def user(user):
user = getSession().query(tables.User).filter(
tables.User.username.ilike(user)).first()
if user:
if user.id == current_user.id or current_user.group >= 4:
if request.method == "POST":
if request.form['password'] != "":
user.set_password(request.form['password'])
user.name = request.form['name']
user.set_user_setting("timezone", request.form['timezone'])
getSession().commit()
return render_template('user/view.html',
title='Home Page',
year=datetime.now().year,
dbuser=user,
timezones=pytz.common_timezones,
config=config)
else:
return render_template(
'errors/403.html',
title='403 Access Denied',
year=datetime.now().year,
message="You do not have permission to use this resource")
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def report_event_total_report(event):
data = []
total = {}
score_total = getSession().query(
tables.func.sum(tables.AssignedInject.points)).filter(
tables.AssignedInject.eventid == event).first()
total['inject'] = score_total[0] if score_total[0] is not None else 0
injects = getSession().query(
tables.AssignedInject).filter(tables.AssignedInject.eventid == event)
teams = getSession().query(tables.Team).all()
for team in teams:
d = {}
d['team'] = team.name
# Get the totals for inject points
d['inject'] = 0
for inject in injects:
score = getSession().query(
tables.func.max(tables.TeamInjectSubmission.points)).filter(
tables.TeamInjectSubmission.teamid == team.id,
tables.TeamInjectSubmission.assignedinjectid ==
inject.id).first()
d['inject'] += score[0] if score[0] is not None else 0
uptime = getSession().query(
tables.func.count(tables.ScoreEvent.id),
tables.func.sum(
tables.expression.case(
value=tables.ScoreEvent.up, whens={
True: 1,
False: 0
}))).filter(tables.ScoreEvent.eventid == event).join(
tables.TeamServer).filter(
tables.TeamServer.teamid == team.id).first()
d['uptime'] = uptime[1] if uptime[1] is not None else 0
d['total_uptime'] = uptime[0]
data.append(d)
return render_template("report/event_total/report.html",
title="Event Total Report",
data=data,
total=total)
def events():
dbsession = getSession()
events = dbsession.query(tables.Event).order_by(tables.Event.id).all()
return render_template('admin/event/list.html',
title='Events',
year=datetime.now().year,
events=events)
def teams():
dbsession = getSession()
teams = dbsession.query(tables.Team).all()
return render_template('admin/team/list.html',
title='Team List',
year=datetime.now().year,
teams=teams)
def injectmanager_inject_assign(id):
db = getSession()
if request.method == "POST":
ai = tables.AssignedInject()
ai.injectid = id
tz = pytz.timezone(config.get_item("default_timezone"))
if "timezone" in current_user.settings:
tz = pytz.timezone(current_user.settings['timezone'])
localwhen = tz.localize(
datetime.strptime(request.form['when'], '%Y-%m-%d %H:%M'))
ai.when = localwhen.astimezone(pytz.UTC)
ai.subject = request.form['subject']
ai.duration = request.form['duration']
ai.points = request.form['points']
ai.body = request.form['body']
ai.eventid = request.form['event']
ai.allowlate = 'late' in request.form
db.add(ai)
db.commit()
return redirect(url_for('injectmanager_inject', id=id))
inject = db.query(tables.Inject).filter(tables.Inject.id == id).first()
if inject:
categories = db.query(tables.InjectCategory).filter(
tables.InjectCategory.parentid == None)
events = db.query(tables.Event).filter(tables.Event.end == None)
return render_template('injectmanager/assigninject.html',
title="Assign Inject - " + inject.subject,
inject=inject,
categories=categories,
events=events)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def servereditservice(server, service):
dbsession = getSession()
server = dbsession.query(
tables.Server).filter(tables.Server.id == server).first()
services = dbsession.query(
tables.Service).filter(tables.Service.id == service)
if server and services.count() > 0:
service = services[0]
if request.method == 'POST':
service.name = request.form['name']
service.typeid = request.form['type']
if request.form['port'] != "":
service.port = request.form['port']
service.enabled = 'enabled' in request.form
dbsession.commit()
return redirect(url_for('server', server=server.id))
else:
types = dbsession.query(tables.ServiceType).order_by(
tables.ServiceType.name.asc()).all()
return render_template('admin/server/editservice.html',
title='Edit Server',
year=datetime.now().year,
types=types,
service=service,
server=server)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def injectmanager():
db = getSession()
categories = db.query(
tables.InjectCategory).filter(tables.InjectCategory.parentid == None)
return render_template('injectmanager/index.html',
title='Inject Manager',
categories=categories)
def inject_score():
session = getSession()
events = session.query(tables.Event).filter(
tables.or_(tables.Event.current == True, tables.Event.start == None))
return render_template('injectscore/index.html',
title="Inject Scoring",
events=events)
def inject_respond(id):
session = getSession()
inject = session.query(tables.AssignedInject).filter(tables.AssignedInject.id == id).first()
if inject and not inject.should_show:
if request.method == "POST":
sub = tables.TeamInjectSubmission()
sub.assignedinjectid = id
sub.when = datetime.now()
sub.body = request.form['body']
sub.points = 0
sub.teamid = current_user.team
session.add(sub)
session.commit()
if 'file' in request.files and request.files['file'].filename != '':
fi = request.files['file']
a = tables.TeamInjectSubmissionAttachment()
f = tables.Attachment()
a.teaminjectid = sub.id
a.attachment_id = f.id
f.filename = fi.filename
f.data = fi.read()
f.size = len(f.data)
session.add(f)
session.add(a)
session.commit()
return render_template(
'inject/respond.html',
title=inject.subject,
year=datetime.now().year,
inject=inject
)
return page_not_found(None)
def event(event):
dbsession = getSession()
events = dbsession.query(tables.Event).filter(tables.Event.id == event)
if events.count() > 0:
event = events[0]
sd = dbsession.query(
tables.Team.name,
tables.func.sum(
tables.expression.case(value=tables.ScoreEvent.up,
whens={
True: 1,
False: 0
})),
tables.func.count(tables.ScoreEvent.id)).select_from(
tables.ScoreEvent).filter(
tables.ScoreEvent.eventid == event.id).join(
tables.TeamServer).join(tables.Team).group_by(
tables.Team.name).order_by(tables.Team.name)
#scoredata = dbsession.execute(tables.text("select t.name, sum(case when se.up = true then 1 else 0 end), count(se.id), round((sum(case when se.up = true then 1.0 else 0.0 end)/count(se.id)) * 100.0, 2) from scoreevents se inner join teamservers ts on ts.id = se.teamserverid inner join teams t on ts.teamid = t.id where se.eventid = " + str(event.id) + " group by t.name order by t.name"))
return render_template('admin/event/view.html',
title=event.name,
year=datetime.now().year,
event=event,
scoredata=sd)
else:
return render_template(
'admin/404.html',
title='404 Team Not Found',
year=datetime.now().year,
message="We could not find the team that you were looking for.")
def edituser(user):
dbsession = getSession()
users = dbsession.query(tables.User).filter(tables.User.name.ilike(user))
if users.count() > 0:
dbuser = users[0]
if request.method == 'POST':
dbuser.name = request.form["name"]
dbuser.username = request.form["username"]
dbuser.team = request.form["team"]
dbuser.group = request.form["group"]
if str(request.form["password"]).strip() != "":
dbuser.set_password(request.form['password'])
dbsession.commit()
return redirect(url_for('adminuser', user=dbuser.name))
else:
teams = dbsession.query(tables.Team).all()
return render_template(
'admin/user/edit.html',
title='Edit Team',
year=datetime.now().year,
dbuser=dbuser,
teams=teams
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def services():
dbsession = getSession()
services = dbsession.query(tables.ServiceType).all()
"""Renders the home page."""
return render_template('admin/service/list.html',
title='Service Types',
year=datetime.now().year,
services=services)
def passdbs():
dbsession = getSession()
passdblist = dbsession.query(tables.PasswordDatabase).order_by(
tables.PasswordDatabase.name)
return render_template('admin/passdb/list.html',
title='Password Databases',
year=datetime.now().year,
passdblist=passdblist)
def injectmanager_inject(id):
db = getSession()
inject = db.query(tables.Inject).filter(tables.Inject.id == id).first()
if inject:
return render_template('injectmanager/inject.html',
title="Inject - " + inject.subject,
inject=inject)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def users():
dbsession = getSession()
users = dbsession.query(tables.User).all()
"""Renders the home page."""
return render_template(
'admin/user/list.html',
title='Users List',
year=datetime.now().year,
users=users
)
def inject_score_event_inject(event, inject):
session = getSession()
inject = session.query(tables.AssignedInject).filter(
tables.AssignedInject.id == inject).first()
if inject:
return render_template('injectscore/inject.html',
title="Score " + inject.subject,
inject=inject)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def inject(id):
session = getSession()
inject = session.query(tables.AssignedInject).filter(tables.AssignedInject.id == id).first()
if inject and not inject.should_show:
return render_template(
'inject/view.html',
title=inject.subject,
year=datetime.now().year,
inject=inject
)
return page_not_found(None)
def admin():
dbsession = getSession()
event = None
events = dbsession.query(tables.Event).filter(tables.Event.current == True)
if events.count() > 0:
event = events[0].id
return render_template('admin/index.html',
title='Admin',
year=datetime.now().year,
driver=str(engine.driver),
event=event)
def stopevent(event):
dbsession = getSession()
events = dbsession.query(tables.Event).filter(tables.Event.id == event)
if events.count() > 0:
event = events[0]
event.current = False
event.end = datetime.utcnow()
dbsession.commit()
return redirect(url_for("events"))
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def inject_score_event_inject_remove(event, inject):
session = getSession()
inject = session.query(tables.AssignedInject).filter(
tables.AssignedInject.id == inject).first()
if inject:
if request.method == "POST":
session.delete(inject)
session.commit()
return redirect(url_for('inject_score_event', event=event))
return render_template("injectscore/delete_inject.html",
inject=inject,
event=event)
return page_not_found(None)
def injectmanager_category_delete(id):
db = getSession()
cat = db.query(
tables.InjectCategory).filter(tables.InjectCategory.id == id).first()
if cat:
if request.method == "POST":
db.delete(cat)
db.commit()
return redirect(url_for('injectmanager'))
return render_template('injectmanager/delete_category.html',
title='Delete Category',
category=cat)
return page_not_found(None)
def inject_score_event(event):
session = getSession()
event = session.query(
tables.Event).filter(tables.Event.id == event).first()
if event:
injects = session.query(tables.AssignedInject).filter(
tables.AssignedInject.eventid == event.id)
return render_template('injectscore/event.html',
title="Inject Scoring",
injects=injects,
datetime=datetime,
event=event)
return page_not_found(None)
def addevent():
if request.method == 'POST':
dbsession = getSession()
e = tables.Event()
e.name = request.form['name']
dbsession.add(e)
dbsession.commit()
return redirect(url_for('events'))
else:
return render_template(
'admin/event/add.html',
title='Add Event',
year=datetime.now().year,
)
def adminuser(user):
dbsession = getSession()
users = dbsession.query(tables.User).filter(tables.User.name.ilike(user))
if users.count() > 0:
user = users[0]
return render_template(
'admin/user/view.html',
title=user.name,
year=datetime.now().year,
dbuser=user,
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def server(server):
dbsession = getSession()
servers = dbsession.query(tables.Server).filter(tables.Server.id == server)
if servers.count() > 0:
server = servers[0]
return render_template(
'admin/server/view.html',
title=server.name,
year=datetime.now().year,
server=server,
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def team(team):
dbsession = getSession()
teams = dbsession.query(tables.Team).filter(tables.Team.name.ilike(team))
if teams.count() > 0:
team = teams[0]
return render_template(
'admin/team/view.html',
title=team.name,
year=datetime.now().year,
team=team,
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def adduser():
dbsession = getSession()
if request.method == 'POST':
u = tables.User.create(request.form['name'], request.form['username'], request.form['password'], request.form['team'], request.form['group'])
dbsession.add(u)
dbsession.commit()
return redirect(url_for('users'))
else:
teams = dbsession.query(tables.Team).all()
return render_template(
'admin/user/add.html',
title='Add Team',
year=datetime.now().year,
teams=teams,
)
def addservice():
if request.method == 'POST':
dbsession = getSession()
st = tables.ServiceType()
st.name = request.form['name']
st.tester = request.form['tester']
dbsession.add(st)
dbsession.commit()
return redirect(url_for('services'))
else:
return render_template(
'admin/service/add.html',
title='Add Service Type',
year=datetime.now().year,
)
def injectmanager_addcategory():
db = getSession()
if request.method == "POST":
cat = tables.InjectCategory()
if request.form['category'] != '-1':
cat.parentid = request.form['category']
cat.name = request.form['name']
db.add(cat)
db.commit()
return redirect(url_for('injectmanager') + "#" + str(cat.id))
categories = db.query(
tables.InjectCategory).filter(tables.InjectCategory.parentid == None)
return render_template('injectmanager/addcategory.html',
title='Add Category',
categories=categories)
def passdb(passdb):
dbsession = getSession()
passdbs = dbsession.query(tables.PasswordDatabase).filter(
tables.PasswordDatabase.name.ilike(passdb))
if passdbs.count() > 0:
passdb = passdbs[0]
return render_template(
'admin/passdb/view.html',
title=passdb.name,
year=datetime.now().year,
passdb=passdb,
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
