def new_user():
test_username = '******'
user = User.query.filter_by(username=test_username).first()
# create user in database
if not user:
hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8')
user = User(username=test_username, password=hashed_password)
db.session.add(user)
db.session.commit()
# create user directory
user_dir = os.path.join(OUTPUT_DIR, user.username)
if not os.path.exists(user_dir):
os.makedirs(user_dir)
# create user src directory
src_dir = os.path.join(user_dir, 'src')
if not os.path.exists(src_dir):
os.makedirs(src_dir)
# create user exfiltrated files directory
files_dir = os.path.join(user_dir, 'files')
if not os.path.exists(files_dir):
os.makedirs(files_dir)
yield user
cleanup()
def new_user():
test_username = '******'
user = User.query.filter_by(username=test_username).first()
if not user:
hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8')
user = User(username=test_username, password=hashed_password)
db.session.add(user)
db.session.commit()
yield user
cleanup()
def account():
"""Account configuration page."""
form = ResetPasswordForm()
if form.validate_on_submit():
# update user's password in the database
user = User.query.filter_by(username=current_user.username).first()
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash("Your password has been updated.", "success")
db.session.commit()
return render_template("account.html", title="Account", form=form)
def register():
"""Register user"""
form = RegistrationForm()
if form.validate_on_submit():
# only allow 1 user on locally hosted version
if len(User.query.all()) == 0:
# add user to database
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(username=form.username.data, password=hashed_password)
db.session.add(user)
db.session.commit()
# create user directory
user_dir = os.path.join(OUTPUT_DIR, user.username)
if not os.path.exists(user_dir):
os.makedirs(user_dir)
# create user src directory
src_dir = os.path.join(user_dir, 'src')
if not os.path.exists(src_dir):
os.makedirs(src_dir)
# create user exfiltrated files directory
files_dir = os.path.join(user_dir, 'files')
if not os.path.exists(files_dir):
os.makedirs(files_dir)
# initialize c2 session storage
c2.sessions[user.username] = {}
# notify user and redirect to login
flash("You have successfully registered!", 'info')
logout_user()
return redirect(url_for('users.login'))
else:
flash("User already exists on this server.", 'danger')
return render_template("register.html", form=form, title="Register")
def test_add_user(app_client):
"""
Given a username and hashed password,
when the user_dao.add_user method is called,
check the user data is added to the database correctly.
"""
try:
test_username = '******'
test_password = '******'
test_hashed_password = bcrypt.generate_password_hash(
test_password).decode('utf-8')
user = user_dao.add_user(username=test_username,
hashed_password=test_hashed_password)
except Exception as e:
pytest.fail("user_dao.add_user returned exception: " + str(e))
assert user.username == test_username
assert user.password == test_hashed_password
assert bcrypt.check_password_hash(user.password, test_password)
# clean up
User.query.delete()
db.session.commit()
