def create(self, request):
data = get_query(request)
if not data or not 'password' in data or not 'email' in data:
return Response(status=status.HTTP_400_BAD_REQUEST)
try:
user = User.objects.get(email=data['email'])
except User.DoesNotExist:
return Response({"email": ["This email is not registered"]}, status=status.HTTP_403_FORBIDDEN)
if not user.check_password(data['password']):
return Response({"password": ["Invalid password"]}, status=status.HTTP_403_FORBIDDEN)
session = Session()
session.user = user
session.save()
to_delete = Session.objects.filter(date__lt=timezone.now() - timedelta(days=1)).delete()
return Response({"token": session.token}, status=status.HTTP_200_OK)
def ScannerAuthentication(request):
(email, token) = get_scanner_cred(request)
if not email or not token:
return False
if not email:
return False
query = get_query(request)
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
return False
if query and "poste" in query and\
(isinstance(query["poste"], int) or query["poste"].isnumeric())\
and user.is_valid_scanner_token(int(query["poste"]), token):
return True
return False
def update(self, request, pk=None, partial=None):
prog = UserPrograms.objects.get(id=pk)
check = False
query = get_query(request)
if query:
if prog.program_version != query['program_version'][0] or \
prog.program_name != query['program_name']:
check = True
prog.program_version = query['program_version'][0]
prog.program_name = query['program_name']
for k in ['sms_score', 'sms_enabled', 'email_score', 'email_enabled',
'web_score', 'web_enabled', 'alert_type_default']:
if k in query:
setattr(prog, k, query[k])
(cpe, _) = cpe_updater.get_cpe_from_name_version(prog.program_name, prog.program_version, True)
prog.cpe = cpe
prog.save()
if check:
alerts.check_prog(prog, self.request.user)
serializer = self.get_serializer(prog)
return Response(serializer.data, status=status.HTTP_200_OK)
return Response(status=status.HTTP_200_OK)
def create(self, request):
"""Create one or multiple program at once
"""
# if the request is from the scanner we have to get
# the user again here
if request.user.is_anonymous():
(email, _) = get_scanner_cred(request)
request.user = User.objects.get(email=email)
result = set()
query = get_query(request)
if not query:
return Response(status=status.HTTP_400_BAD_REQUEST)
if 'poste' not in query:
return Response({"poste": ["This field is required"]}, status=status.HTTP_400_BAD_REQUEST)
if not Station.objects.filter(user=request.user, id=int(query['poste'])).exists():
return Response({"poste": ["This station does not exist"]}, status=status.HTTP_400_BAD_REQUEST)
station = Station.objects.get(id=int(query['poste']))
only_one_program = False
extra_field = {}
if not "programs_list" in query:
err = {}
for x in ['program_version', 'program_name', 'minimum_score']:
if x not in query:
err[x] = ["This field is required"]
if err:
return Response(err, status=status.HTTP_400_BAD_REQUEST)
if (not 'alert_type_default' in query or not query['alert_type_default']) and\
'sms_enabled' in query and query['sms_enabled'] and not request.user.phone:
return Response({'sms_enabled' : ['Cannot enable sms alert for an user without a phone number registered']}, status=status.HTTP_400_BAD_REQUEST)
only_one_program = True
elem = {}
elem['program_version'] = query['program_version']
elem['program_name'] = query['program_name']
elem['program_score'] = query['minimum_score']
for k in ['sms_score', 'sms_enabled', 'email_score', 'email_enabled',
'web_score', 'web_enabled', 'alert_type_default']:
if k in query:
extra_field[k] = query[k]
query['programs_list'] = [elem]
for elem in query['programs_list']:
if not all(x in elem for x in ['program_version', 'program_name']):
return Response(status=status.HTTP_400_BAD_REQUEST)
up_to_date = True
if TESTING:
up_to_date = True
for elem in query['programs_list']:
progs = UserPrograms.objects.filter(user=request.user.id, program_name=elem['program_name'], poste=station)
# if prog, user is already monitoring the given program, update is needed
if progs:
if len(progs) == len(elem['program_version']):
maj_progs(progs, elem, elem['program_version'], request.user, up_to_date)
elif len(progs) > len(elem['program_version']):
# maj as much progs as tehy are in the data from the scanner
maj_progs(progs[:len(elem['program_version'])], elem, elem['program_version'], request.user, up_to_date)
# delete other progs with same name
for prog in progs[len(elem['program_version']):]:
prog.delete()
else:
# maj as much progs as tehy are in db
maj_progs(progs, elem, elem['program_version'][:len(progs)], request.user, up_to_date)
# create the other ones
add_progs(elem, elem['program_version'][len(progs):], request.user, station, extra_field, up_to_date)
else:
#else: add new programs
add_progs(elem, elem['program_version'], request.user, station, extra_field, up_to_date)
if only_one_program: # this sould happen only when the request came from the frontend
obj = UserPrograms.objects.get(user=request.user.id, program_name=elem['program_name'], poste=station, program_version=elem['program_version'][0])
serializer = self.get_serializer(obj)
return Response(serializer.data, status=status.HTTP_200_OK)
return Response(status=status.HTTP_200_OK)
