def add_user(user_email, password=None, admin=False):
user = User(email=user_email, admin=admin).save()
user_management.set_password(user, password)
user.save()
print(f'User {user_email} created succesfully (ID: {user.id})')
print(f'Admin: {user.admin}')
print(f'API key: {user.api_key}')
def test_authenticate_fail():
"""Tests that a user can be authenticated with their password."""
user = User(email='*****@*****.**').save()
user_management.set_password(user, 'password')
user.save()
assert user_management.authenticate_user('*****@*****.**',
'123456') is None
def inner(*args, **kwargs):
auth_headers = request.headers.get('Authorization', None)
api_key = request.headers.get('X-Yeti-API', None)
user = None
if api_key:
user = User.find(api_key=api_key)
if not user:
return INVALID_API_KEY, 401
if auth_headers:
try:
token = auth_headers.split()[1]
data = jwt.decode(token, yeti_config.core.secret_key)
user = User.find(email=data['sub'])
issued_at = datetime.utcfromtimestamp(data['iat'])
last_pwd_reset = user.last_password_change.replace(
microsecond=0)
if issued_at < last_pwd_reset:
return EXPIRED_TOKEN, 401
except jwt.ExpiredSignatureError:
return EXPIRED_TOKEN, 401
except jwt.InvalidTokenError:
pass
if not user:
return INVALID_TOKEN, 401
g.user = user
return f(*args, **kwargs)
def add_user(user_email, password=None, admin=False):
try:
user = User(email=user_email, admin=admin).save()
user_management.set_password(user, password)
user.save()
except IntegrityError: # user already exists, force reset password
user = User.get_or_create(email=user_email)
user_management.set_password(user, password)
print(f'User {user_email} created succesfully (ID: {user.id})')
print(f'Admin: {user.admin}')
print(f'API key: {user.api_key}')
def clean_db():
# pylint: disable=protected-access
# We need to access the collections to make sure they are in the cache
Entity._get_collection()
Indicator._get_collection()
Malware._get_collection()
Observable._get_collection()
Hostname._get_collection()
Tag._get_collection()
Vocabs._get_collection()
Relationship._get_collection()
User._get_collection()
db.clear()
def create_user(email, password=None):
"""Creates a user in the database.
Args:
email: The user's email address.
password: The user's cleartext password.
Returns:
The new User object.
"""
user = User(email=email)
set_password(user, password)
return user.save()
def populate_users():
admin = User(email='*****@*****.**', admin=True).save()
user_management.set_password(admin, 'admin')
admin.save()
user = User(email='*****@*****.**', ).save()
user_management.set_password(user, 'user')
user.save()
return [admin, user]
def test_no_override_password():
"""Tests that updates to a user do not override their password."""
user = User(email='*****@*****.**').save()
user_management.set_password(user, 'password')
user.save()
user.email = '*****@*****.**'
user.save()
user = User.find(email='*****@*****.**')
assert user.email == '*****@*****.**'
assert check_password_hash(user.password, 'password')
def reset_password(user_email, password=None):
user = User.find(email=user_email)
if not user:
print(f'No such user: {user_email}')
exit(-1)
user_management.set_password(user, password)
user.save()
print(f'Password for {user_email} reset succesfully.')
print(f'Admin: {user.admin}')
print(f'API key: {user.api_key}')
def authenticate_user(email, password):
"""Authenticates a user against the information in the database.
Args:
email: The user's email address.
password: The user's cleartext password.
Returns:
A User obejct if authentication is successful, None otherwise.
"""
user = User.find(email=email)
if not user:
return None
if check_password_hash(user.password, password):
return user
return None
def test_filter_users(populate_users):
"""Tests that users are correctly populated and can be searched for."""
users = User.filter({'email': 'user'})
assert len(users) == 1
users = User.filter({'email': 'admin'})
assert len(users) == 1