def new_user():
test_username = '******'
user = User.query.filter_by(username=test_username).first()
# create user in database
if not user:
hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8')
user = User(username=test_username, password=hashed_password)
db.session.add(user)
db.session.commit()
# create user directory
user_dir = os.path.join(OUTPUT_DIR, user.username)
if not os.path.exists(user_dir):
os.makedirs(user_dir)
# create user src directory
src_dir = os.path.join(user_dir, 'src')
if not os.path.exists(src_dir):
os.makedirs(src_dir)
# create user exfiltrated files directory
files_dir = os.path.join(user_dir, 'files')
if not os.path.exists(files_dir):
os.makedirs(files_dir)
yield user
cleanup()
def new_user():
test_username = '******'
user = User.query.filter_by(username=test_username).first()
if not user:
hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8')
user = User(username=test_username, password=hashed_password)
db.session.add(user)
db.session.commit()
return user
def test_new_user():
"""
Given a new user,
when a new user is created,
then check the username and hashed password are defined correctly.
"""
test_username = '******'
hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8')
new_user = User(username=test_username, password=hashed_password)
assert new_user.username == 'test_user'
assert new_user.password != 'test_password'
def add_user(self, username, hashed_password):
"""
Add user to database.
`Required`
:param str username: username
:param str hashed_password: bcrypt hashed password
"""
user = User(username=username, password=hashed_password)
db.session.add(user)
db.session.commit()
return user
def register():
"""Register user"""
form = RegistrationForm()
if form.validate_on_submit():
# only allow 1 user on locally hosted version
if len(User.query.all()) == 0:
# add user to database
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(username=form.username.data, password=hashed_password)
db.session.add(user)
db.session.commit()
# create user directory
user_dir = os.path.join(OUTPUT_DIR, user.username)
if not os.path.exists(user_dir):
os.makedirs(user_dir)
# create user src directory
src_dir = os.path.join(user_dir, 'src')
if not os.path.exists(src_dir):
os.makedirs(src_dir)
# create user exfiltrated files directory
files_dir = os.path.join(user_dir, 'files')
if not os.path.exists(files_dir):
os.makedirs(files_dir)
# initialize c2 session storage
c2.sessions[user.username] = {}
# notify user and redirect to login
flash("You have successfully registered!", 'info')
logout_user()
return redirect(url_for('users.login'))
else:
flash("User already exists on this server.", 'danger')
return render_template("register.html", form=form, title="Register")