def create_new_session(): data = json.loads(request.data) data["password"] = hash_password(data["password"]) if g.db.get_specific_user(data["username"], data["password"]) == []: return create_error_response("IncorrectLogin", "Either the user does not exist or password is incorrect.") try: login_user(User(data["username"]), remember=True) except BaseException, e: return create_error_response(type(e).__name__, e.message)
def create_manual_check(team_id): data = json.loads(request.data) if len(g.db.get_specific_manual_check_for_team(data['id'], team_id)) != 0: return create_error_response("Exists", "A manual check with the id '{}' for team '{}' already exists".format(data['id'], team_id)) try: data['score'] = int(data['score']) except ValueError: return create_error_response("InvalidParameter", "Parameter 'score' must be an integer.") g.db.create_manual_check(data['id'], data['description'], data['comments'], data['inject_number'], team_id, data['score'], data['timestamp']) resp = redirect(url_for(".get_specific_manual_check_for_team", check_id=data['id'], team_id=team_id), code=201) return resp
def create_machine(): data = json.loads(request.data) if len(g.db.get_specific_machine(data['id'])) != 0: return create_error_response("Exists", "A machine with the id '{}' already exists".format(data['id'])) g.db.create_machine(data['id'], data['general_ip']) resp = redirect(url_for(".get_machine", machine_id=data['id']), code=201) return resp
def create_team_config_for_machine(team_id): data = json.loads(request.data) if len(g.db.get_team_config_for_machine(team_id, data['machine_id'])) != 0: return create_error_response("Exists", "A config for team '{}' machine '{}' already exists".format(team_id, data['machine_id'])) g.db.create_team_config_for_machine(team_id, **data) resp = redirect(url_for(".get_config_for_team", team_id=team_id, machine_id=data['machine_id']), code=201) return resp
def archive_current_scoring_session(): data = json.loads(request.data) if len(g.db.get_specific_archived_scoring_session(data['id'])) != 0: return create_error_response("Exists", "An archived scoring session with the id '{}' already exists".format(data['id'])) g.db.archive_current_scoring_session(data['id']) resp = redirect(url_for(".get_specific_archived_scoring_session", session_id=data['id']), code=201) return resp
def create_team(): data = json.loads(request.data) if len(g.db.get_specific_team(data["id"])) != 0: return create_error_response("Exists", "A team with the id '{}' already exists".format(data["id"])) g.db.create_team(data["name"], data["id"]) g.redis.publish(g.daemon_channel, "changed team {}".format(data["id"])) resp = redirect(url_for(".get_team", team_id=data["id"]), code=201) return resp
def create_service_check(): data = json.loads(request.data) if len(g.db.get_specific_service_check(data['id'])) != 0: return create_error_response("Exists", "A service check with the id '{}' already exists".format(data['id'])) g.db.create_service_check(data['id'], data['description'], data['machine'], data['class_name']) g.redis.publish(g.daemon_channel, 'changed all') resp = redirect(url_for(".get_specific_service_check", check_id=data['id']), code=201) return resp
def create_attack_check_for_team(team_id): data = json.loads(request.data) if len(g.db.get_specific_attacker_check(data['id'], team_id)) != 0: return create_error_response("Exists", "An attacker check with the id '{}' for team '{}' already exists".format(data['id'], team_id)) g.db.create_attacker_check(data['id'], data['description'], data['machine'], team_id, data['class_name']) g.redis.publish(g.daemon_channel, 'changed team {}'.format(team_id)) resp = redirect(url_for(".get_specific_attack_check_for_team", team_id=team_id, check_id=data['id']), code=201) return resp
def create_new_session(): data = json.loads(request.data) #data['password'] = hash_password(data['password']) incorrect_login_desc = 'Either the user does not exist or password is incorrect.' incorrect_login_err = 'IncorrectLogin' user_data = g.db.get_specific_user_with_password(data['username']) if user_data == []: return create_error_response(incorrect_login_desc, incorrect_login_err) unhashed_password = data['password'] hashed_password = user_data[0][u'password'] valid_password = check_password(unhashed_password, hashed_password) if not valid_password: return create_error_response(incorrect_login_desc, incorrect_login_err) try: login_user(User(data['username']), remember=True) except BaseException, e: return create_error_response(type(e).__name__, e.message)
def create_user(): data = json.loads(request.data) if len(g.db.get_specific_user(data['id'])) != 0: return create_error_response("Exists", "A user with the id '{}' already exists".format(data['id'])) if data['role'] in ('administrator', 'organizer', 'attacker'): g.db.create_user(data['id'], hash_password(data['password']), data['email'], data['role']) resp = redirect(url_for(".get_user", user_id=data['id']), code=201) return resp elif data['role'] == 'team': if 'team' not in data: return create_error_response('IllegalParameter', 'Users with role "team" must have the "team" parameter.') else: g.db.create_user(data['id'], hash_password(data['password']), data['email'], data['role'], team=data['team']) resp = redirect(url_for(".get_user", user_id=data['id']), code=201) return resp else: return create_error_response('InvalidRole', 'Users can only have roles "administrator", "organizer", "attacker", or "team".')
def create_team_config_for_machine(): team_id = g.db.get_specific_user(current_user.get_id())[0]['team'] data = json.loads(request.data) if len(g.db.get_team_config_for_machine(team_id, data['machine_id'])) != 0: return create_error_response("Exists", "A config for team '{}' machine '{}' already exists".format(team_id, data['machine_id'])) g.db.create_team_config_for_machine(team_id, **data) resp = redirect(url_for(".get_config_for_team", machine_id=data['machine_id']), code=201) return resp
def create_inject_check(): data = json.loads(request.data) if len(g.db.get_specific_inject_check(data['id'])) != 0: return create_error_response("Exists", "A inject check with the id '{}' already exists".format(data['id'])) convert_all_timestamp_to_datetime(data, ['time_to_check']) g.db.create_inject_check(data['id'], data['description'], data['machine'], data['class_name'], data['inject_number'], data['time_to_check']) g.redis.publish(g.daemon_channel, 'changed all') resp = redirect(url_for(".get_specific_inject_check", check_id=data['id']), code=201) return resp
def modify_user(user_id): data = json.loads(request.data) orig_data = g.db.get_specific_user(user_id) if len(orig_data) == 0: return Response(status=404) if 'role' in data: role = data['role'] else: role = orig_data[0]['role'] if role in ('administrator', 'organizer', 'attacker') and 'team' in data: return create_error_response('IllegalParameter', 'Only users with the "team" role can have the "team" parameter.') g.db.modify_user(user_id, **data) resp = Response(status=204) return resp
def unauthenticated_request(): return create_error_response("NotLoggedIn", "You must log in to access this resource.", status_code=401)
def https_only(): if app.config['HTTPS_ONLY'] == 'True' and not request.base_url.split('://')[0] == 'https': return create_error_response("HttpsOnly", "This engine is configured to only be accessed through HTTPS.")