def profiles(workspace_id):
'''
For GET requests, return all profiles.
For POST requests, add a new profile.
'''
if not validate_workspace(workspace_id):
return 'workspace does not exist', 404
if request.method == 'GET':
all_profiles = Profile.query.filter_by(
workspace_id=workspace_id).order_by(
Profile.updated_at.desc()).all()
schema = ProfileSchema(many=True)
profiles = schema.dump(all_profiles)
return jsonify(profiles)
# request is a POST
else:
name = request.form.get('Name')
from_address = request.form.get('From_Address')
host = request.form.get('SMTP_Host')
port = request.form.get('SMTP_Port')
username = request.form.get('Username')
password = request.form.get('Password')
tls = request.form.get('TLS')
ssl = request.form.get('SSL')
profile = Profile.query.filter_by(name=name).first()
ssl_bool = convert_to_bool(ssl)
tls_bool = convert_to_bool(tls)
if profile is not None:
return json.dumps({'success': False}), 200, {
'ContentType': 'application/json'
}
elif type(ssl_bool) != bool or type(tls_bool) != bool:
return 'ssl/tls must be either true or false', 400
profile = Profile(name=name, from_address=from_address, smtp_host=host, smtp_port=port, \
username=encrypt(username.encode()), password=encrypt(password.encode()), tls=tls_bool, ssl=ssl_bool, workspace_id=workspace_id)
db.session.add(profile)
update_workspace_ts(Workspace.query.filter_by(id=workspace_id).first())
db.session.commit()
schema = ProfileSchema()
profile_data = schema.dump(profile)
app.logger.info(
f'Added profile {name} - Added by {current_user.username} - Client IP address {request.remote_addr}'
)
return jsonify(profile_data), 201
def add_controller(data):
iin = data['iin']
iin2 = cipher.encrypt(iin.encode())
iin = iin2.decode()
user = models.User(first_name=data['name'],
last_name=data['surname'],
patronymic=data['patronymic'],
phone=data['phone'],
adress=data['adress'],
iin=iin)
result = True
try:
db.session.add(user)
db.session.commit()
except:
result = False
return result
def init_db():
if os.path.isdir('migrations'):
shutil.rmtree('migrations')
print(f'\n{Color.red}[*] Creating database{Color.end}')
proc = subprocess.Popen(shlex.split('flask db init'),
stdout=subprocess.PIPE,
stderr=subprocess.DEVNULL)
proc.wait()
proc = subprocess.Popen(shlex.split('flask db migrate'),
stdout=subprocess.PIPE,
stderr=subprocess.DEVNULL)
proc.wait()
proc = subprocess.Popen(shlex.split('flask db upgrade'),
stdout=subprocess.PIPE,
stderr=subprocess.DEVNULL)
proc.wait()
print(f'{Color.red}[+] Initializing database values\n{Color.end}')
general_ws = Workspace(name='General')
db.session.add(general_ws)
db.session.commit()
administrator = Role(name='redlure admin', role_type='Administrator')
general_ws = Workspace.query.filter_by(id=1, name='General').first()
if general_ws is not None:
administrator.workspaces.append(general_ws)
db.session.add(administrator)
db.session.commit()
admin = User(username='******', role_id=1)
admin.set_password('redlure')
db.session.add(admin)
db.session.commit()
encrypted_val = encrypt(b'Bingo. Welcome to redlure')
cipher_test = CipherTest(value=encrypted_val)
db.session.add(cipher_test)
db.session.commit()
key = APIKey()
def record_form():
'''
Requires matching API key. For POST requests, check the database for a result with
a matching identifier and record the submiited form values.
'''
tracker = request.form.get('tracker')
form_data = request.form.get('data')
ip = request.form.get('ip')
user_agent = request.form.get('user-agent')
result = Result.query.filter_by(tracker=tracker).first()
# create event
event = Event(ip_address=ip,
user_agent=user_agent,
action='Submitted',
time=datetime.now())
# create form
enc_form_data = encrypt(form_data.encode())
form = Form(data=enc_form_data)
# add form to event object
event.form = form
# tracker string is not in db, add event + form will null result ID
if result is None:
db.session.add(event)
db.session.commit()
# else add event + form to our result
else:
app.logger.info(
f'Received form data from worker for result ID {result.id} in campaign {result.campaign.name} ({result.campaign.id})'
)
# add event to result object
result.events.append(event)
#result.forms.append(form)
result.status = 'Submitted'
db.session.commit()
return 'updated'
def profile(workspace_id, profile_id):
'''
For GET requests, return the profile with the given name.
For POST requests, use the given profile to send a test email.
For DELETE requests, delete the given profile.
'''
if not validate_workspace(workspace_id):
return 'workspace does not exist', 404
profile = Profile.query.filter_by(id=profile_id,
workspace_id=workspace_id).first()
if profile is None:
return 'profile does not exist', 404
# request is a GET
if request.method == 'GET':
schema = ProfileSchema()
profile_data = schema.dump(profile)
return jsonify(profile_data)
# request is a DELETE
elif request.method == 'DELETE':
app.logger.info(
f'Deleted profile {profile.name} - Deleted by {current_user.username} - Client IP address {request.remote_addr}'
)
db.session.delete(profile)
update_workspace_ts(Workspace.query.filter_by(id=workspace_id).first())
db.session.commit()
return 'profile deleted', 204
# request is a POST
elif request.method == 'POST':
address = request.form.get('Address')
if not validate_email_format(address):
return 'Enter a valid email address', 400
success = profile.send_test_mail(address)
if success:
app.logger.info(
f'Test email successfully email to {address} using profile {profile.name} - Sent by {current_user.username} - Client IP address {request.remote_addr}'
)
else:
app.logger.warning(
f'Test email failed to {address} using profile {profile.name} - Sent by {current_user.username} - Client IP address {request.remote_addr}'
)
return json.dumps({'success': success}), 200, {
'ContentType': 'application/json'
}
# request is a PUT
elif request.method == 'PUT':
name = request.form.get('Name')
from_address = request.form.get('From_Address')
host = request.form.get('SMTP_Host')
port = request.form.get('SMTP_Port')
username = request.form.get('Username')
password = request.form.get('Password')
tls = request.form.get('TLS')
ssl = request.form.get('SSL')
same_profile = Profile.query.filter_by(name=name).first()
if same_profile is not None and str(same_profile.id) != profile_id:
return json.dumps({'success': False}), 200, {
'ContentType': 'application/json'
}
ssl_bool = convert_to_bool(ssl)
tls_bool = convert_to_bool(tls)
if type(ssl_bool) != bool or type(tls_bool) != bool:
return 'ssl/tls must be either true or false', 400
profile.name = name
profile.from_address = from_address
profile.smtp_host = host
profile.smtp_port = port
profile.username = encrypt(username.encode())
profile.password = encrypt(password.encode())
profile.tls = tls_bool
profile.ssl = ssl_bool
profile.workspace_id = workspace_id
update_workspace_ts(Workspace.query.filter_by(id=workspace_id).first())
db.session.commit()
schema = ProfileSchema()
profile_data = schema.dump(profile)
app.logger.info(
f'Updated profile {name} - Updated by {current_user.username} - Client IP address {request.remote_addr}'
)
return jsonify(profile_data), 200