def activate_user(user_id, data): log("User is activated", "HIGH", "PASS") val_num(user_id) val_num(data.get('accessToken')) val_alpha_num(data.get('username')) val_alpha_num_special(data.get('email')) username = data.get('username') username = username.replace(" ", "") result = User.query.filter(User.id == user_id).one() if not result.activated: if result.email == data.get('email'): if data.get('password') == data.get('repassword'): if data.get('accessToken') == result.accessToken: pw_hash = generate_password_hash( data.get('password')).decode('utf-8') result.password = pw_hash result.access = True result.activated = True result.username = username db.session.add(result) db.session.commit() return {'message': 'User successfully activated'} else: log("User triggered error activation failed", "HIGH", "FAIL") return {'message': 'User could not be activated'}
def new_project(user_id, data): log("User created new project", "MEDIUM", "PASS") val_num(user_id) val_alpha_num_special(data.get('name')) val_alpha_num(data.get('version')) val_alpha_num_special(data.get('description')) projectName = data.get('name') projectVersion = data.get('version') projectDesc = data.get('description') userID = user_id groupmember = groupmembers.query.filter( groupmembers.userID == userID).one() ownerID = groupmember.ownerID groupID = groupmember.groupID now = datetime.datetime.now() timestamp = now.strftime("%Y-%m-%d %H:%M") project = projects(userID, groupID, projectName, projectVersion, projectDesc, ownerID, timestamp) db.session.add(project) db.session.commit() result = projects.query.filter(projects.userID == user_id).order_by( desc(projects.projectID)).first() return { 'projectID': result.projectID, 'message': 'Project successfully created' }
def login_user(data): log("User successfully logedin", "HIGH", "PASS") val_alpha_num(data.get('username')) username = data.get('username') try: user = User.query.filter(User.username == username).one() if not user is None and user.activated and user.access \ and check_password_hash(user.password, data.get('password')): payload = { # userid 'UserId': user.id, #issued at 'iat': datetime.utcnow(), #privileges 'privilege': user.privilege.privilege, #expiry 'exp': datetime.utcnow() + timedelta(minutes=120) #claims for access api calls #'claims': 'kb/items/update,project/items,non/existing/bla,' } token_raw = jwt.encode(payload, settings.JWT_SECRET, algorithm='HS256') if sys.version_info.major == 3: unicode = str token = unicode(token_raw, 'utf-8') return {'Authorization token': token, 'username': username} log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} except NoResultFound: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''}
def new_comment_item(user_id, data): log("User requested update a specific comment item", "LOW", "PASS") val_num(user_id) val_alpha_num(data.get('checklistID')) val_num(data.get('sprintID')) val_num(data.get('status')) sprint_id = data.get('sprintID') checklist_id = data.get('checklistID') status = data.get('status') comment = data.get('comment') now = datetime.datetime.now() dateLog = now.strftime("%Y-%m-%d %H:%M:%S") comment = Comment(status, comment, dateLog) comment.sprint_id = sprint_id comment.checklist_id = checklist_id comment.user_id = user_id try: db.session.add(comment) results = ChecklistResult.query.filter( ChecklistResult.sprint_id == sprint_id).filter( ChecklistResult.checklist_id == checklist_id).all() for row in results: row.status = status db.session.add(row) db.session.commit() except: db.session.rollback() raise return {'message': 'Comment item successfully created'}
def update_project(project_id, user_id, data): log("User updated project", "MEDIUM", "PASS") val_num(project_id) val_num(user_id) val_alpha_num_special(data.get('name')) val_alpha_num(data.get('version')) val_alpha_num_special(data.get('description')) try: project = Project.query.filter(Project.id == project_id).one() project.projectName = data.get('name') project.projectVersion = data.get('version') project.projectDesc = data.get('description') project.userID = user_id #groupmember = groupmembers.query.filter(groupmembers.userID == user_id).one() #ownerID = groupmember.ownerID #groupID = groupmember.groupID now = datetime.datetime.now() project.timestamp = now.strftime("%Y-%m-%d %H:%M") db.session.add(project) db.session.commit() except Exception as e: db.session.rollback() raise return {'message': 'Project successfully updated'}
def test_val_alpha_num(self): """Test if the val_alpha_num method is working""" self.assertTrue(val_alpha_num("woop woop 1337")) try: self.assertFalse(val_alpha_num("woop %$*@><'1337")) except BadRequest: return True
def new_comment_item(user_id, data): log("User requested update a specific comment item", "LOW", "PASS") val_num(user_id) val_alpha_num(data.get('checklistID')) val_num(data.get('sprintID')) val_num(data.get('status')) val_alpha_num_special(data.get('comment')) sprint_id = data.get('sprintID') checklist_id = data.get('checklistID') status = data.get('status') comment = data.get('comment') now = datetime.datetime.now() dateLog = now.strftime("%Y-%m-%d %H:%M:%S") result = comments(sprint_id, checklist_id, user_id, status, comment, dateLog) db.session.add(result) db.session.commit() result = checklists_results.query.filter( checklists_results.sprintID == sprint_id).filter( checklists_results.checklistID == checklist_id).all() for row in result: row.status = status db.session.add(row) db.session.commit() return {'message': 'Comment item successfully created'}
def get_comment_items(data): log("User requested specific comment item", "LOW", "PASS") val_alpha_num(data.get('checklistID')) val_num(data.get('sprintID')) sprint_id = data.get('sprintID') checklist_id = data.get('checklistID') result = comments.query.filter(comments.sprintID == sprint_id).filter(comments.checklistID == checklist_id).order_by(desc(comments.date)).paginate(1, 50, False) return result
def new_question(data): log("User created new sprint question item", "MEDIUM", "PASS") val_alpha_num(data.get('question')) sprint_question = data.get('question') sprint_checklist_type = data.get('checklist_type') sprint = questions(sprint_question, sprint_checklist_type) db.session.add(sprint) db.session.commit() return {'message': 'New Question successfully created'}
def update_kb_item(kb_id, data): log("User requested update a specific kb item", "LOW", "PASS") val_num(kb_id) val_alpha_num(data.get('title')) result = kb_items.query.filter(kb_items.kbID == kb_id).one() result.title = data.get('title') result.content = data.get('content') db.session.add(result) db.session.commit() return {'message': 'KB item successfully updated'}
def put(self): """ Create new questions . * Privileges required: **edit** """ data = request.json val_alpha_num(data.get('question')) validate_privilege(self, 'edit') result = new_question(data) return result, 200, security_headers()
def update_question(id_question, data): log("User updated sprint question item", "MEDIUM", "PASS") val_num(id_question) val_alpha_num(data.get('question')) sprint_question = data.get('question') sprint_checklist_type = data.get('checklist_type') sprint = questions.query.filter(questions.id == id_question).one() sprint.question = sprint_question sprint.checklist_type = sprint_checklist_type db.session.add(sprint) db.session.commit() return {'message': 'Question successfully updated'}
def update_code_item(code_id, data): log("User requested updated specific code example item", "LOW", "PASS") result = code_items.query.filter(code_items.codeID == code_id).one() val_alpha_num(data.get('content')) val_alpha_num(data.get('title')) val_alpha(data.get('code_lang')) result.title = data.get('title') result.content = data.get('content') result.code_lang = data.get('code_lang') db.session.add(result) db.session.commit() return {'message': 'Code example item successfully updated'}
def put(self, checklist_result_id): """ Deletes a checklist_result item from your sprint/feature. * Privileges required: **read** """ validate_privilege(self, 'read') data = request.json val_alpha_num_special(data.get('evidence')) val_alpha_num(data.get('resolved')) val_num(checklist_result_id) result = update_checklist_result(checklist_result_id, data) return result, 200, security_headers()
def put(self, category_id): """ Create new code example item. * Privileges required: **edit** """ data = request.json val_alpha_num_special(data.get('title')) val_alpha_num(data.get('code_lang')) val_num(category_id) validate_privilege(self, 'edit') result = create_code_item(data, category_id) return result, 200, security_headers()
def put(self, id): """ Update a code example item. * Privileges required: **manage** """ data = request.json val_alpha_num_special(data.get('title')) val_alpha_num(data.get('code_lang')) val_num(id) validate_privilege(self, 'manage') result = update_code_item(id, data) return result, 200, security_headers()
def put(self): """ Create new project item. * Privileges required: **edit** """ data = request.json val_alpha_num_special(data.get('name')) val_alpha_num(data.get('version')) val_alpha_num_special(data.get('description')) validate_privilege(self, 'edit') user_id = select_userid_jwt(self) result = new_project(user_id, data) return result, 200, security_headers()
def create_code_item(data): log("User requested creating a new code item", "LOW", "PASS") val_alpha_num_special(data.get('title')) val_alpha_num(data.get('code_lang')) title = data.get('title') content = data.get('content') code_lang = data.get('code_lang') result = CodeItem(content, title, code_lang) try: db.session.add(result) db.session.commit() except: db.session.rollback() raise return {'message': 'Code example item successfully created'}
def put(self, id): """ Update a checklist item. * Privileges required: **edit** """ data = request.json val_num(id) val_num(data.get('maturity')) val_num(data.get('question_id')) val_alpha_num_special(data.get('add_resources')) val_num(data.get('kb_id')) val_alpha_num(data.get('include_always')) val_alpha_num_special(data.get('content')) validate_privilege(self, 'edit') result = update_checklist_item(id, data) return result, 200, security_headers()
def put(self, checklist_id, checklist_type): """ new checklist item. * Privileges required: **edit** """ data = request.json val_alpha_num_special(data.get('content')) val_alpha_num(data.get('include_always')) val_num(data.get('question_id')) val_num(data.get('kb_id')) val_num(data.get('maturity')) val_num(checklist_type) val_alpha_num_special(checklist_id) validate_privilege(self, 'edit') result = create_checklist_item(checklist_id, checklist_type, data) return result, 200, security_headers()
def login_user(data): log("User successfully logedin", "HIGH", "PASS") val_alpha_num(data.get('username')) username = data.get('username') try: if (users.query.filter(users.userName == username).one()): user = users.query.filter(users.userName == username).one() if (user.activated == "True"): if (user.access == "True"): if check_password_hash(user.password, data.get('password')): priv_user = privileges.query.filter( privileges.privilegeID == str( user.privilegeID)).first() payload = { # userid 'UserId': user.userID, #issued at 'iat': datetime.utcnow(), #privileges 'privilege': priv_user.privilege, #expiry 'exp': datetime.utcnow() + timedelta(minutes=120) #claims for access api calls #'claims': 'kb/items/update,project/items,non/existing/bla,' } token_raw = jwt.encode(payload, settings.JWT_SECRET, algorithm='HS256') token = str(token_raw, 'utf-8') return { 'Authorization token': token, 'username': username } else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} except NoResultFound: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''}
def store_post_questions(user_id, data): log("User stored new post question list", "MEDIUM", "PASS") val_num(user_id) for result in data.get('questions'): val_alpha_num(result['checklistID']) val_num(result['status']) val_num(result['projectID']) val_num(result['sprintID']) val_num(result['kbID']) post_checklist_id = result['checklistID'] post_result = result['status'] post_project_id = result['projectID'] post_sprint_id = result['sprintID'] post_kb_id = result['kbID'] post = checklists_post(post_checklist_id, post_project_id, post_sprint_id, post_result, post_kb_id) db.session.add(post) db.session.commit() return {'message': 'Post questions successfully stored'}
def update_code_item(code_id, data): log("User requested updated specific code example item", "LOW", "PASS") result = CodeItem.query.filter(CodeItem.id == code_id).one() val_alpha_num_special(data.get('title')) val_alpha_num(data.get('code_lang')) result.title = data.get('title') result.content = data.get('content') result.code_lang = data.get('code_lang') try: db.session.add(result) db.session.commit() except: db.session.rollback() raise return {'message': 'Code example item successfully updated'}
def login_user(data): log("User successfully logedin", "HIGH", "PASS") val_alpha_num(data.get('username')) username = data.get('username') try: if (users.query.filter(users.userName == username).one()): user = users.query.filter(users.userName == username).one() if (user.activated == "True"): if (user.access == "True"): if check_password_hash(user.password, data.get('password')): priv_user = privileges.query.filter(privileges.privilegeID == str(user.privilegeID)).first() payload = { # userid 'UserId': user.userID, #issued at 'iat': datetime.utcnow(), #privileges 'privilege': priv_user.privilege, #expiry 'exp': datetime.utcnow() + timedelta(minutes=120) #claims for access api calls #'claims': 'kb/items/update,project/items,non/existing/bla,' } token_raw = jwt.encode(payload, settings.JWT_SECRET, algorithm='HS256') if sys.version_info.major == 3: unicode = str token = unicode(token_raw,'utf-8') return {'Authorization token': token, 'username': username} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} else: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''} except NoResultFound: log("User triggered error login failed", "HIGH", "FAIL") return {'Authorization token': ''}
def update_checklist_item(checklist_id, checklist_type, data): log("User requested update a specific checklist item", "LOW", "PASS") val_num(checklist_type) val_alpha_num_special(checklist_id) val_num(data.get('maturity')) val_num(data.get('question_id')) val_num(data.get('cwe')) val_num(data.get('kb_id')) val_alpha_num(data.get('include_always')) val_alpha_num_special(data.get('content')) include_always = data.get('include_always') question_id = data.get('question_id') maturity = data.get('maturity') content = data.get('content') cwe = data.get('cwe') kb_id = data.get('kb_id') if include_always == "True": include_always = True else: include_always = False if question_id == 0: question_id = None result_checklist_kb = ChecklistKB.query.filter((ChecklistKB.checklist_id == checklist_id) & (ChecklistKB.checklist_type == checklist_type)).one() result_checklist_kb.content = content result_checklist_kb.include_always = include_always result_checklist_kb.question_id = question_id result_checklist_kb.cwe = cwe result_checklist_kb.kb_id = kb_id result_checklist_kb.checklist_id = checklist_id result_checklist_kb.maturity = maturity result_checklist_kb.checklist_type = checklist_type try: db.session.add(result_checklist_kb) db.session.commit() except Exception as e: db.session.rollback raise return {'message': 'Checklist item successfully updated'}
def new_comment_item(user_id, data): log("User requested update a specific comment item", "LOW", "PASS") val_num(user_id) val_alpha_num(data.get('checklistID')) val_num(data.get('sprintID')) val_num(data.get('status')) val_alpha_num_special(data.get('comment')) sprint_id = data.get('sprintID') checklist_id = data.get('checklistID') status = data.get('status') comment = data.get('comment') now = datetime.datetime.now() dateLog = now.strftime("%Y-%m-%d %H:%M:%S") result = comments(sprint_id, checklist_id, user_id, status, comment, dateLog) db.session.add(result) db.session.commit() result = checklists_results.query.filter(checklists_results.sprintID == sprint_id).filter(checklists_results.checklistID == checklist_id).all() for row in result: row.status = status db.session.add(row) db.session.commit() return {'message': 'Comment item successfully created'}
def new_project(user_id, data): log("User created new project", "MEDIUM", "PASS") val_num(user_id) val_alpha_num_special(data.get('name')) val_alpha_num(data.get('version')) val_alpha_num_special(data.get('description')) name = data.get('name') version = data.get('version') description = data.get('description') now = datetime.datetime.now() timestamp = now.strftime("%Y-%m-%d %H:%M") try: project = Project(name, version, description, timestamp) db.session.add(project) db.session.commit() except: db.session.rollback() raise #result = Project.query.filter(Project.user_id == user_id).order_by(desc(Project.id)).first() # I assume we would like to return the new project ID? result = Project.query.filter(Project.name == name).first() return {'project_id': result.id, 'message': 'Project successfully created'}
def create_checklist_item(checklist_id, checklist_type, data): log("User requested create a new checklist item", "LOW", "PASS") val_alpha_num_special(data.get('content')) val_alpha_num(data.get('include_always')) val_num(data.get('question_id')) val_num(data.get('kb_id')) val_num(data.get('maturity')) content = data.get('content') include_always = data.get('include_always') question_id = data.get('question_id') kb_id = data.get('kb_id') cwe = data.get('cwe') maturity = data.get('maturity') if include_always == "True": include_always = True else: include_always = False if question_id == 0: question_id = None if validate_duplicate_checklist_item(checklist_id, checklist_type) == True: try: checklist_item = ChecklistKB(checklist_id, content, checklist_type, include_always, cwe, maturity) checklist_item.question_id = question_id checklist_item.kb_id = kb_id db.session.add(checklist_item) db.session.commit() except: db.session.rollback() raise return {'message': 'Checklist item successfully created'} else: return {'message': 'Checklist item was duplicate!'}
def activate_user(user_id, data): log("User is activated", "HIGH", "PASS") val_num(user_id) val_num(data.get('accessToken')) val_alpha_num(data.get('username')) username = data.get('username') username = username.replace(" ", "") result = users.query.filter(users.userID == user_id).one() if result.activated == "False": if result.email == data.get('email'): if data.get('password') == data.get('repassword'): if data.get('accessToken') == result.accessToken: pw_hash = generate_password_hash(data.get('password')).decode('utf-8') result.password = pw_hash result.access = "True" result.activated = "True" result.userName = username db.session.add(result) db.session.commit() return {'message': 'User successfully activated'} else: log("User triggered error activation failed", "HIGH", "FAIL") return {'message': 'User could not be activated'}
def store_questions(checklist_type, maturity, data): log("User stored new sprint question list", "MEDIUM", "PASS") #Store the result of the questionaire if answer was true in checklists_kb for result in data.get('questions'): val_num(result['question_id']) val_num(result['project_id']) val_num(result['checklist_type']) val_num(result['sprint_id']) val_alpha_num(result['result']) question_id = result['question_id'] question_result = result['result'] question_project_id = result['project_id'] checklist_type = result['checklist_type'] sprint_id = result['sprint_id'] status = 1 if question_result == "True": if maturity == 1: checklists = ChecklistKB.query.filter( ChecklistKB.question_id == question_id).filter( ChecklistKB.checklist_type == checklist_type).filter( ChecklistKB.maturity == 1).filter( ChecklistKB.include_always == 0).all() elif maturity == 2: checklists = ChecklistKB.query.filter( ChecklistKB.question_id == question_id).filter( ChecklistKB.checklist_type == checklist_type).filter( or_(ChecklistKB.maturity == 1, ChecklistKB.maturity == 2)).filter( ChecklistKB.include_always == 0).all() elif maturity == 3: checklists = ChecklistKB.query.filter( ChecklistKB.question_id == question_id).filter( ChecklistKB.checklist_type == checklist_type).filter( or_(ChecklistKB.maturity == 1, ChecklistKB.maturity == 2, ChecklistKB.maturity == 3)).filter( ChecklistKB.include_always == 0).all() for row in checklists: checklists_query = ChecklistResult(status) checklists_query.project_id = question_project_id checklists_query.sprint_id = sprint_id checklists_query.kb_id = row.kb_id checklists_query.checklist_id = row.id checklists_query.checklist_type_id = checklist_type db.session.add(checklists_query) db.session.commit() #Also check for the include always marked items so they are taken in account if maturity == 1: checklists_always = ChecklistKB.query.filter( ChecklistKB.include_always == 1).filter( ChecklistKB.checklist_type == checklist_type).filter( ChecklistKB.maturity == 1).all() elif maturity == 2: checklists_always = ChecklistKB.query.filter( ChecklistKB.include_always == 1).filter( ChecklistKB.checklist_type == checklist_type).filter( or_(ChecklistKB.maturity == 1, ChecklistKB.maturity == 2)).all() elif maturity == 3: checklists_always = ChecklistKB.query.filter( ChecklistKB.include_always == 1).filter( ChecklistKB.checklist_type == checklist_type).filter( or_(ChecklistKB.maturity == 1, ChecklistKB.maturity == 2, ChecklistKB.maturity == 3)).all() for row in checklists_always: checklists_always = ChecklistResult(status) checklists_always.project_id = question_project_id checklists_always.sprint_id = sprint_id checklists_always.kb_id = row.kb_id checklists_always.checklist_id = row.id checklists_always.checklist_type_id = checklist_type db.session.add(checklists_always) db.session.commit() return {'message': 'Sprint successfully created'}