class TestAdminLogin(unittest.TestCase):
def setUp(self):
self._db = Database(logger, True)
def test_admin_login(self):
result = self._db.login("admin", "test_password")
self.assertIsNotNone(result)
new_session_token = result[0]
admin_user_id = result[1]
admin_user = self._db.validate_session(new_session_token)
self.assertEqual(admin_user.user_id, admin_user_id)
self.assertEqual(admin_user.session_token, new_session_token)
self.assertEqual(admin_user.email_address, "admin")
self.assertEqual(admin_user.full_name, "Administrator")
def admin_create_api_key():
with current_app.app_context():
environment = Environment(current_app)
session_token = request.form["token"]
db = Database(logger=current_app.logger, env=environment)
analyst_user = db.validate_session(session_token)
if analyst_user and analyst_user.has_permission("create-api-key"):
new_api_key = binascii.hexlify(os.urandom(8)).decode('utf-8').upper()
result = db.create_api_key(new_api_key)
if result == -1:
flash("Could not create API key.", category="error")
return redirect(url_for("admin.home", session_token=session_token))
else:
abort(403)
def latest_events(limit, session_token):
with current_app.app_context():
environment = Environment(current_app)
db = Database(logger=current_app.logger, env=environment, read_only=True)
try:
user = db.validate_session(session_token)
# TODO: permissions
event_log = EventLog(db, logger=current_app.logger)
_latest_events = event_log.retrieve_events(limit=limit)
json_array = []
for each_event in _latest_events:
json_array.append(str(each_event))
return Response(json.dumps({"success": True,
"count": len(json_array),
"events": json_array}))
except DatabaseException:
abort(403)
def add_event_type(session_token):
with current_app.app_context():
environment = Environment(current_app)
db = Database(logger=current_app.logger, env=environment)
user_object = db.validate_session(session_token)
if user_object and user_object.has_permission("add-event-type"):
new_event_type = request.form["new_event_type"]
if EVENT_TYPE_REGEX.match(new_event_type):
new_event_type_id = db.create_event_type(new_event_type)
if new_event_type_id:
return Response(json.dumps({"new_event_type_id": new_event_type_id,
"success": True}))
else:
return Response(json.dumps({"success": False,
"error_message": "Could not add to database.",
"error_code": 1}))
else:
return Response(json.dumps({"success": False,
"error_message": "Invalid event type name.",
"error_code": 2}))
return Response(status=403)
def home(session_token):
with current_app.app_context():
environment = Environment(current_app)
db = Database(logger=current_app.logger, env=environment)
event_log = EventLog(db, current_app.logger)
user = db.validate_session(session_token)
if user:
event_types = event_log.list_event_types()
color_schema_css = ""
color_schema = DefaultColorSchema()
for x in range(0, len(event_types)):
rgb = color_schema.rgb(x)
css = "#event_row_id_{0} {{ background-color: rgb({1},{2},{3}); }}".format(
x, rgb[0], rgb[1], rgb[2])
color_schema_css += css + "\n"
api_keys = event_log.list_api_keys()
return render_template("admin_control_panel.jinja2",
session_token=session_token,
event_types=event_types,
api_keys=api_keys,
color_schema_css=color_schema_css)
return redirect(url_for("admin_no_session"))
def add_event_type():
with current_app.app_context():
environment = Environment(current_app)
session_token = request.form['token']
new_event_name = request.form['new_event_name']
db = Database(logger=current_app.logger, env=environment)
user = db.validate_session(session_token)
if user and user.has_permission("add-event-type"):
event_log = EventLog(db, current_app.logger)
try:
new_event_id = event_log.add_event_type(new_event_name)
if new_event_id > 0:
return redirect(
url_for("admin.home", session_token=session_token))
except EventLogException:
current_app.logger.error(
"Event log exception on add_event_type: {0}".format(
new_event_name))
flash("Event log/database exception on add_event_type function.",
"error")
return redirect(url_for("admin.home", session_token=session_token))
flash("Not authorized.", category="error")
