def domain_management(domain_name): """Route to manage domain attributes.""" if request.method == 'GET': domain = Domain.query.filter(Domain.name == domain_name).first() if not domain: return redirect(url_for('error', code=404)) users = User.query.all() # get list of user ids to initilize selection data d = Domain(name=domain_name) domain_user_ids = d.get_user() return render_template('domain_management.html', domain=domain, users=users, domain_user_ids=domain_user_ids) if request.method == 'POST': # username in right column new_user_list = request.form.getlist('domain_multi_user[]') # get list of user ids to compare d = Domain(name=domain_name) domain_user_ids = d.get_user() # grant/revoke user privielges d.grant_privielges(new_user_list) history = History(msg='Change domain %s access control' % domain_name, detail=str({'user_has_access': new_user_list}), created_by=current_user.username) history.add() return redirect(url_for('domain_management', domain_name=domain_name)) return None
def fixrev(): """Let us test the api from a brower so I can debug the damn thing.""" # first authenticate show("Begin api route #########################################\n\n") retval = 'begin' updateresult = {} if not token_verify(): retval = jsonify(retval='No Token') username = getheadervalue(request.headers, 'X-API-User') user = db.session.query(User) \ .filter(User.username == username) \ .first() dom_ = Domain() recorddata = json.loads(request.data) show("fixrev print of recorddata is :\n%s" % (recorddata), level=6) if retval == 'begin' and 'hostname' in recorddata and 'revname' in recorddata: show("fixrev pformat of recorddata is :\n%s" % (pformat(recorddata, indent=4)), level=6) hostname = recorddata['hostname'] + '.' revname = recorddata['revname'] revnamewdot = recorddata['revname'] + '.' domain_reverse_name = dom_.get_reverse_domain_name(revname) show("fixrev name is :%s revname is %s domain_reverse_name %s" % (hostname, revname, domain_reverse_name), level=6) is_allowed = is_allowed_domain(domain_reverse_name, user.id) if not is_allowed: return jsonify(error='error not allowed to modify domainname %s' % (domain_reverse_name)) mdl = db.session.query(Domain)\ .filter(Domain.name == domain_reverse_name)\ .first() if not mdl: show("fixrev domain_reverse_name %s DOES NOT EXIST" % (domain_reverse_name), level=6) dom_ = Domain() domain = 'pop' dom_.create_reverse_domain(domain, domain_reverse_name) # return jsonify(retval='No Domain %s' % (domain_reverse_name)) rec = Record(name=revnamewdot, type='PTR', status=False, ttl=86400, data=hostname) updateresult = rec.update(domain_reverse_name, hostname, username) return jsonify(retval=retval, **updateresult)
def save_session(): data = request.form sessions = json.loads(data['sessions']) token = data.get('token') user = User.check_auth_token(token) if next(user): user = next(user) for session in sessions: Session( dict(username=user, id=session['id'], start_time=session['start'], end_time=session['end'])) for _, tab_info in session['tab_manager']['tabs'].items(): url = tab_info['url'] title = tab_info['title'] favicon = tab_info['favIconUrl'] try: if url.startswith('chrome://'): continue except: print(tab_info) for i in range(len(tab_info['active_start_times'])): Domain( dict(session_id=session['id'], url=url, title=title, favicon=favicon, start_time=tab_info['active_start_times'][i], end_time=tab_info['active_end_times'][i])) for tab_info in session['tab_manager']['discarded_tabs']: url = tab_info['url'] title = tab_info['title'] favicon = tab_info['favIconUrl'] try: if url.startswith('chrome://'): continue except: print(tab_info) for i in range(len(tab_info['active_start_times'])): Domain( dict(session_id=session['id'], url=url, title=title, favicon=favicon, start_time=tab_info['active_start_times'][i], end_time=tab_info['active_end_times'][i])) else: return 'Invalid token' return User.get(username=user).generate_auth_token( time=9999999999999999999)
def test_get_multiple_zones( self, client, common_data_mock, zone_data, admin_apikey ): with patch('app.blueprints.api.Domain') as mock_domain: test_domain = Domain(1, name=zone_data['name'].rstrip(".")) mock_domain.query.all.return_value = [test_domain] res = client.get( "/api/v1/servers/localhost/zones", headers=admin_apikey ) data = res.get_json(force=True) fake_domain = namedtuple( "Domain", data[0].keys() )(*data[0].values()) domain_schema = DomainSchema(many=True) json.dumps(domain_schema.dump([fake_domain])) assert res.status_code == 200
def get_domain_fromname(name, firsttry=True): """A method to utilize the PDNS Admin of domains to determine which this is in.""" name_split = name.split('.') name_split.reverse() test = '' testlst = [] for item in name_split: if item != '': if test == '': test = "%s" % (item) else: test = "%s.%s" % (item, test) testlst.append(test) testlst.reverse() print pformat(testlst) retval = None for test in testlst: if not retval: # show("get_domain_fromname of testing if string is a domain : '%s'" % (test), level=6) mdl = db.session.query(Domain)\ .filter(Domain.name == test)\ .first() if mdl: retval = mdl.name if not retval and firsttry: dom_ = Domain() dom_.update() retval = get_domain_fromname(name, firsttry=False) # raise RuntimeError("Issue getting domain name from name %s" % (name)) return retval
def register_domain(): _username = request.form['username'] _password = request.form['password'] _domain = request.form['domain'] res = login(_username, _password) if res != 200: return "Login failed" if not validate_domain(_domain): return "Invalid domain '{0}'".format(_domain) user = User.query.filter_by(username=_username).first() if user is None: user = User(username=_username) try: db.session.add(user) db.session.commit() except exc.SQLAlchemyError as e: return "Something went wrong during registration of domain '{0}'".format( _domain) domain = Domain(domain=_domain, user_id=user.id) try: db.session.add(domain) db.session.commit() except exc.SQLAlchemyError as e: return "Something went wrong during registration of domain '{0}'".format( _domain) return "Success"
def test_usernames_to_json(self): usernames = ['charlie', 'joseph', 'igor'] passwords = ['secret', 'checkpoint', 'bravo'] domain = Domain(name='victim', url='victim.org') domain.save() for username in usernames: domain.username_set.create(username=username) for password in passwords: domain.password_set.create(password=password) usernames_from_db = domain.username_set.all().values('username') usernames_dict = {'usernames': list(usernames_from_db)} self.assertListEqual( usernames, list(map(lambda x: x['username'], usernames_from_db))) self.assertDictEqual(json.loads(json.dumps(usernames_dict)), usernames_dict) passwords_from_db = domain.password_set.all().values('password') passwords_dict = {'passwords': list(passwords_from_db)} self.assertListEqual( passwords, list(map(lambda x: x['password'], passwords_from_db))) self.assertDictEqual(json.loads(json.dumps(passwords_dict)), passwords_dict)
def common_data_mock(self): self.oauth_setting_patcher = patch('app.oauth.Setting', spec=app.models.Setting) self.views_setting_patcher = patch('app.views.Setting', spec=app.models.Setting) self.helpers_setting_patcher = patch('app.lib.helper.Setting', spec=app.models.Setting) self.models_setting_patcher = patch('app.models.Setting', spec=app.models.Setting) self.mock_apikey_patcher = patch('app.decorators.ApiKey', spec=app.models.ApiKey) self.mock_hist_patcher = patch('app.blueprints.api.History', spec=app.models.History) self.mock_oauth_setting = self.oauth_setting_patcher.start() self.mock_views_setting = self.views_setting_patcher.start() self.mock_helpers_setting = self.helpers_setting_patcher.start() self.mock_models_setting = self.models_setting_patcher.start() self.mock_apikey = self.mock_apikey_patcher.start() self.mock_hist = self.mock_hist_patcher.start() self.mock_oauth_setting.return_value.get.side_effect = load_data self.mock_views_setting.return_value.get.side_effect = load_data self.mock_helpers_setting.return_value.get.side_effect = load_data self.mock_models_setting.return_value.get.side_effect = load_data data = user_apikey_data() domain = Domain(name=data['domains'][0]) api_key = ApiKey(desc=data['description'], role_name=data['role'], domains=[domain]) api_key.role = Role(name=data['role']) self.mock_apikey.return_value.is_validate.return_value = api_key
def dao_update_organisation(organisation_id, **kwargs): domains = kwargs.pop('domains', None) num_updated = Organisation.query.filter_by( id=organisation_id).update(kwargs) if isinstance(domains, list): Domain.query.filter_by(organisation_id=organisation_id).delete() db.session.bulk_save_objects([ Domain(domain=domain.lower(), organisation_id=organisation_id) for domain in domains ]) organisation = Organisation.query.get(organisation_id) if 'organisation_type' in kwargs: _update_organisation_services(organisation, 'organisation_type', only_where_none=False) if 'email_branding_id' in kwargs: _update_organisation_services(organisation, 'email_branding') if 'letter_branding_id' in kwargs: _update_organisation_services(organisation, 'letter_branding') return num_updated
def save_info(self, domains, source, crawl_time): start = time.time() all_count = len(domains) avail_count = 0 _time = datetime.now().strftime("%Y-%m-%d") if len(domains) > 0: try: for domain, source in domains: flag = db.session.query(Domain).filter( Domain.domain == domain, Domain.source == source).first() if flag is None: new_domain = Domain() new_domain.domain = domain new_domain.source = source db.session.add(new_domain) avail_count += 1 else: flag.updatetime = _time db.session.add(flag) db.session.commit() except Exception as e: self.logger.warning("Error writing to database" + str(e) + source) else: self.logger.warning("NO record found from: %s" % source) stop = time.time() storage_time = str(stop - start) + "秒" self.logger.info("malwaredomains 共收集{0}条数据, 新数据{1}条".format( all_count, avail_count)) self.logger.info("malwaredomains 抓取时间{0},数据遍历时间{1}".format( crawl_time, storage_time))
def domains(): ''' For GET requests, return all domains. For POST requests, add a new domain. ''' # request is a GET if request.method == 'GET': all_domains = Domain.query.all() schema = DomainSchema(many=True, strict=True) domain_data = schema.dump(all_domains) return jsonify(domain_data[0]) # request is a POST elif request.method == 'POST': domain = request.form.get('Domain') cert_path = request.form.get('Cert_Path') key_path = request.form.get('Key_Path') domain_obj = Domain.query.filter_by(domain=domain).first() if domain_obj is not None: return 'domain already exists', 400 domain_obj = Domain(domain=domain, cert_path=cert_path, key_path=key_path) domain_obj.update_ip() db.session.add(domain_obj) db.session.commit() schema = DomainSchema(strict=True) domain_data = schema.dump(domain_obj) return jsonify(domain_data[0]), 201
def setUpClass(cls): super().setUpClass() domain = Domain(name='example', url='selenium.org', chunk_size=2) domain.save() for i in range(0, 10): domain.username_set.create(username='******'.format(i)) domain.username_set.create(username='******') for i in range(0, 10): domain.password_set.create(password='******'.format(i)) domain.password_set.create(password='******') options = Options() options.add_argument('-headless') options.headless = True d = DesiredCapabilities.FIREFOX d['loggingPrefs'] = {'browser': 'ALL'} cls.drivers = [ Firefox(firefox_options=options, desired_capabilities=d), Firefox(firefox_options=options, desired_capabilities=d), Firefox(firefox_options=options, desired_capabilities=d), Firefox(firefox_options=options, desired_capabilities=d) ]
def populate_organisations_from_file(file_name): # [0] organisation name:: name of the organisation insert if organisation is missing. # [1] sector:: Central | Local | NHS only # [2] crown:: TRUE | FALSE only # [3] argeement_signed:: TRUE | FALSE # [4] domains:: comma separated list of domains related to the organisation # [5] email branding name: name of the default email branding for the org # [6] letter branding name: name of the default letter branding for the org # The expectation is that the organisation, organisation_to_service # and user_to_organisation will be cleared before running this command. # Ignoring duplicates allows us to run the command again with the same file or same file with new rows. with open(file_name, 'r') as f: def boolean_or_none(field): if field == '1': return True elif field == '0': return False elif field == '': return None for line in itertools.islice(f, 1, None): columns = line.split('|') print(columns) email_branding = None email_branding_column = columns[5].strip() if len(email_branding_column) > 0: email_branding = EmailBranding.query.filter(EmailBranding.name == email_branding_column).one() letter_branding = None letter_branding_column = columns[6].strip() if len(letter_branding_column) > 0: letter_branding = LetterBranding.query.filter(LetterBranding.name == letter_branding_column).one() data = { 'name': columns[0], 'active': True, 'agreement_signed': boolean_or_none(columns[3]), 'crown': boolean_or_none(columns[2]), 'organisation_type': columns[1].lower(), 'email_branding_id': email_branding.id if email_branding else None, 'letter_branding_id': letter_branding.id if letter_branding else None } org = Organisation(**data) try: db.session.add(org) db.session.commit() except IntegrityError: print("duplicate org", org.name) db.session.rollback() domains = columns[4].split(',') for d in domains: if len(d.strip()) > 0: domain = Domain(domain=d.strip(), organisation_id=org.id) try: db.session.add(domain) db.session.commit() except IntegrityError: print("duplicate domain", d.strip()) db.session.rollback()
def create_domain(domain, organisation_id): domain = Domain(domain=domain, organisation_id=organisation_id) db.session.add(domain) db.session.commit() return domain
def domain_add(): """Route to add a Domain.""" # pylint: disable=R0914,R0912, # here here here if request.method == 'POST': try: domain_name = request.form.getlist('domain_name')[0] domain_type = request.form.getlist('radio_type')[0] soa_edit_api = request.form.getlist('radio_type_soa_edit_api')[0] if ' ' in domain_name or not domain_name or not domain_type: return render_template('errors/400.html', msg="Please correct your input"), 400 if domain_type == 'slave': if request.form.getlist('domain_master_address'): domain_master_string = request.form.getlist('domain_master_address')[0] domain_master_string = domain_master_string.replace(' ', '') domain_master_ips = domain_master_string.split(',') else: domain_master_ips = [] d = Domain() result = d.add(domain_name=domain_name, domain_type=domain_type, soa_edit_api=soa_edit_api, domain_master_ips=domain_master_ips) # The soa record will show a.misconfigured.powerdns.server rec = Record() recs = rec.get_record_data('pop') soacontent = None nsrecords = None nscontent = None for item in recs['records']: if item['name'] == 'pop' and item['type'] == 'SOA': soacontent = item['content'] if item['type'] == 'NS': nsrecords = item['records'] nscontent = item['content'] if soacontent: soarec = Record(name=domain_name, type='SOA', ttl=3600) soarec.update(domain_name, soacontent, username=current_user.username) if nsrecords and nscontent: for nsrec in nsrecords: nsrec_ = Record(name=domain_name, type='NS', ttl=3600) nsrec_.update(domain_name, nsrec['content'], username=current_user.username) # end update the record using pop as a base if result['status'] == 'ok': history = History(msg='Add domain %s' % domain_name, detail=str({'domain_type': domain_type, 'domain_master_ips': domain_master_ips}), created_by=current_user.username) history.add() return redirect(url_for('dashboard')) else: return render_template('errors/400.html', msg=result['msg']), 400 except Exception: return redirect(url_for('error', code=500)) return render_template('domain_add.html')
def domains(): form = DomainForm() if form.validate_on_submit(): domain = Domain(domainname=form.domainname.data, user_id=current_user.id) db.session.add(domain) db.session.commit() flash('Domain has been added.', 'success') return redirect(url_for('main.domains')) return render_template('domains.html', title='Domains', form=form)
def fake_probes(): Domain(name='example', chunk_size=256).save() with open('dict/top-usernames-shortlist.txt') as file: for line in file: Username(username=line.rstrip()).save() with open('dict/10-million-password-list-top-100.txt') as file: for line in file: Password(password=line.rstrip()).save()
def build_zone_record(zone_data): """ build the zone record from the given zone data. :param zone_data: dict containing the body of the request :return: zone record object """ zone_record = Domain() zone_record.name = zone_data['name'].rstrip(".") zone_record.type = 'NATIVE' return zone_record
def api_login_create_zone(): pdns_api_url = Setting().get('pdns_api_url') pdns_api_key = Setting().get('pdns_api_key') pdns_version = Setting().get('pdns_version') api_uri_with_prefix = utils.pdns_api_extended_uri(pdns_version) api_full_uri = api_uri_with_prefix + '/servers/localhost/zones' headers = {} headers['X-API-Key'] = pdns_api_key msg_str = "Sending request to powerdns API {0}" msg = msg_str.format(request.get_json(force=True)) logging.debug(msg) resp = utils.fetch_remote( urljoin(pdns_api_url, api_full_uri), method='POST', data=request.get_json(force=True), headers=headers, accept='application/json; q=1' ) if resp.status_code == 201: logging.debug("Request to powerdns API successful") data = request.get_json(force=True) history = History( msg='Add domain {0}'.format(data['name'].rstrip('.')), detail=json.dumps(data), created_by=g.user.username ) history.add() if g.user.role.name not in ['Administrator', 'Operator']: logging.debug("User is ordinary user, assigning created domain") domain = Domain(name=data['name'].rstrip('.')) domain.update() domain.grant_privileges([g.user.username]) domain = Domain() domain.update() return resp.content, resp.status_code, resp.headers.items()
def setUpTestData(cls): cls.domain = Domain(name='victim', url='victim.org') cls.domain.save() cls.domain.username_set.create(username='******') cls.domain.username_set.create(username='******') cls.domain.password_set.create(password='******') cls.domain.password_set.create(password='******') cls.first_client = Client(ip='192.168.0.1', user_agent='tester 1') cls.first_client.save()
def setup(self): super(TestGetApplication, self).setup() self.application_id = self.setup_dummy_application() with self.app.app_context(): db.session.add( Domain(name='test domain', ordering=1, price_minimum=123, price_maximum=1234, criteria_needed=1)) db.session.commit()
def domain_delete(domain_name): """Route to delete a domain.""" d = Domain() result = d.delete(domain_name) if result['status'] == 'error': return redirect(url_for('error', code=500)) history = History(msg='Delete domain %s' % domain_name, created_by=current_user.username) history.add() return redirect(url_for('dashboard'))
def new_domain(): """ Add New Domain """ if not current_user.admin: flash('Have to be an admin!') return redirect(url_for('profile')) else: form = DomainForm() if request.method == 'POST': form_domain = form.domain.data paths_ignore = form.paths_ignore.data ext_ignore = form.ext_ignore.data s3_storage_bucket = form.s3_storage_bucket.data azure_profile_name = form.azure_profile_name.data inactive = form.inactive.data # Does this domain exist in the database or github? db_check = Domain.query.filter_by(domain=form_domain).first() gh_check = repo_utilities.check(form_domain) if not gh_check['exists']: # not in GH # Add to Github added = automation.new_add( domain=form_domain, mode='web' ) if not db_check: # not in db either domain = Domain( domain=form_domain, paths_ignore=paths_ignore, ext_ignore=ext_ignore, s3_storage_bucket=s3_storage_bucket, azure_profile_name=azure_profile_name, inactive=inactive ) db.session.add(domain) db.session.commit() flash("Domain Added!") else: # in db already if db_check.inactive: #set to inactive domain.inactive = False db.session.commit() flash("Domain Added, set to active again!") else: # exists in GH if db_check: #domain exists in db if db_check.inactive: #set to inactive domain.inactive = False db.session.commit() else: flash("Domain already exists!") return redirect(url_for('admin_domains', status='active')) else: return render_template('edit_domain.html', form=form, new=True)
def setUp(self): self.domain = Domain(name='victim', chunk_size=256) self.domain.save() self.first_client = Client(ip='129.168.0.1', user_agent='tester') self.first_client.save() self.second_client = Client(ip='129.168.0.1', user_agent='tester') self.second_client.save() self.bogged_client = Client(ip='129.168.0.2', user_agent='bogged tester') self.bogged_client.save()
def api_create_zone(server_id): resp = helper.forward_request() if resp.status_code == 201: logging.debug("Request to powerdns API successful") data = request.get_json(force=True) history = History(msg='Add domain {0}'.format( data['name'].rstrip('.')), detail=json.dumps(data), created_by=g.apikey.description) history.add() if g.apikey.role.name not in ['Administrator', 'Operator']: logging.debug("Apikey is user key, assigning created domain") domain = Domain(name=data['name'].rstrip('.')) g.apikey.domains.append(domain) domain = Domain() domain.update() return resp.content, resp.status_code, resp.headers.items()
def test_get_multiple_zones(self, client, common_data_mock, zone_data, basic_auth_user_headers): test_domain = Domain(1, name=zone_data['name'].rstrip(".")) self.mockk.get_domains.return_value = [test_domain] res = client.get("/api/v1/pdnsadmin/zones", headers=basic_auth_user_headers) data = res.get_json(force=True) fake_domain = namedtuple("Domain", data[0].keys())(*data[0].values()) domain_schema = DomainSchema(many=True) json.dumps(domain_schema.dump([fake_domain])) assert res.status_code == 200
def _store_domain(logger, data): ''' Creates new Domain entry if not already created. ''' if _domain_exists(logger, data['domain_id']): logger.info("Domain ID FOUND. Skipping Domain...") return False else: logger.info("Domain ID NOT FOUND. Creating Domain.") d = Domain(domain_id=data['domain_id'], account_id=data['account_id']) try: _add(d) except Exception as e: raise Exception(e)
def api_login_delete_zone(domain_name): pdns_api_url = Setting().get('pdns_api_url') pdns_api_key = Setting().get('pdns_api_key') pdns_version = Setting().get('pdns_version') api_uri_with_prefix = utils.pdns_api_extended_uri(pdns_version) api_full_uri = api_uri_with_prefix + '/servers/localhost/zones' api_full_uri += '/' + domain_name headers = {} headers['X-API-Key'] = pdns_api_key domain = Domain.query.filter(Domain.name == domain_name) if not domain: abort(404) if g.user.role.name not in ['Administrator', 'Operator']: user_domains_obj_list = g.user.get_domains() user_domains_list = [item.name for item in user_domains_obj_list] if domain_name not in user_domains_list: raise DomainAccessForbidden() msg_str = "Sending request to powerdns API {0}" logging.debug(msg_str.format(domain_name)) try: resp = utils.fetch_remote( urljoin(pdns_api_url, api_full_uri), method='DELETE', headers=headers, accept='application/json; q=1' ) if resp.status_code == 204: logging.debug("Request to powerdns API successful") history = History( msg='Delete domain {0}'.format(domain_name), detail='', created_by=g.user.username ) history.add() domain = Domain() domain.update() except Exception as e: logging.error('Error: {0}'.format(e)) abort(500) return resp.content, resp.status_code, resp.headers.items()
def test_delete_zone(self, client, common_data_mock, zone_data, basic_auth_user_headers): with patch('app.lib.utils.requests.request') as mock_delete, \ patch('app.blueprints.api.Domain') as mock_domain: mock_domain.return_value.update.return_value = True test_domain = Domain(1, name=zone_data['name'].rstrip(".")) self.mockk.get_domains.return_value = [test_domain] mock_delete.return_value.status_code = 204 mock_delete.return_value.content = '' zone_url_format = "/api/v1/pdnsadmin/zones/{0}" zone_url = zone_url_format.format(zone_data['name'].rstrip(".")) res = client.delete(zone_url, headers=basic_auth_user_headers) assert res.status_code == 204
def setup(self): super(TestGetApplication, self).setup() self.application_id = self.setup_dummy_application() with self.app.app_context(): domain_id = (db.session.query(func.max(Domain.id)).scalar()) db.session.add( Domain(id=domain_id + 1, name='test domain', ordering=1, price_minimum=123, price_maximum=1234, criteria_needed=1)) db.session.commit()