange=binding["source"],
routing_key=binding["routing_key"],
queue_name=queue.name)
db_session.add(binding)
# Update the saved queue size.
queue.size = q_size
queue.durable = q_durable
db_session.add(queue)
db_session.commit()
return queue
def update_queue_information(self, queue_data, all_bindings):
if 'messages' not in queue_data:
# FIXME: We should do something here, probably delete the queue,
# as it's in a weird state. More investigation is required.
# See bug 1066338.
return None
q_size, q_name, q_durable = (queue_data['messages'],
queue_data['name'], queue_data['durable'])
queue = Queue.query.filter(Queue.name == q_name).first()
# If the queue doesn't exist in the db, create it.
if queue is None:
log_details = {
'queuename': q_name,
'queuesize': q_size,
'queuedurable': q_durable,
}
m = re.match('queue/([^/]+)/', q_name)
if not m:
log_details['valid'] = False
owner = None
elif (config.reserved_users_regex
and re.match(config.reserved_users_regex, m.group(1))):
# Ignore this queue entirely as we will see it again on the
# next iteration.
return None
else:
log_details['valid'] = True
owner_name = m.group(1)
owner = RabbitMQAccount.query.filter(
RabbitMQAccount.username == owner_name).first()
log_details['ownername'] = owner_name
log_details['newowner'] = not owner
# If the queue belongs to a pulse user that isn't in the
# pulseguardian database, add the user to the DB, owned by an
# admin.
if owner is None:
# RabbitMQAccount needs at least one owner as well, but
# since we have no way of knowing who really owns it, find
# the first admin, and set it to that.
user = User.query.filter(User.admin == True).first()
owner = RabbitMQAccount.new_user(owner_name, owners=user)
mozdef.log(
mozdef.NOTICE,
mozdef.OTHER,
'New queue.',
details=log_details,
tags=['queue'],
)
queue = Queue(name=q_name, owner=owner)
# add the queue bindings to the db.
bindings = self.get_queue_bindings(all_bindings, queue.name)
for binding in bindings:
db_binding = Binding.query.filter(
Binding.exchange == binding["source"],
Binding.routing_key == binding["routing_key"],
Binding.queue_name == queue.name).first()
if not db_binding:
# need to create the binding in the DB
binding = Binding(exchange=binding["source"],
routing_key=binding["routing_key"],
queue_name=queue.name)
db_session.add(binding)
# Update the saved queue size.
queue.size = q_size
queue.durable = q_durable
db_session.add(queue)
db_session.commit()
return queue
def update_info():
rabbitmq_username = request.form['rabbitmq-username']
new_password = request.form['new-password']
password_verification = request.form['new-password-verification']
new_owners = _clean_owners_str(request.form['owners-list'])
try:
rabbitmq_account = RabbitMQAccount.query.filter(
RabbitMQAccount.username == rabbitmq_username).one()
except sqlalchemy.orm.exc.NoResultFound:
return rabbitmq_accounts(
messages=[
"RabbitMQ account {} not found.".format(rabbitmq_username)
])
if g.user not in rabbitmq_account.owners:
return rabbitmq_accounts(
messages=[
"Invalid user: {} is not an owner.".format(g.user.email)
]
)
messages = []
error = None
if new_password:
if new_password != password_verification:
return rabbitmq_accounts(
error="Password verification doesn't match the password."
)
if not RabbitMQAccount.strong_password(new_password):
return rabbitmq_accounts(
error="Your password must contain a mix of letters and "
"numerical characters and be at least 6 characters long."
)
rabbitmq_account.change_password(new_password)
messages.append("Password updated for user {0}.".format(
rabbitmq_username))
# Update the owners list, if needed.
old_owners = {user.email for user in rabbitmq_account.owners}
if new_owners and new_owners != old_owners:
# The list was changed. Do an update.
new_owner_users = list(User.query.filter(User.email.in_(new_owners)))
if new_owner_users:
# At least some of the new owners are real users in the db.
rabbitmq_account.owners = new_owner_users
db_session.commit()
updated_owners = {user.email for user in new_owner_users}
invalid_owners = sorted(new_owners - updated_owners)
if invalid_owners:
error = "Some user emails not found: {}".format(
', '.join(invalid_owners))
else:
messages = ["Email list updated."]
else:
error = ("Invalid owners: "
"Must be a comma-delimited list of existing user emails.")
if not error and not messages:
messages = ["No info updated."]
return rabbitmq_accounts(messages=messages, error=error)