def logout():
user = current_user
user.authenticated = False
db.save(user)
logout_user()
flash('You have successfully logged out.', 'success')
return redirect(url_for('auth.login'))
def admin_update_port():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
service = Service.query.get(int(request.form['pk']))
if service:
if request.form['name'] == 'port':
service.port = int(request.form['value'])
db.save(service)
return jsonify({'status': 'Updated Service Information'})
return jsonify({'error': 'Incorrect permissions'})
def admin_update_welcome_page_content():
if current_user.is_white_team:
if 'welcome_page_content' in request.form:
setting = Setting.get_setting('welcome_page_content')
setting.value = request.form['welcome_page_content']
db.save(setting)
flash('Welcome Page Content Successfully Updated.', 'success')
return redirect(url_for('admin.settings'))
flash('Error: welcome_page_content not specified.', 'danger')
return redirect(url_for('admin.manage'))
return {'status': 'Unauthorized'}, 403
def update_ip_address():
if current_user.is_blue_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
service = Service.query.get(int(request.form['pk']))
if service:
if service.team == current_user.team and request.form[
'name'] == 'ip_address':
service.ip_address = html.escape(request.form['value'])
db.save(service)
return jsonify({'status': 'Updated Service Information'})
return jsonify({'error': 'Incorrect permissions'})
def admin_update_environment():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
environment = Environment.query.get(int(request.form['pk']))
if environment:
if request.form['name'] == 'matching_regex':
environment.matching_regex = html.escape(
request.form['value'])
db.save(environment)
return jsonify({'status': 'Updated Environment Information'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
def profile_update_password():
if 'user_id' in request.form and 'password' in request.form:
if str(current_user.id) == request.form['user_id']:
current_user.update_password(html.escape(request.form['password']))
current_user.authenticated = False
db.save(current_user)
flash('Password Successfully Updated.', 'success')
return redirect(url_for('profile.home'))
else:
return {'status': 'Unauthorized'}, 403
else:
return {'status': 'Unauthorized'}, 403
def admin_update_property():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
property_obj = Property.query.get(int(request.form['pk']))
if property_obj:
if request.form['name'] == 'property_name':
property_obj.name = html.escape(request.form['value'])
elif request.form['name'] == 'property_value':
property_obj.value = html.escape(request.form['value'])
db.save(property_obj)
return jsonify({'status': 'Updated Property Information'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
def admin_add_team():
if current_user.is_white_team:
if 'name' in request.form and 'color' in request.form:
team_obj = Team(html.escape(request.form['name']),
html.escape(request.form['color']))
db.save(team_obj)
flash('Team successfully added.', 'success')
return redirect(url_for('admin.manage'))
else:
flash('Error: Team name or color not defined.', 'danger')
return redirect(url_for('admin.manage'))
else:
return {'status': 'Unauthorized'}, 403
def admin_update_check():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
check = Check.query.get(int(request.form['pk']))
if check:
if request.form['name'] == 'check_value':
if request.form['value'] == '1':
check.result = True
elif request.form['value'] == '2':
check.result = False
db.save(check)
return jsonify({'status': 'Updated Property Information'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
def update_service_account_info():
if current_user.is_white_team or current_user.is_blue_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
account = Account.query.get(int(request.form['pk']))
if current_user.team == account.service.team:
if account:
if request.form['name'] == 'username':
account.username = html.escape(request.form['value'])
elif request.form['name'] == 'password':
account.password = html.escape(request.form['value'])
db.save(account)
return jsonify({'status': 'Updated Account Information'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
def modify_service_account():
if current_user.is_blue_team:
if 'account_id' in request.form and 'password' in request.form:
account = Account.query.get(int(request.form['account_id']))
if account:
if account.service.team == current_user.team:
account.password = html.escape(request.form['password'])
db.save(account)
flash(
'Successfully updated password for ' +
account.username, 'success')
return redirect('/service/' + str(account.service.id))
flash('Incorrect permissions', 'error')
return jsonify({'error': 'Incorrect permissions'})
flash('Incorrect permissions', 'error')
return jsonify({'error': 'Incorrect permissions'})
def admin_add_user():
if current_user.is_white_team:
if 'username' in request.form and 'password' in request.form and 'team_id' in request.form:
team_obj = Team.query.filter(
Team.id == request.form['team_id']).one()
user_obj = User(username=html.escape(request.form['username']),
password=html.escape(request.form['password']),
team=team_obj)
db.save(user_obj)
flash('User successfully added.', 'success')
return redirect(url_for('admin.manage'))
else:
flash('Error: Username, Password, or Team ID not specified.',
'danger')
return redirect(url_for('admin.manage'))
else:
return {'status': 'Unauthorized'}, 403
def admin_update_password():
if current_user.is_white_team:
if 'user_id' in request.form and 'password' in request.form:
try:
user_obj = User.query.filter(
User.id == request.form['user_id']).one()
except NoResultFound:
return redirect(url_for('auth.login'))
user_obj.update_password(html.escape(request.form['password']))
user_obj.authenticated = False
db.save(user_obj)
flash('Password Successfully Updated.', 'success')
return redirect(url_for('admin.manage'))
else:
flash('Error: user_id or password not specified.', 'danger')
return redirect(url_for('admin.manage'))
else:
return {'status': 'Unauthorized'}, 403
def login():
if current_user.is_authenticated:
flash('You are already logged in.', 'info')
return redirect(url_for("welcome.home"))
form = LoginForm()
if form.errors:
flash(form.errors, 'danger')
return render_template('login.html', form=form)
if form.validate_on_submit():
username = request.form.get('username')
password = request.form.get('password')
try:
user = db.session.query(User).filter(User.username == username).one()
except NoResultFound:
flash('Invalid username or password. Please try again.', 'danger')
return render_template('login.html', form=form)
except OperationalError:
flash("Error 'OperationError' received!. Try restarting the db service.", 'danger')
return render_template('login.html', form=form)
if user:
if User.generate_hash(password, user.password) == user.password:
user.authenticated = True
db.save(user)
login_user(user, remember=True)
if user.is_white_team:
return redirect(request.values.get('next') or url_for("admin.status"))
elif user.is_blue_team:
return redirect(request.values.get('next') or url_for("services.home"))
else:
return redirect(request.values.get('next') or url_for("overview.home"))
else:
flash('Invalid username or password. Please try again.', 'danger')
return render_template('login.html', form=form)
else:
flash('Invalid username or password. Please try again.', 'danger')
return render_template('login.html', form=form)
return render_template('login.html', form=form)
