def change_passwd():
password = request.json.get('password')
password_repeat = request.json.get('password_repeat')
if not password or not password_repeat:
# Request body is not complete.
return error_response(errors.AUTH_RESET_MISSING, 400)
if password != password_repeat:
# Password do not match.
return error_response(errors.AUTH_PASSWD_MATCH, 400)
if current_user.is_authenticated():
# No need to check password hash object or email.
user = current_user
else:
email = request.json.get('email')
hashstr = request.json.get('hashstr')
if not email or not hashstr:
# Request body is not complete for not authenticated
# request, ie, uses password reset hash.
return error_response(errors.AUTH_RESET_MISSING, 400)
reset = db.session.query(PasswdReset).join(User).\
filter(User.email == email, PasswdReset.active == True).\
filter(PasswdReset.hashstr == hashstr).\
first()
if not reset:
return error_response(errors.AUTH_RESET_HASH, 404)
db.session.add(reset)
reset.active = False
user = reset.user
user.password = encrypt_password(password)
db.session.add(user)
db.session.commit()
return jsonify({})
def change_passwd():
password = request.json.get('password')
password_repeat = request.json.get('password_repeat')
if not password or not password_repeat:
# Request body is not complete.
return error_response(errors.AUTH_RESET_MISSING, 400)
if password != password_repeat:
# Password do not match.
return error_response(errors.AUTH_PASSWD_MATCH, 400)
if current_user.is_authenticated():
# No need to check password hash object or email.
user = current_user
else:
email = request.json.get('email')
hashstr = request.json.get('hashstr')
if not email or not hashstr:
# Request body is not complete for not authenticated
# request, ie, uses password reset hash.
return error_response(errors.AUTH_RESET_MISSING, 400)
reset = db.session.query(PasswdReset).join(User).\
filter(User.email == email, PasswdReset.active == True).\
filter(PasswdReset.hashstr == hashstr).\
first()
if not reset:
return error_response(errors.AUTH_RESET_HASH, 404)
db.session.add(reset)
reset.active = False
user = reset.user
user.password = encrypt_password(password)
db.session.add(user)
db.session.commit()
return jsonify({})
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
elif request.authorization:
auth = request.authorization
if auth and auth.get('username') == auth.get('password') and\
Sensor.query.filter_by(uuid=auth.get('username')).count() == 1:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
elif 'deploy_key' in request.json:
server_key = current_app.config['DEPLOY_KEY']
passed_key = request.json['deploy_key']
if server_key == passed_key:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
elif request.authorization:
auth = request.authorization
if auth and auth.get('username') == auth.get('password') and\
Sensor.query.filter_by(uuid=auth.get('username')).count() == 1:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
elif 'deploy_key' in request.json:
server_key = current_app.config['DEPLOY_KEY']
passed_key = request.json['deploy_key']
if server_key == passed_key:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
api_key = request.args.get('api_key', '')
if api_key:
key = ApiKey.query.filter_by(api_key=api_key).first()
if key:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def wrapped_view(*args, **kwargs):
if current_user and current_user.is_authenticated():
return view(*args, **kwargs)
api_key = request.args.get('api_key', '')
if api_key:
key = ApiKey.query.filter_by(api_key=api_key).first()
if key:
return view(*args, **kwargs)
return error_response(errors.API_NOT_AUTHORIZED, 401)
def get_feed():
from mhn.auth import current_user
authfeed = mhn.config['FEED_AUTH_REQUIRED']
if authfeed and not current_user.is_authenticated():
abort(404)
feed = AtomFeed('MHN HpFeeds Report', feed_url=request.url,
url=request.url_root)
sessions = new_clio_connection().session.get(options={'limit': 1000})
for s in sessions:
feedtext = u'Sensor "{identifier}" '
feedtext += '{source_ip}:{source_port} on sensorip:{destination_port}.'
feedtext = feedtext.format(**s.to_dict())
feed.add('Feed', feedtext, content_type='text',
published=s.timestamp, updated=s.timestamp,
url=makeurl(url_for('api.get_session', session_id=str(s._id))))
return feed
def get_feed():
from mhn.common.clio import Clio
from mhn.auth import current_user
authfeed = mhn.config['FEED_AUTH_REQUIRED']
if authfeed and not current_user.is_authenticated():
abort(404)
feed = AtomFeed('MHN HpFeeds Report', feed_url=request.url,
url=request.url_root)
sessions = Clio().session.get(options={'limit': 1000})
for s in sessions:
feedtext = u'Sensor "{identifier}" '
feedtext += '{source_ip}:{source_port} on sensorip:{destination_port}.'
feedtext = feedtext.format(**s.to_dict())
feed.add('Feed', feedtext, content_type='text',
published=s.timestamp, updated=s.timestamp,
url=makeurl(url_for('api.get_session', session_id=str(s._id))))
return feed
def login_user():
if current_user.is_authenticated():
return redirect(url_for('ui.dashboard'))
return render_template('security/login_user.html')
def login_user():
if current_user.is_authenticated():
return redirect(url_for('ui.dashboard'))
return render_template('security/login_user.html')