def activate_user(user_id, data):
log("User is activated", "HIGH", "PASS")
val_num(user_id)
val_num(data.get('accessToken'))
val_alpha_num(data.get('username'))
val_alpha_num_special(data.get('email'))
username = data.get('username')
username = username.replace(" ", "")
result = User.query.filter(User.id == user_id).one()
if not result.activated:
if result.email == data.get('email'):
if data.get('password') == data.get('repassword'):
if data.get('accessToken') == result.accessToken:
pw_hash = generate_password_hash(
data.get('password')).decode('utf-8')
result.password = pw_hash
result.access = True
result.activated = True
result.username = username
db.session.add(result)
db.session.commit()
return {'message': 'User successfully activated'}
else:
log("User triggered error activation failed", "HIGH", "FAIL")
return {'message': 'User could not be activated'}
def new_project(user_id, data):
log("User created new project", "MEDIUM", "PASS")
val_num(user_id)
val_alpha_num_special(data.get('name'))
val_alpha_num(data.get('version'))
val_alpha_num_special(data.get('description'))
projectName = data.get('name')
projectVersion = data.get('version')
projectDesc = data.get('description')
userID = user_id
groupmember = groupmembers.query.filter(
groupmembers.userID == userID).one()
ownerID = groupmember.ownerID
groupID = groupmember.groupID
now = datetime.datetime.now()
timestamp = now.strftime("%Y-%m-%d %H:%M")
project = projects(userID, groupID, projectName, projectVersion,
projectDesc, ownerID, timestamp)
db.session.add(project)
db.session.commit()
result = projects.query.filter(projects.userID == user_id).order_by(
desc(projects.projectID)).first()
return {
'projectID': result.projectID,
'message': 'Project successfully created'
}
def login_user(data):
log("User successfully logedin", "HIGH", "PASS")
val_alpha_num(data.get('username'))
username = data.get('username')
try:
user = User.query.filter(User.username == username).one()
if not user is None and user.activated and user.access \
and check_password_hash(user.password, data.get('password')):
payload = {
# userid
'UserId': user.id,
#issued at
'iat': datetime.utcnow(),
#privileges
'privilege': user.privilege.privilege,
#expiry
'exp': datetime.utcnow() + timedelta(minutes=120)
#claims for access api calls
#'claims': 'kb/items/update,project/items,non/existing/bla,'
}
token_raw = jwt.encode(payload,
settings.JWT_SECRET,
algorithm='HS256')
if sys.version_info.major == 3:
unicode = str
token = unicode(token_raw, 'utf-8')
return {'Authorization token': token, 'username': username}
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
except NoResultFound:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
def new_comment_item(user_id, data):
log("User requested update a specific comment item", "LOW", "PASS")
val_num(user_id)
val_alpha_num(data.get('checklistID'))
val_num(data.get('sprintID'))
val_num(data.get('status'))
sprint_id = data.get('sprintID')
checklist_id = data.get('checklistID')
status = data.get('status')
comment = data.get('comment')
now = datetime.datetime.now()
dateLog = now.strftime("%Y-%m-%d %H:%M:%S")
comment = Comment(status, comment, dateLog)
comment.sprint_id = sprint_id
comment.checklist_id = checklist_id
comment.user_id = user_id
try:
db.session.add(comment)
results = ChecklistResult.query.filter(
ChecklistResult.sprint_id == sprint_id).filter(
ChecklistResult.checklist_id == checklist_id).all()
for row in results:
row.status = status
db.session.add(row)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'Comment item successfully created'}
def update_project(project_id, user_id, data):
log("User updated project", "MEDIUM", "PASS")
val_num(project_id)
val_num(user_id)
val_alpha_num_special(data.get('name'))
val_alpha_num(data.get('version'))
val_alpha_num_special(data.get('description'))
try:
project = Project.query.filter(Project.id == project_id).one()
project.projectName = data.get('name')
project.projectVersion = data.get('version')
project.projectDesc = data.get('description')
project.userID = user_id
#groupmember = groupmembers.query.filter(groupmembers.userID == user_id).one()
#ownerID = groupmember.ownerID
#groupID = groupmember.groupID
now = datetime.datetime.now()
project.timestamp = now.strftime("%Y-%m-%d %H:%M")
db.session.add(project)
db.session.commit()
except Exception as e:
db.session.rollback()
raise
return {'message': 'Project successfully updated'}
def test_val_alpha_num(self):
"""Test if the val_alpha_num method is working"""
self.assertTrue(val_alpha_num("woop woop 1337"))
try:
self.assertFalse(val_alpha_num("woop %$*@><'1337"))
except BadRequest:
return True
def new_comment_item(user_id, data):
log("User requested update a specific comment item", "LOW", "PASS")
val_num(user_id)
val_alpha_num(data.get('checklistID'))
val_num(data.get('sprintID'))
val_num(data.get('status'))
val_alpha_num_special(data.get('comment'))
sprint_id = data.get('sprintID')
checklist_id = data.get('checklistID')
status = data.get('status')
comment = data.get('comment')
now = datetime.datetime.now()
dateLog = now.strftime("%Y-%m-%d %H:%M:%S")
result = comments(sprint_id, checklist_id, user_id, status, comment,
dateLog)
db.session.add(result)
db.session.commit()
result = checklists_results.query.filter(
checklists_results.sprintID == sprint_id).filter(
checklists_results.checklistID == checklist_id).all()
for row in result:
row.status = status
db.session.add(row)
db.session.commit()
return {'message': 'Comment item successfully created'}
def get_comment_items(data):
log("User requested specific comment item", "LOW", "PASS")
val_alpha_num(data.get('checklistID'))
val_num(data.get('sprintID'))
sprint_id = data.get('sprintID')
checklist_id = data.get('checklistID')
result = comments.query.filter(comments.sprintID == sprint_id).filter(comments.checklistID == checklist_id).order_by(desc(comments.date)).paginate(1, 50, False)
return result
def get_comment_items(data):
log("User requested specific comment item", "LOW", "PASS")
val_alpha_num(data.get('checklistID'))
val_num(data.get('sprintID'))
sprint_id = data.get('sprintID')
checklist_id = data.get('checklistID')
result = comments.query.filter(comments.sprintID == sprint_id).filter(comments.checklistID == checklist_id).order_by(desc(comments.date)).paginate(1, 50, False)
return result
def new_question(data):
log("User created new sprint question item", "MEDIUM", "PASS")
val_alpha_num(data.get('question'))
sprint_question = data.get('question')
sprint_checklist_type = data.get('checklist_type')
sprint = questions(sprint_question, sprint_checklist_type)
db.session.add(sprint)
db.session.commit()
return {'message': 'New Question successfully created'}
def update_kb_item(kb_id, data):
log("User requested update a specific kb item", "LOW", "PASS")
val_num(kb_id)
val_alpha_num(data.get('title'))
result = kb_items.query.filter(kb_items.kbID == kb_id).one()
result.title = data.get('title')
result.content = data.get('content')
db.session.add(result)
db.session.commit()
return {'message': 'KB item successfully updated'}
def put(self):
"""
Create new questions .
* Privileges required: **edit**
"""
data = request.json
val_alpha_num(data.get('question'))
validate_privilege(self, 'edit')
result = new_question(data)
return result, 200, security_headers()
def update_question(id_question, data):
log("User updated sprint question item", "MEDIUM", "PASS")
val_num(id_question)
val_alpha_num(data.get('question'))
sprint_question = data.get('question')
sprint_checklist_type = data.get('checklist_type')
sprint = questions.query.filter(questions.id == id_question).one()
sprint.question = sprint_question
sprint.checklist_type = sprint_checklist_type
db.session.add(sprint)
db.session.commit()
return {'message': 'Question successfully updated'}
def update_code_item(code_id, data):
log("User requested updated specific code example item", "LOW", "PASS")
result = code_items.query.filter(code_items.codeID == code_id).one()
val_alpha_num(data.get('content'))
val_alpha_num(data.get('title'))
val_alpha(data.get('code_lang'))
result.title = data.get('title')
result.content = data.get('content')
result.code_lang = data.get('code_lang')
db.session.add(result)
db.session.commit()
return {'message': 'Code example item successfully updated'}
def put(self, checklist_result_id):
"""
Deletes a checklist_result item from your sprint/feature.
* Privileges required: **read**
"""
validate_privilege(self, 'read')
data = request.json
val_alpha_num_special(data.get('evidence'))
val_alpha_num(data.get('resolved'))
val_num(checklist_result_id)
result = update_checklist_result(checklist_result_id, data)
return result, 200, security_headers()
def put(self, category_id):
"""
Create new code example item.
* Privileges required: **edit**
"""
data = request.json
val_alpha_num_special(data.get('title'))
val_alpha_num(data.get('code_lang'))
val_num(category_id)
validate_privilege(self, 'edit')
result = create_code_item(data, category_id)
return result, 200, security_headers()
def put(self, id):
"""
Update a code example item.
* Privileges required: **manage**
"""
data = request.json
val_alpha_num_special(data.get('title'))
val_alpha_num(data.get('code_lang'))
val_num(id)
validate_privilege(self, 'manage')
result = update_code_item(id, data)
return result, 200, security_headers()
def put(self):
"""
Create new project item.
* Privileges required: **edit**
"""
data = request.json
val_alpha_num_special(data.get('name'))
val_alpha_num(data.get('version'))
val_alpha_num_special(data.get('description'))
validate_privilege(self, 'edit')
user_id = select_userid_jwt(self)
result = new_project(user_id, data)
return result, 200, security_headers()
def create_code_item(data):
log("User requested creating a new code item", "LOW", "PASS")
val_alpha_num_special(data.get('title'))
val_alpha_num(data.get('code_lang'))
title = data.get('title')
content = data.get('content')
code_lang = data.get('code_lang')
result = CodeItem(content, title, code_lang)
try:
db.session.add(result)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'Code example item successfully created'}
def put(self, id):
"""
Update a checklist item.
* Privileges required: **edit**
"""
data = request.json
val_num(id)
val_num(data.get('maturity'))
val_num(data.get('question_id'))
val_alpha_num_special(data.get('add_resources'))
val_num(data.get('kb_id'))
val_alpha_num(data.get('include_always'))
val_alpha_num_special(data.get('content'))
validate_privilege(self, 'edit')
result = update_checklist_item(id, data)
return result, 200, security_headers()
def put(self, checklist_id, checklist_type):
"""
new checklist item.
* Privileges required: **edit**
"""
data = request.json
val_alpha_num_special(data.get('content'))
val_alpha_num(data.get('include_always'))
val_num(data.get('question_id'))
val_num(data.get('kb_id'))
val_num(data.get('maturity'))
val_num(checklist_type)
val_alpha_num_special(checklist_id)
validate_privilege(self, 'edit')
result = create_checklist_item(checklist_id, checklist_type, data)
return result, 200, security_headers()
def login_user(data):
log("User successfully logedin", "HIGH", "PASS")
val_alpha_num(data.get('username'))
username = data.get('username')
try:
if (users.query.filter(users.userName == username).one()):
user = users.query.filter(users.userName == username).one()
if (user.activated == "True"):
if (user.access == "True"):
if check_password_hash(user.password,
data.get('password')):
priv_user = privileges.query.filter(
privileges.privilegeID == str(
user.privilegeID)).first()
payload = {
# userid
'UserId': user.userID,
#issued at
'iat': datetime.utcnow(),
#privileges
'privilege': priv_user.privilege,
#expiry
'exp': datetime.utcnow() + timedelta(minutes=120)
#claims for access api calls
#'claims': 'kb/items/update,project/items,non/existing/bla,'
}
token_raw = jwt.encode(payload,
settings.JWT_SECRET,
algorithm='HS256')
token = str(token_raw, 'utf-8')
return {
'Authorization token': token,
'username': username
}
else:
log("User triggered error login failed", "HIGH",
"FAIL")
return {'Authorization token': ''}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
except NoResultFound:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
def store_post_questions(user_id, data):
log("User stored new post question list", "MEDIUM", "PASS")
val_num(user_id)
for result in data.get('questions'):
val_alpha_num(result['checklistID'])
val_num(result['status'])
val_num(result['projectID'])
val_num(result['sprintID'])
val_num(result['kbID'])
post_checklist_id = result['checklistID']
post_result = result['status']
post_project_id = result['projectID']
post_sprint_id = result['sprintID']
post_kb_id = result['kbID']
post = checklists_post(post_checklist_id, post_project_id, post_sprint_id, post_result, post_kb_id)
db.session.add(post)
db.session.commit()
return {'message': 'Post questions successfully stored'}
def update_code_item(code_id, data):
log("User requested updated specific code example item", "LOW", "PASS")
result = CodeItem.query.filter(CodeItem.id == code_id).one()
val_alpha_num_special(data.get('title'))
val_alpha_num(data.get('code_lang'))
result.title = data.get('title')
result.content = data.get('content')
result.code_lang = data.get('code_lang')
try:
db.session.add(result)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'Code example item successfully updated'}
def store_post_questions(user_id, data):
log("User stored new post question list", "MEDIUM", "PASS")
val_num(user_id)
for result in data.get('questions'):
val_alpha_num(result['checklistID'])
val_num(result['status'])
val_num(result['projectID'])
val_num(result['sprintID'])
val_num(result['kbID'])
post_checklist_id = result['checklistID']
post_result = result['status']
post_project_id = result['projectID']
post_sprint_id = result['sprintID']
post_kb_id = result['kbID']
post = checklists_post(post_checklist_id, post_project_id,
post_sprint_id, post_result, post_kb_id)
db.session.add(post)
db.session.commit()
return {'message': 'Post questions successfully stored'}
def login_user(data):
log("User successfully logedin", "HIGH", "PASS")
val_alpha_num(data.get('username'))
username = data.get('username')
try:
if (users.query.filter(users.userName == username).one()):
user = users.query.filter(users.userName == username).one()
if (user.activated == "True"):
if (user.access == "True"):
if check_password_hash(user.password, data.get('password')):
priv_user = privileges.query.filter(privileges.privilegeID == str(user.privilegeID)).first()
payload = {
# userid
'UserId': user.userID,
#issued at
'iat': datetime.utcnow(),
#privileges
'privilege': priv_user.privilege,
#expiry
'exp': datetime.utcnow() + timedelta(minutes=120)
#claims for access api calls
#'claims': 'kb/items/update,project/items,non/existing/bla,'
}
token_raw = jwt.encode(payload, settings.JWT_SECRET, algorithm='HS256')
if sys.version_info.major == 3:
unicode = str
token = unicode(token_raw,'utf-8')
return {'Authorization token': token, 'username': username}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
else:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
except NoResultFound:
log("User triggered error login failed", "HIGH", "FAIL")
return {'Authorization token': ''}
def update_checklist_item(checklist_id, checklist_type, data):
log("User requested update a specific checklist item", "LOW", "PASS")
val_num(checklist_type)
val_alpha_num_special(checklist_id)
val_num(data.get('maturity'))
val_num(data.get('question_id'))
val_num(data.get('cwe'))
val_num(data.get('kb_id'))
val_alpha_num(data.get('include_always'))
val_alpha_num_special(data.get('content'))
include_always = data.get('include_always')
question_id = data.get('question_id')
maturity = data.get('maturity')
content = data.get('content')
cwe = data.get('cwe')
kb_id = data.get('kb_id')
if include_always == "True":
include_always = True
else:
include_always = False
if question_id == 0:
question_id = None
result_checklist_kb = ChecklistKB.query.filter((ChecklistKB.checklist_id == checklist_id) & (ChecklistKB.checklist_type == checklist_type)).one()
result_checklist_kb.content = content
result_checklist_kb.include_always = include_always
result_checklist_kb.question_id = question_id
result_checklist_kb.cwe = cwe
result_checklist_kb.kb_id = kb_id
result_checklist_kb.checklist_id = checklist_id
result_checklist_kb.maturity = maturity
result_checklist_kb.checklist_type = checklist_type
try:
db.session.add(result_checklist_kb)
db.session.commit()
except Exception as e:
db.session.rollback
raise
return {'message': 'Checklist item successfully updated'}
def new_comment_item(user_id, data):
log("User requested update a specific comment item", "LOW", "PASS")
val_num(user_id)
val_alpha_num(data.get('checklistID'))
val_num(data.get('sprintID'))
val_num(data.get('status'))
val_alpha_num_special(data.get('comment'))
sprint_id = data.get('sprintID')
checklist_id = data.get('checklistID')
status = data.get('status')
comment = data.get('comment')
now = datetime.datetime.now()
dateLog = now.strftime("%Y-%m-%d %H:%M:%S")
result = comments(sprint_id, checklist_id, user_id, status, comment, dateLog)
db.session.add(result)
db.session.commit()
result = checklists_results.query.filter(checklists_results.sprintID == sprint_id).filter(checklists_results.checklistID == checklist_id).all()
for row in result:
row.status = status
db.session.add(row)
db.session.commit()
return {'message': 'Comment item successfully created'}
def new_project(user_id, data):
log("User created new project", "MEDIUM", "PASS")
val_num(user_id)
val_alpha_num_special(data.get('name'))
val_alpha_num(data.get('version'))
val_alpha_num_special(data.get('description'))
name = data.get('name')
version = data.get('version')
description = data.get('description')
now = datetime.datetime.now()
timestamp = now.strftime("%Y-%m-%d %H:%M")
try:
project = Project(name, version, description, timestamp)
db.session.add(project)
db.session.commit()
except:
db.session.rollback()
raise
#result = Project.query.filter(Project.user_id == user_id).order_by(desc(Project.id)).first()
# I assume we would like to return the new project ID?
result = Project.query.filter(Project.name == name).first()
return {'project_id': result.id, 'message': 'Project successfully created'}
def create_checklist_item(checklist_id, checklist_type, data):
log("User requested create a new checklist item", "LOW", "PASS")
val_alpha_num_special(data.get('content'))
val_alpha_num(data.get('include_always'))
val_num(data.get('question_id'))
val_num(data.get('kb_id'))
val_num(data.get('maturity'))
content = data.get('content')
include_always = data.get('include_always')
question_id = data.get('question_id')
kb_id = data.get('kb_id')
cwe = data.get('cwe')
maturity = data.get('maturity')
if include_always == "True":
include_always = True
else:
include_always = False
if question_id == 0:
question_id = None
if validate_duplicate_checklist_item(checklist_id, checklist_type) == True:
try:
checklist_item = ChecklistKB(checklist_id, content, checklist_type, include_always, cwe, maturity)
checklist_item.question_id = question_id
checklist_item.kb_id = kb_id
db.session.add(checklist_item)
db.session.commit()
except:
db.session.rollback()
raise
return {'message': 'Checklist item successfully created'}
else:
return {'message': 'Checklist item was duplicate!'}
def activate_user(user_id, data):
log("User is activated", "HIGH", "PASS")
val_num(user_id)
val_num(data.get('accessToken'))
val_alpha_num(data.get('username'))
username = data.get('username')
username = username.replace(" ", "")
result = users.query.filter(users.userID == user_id).one()
if result.activated == "False":
if result.email == data.get('email'):
if data.get('password') == data.get('repassword'):
if data.get('accessToken') == result.accessToken:
pw_hash = generate_password_hash(data.get('password')).decode('utf-8')
result.password = pw_hash
result.access = "True"
result.activated = "True"
result.userName = username
db.session.add(result)
db.session.commit()
return {'message': 'User successfully activated'}
else:
log("User triggered error activation failed", "HIGH", "FAIL")
return {'message': 'User could not be activated'}
def store_questions(checklist_type, maturity, data):
log("User stored new sprint question list", "MEDIUM", "PASS")
#Store the result of the questionaire if answer was true in checklists_kb
for result in data.get('questions'):
val_num(result['question_id'])
val_num(result['project_id'])
val_num(result['checklist_type'])
val_num(result['sprint_id'])
val_alpha_num(result['result'])
question_id = result['question_id']
question_result = result['result']
question_project_id = result['project_id']
checklist_type = result['checklist_type']
sprint_id = result['sprint_id']
status = 1
if question_result == "True":
if maturity == 1:
checklists = ChecklistKB.query.filter(
ChecklistKB.question_id == question_id).filter(
ChecklistKB.checklist_type == checklist_type).filter(
ChecklistKB.maturity == 1).filter(
ChecklistKB.include_always == 0).all()
elif maturity == 2:
checklists = ChecklistKB.query.filter(
ChecklistKB.question_id == question_id).filter(
ChecklistKB.checklist_type == checklist_type).filter(
or_(ChecklistKB.maturity == 1,
ChecklistKB.maturity == 2)).filter(
ChecklistKB.include_always == 0).all()
elif maturity == 3:
checklists = ChecklistKB.query.filter(
ChecklistKB.question_id == question_id).filter(
ChecklistKB.checklist_type == checklist_type).filter(
or_(ChecklistKB.maturity == 1,
ChecklistKB.maturity == 2,
ChecklistKB.maturity == 3)).filter(
ChecklistKB.include_always == 0).all()
for row in checklists:
checklists_query = ChecklistResult(status)
checklists_query.project_id = question_project_id
checklists_query.sprint_id = sprint_id
checklists_query.kb_id = row.kb_id
checklists_query.checklist_id = row.id
checklists_query.checklist_type_id = checklist_type
db.session.add(checklists_query)
db.session.commit()
#Also check for the include always marked items so they are taken in account
if maturity == 1:
checklists_always = ChecklistKB.query.filter(
ChecklistKB.include_always == 1).filter(
ChecklistKB.checklist_type == checklist_type).filter(
ChecklistKB.maturity == 1).all()
elif maturity == 2:
checklists_always = ChecklistKB.query.filter(
ChecklistKB.include_always == 1).filter(
ChecklistKB.checklist_type == checklist_type).filter(
or_(ChecklistKB.maturity == 1,
ChecklistKB.maturity == 2)).all()
elif maturity == 3:
checklists_always = ChecklistKB.query.filter(
ChecklistKB.include_always == 1).filter(
ChecklistKB.checklist_type == checklist_type).filter(
or_(ChecklistKB.maturity == 1, ChecklistKB.maturity == 2,
ChecklistKB.maturity == 3)).all()
for row in checklists_always:
checklists_always = ChecklistResult(status)
checklists_always.project_id = question_project_id
checklists_always.sprint_id = sprint_id
checklists_always.kb_id = row.kb_id
checklists_always.checklist_id = row.id
checklists_always.checklist_type_id = checklist_type
db.session.add(checklists_always)
db.session.commit()
return {'message': 'Sprint successfully created'}