def edit_corporations(self): ''' Updates corporation object in the database ''' form = Form( uuid="Object not selected", name="Missing corporation name", description="Missing description", ) if form.validate(self.request.arguments): corp = Corporation.by_uuid(self.get_argument('uuid')) if corp is not None: if self.get_argument('name') != corp.name: logging.info("Updated corporation name %s -> %s" % ( corp.name, self.get_argument('name'), )) corp.name = unicode(self.get_argument('name')) if self.get_argument('description') != corp.description: logging.info("Updated corporation description %s -> %s" % ( corp.description, self.get_argument('description'), )) corp.description = unicode( self.get_argument('description')) dbsession.add(corp) dbsession.flush() self.redirect('/admin/view/game_objects') else: self.render("admin/view/game_objects.html", errors=["Corporation does not exist"]) else: self.render("admin/view/game_objects.html", errors=form.errors)
def create_game_level(self): ''' Creates a game level ''' form = Form( level_number="Please enter a level number", buyout="Please enter a buyout value", ) if form.validate(self.request.arguments): try: game_level = int(self.get_argument('level_number')) buyout = int(self.get_argument('buyout')) if game_level <= 0: self.render('admin/create/game_level.html', errors=["Level number must be greater than 0"]) elif GameLevel.by_number(game_level) is not None: self.render('admin/create/game_level.html', errors=["Game level number must be unique"]) elif buyout < 0: self.render('admin/create/game_level.html', errors=["Invalid buyout value"]) else: self.__mklevel__(game_level, buyout) self.redirect('/admin/view/game_levels') except ValueError: self.render('admin/create/game_level.html', errors=["Invalid level number"]) else: self.render('admin/create/game_level.html', errors=form.errors)
def post(self, *args, **kwargs): ''' Attempts to create an account ''' form = Form( username="******", pass1="Please enter a password", pass2="Please confirm your password", recaptcha_challenge_field="Invalid captcha", recaptcha_response_field="Invalid captcha", ) if not form.validate(self.request.arguments): self.render("public/registration.html", errors=form.errors) elif self.check_recaptcha(): user_name = self.get_argument('username') if User.by_user_name(user_name) != None: self.render('public/registration.html', errors=['Account name already taken']) elif len(user_name) < 3 or 15 < len(user_name): self.render('public/registration.html', errors=['Username must be 3-15 characters']) elif not self.get_argument('pass1') == self.get_argument('pass2'): self.render('public/registration.html', errors=['Passwords do not match']) elif not (12 <= len(self.get_argument('pass1')) <= 100): self.render('public/registration.html', errors=['Password must be 12-100 characters']) else: user = self.create_user(user_name, self.get_argument('pass1')) self.render("public/account_created.html", user_name=user.user_name) else: self.render("public/registration.html", errors=['Invalid captcha'])
def create_flag(self): ''' Create a flag ''' form = Form( box_uuid="Please select a box", flag_name="Please enter a name", token="Please enter a token value", reward="Please enter a reward value", is_file="Please select a file setting", description="Please enter a flag description", ) if form.validate(self.request.arguments): try: if Flag.by_name(self.get_argument('flag_name')) is not None: self.render('admin/create/flag.html', errors=["Name already exists"]) elif Flag.by_token(self.get_argument('token')) is not None: self.render('admin/create/flag.html', errors=["Token value is not unique"]) elif Box.by_uuid(self.get_argument('box_uuid')) is None: self.render('admin/create/flag.html', errors=["Box does not exist"]) else: reward = int(self.get_argument('reward', 'NaN')) self.__mkflag__(reward) self.redirect('/admin/view/game_objects') except ValueError: self.render('admin/create/flag.html', errors=["Invalid reward value"]) else: self.render("admin/create/flag.html", errors=form.errors)
def buyout(self): ''' Buyout and unlock a level ''' form = Form(uuid="Level parameter missing") user = self.get_current_user() if form.validate(self.request.arguments): level = GameLevel.by_uuid(self.get_argument('uuid', '')) if level is not None and user is not None: if level.buyout < user.team.money: user.team.game_levels.append(level) user.team.money -= level.buyout dbsession.add(user.team) self.event_manager.unlocked_level(user, level) self.redirect("/user/missions") else: self.render("missions/view.html", team=user.team, errors=[ "You do not have enough money to unlock this level" ] ) else: self.render("missions/view.html", team=user.team, errors=["Level does not exist"] ) else: self.render("missions/view.html", team=user.team, errors=form.errors )
def post(self, *args, **kwargs): ''' Create a new user ''' form = Form( username="******", email="Please enter a valid email address", password1="Please enter a password", password2="Please confirm your password", ) if form.validate(self.request.arguments): if User.by_name(self.get_argument('username')) is not None: error_msg = "Username already taken; if you forgot your password use the password recovery option" self.render('public/registration.html', errors=[error_msg]) elif User.by_email(self.get_argument('email')) is not None: error_msg = "Email already in use; if you forgot your password use the password recovery option" self.render('public/registration.html', errors=[error_msg]) elif self.get_argument('password1') != self.get_argument( 'password2'): self.render('public/registration.html', errors=["Passwords do not match"]) else: email_service = EmailService() user = self.create_user(self.get_argument('username'), self.get_argument('email'), self.get_argument('password1')) email_service.send_confirmation(user) self.render('public/registration_successful.html', user=user) else: self.render('public/registration.html', errors=form.errors)
def create_box(self): ''' Create a box object ''' form = Form( box_name="Enter a box name", description="Enter a description", difficulty="Select a difficulty", corporation_uuid="Please select a corporation", game_level="Please select a game level", ) if form.validate(self.request.arguments): try: game_level = int(self.get_argument('game_level')) corp_uuid = self.get_argument('corporation_uuid') if Box.by_name(self.get_argument('box_name')) is not None: self.render("admin/create/box.html", errors=["Box name already exists"]) elif Corporation.by_uuid(corp_uuid) is None: self.render("admin/create/box.html", errors=["Corporation does not exist"]) elif GameLevel.by_number(game_level) is None: self.render("admin/create/box.html", errors=["Game level does not exist"]) else: self.__mkbox__() self.redirect('/admin/view/game_objects') except ValueError: self.render('admin/view/create.html', errors=["Invalid level number"]) else: self.render("admin/create/box.html", errors=form.errors)
def post(self, *args, **kwargs): ''' Attempt to log into an account ''' form = Form( username="******", password="******", ) if form.validate(self.request.arguments): user = User.by_name(self.get_argument('username')) if user is not None: if user.validate_password(self.get_argument('password')): if user.confirmed: self.successful_login(user) if user.has_permission('administrator'): self.redirect('/admin') else: self.redirect('/user') else: self.render( 'public/login.html', errors=[ "You must confirm your email address before you can login" ]) else: self.render('public/login.html', errors=["Invalid password"]) else: self.render('public/login.html', errors=["Invalid username"]) else: self.render('public/login.html', errors=form.errors)
def post(self, *args, **kwargs): ''' Creates a new weapon system, and yes the form validation is shit ''' form = Form( name="Please enter a name", ssh_user="******", ssh_key="Please enter an ssh key", ip_address="Please enter a ip address", ssh_port="Please enter an ssh port", service_port="Please enter a service port", ) if form.validate(self.request.arguments): if WeaponSystem.by_name(self.get_argument('name')) is not None: self.render("admin/weaponsystem/create.html", errors=['That name already exists']) elif WeaponSystem.by_ip_address( self.get_argument('ip_address')) is not None: self.render("admin/weaponsystem/create.html", errors=['IP Address already in use']) else: try: if not 1 <= int(self.get_argument('ssh_port', -1)) < 65535: raise ValueError("SSh port not in range") if not 1 <= int(self.get_argument('service_port', -1)) < 65535: raise ValueError("Service port not in range") weapon_system = self.create_weapon() self.render("admin/weaponsystem/created.html", errors=None) except ValueError: self.render( "admin/weaponsystem/create.html", errors=["Invalid port number; must be 1-65535"]) else: self.render("admin/weaponsystem/create.html", errors=form.errors)
def add_source_code(self): form = Form( box_uuid="Please select a box", price="Please input a price for the source code", description="Please enter a description", ) if form.validate(self.request.arguments): box = Box.by_uuid(self.get_argument('box_uuid')) if box is not None: if not 'source_archive' in self.request.files and 0 < len( self.request.files['source_archive']): self.render('admin/upgrades/source_code_market.html', errors=["No file data"]) else: try: price = abs(int(self.get_argument('price', 'NaN'))) self.create_source_code(box, price) self.render('admin/upgrades/source_code_market.html', errors=None) except ValueError: self.render('admin/upgrades/source_code_market.html', errors=["Price must be an integer"]) else: self.render('admin/upgrades/source_code_market.html', errors=["The selected box does not exist"]) else: self.render('admin/upgrades/source_code_market.html', errors=form.errors)
def post(self, *args, **kwargs): ''' Attempt to upgrade hash algo ''' form = Form( old_password="******", new_password1="Enter a new password", new_password2="Confirm your new password", ) if form.validate(self.request.arguments): user = self.get_current_user() passwd = self.get_argument('new_password1') old_passwd = self.get_argument('old_password') if not user.validate_bank_password(old_passwd): self.render_page(["Invalid password"]) elif not passwd == self.get_argument('new_password2'): self.render_page(["New passwords do not match"]) elif user.team.money < self.config.password_upgrade_cost: self.render_page(["You cannot afford to upgrade your hash"]) elif len(passwd) <= self.config.max_password_length: user.team.money -= self.config.password_upgrade_cost dbsession.add(user.team) dbsession.flush() self.update_password(passwd) self.render_page() else: self.render_page(["New password is too long"]) else: self.render_page(form.errors)
def edit_ipv6(self): ''' Add ipv6 addresses to a box (sorta edits the box object) ''' form = Form(box_uuid="Select a box", ipv6="Please provide a list of IPv6 addresses") if form.validate(self.request.arguments): errors = [] box = Box.by_uuid(self.get_argument('box_uuid')) if box is not None: ips_string = self.get_argument('ipv6').replace('\n', ',').lower() ips = filter(lambda char: char in "1234567890abcdef:,", ips_string).split(",") for ip in filter(lambda ip: 0 < len(ip), ips): try: box = Box.by_ip_address(ip) if box is None: addr = IpAddress(box_id=box.id, v6=ip) dbsession.add(addr) else: errors.append( "%s has already been assigned to %s." % ( ip, box.name, )) except ValueError: errors.append("'%s' is not a valid IPv6 address" % str(ip[:39])) dbsession.flush() else: errors.append("Box does not exist") self.render("admin/view/game_objects.html", errors=errors) else: self.render("admin/view/game_objects.html", errors=form.errors)
def post(self, *args, **kwargs): ''' Create the Dork in the system ''' form = Form(title="Please enter a title", description="Please enter a Description", author="Please Enter an Author", query="Please Enter the Shodan Hq Search Query", tag="Please Select a Category") try: #Getting the user session_manager = SessionManager.Instance() session = session_manager.get_session( self.get_secure_cookie('auth'), self.request.remote_ip) user = User.by_user_name(session.data['user_name']) #Get the tag old_tag = Tag.by_name(self.get_argument('tag')) #Get all the tags tags = Tag.all() if user != None: if form.validate(self.request.arguments): old_dork = Dork.by_title(self.get_argument('title')) if old_dork: self.render( 'user/submit.html', user=user, errors=[ 'A Dork by this title has already been submitted' ], success=None, tags=tags) elif old_tag == None: self.render( 'user/submit.html', user=user, errors=[ 'A Dork by this title has already been submitted' ], success=None, tags=tags) else: self.create_dork(user) self.render('user/submit.html', user=user, success='Successfully created new Dork', errors=None, tags=tags) else: self.render('user/submit.html', user=user, errors=form.errors, success=None, tags=tags) else: self.render('public/please_login.html') except Exception as e: print e self.render('public/please_login.html')
def edit_boxes(self): ''' Edit existing boxes in the database ''' form = Form( uuid="Object not selected", name="Missing box name", corporation_uuid="Please select a corporation", description="Please enter a description", difficulty="Please enter a difficulty", ) if form.validate(self.request.arguments): box = Box.by_uuid(self.get_argument('uuid')) if box is not None: errors = [] if self.get_argument('name') != box.name: if Box.by_name(self.get_argument('name')) is None: logging.info("Updated box name %s -> %s" % ( box.name, self.get_argument('name'), )) box.name = unicode(self.get_argument('name')) else: errors.append("Box name already exists") corp = Corporation.by_uuid( self.get_argument('corporation_uuid')) if corp is not None and corp.id != box.corporation_id: logging.info("Updated %s's corporation %s -> %s" % ( box.name, box.corporation_id, corp.id, )) box.corporation_id = corp.id elif corp is None: errors.append("Corporation does not exist") if self.get_argument('description') != box.description: logging.info("Updated %s's description %s -> %s" % ( box.name, box.description, self.get_argument('description'), )) box.description = unicode(self.get_argument('description')) if self.get_argument('difficulty') != box.difficulty: logging.info("Updated %s's difficulty %s -> %s" % ( box.name, box.difficulty, self.get_argument('difficulty'), )) box.difficulty = unicode(self.get_argument('difficulty')) dbsession.add(box) dbsession.flush() self.render("admin/view/game_objects.html", errors=errors) else: self.render("admin/view/game_objects.html", errors=["Box does not exist"]) else: self.render("admin/view/game_objects.html", errors=form.errors)
def get(self, *args, **kwargs): ''' AJAX // Delete a paste object from the database ''' form = Form(paste_uuid="Paste does not exist.", ) if form.validate(self.request.arguments): paste_uuid = self.get_argument("paste_uuid") paste = PasteBin.by_uuid(paste_uuid) user = self.get_current_user() if paste is not None and paste.team_id == user.team.id: dbsession.delete(paste) dbsession.flush() self.redirect("/user/share/pastebin")
def post(self, *args, **kwargs): ''' This is used to create new tags ''' form = Form(name="Please enter a tag name") tags = Tag.all() if form.validate(self.request.arguments): self.create_tag() tags = Tag.all() self.render("admin/manage_tags.html", tags=tags) else: self.render("admin/manage_tags.html", tags=tags, errors=form.errors)
def flag(self): ''' Accepts flag submissions, a flag can be either a string or a file, if the flag submission is a file the MD5 hexdigest is used. ''' form = Form(flag_type="Missing flag type") user = self.get_current_user() if form.validate(self.request.arguments): flag = Flag.by_uuid(self.get_argument('uuid', '')) if flag is not None: if self.get_argument('flag_type').lower() == 'text': token = self.get_argument('token', None) errors = self.__chkflag__(flag, token) if len(errors) == 0: self.flag_captured() else: self.render("missions/view.html", team=user.team, errors=errors ) elif self.get_argument('flag_type').lower() == 'file': if 0 < len(self.request.files['flag'][0]['body']): file_data = self.request.files['flag'][0]['body'] errors = self.__chkflag__(flag, file_data) if len(errors) == 0: self.flag_captured() else: self.render("missions/view.html", team=user.team, errors=errors ) else: logging.info("No file data in flag submission.") self.render("missions/view.html", team=user.team, errors=["No file data"] ) else: self.render("missions/view.html", team=user.team, errors=["Invalid flag type"] ) else: self.render("missions/view.html", team=user.team, errors=["Flag does not exist"] ) else: self.render("missions/view.html", team=user.team, errors=form.errors )
def create_team(self): ''' Create a new team in the database ''' form = Form(team_name="Enter a team name", motto="Enter a team motto") if form.validate(self.request.arguments): team = Team( name=unicode(self.get_argument('team_name')), motto=unicode(self.get_argument('motto')), ) level_0 = GameLevel.all()[0] team.game_levels.append(level_0) dbsession.add(team) dbsession.flush() self.redirect('/admin/view/user_objects') else: self.render("admin/create/team.html", errors=form.errors)
def get(self, *args, **kwargs): ''' AJAX // Retrieves a paste from the database ''' form = Form( paste_uuid="Paste does not exist.", ) if form.validate(self.request.arguments): paste_uuid = self.get_argument("paste_uuid") user = self.get_current_user() paste = PasteBin.by_uuid(paste_uuid) if paste is None or paste.team_id != user.team.id: self.render("pastebin/display.html", errors=["Paste does not exist."], paste=None) else: self.render("pastebin/display.html", errors=None, paste=paste) else: self.render("pastebin/display.html", errors=form.errors, paste=None)
def post(self, *args, **kwargs): ''' Creates a new text share ''' form = Form( name="Please enter a name", content="Please provide some content", ) if form.validate(self.request.arguments): user = self.get_current_user() paste = PasteBin(name=unicode(self.get_argument("name")), contents=unicode(self.get_argument("content")), team_id=user.team.id) dbsession.add(paste) dbsession.flush() self.event_manager.paste_bin(user, paste) self.redirect('/user/share/pastebin')
def post(self, *args, **kwargs): form = Form(box_uuid="Please select leaked code to buy") if form.validate(self.request.arguments): box = Box.by_uuid(self.get_argument('box_uuid', '')) if box is not None and box.source_code is not None: user = self.get_current_user() if box.source_code.price <= user.team.money: self.purchase_code(box) self.redirect("/source_code_market") else: self.render_page(["You cannot afford to purchase this code"]) else: self.render_page(["Box does not exist"]) else: self.render_page(form.errors)
def post_theme(self, *args, **kwargs): ''' Change per-user theme ''' form = Form(theme_uuid="Please select a theme", ) if form.validate(self.request.arguments): theme = Theme.by_uuid(self.get_argument('theme_uuid')) if theme is not None: self.session['theme'] = ''.join(theme.cssfile) self.session.save() user = self.get_current_user() user.theme_id = theme.id dbsession.add(user) dbsession.flush() self.render_page() else: self.render_page(errors=["Theme does not exist."]) else: self.render_page(errors=form.errors)
def edit_teams(self): ''' Edit existing team objects in the database ''' form = Form( uuid="No team selected", name="Please enter a name", motto="Please enter a motto", listen_port="Please enter a listen port", ) if form.validate(self.request.arguments): team = Team.by_uuid(self.get_argument('uuid')) if team is not None: errors = [] if team.name != self.get_argument('name'): logging.info("Updated team name %s -> %s" % ( team.name, self.get_argument('name'), )) team.name = unicode(self.get_argument('name')) if team.motto != self.get_argument('motto'): logging.info("Updated %s's motto %s -> %s" % ( team.name, team.motto, self.get_argument('motto'), )) team.motto = unicode(self.get_argument('motto')) try: lport = int(self.get_argument('listen_port')) if lport != team.listen_port: logging.info("Updated %s's listen port %d -> %d" % ( team.name, team.listen_port, lport, )) team.listen_port = lport except ValueError: errors.append("Invalid listen port %s " % self.get_argument('listen_port')) dbsession.add(team) dbsession.flush() self.redirect("/admin/view/user_objects") else: self.render("admin/view/user_objects.html", errors=["Team does not exist"]) else: self.render("admin/view/user_objects.html", errors=form.errors)
def box_level(self): ''' Changes a boxs level ''' form = Form(box_uuid="No box selected", level_uuid="No level selected") if form.validate(self.request.arguments): errors = [] box = Box.by_uuid(self.get_argument('box_uuid')) level = GameLevel.by_uuid(self.get_argument('level_uuid')) if box is not None and level is not None: box.game_level_id = level.id dbsession.add(box) dbsession.flush() elif box is None: errors.append("Box does not exist") elif level is None: errors.append("GameLevel does not exist") self.render("admin/view/game_levels.html", errors=errors) else: self.render("admin/view/game_levels.html", errors=form.errors)
def post(self, *args, **kwargs): ''' Attempts to create an account, with shitty form validation ''' form = Form(account="Please enter an account name", handle="Please enter a handle", team="Please select a team to join", pass1="Please enter a password", pass2="Please confirm your password", token="Please enter a registration token") if form.validate(self.request.arguments): config = ConfigManager.Instance() account = self.get_argument('account').lower() handle = self.get_argument('handle').lower() rtok = self.get_argument('token', '__none__').lower() passwd = self.get_argument('pass1') if User.by_account(account) is not None: self.render('public/registration.html', errors=['Account name already taken']) elif account == handle: self.render( 'public/registration.html', errors=['Account name and hacker name must differ']) elif User.by_handle(handle) is not None: self.render('public/registration.html', errors=['Handle already taken']) elif not passwd == self.get_argument('pass2'): self.render('public/registration.html', errors=['Passwords do not match']) elif not 0 < len(passwd) <= config.max_password_length: self.render('public/registration.html', errors=[ 'Password must be 1-%d characters' % config.max_password_length ]) elif Team.by_uuid(self.get_argument('team', '')) is None: self.render('public/registration.html', errors=["Please select a team to join"]) elif RegistrationToken.by_value(rtok) is None and not config.debug: self.render('public/registration.html', errors=["Invalid registration token"]) else: self.create_user(account, handle, passwd, rtok) self.render('public/successful_reg.html', account=account) else: self.render('public/registration.html', errors=form.errors)
def edit_game_level(self): ''' Update game level objects ''' form = Form( uuid="Select an object", number="Enter a level number", buyout="Enter a buyout value", ) if form.validate(self.request.arguments): errors = [] level = GameLevel.by_uuid(self.get_argument('uuid')) try: new_number = int(self.get_argument('number', 'NaN')) new_buyout = int(self.get_argument('buyout', 'NaN')) if level.number != new_number and GameLevel.by_number( new_number) is None: level.number = new_number dbsession.add(level) dbsession.flush() # Fix the linked-list game_levels = sorted(GameLevel.all()) index = 0 for game_level in game_levels[:-1]: game_level.next_level_id = game_levels[index + 1].id dbsession.add(game_level) index += 1 game_levels[0].number = 0 dbsession.add(game_levels[0]) game_levels[-1].next_level_id = None dbsession.add(game_levels[-1]) dbsession.flush() if GameLevel.by_number(new_number) is not None: errors.append("GameLevel number is not unique") if level.buyout != new_buyout: level.buyout = new_buyout dbsession.add(level) dbsession.flush() except ValueError: errors.append( "That was not a number ... maybe you should go back to school" ) self.render("admin/view/game_levels.html", errors=errors) else: self.render("admin/view/game_levels.html", errors=form.errors)
def post(self, *args, **kwargs): ''' Checks login creds ''' form = Form( username="******", password="******", ) if not form.validate(self.request.arguments): self.render("public/login.html", errors=form.errors) else: user = User.by_username(self.get_argument('username')) if user is not None and user.validate_password(self.get_argument('password')): if user.locked: self.render("public/login.html", errors=["Your account must be approved by an administrator."] ) else: self.successful_login(user) self.redirect('/user') else: self.failed_login()
def post(self, *args, **kwargs): ''' Checks submitted username and password ''' form = Form( account="Enter an account name", password="******", ) if form.validate(self.request.arguments): user = User.by_account(self.get_argument('account')) password_attempt = self.get_argument('password') if user is not None and user.validate_password(password_attempt): if not user.locked: self.successful_login(user) self.redirect('/user') else: self.render('public/login.html', errors=["Your account has been locked"]) else: self.failed_login() else: self.render('public/login.html', errors=form.errors)
def post(self, *args, **kwargs): ''' Checks login creds ''' form = Form( username="******", password="******", recaptcha_challenge_field="Invalid captcha", recaptcha_response_field="Invalid captcha", ) if not form.validate(self.request.arguments): self.render("public/login.html", errors=form.errors) elif self.check_recaptcha(): user = User.by_user_name(self.get_argument('username')) if user != None and user.validate_password( self.get_argument('password')): self.successful_login(user) self.redirect('/user') else: self.failed_login() else: self.render('public/login.html', errors=["Invalid captcha, try again"])
def create_corporation(self): ''' Add a new corporation to the database ''' form = Form( corporation_name="Enter a corporation name", description="Please enter a description", ) if form.validate(self.request.arguments): corp_name = self.get_argument('corporation_name') if Corporation.by_name(corp_name) is not None: self.render("admin/create/corporation.html", errors=["Name already exists"]) else: corporation = Corporation( name=unicode(corp_name), description=unicode(self.get_argument('description')), ) dbsession.add(corporation) dbsession.flush() self.redirect('/admin/view/game_objects') else: self.render("admin/create/corporation.html", errors=form.errors)