def setDBPort(self, port):
if self._mc:
raise spxException(
'Connection is already done, disconnect before changing database settings'
)
self._dbport = port
def setDBUsername(self, username):
if self._mc:
raise spxException(
'Connection is already done, disconnect before changing database settings'
)
self._dbuser = username
def setDBPassword(self, password):
if self._mc:
raise spxException(
'Connection is already done, disconnect before changing database settings'
)
self._dbpass = password
def setDBHost(self, host):
if self._mc:
raise spxException(
'Connection is already done, disconnect before changing database settings'
)
self._dbhost = host
def decrypt(self, key):
if len(key) != 32:
raise spxException(rc=-1, msg='Wrong key length')
buf = base64.b64decode(self.content)
iv = buf[:AES.block_size]
content = buf[AES.block_size:]
cipher = AES.new(key, AES.MODE_CFB, iv)
content = cipher.decrypt(content).decode()
sig = content[:len(spxSnippet.signature)]
if sig == spxSnippet.signature:
self.content = content[len(spxSnippet.signature):]
"""
if we have the right signature and email/reference exist,
we can also decrypt those
"""
if len(self.email) > 0:
self.email = cipher.decrypt(base64.b64decode(
self.email)).decode()
if len(self.reference) > 0:
self.reference = cipher.decrypt(
base64.b64decode(self.reference)).decode()
return True
return False
def setDBName(self, name):
if self._mc:
raise spxException(
'Connection is already done, disconnect before changing database name'
)
self._dbname = name
def dictToObj(self, d, isBck=False):
if not 'content' in d or len(d['content']) == 0:
raise spxException(rc=-1, msg='content not provided')
if not 'createdBy' in d:
raise spxException(rc=-1, msg='createdBy not provided')
self.isRaw = False
self.isFile = False
self.isConfirm = False
if 'isConfirm' in d:
if d['isConfirm'] is True or d['isConfirm'] == 1:
self.isConfirm = True
if 'isRaw' in d:
if d['isRaw'] is True or d['isRaw'] == 'True' or d['isRaw'] == 1:
self.isRaw = True
if self.isConfirm is True:
if not 'email' in d or len(d['email']) == 0:
raise spxException(
rc=-2,
msg='email address not provided but confirmation is enabled'
)
else:
self.email = d['email']
if not self.__validateEmail():
raise spxException(
rc=-3, msg='email address provided is not valid')
if not 'reference' in d or len(d['reference']) == 0:
raise spxException(
rc=-3,
msg='reference not provided but confirmation is enblaed')
else:
self.reference = d['reference']
if 'isFile' in d:
if d['isFile'] is True or d['isFile'] == 'True' or d['isFile'] == 1:
self.isFile = True
if 'name' in d:
self.name = d['name']
self.content = d['content']
self.createdBy = d['createdBy']
def stripFile(self):
""" should remove: data:*/*;base64, from the begining of the field """
tmp = self.content.split(',', 1)
if len(tmp) != 2:
raise spxException(rc=-6, msg='File format incorrect')
self.content = tmp[1]
def disconnect(self):
if not self._mc:
raise spxException(
'MongoDB is not connected, cannot use disconnect()')
self._mc.close()
self._mc = None
self._db = None
def fetchFromId(self):
mc = spxMongo()
e = mc.getCollection(type(self)._collection).find_one(
self._buildDoc(type(self)._attr_ids))
if not e:
raise spxException(
rc=spxMongoObject.ENOTFOUND,
msg='fetchFromId(): Can\'t find entry in the database')
self.setFromDB(e)
def get(self, uid=None, key=None):
ret = {}
if uid is None or key is None:
spxLogger.logAction('GET_SNIP', request.remote_addr, 'DENY')
return Response(
json.dumps({
'rc':
-1,
'error':
'You are not authorized to use this function'
}), 403, [('Content-Type', 'application/json')])
mc = getMongo()
try:
snip = spxSnippet(id=ObjectId(uid))
snip.fetchFromId()
if not snip.decrypt(key):
raise spxException(
rc=-1, msg='Decryption failed, please check your key')
if snip.isConfirm:
snip.sendConfirmation(
spxSnippetHandler.app.config['SMTP_SERVER'],
spxSnippetHandler.app.config['MAIL_FROM'],
remote_addr=request.remote_addr)
ret = snip
""" remove the snippet """
snip.delete()
spxLogger.logAction('GET_SNIP',
request.remote_addr,
'ALLOW',
obj=uid)
except spxException as e:
spxLogger.logAction('GET_SNIP', request.remote_addr, 'FAIL', obj=e)
ret = {
'rc':
e.rc,
'error':
'Sorry, the snippet you are trying to retrieve does not exist or was already accessed. Please contact the person who sent you the secure snippet so they can re-create the snippet and send you a new link.'
}
except InvalidId:
spxLogger.logAction('GET_SNIP',
request.remote_addr,
'FAIL',
obj=uid)
ret = {'rc': -1, 'error': 'The ID you provided is malformed'}
except Exception as e:
spxLogger.logAction('GET_SNIP', request.remote_addr, 'FAIL', obj=e)
ret = {'rc': -1, 'error': 'Something wrong happenned'}
return Response(json.dumps(ret, cls=spxJSONEncoder), 200,
[('Content-Type', 'application/json')])
def sendConfirmation(self, smtp_addr, mail_from, remote_addr='Unknown'):
if len(smtp_addr) == 0:
raise spxException(rc=-5, msg='SMTP address is not configured')
if len(mail_from) == 0:
raise spxException(rc=-5,
msg='source email address is not configured')
text = 'Hello,\n\nHere is your read confirmation for the snippet with refernce: ' + self.reference + '\n'
text += 'The IP who has retreived the snippet was: ' + remote_addr + '\n\n'
text += 'Best,\n\n--Secure Snippet\n'
msg = MIMEMultipart()
msg['Subject'] = '[SNIPPET] Read confirmation: ' + self.reference
msg['From'] = mail_from
msg['To'] = self.email
text = MIMEText(text)
msg.attach(text)
with smtplib.SMTP(smtp_addr) as smtp:
smtp.sendmail(mail_from, self.email, msg.as_string())
smtp.quit()
def findMany(self, cls=None, collection=None, where={}):
if cls is None and collection is None:
raise spxException('findMany(): need at least collection or cls')
if collection is None:
collection = cls._collection
if cls is None:
if collection not in spxMongo._cols:
raise spxException(
'findMany(): cannot find collection in registered list')
cls = spxMongo._cols[collection]
rs = self.getCollection(collection).find(where)
ret = []
for i in rs:
o = cls()
o.setFromDB(i)
ret.append(o)
return ret
def connect(self):
if self._mc is not None:
raise spxException(
'MongoDB is already connected, use disconnect() first')
uri = 'mongodb://'
if self._dbuser is not None:
uri = uri + self._dbuser
if self._dbpass is not None:
uri = uri + ':' + self._dbpass
uri = uri + '@'
uri = uri + self._dbhost + ':' + str(self._dbport) + '/' + self._dbname
self._mc = MongoClient(host=uri)
self._db = self._mc[self._dbname]
def save(self):
mc = spxMongo()
rs = mc.getCollection(type(self)._collection).replace_one(
self._buildDoc(type(self)._attr_ids), self._buildDoc())
if rs.matched_count < 1:
raise spxException('replace_one() filter matched no objects')
def getCollection(self, col):
if self._db is None:
raise spxException('getCollection(): MongoDB is not connected')
return self._db[col]
def getMongo(self):
if self._mc is None:
raise spxException('getMongo(): MongoDB is not connected')
return self._mc
def delete(self):
mc = spxMongo()
rs = mc.getCollection(type(self)._collection).delete_one(
self._buildDoc(type(self)._attr_ids))
if rs.deleted_count < 1:
raise spxException('delete() filter matched no objects')
