def dummy_data(): # Dummy test users User.new_user(email='*****@*****.**') users = User.query.all() for i in xrange(4): RabbitMQAccount.new_user( username='******'.format(i), password='******', owners=users[0]) rabbitmq_accounts = RabbitMQAccount.query.all() # And some dummy queues dummy_queue = Queue(name='dummy-empty-queue', size=0, owner=rabbitmq_accounts[0]) db_session.add(dummy_queue) db_session.commit() dummy_queue = Queue(name='dummy-non-empty-queue', size=config.warn_queue_size/5, owner=rabbitmq_accounts[0]) db_session.add(dummy_queue) db_session.commit() dummy_queue = Queue(name='dummy-warning-queue', size=config.warn_queue_size + 1, owner=rabbitmq_accounts[1]) db_session.add(dummy_queue) db_session.commit() dummy_queue = Queue(name='dummy-deletion-queue', size=int(config.del_queue_size * 1.2), owner=rabbitmq_accounts[2]) db_session.add(dummy_queue) db_session.commit() # Test admin user User.new_user(email='*****@*****.**', admin=True) logger.info('Finished generating dummy data.')
def test_pulse_odd_whitespace_ownership_list(self): self.setup_3_users() RabbitMQAccount.new_user(username="******", owners=self.all_users, password="******") new_emails = self.set_rabbitmq_account_email_list( "mick", ", {}, {},{},".format(*self.all_emails)) self.assertEqual(new_emails, set(self.all_emails))
def test_pulse_odd_whitespace_ownership_list(self): self.setup_3_users() RabbitMQAccount.new_user(username="******", owners=self.all_users, password="******") new_emails = self.set_rabbitmq_account_email_list( "mick", ", {}, {},{},".format(*self.all_emails)) self.assertEquals(new_emails, set(self.all_emails))
def test_rabbitmq_account_multiple_to_single_ownership(self): self.setup_3_users() RabbitMQAccount.new_user(username="******", owners=self.all_users, password="******") new_emails = self.set_rabbitmq_account_email_list( "mick", self.curr_email) self.assertEqual(new_emails, {self.curr_email})
def test_rabbitmq_account_multiple_to_single_ownership(self): self.setup_3_users() RabbitMQAccount.new_user(username="******", owners=self.all_users, password="******") new_emails = self.set_rabbitmq_account_email_list("mick", self.curr_email) self.assertEquals(new_emails, {self.curr_email})
def register_handler(): username = request.form['username'] password = request.form['password'] password_verification = request.form['password-verification'] owners = _clean_owners_str(request.form['owners-list']) email = session['userinfo']['email'] errors = [] if password != password_verification: errors.append("Password verification doesn't match the password.") elif not RabbitMQAccount.strong_password(password): errors.append("Your password must contain a mix of letters and " "numerical characters and be at least 6 characters " "long.") if not re.match('^[a-zA-Z][a-zA-Z0-9._-]*$', username): errors.append("The submitted username must start with an " "alphabetical character and contain only alphanumeric " "characters, periods, underscores, and hyphens.") if config.reserved_users_regex and re.match(config.reserved_users_regex, username): errors.append("The submitted username is reserved. " + config.reserved_users_message) # Checking if a user exists in RabbitMQ OR in our db try: user_response = pulse_management.user(username=username) in_rabbitmq = True except pulse_management.PulseManagementException: in_rabbitmq = False else: if 'error' in user_response: in_rabbitmq = False if (in_rabbitmq or RabbitMQAccount.query.filter( RabbitMQAccount.username == username).first()): errors.append("An account with the same username already exists.") if errors: return render_template('register.html', email=email, signup_errors=errors) owner_users = list(User.query.filter(User.email.in_(owners))) # Reject with error message if the owner list is unparse-able or contains # no users that actualy exist. if not owner_users: return register(error="Invalid owners list: {}".format( request.form['owners-list'] or "None")) RabbitMQAccount.new_user(username, password, owner_users) return redirect('/rabbitmq_accounts')
def setUp(self): global pulse_cfg self.proc = None self.publisher = None self.guardian = PulseGuardian(warn_queue_size=TEST_WARN_SIZE, del_queue_size=TEST_DELETE_SIZE, emails=False) dbinit.init_and_clear_db() self.consumer_cfg = pulse_cfg.copy() self.consumer_cfg['applabel'] = str(uuid.uuid1()) # Configure/create the test user to be used for message consumption. self.consumer_cfg['user'] = CONSUMER_USER self.consumer_cfg['password'] = CONSUMER_PASSWORD self.user = User.new_user(email=CONSUMER_EMAIL, admin=False) # As a default owner for rabbitmq_account in some tests where an owner # is not provided. self.admin = User.new_user(email=ADMIN_EMAIL, admin=True) db_session.add(self.user) db_session.commit() self.rabbitmq_account = RabbitMQAccount.new_user( username=CONSUMER_USER, password=CONSUMER_PASSWORD, owners=self.user) db_session.add(self.rabbitmq_account) db_session.commit()
def update_info(): rabbitmq_username = request.form['rabbitmq-username'] new_password = request.form['new-password'] password_verification = request.form['new-password-verification'] new_owners = _clean_owners_str(request.form['owners-list']) try: rabbitmq_account = RabbitMQAccount.query.filter( RabbitMQAccount.username == rabbitmq_username).one() except sqlalchemy.orm.exc.NoResultFound: return rabbitmq_accounts(messages=[ "RabbitMQ account {} not found.".format(rabbitmq_username) ]) if g.user not in rabbitmq_account.owners: return rabbitmq_accounts(messages=[ "Invalid user: {} is not an owner.".format(g.user.email) ]) messages = [] error = None if new_password: if new_password != password_verification: return rabbitmq_accounts( error="Password verification doesn't match the password.") if not RabbitMQAccount.strong_password(new_password): return rabbitmq_accounts( error="Your password must contain a mix of letters and " "numerical characters and be at least 6 characters long.") rabbitmq_account.change_password(new_password) messages.append( "Password updated for user {0}.".format(rabbitmq_username)) # Update the owners list, if needed. old_owners = {user.email for user in rabbitmq_account.owners} if new_owners and new_owners != old_owners: # The list was changed. Do an update. new_owner_users = list(User.query.filter(User.email.in_(new_owners))) if new_owner_users: # At least some of the new owners are real users in the db. rabbitmq_account.owners = new_owner_users db_session.commit() updated_owners = {user.email for user in new_owner_users} invalid_owners = sorted(new_owners - updated_owners) if invalid_owners: error = "Some user emails not found: {}".format( ', '.join(invalid_owners)) else: messages = ["Email list updated."] else: error = ("Invalid owners: " "Must be a comma-delimited list of existing user emails.") if not error and not messages: messages = ["No info updated."] return rabbitmq_accounts(messages=messages, error=error)
def test_user(self): user = User.new_user(email='*****@*****.**', admin=False) db_session.add(user) db_session.commit() rabbitmq_account = RabbitMQAccount.new_user(username='******', password='******', owners=user, create_rabbitmq_user=False) db_session.add(rabbitmq_account) db_session.commit() self.assertTrue(user in User.query.all()) # Emails are normalized by putting them lower-case self.assertEqual( User.query.filter(User.email == '*****@*****.**').first(), user) self.assertEqual( RabbitMQAccount.query.filter( RabbitMQAccount.username == 'dummy').first(), rabbitmq_account) self.assertEqual( RabbitMQAccount.query.filter( RabbitMQAccount.username == 'DUMMY').first(), None)
def dummy_data(): # Dummy test users User.new_user(email='*****@*****.**') users = User.query.all() for i in range(4): RabbitMQAccount.new_user(username='******'.format(i), password='******', owners=users[0]) rabbitmq_accounts = RabbitMQAccount.query.all() # And some dummy queues dummy_queue = Queue(name='dummy-empty-queue', size=0, owner=rabbitmq_accounts[0]) db_session.add(dummy_queue) db_session.commit() dummy_queue = Queue(name='dummy-non-empty-queue', size=config.warn_queue_size / 5, owner=rabbitmq_accounts[0]) db_session.add(dummy_queue) db_session.commit() dummy_queue = Queue(name='dummy-warning-queue', size=config.warn_queue_size + 1, owner=rabbitmq_accounts[1]) db_session.add(dummy_queue) db_session.commit() dummy_queue = Queue(name='dummy-deletion-queue', size=int(config.del_queue_size * 1.2), owner=rabbitmq_accounts[2]) db_session.add(dummy_queue) db_session.commit() # Test admin user User.new_user(email='*****@*****.**', admin=True) logger.info('Finished generating dummy data.')
def update_queue_information(self, queue_data, all_bindings): if 'messages' not in queue_data: # FIXME: We should do something here, probably delete the queue, # as it's in a weird state. More investigation is required. # See bug 1066338. return None q_size, q_name, q_durable = (queue_data['messages'], queue_data['name'], queue_data['durable']) queue = Queue.query.filter(Queue.name == q_name).first() # If the queue doesn't exist in the db, create it. if queue is None: log_details = { 'queuename': q_name, 'queuesize': q_size, 'queuedurable': q_durable, } m = re.match('queue/([^/]+)/', q_name) if not m: log_details['valid'] = False owner = None elif (config.reserved_users_regex and re.match(config.reserved_users_regex, m.group(1))): # Ignore this queue entirely as we will see it again on the # next iteration. return None else: log_details['valid'] = True owner_name = m.group(1) owner = RabbitMQAccount.query.filter( RabbitMQAccount.username == owner_name).first() log_details['ownername'] = owner_name log_details['newowner'] = not owner # If the queue belongs to a pulse user that isn't in the # pulseguardian database, add the user to the DB, owned by an # admin. if owner is None: # RabbitMQAccount needs at least one owner as well, but # since we have no way of knowing who really owns it, find # the first admin, and set it to that. user = User.query.filter(User.admin == True).first() owner = RabbitMQAccount.new_user(owner_name, owners=user) mozdef.log( mozdef.NOTICE, mozdef.OTHER, 'New queue.', details=log_details, tags=['queue'], ) queue = Queue(name=q_name, owner=owner) # add the queue bindings to the db. bindings = self.get_queue_bindings(all_bindings, queue.name) for binding in bindings: db_binding = Binding.query.filter( Binding.exchange == binding["source"], Binding.routing_key == binding["routing_key"], Binding.queue_name == queue.name ).first() if not db_binding: # need to create the binding in the DB binding = Binding(exchange=binding["source"], routing_key=binding["routing_key"], queue_name=queue.name) db_session.add(binding) # Update the saved queue size. queue.size = q_size queue.durable = q_durable db_session.add(queue) db_session.commit() return queue
def update_queue_information(self, queue_data, all_bindings): if 'messages' not in queue_data: # FIXME: We should do something here, probably delete the queue, # as it's in a weird state. More investigation is required. # See bug 1066338. return None q_size, q_name, q_durable = (queue_data['messages'], queue_data['name'], queue_data['durable']) queue = Queue.query.filter(Queue.name == q_name).first() # If the queue doesn't exist in the db, create it. if queue is None: log_details = { 'queuename': q_name, 'queuesize': q_size, 'queuedurable': q_durable, } m = re.match('queue/([^/]+)/', q_name) if not m: log_details['valid'] = False owner = None elif (config.reserved_users_regex and re.match(config.reserved_users_regex, m.group(1))): # Ignore this queue entirely as we will see it again on the # next iteration. return None else: log_details['valid'] = True owner_name = m.group(1) owner = RabbitMQAccount.query.filter( RabbitMQAccount.username == owner_name).first() log_details['ownername'] = owner_name log_details['newowner'] = not owner # If the queue belongs to a pulse user that isn't in the # pulseguardian database, add the user to the DB, owned by an # admin. if owner is None: # RabbitMQAccount needs at least one owner as well, but # since we have no way of knowing who really owns it, find # the first admin, and set it to that. user = User.query.filter(User.admin == True).first() owner = RabbitMQAccount.new_user(owner_name, owners=user) mozdef.log( mozdef.NOTICE, mozdef.OTHER, 'New queue.', details=log_details, tags=['queue'], ) queue = Queue(name=q_name, owner=owner) # add the queue bindings to the db. bindings = self.get_queue_bindings(all_bindings, queue.name) for binding in bindings: db_binding = Binding.query.filter( Binding.exchange == binding["source"], Binding.routing_key == binding["routing_key"], Binding.queue_name == queue.name).first() if not db_binding: # need to create the binding in the DB binding = Binding(exchange=binding["source"], routing_key=binding["routing_key"], queue_name=queue.name) db_session.add(binding) # Update the saved queue size. queue.size = q_size queue.durable = q_durable db_session.add(queue) db_session.commit() return queue
def update_info(): rabbitmq_username = request.form['rabbitmq-username'] new_password = request.form['new-password'] password_verification = request.form['new-password-verification'] new_owners = _clean_owners_str(request.form['owners-list']) try: rabbitmq_account = RabbitMQAccount.query.filter( RabbitMQAccount.username == rabbitmq_username).one() except sqlalchemy.orm.exc.NoResultFound: return rabbitmq_accounts( messages=[ "RabbitMQ account {} not found.".format(rabbitmq_username) ]) if g.user not in rabbitmq_account.owners: return rabbitmq_accounts( messages=[ "Invalid user: {} is not an owner.".format(g.user.email) ] ) messages = [] error = None if new_password: if new_password != password_verification: return rabbitmq_accounts( error="Password verification doesn't match the password." ) if not RabbitMQAccount.strong_password(new_password): return rabbitmq_accounts( error="Your password must contain a mix of letters and " "numerical characters and be at least 6 characters long." ) rabbitmq_account.change_password(new_password) messages.append("Password updated for user {0}.".format( rabbitmq_username)) # Update the owners list, if needed. old_owners = {user.email for user in rabbitmq_account.owners} if new_owners and new_owners != old_owners: # The list was changed. Do an update. new_owner_users = list(User.query.filter(User.email.in_(new_owners))) if new_owner_users: # At least some of the new owners are real users in the db. rabbitmq_account.owners = new_owner_users db_session.commit() updated_owners = {user.email for user in new_owner_users} invalid_owners = sorted(new_owners - updated_owners) if invalid_owners: error = "Some user emails not found: {}".format( ', '.join(invalid_owners)) else: messages = ["Email list updated."] else: error = ("Invalid owners: " "Must be a comma-delimited list of existing user emails.") if not error and not messages: messages = ["No info updated."] return rabbitmq_accounts(messages=messages, error=error)