def _perform_create(self, data, workspace_name): assert not db.session.new workspace = self._get_workspace(workspace_name) obj = self.model_class(**data) obj.workspace = workspace # assert not db.session.new try: db.session.add(obj) db.session.commit() except sqlalchemy.exc.IntegrityError as ex: if not is_unique_constraint_violation(ex): raise db.session.rollback() workspace = self._get_workspace(workspace_name) conflict_obj = get_conflict_object(db.session, obj, data, workspace) if conflict_obj: flask.abort( 409, ValidationError({ 'message': 'Existing value', 'object': self._get_schema_class()().dump(conflict_obj).data, })) else: raise self._set_command_id(obj, True) return obj
def _perform_update(self, object_id, obj, data, workspace_name=None): """Commit the SQLAlchemy session, check for updating conflicts""" try: db.session.add(obj) db.session.commit() except sqlalchemy.exc.IntegrityError as ex: if not is_unique_constraint_violation(ex): raise db.session.rollback() workspace = None if workspace_name: workspace = db.session.query(Workspace).filter_by( name=workspace_name).first() conflict_obj = get_conflict_object(db.session, obj, data, workspace) if conflict_obj: flask.abort( 409, ValidationError({ 'message': 'Existing value', 'object': self._get_schema_class()().dump(conflict_obj).data, })) else: raise return obj
def _perform_create(self, data, **kwargs): """Check for conflicts and create a new object Is is passed the data parsed by the marshmallow schema (it transform from raw post data to a JSON) """ obj = self.model_class(**data) # assert not db.session.new try: db.session.add(obj) db.session.commit() except sqlalchemy.exc.IntegrityError as ex: if not is_unique_constraint_violation(ex): raise db.session.rollback() conflict_obj = get_conflict_object(db.session, obj, data) if conflict_obj: flask.abort( 409, ValidationError({ 'message': 'Existing value', 'object': self._get_schema_class()().dump(conflict_obj).data, })) else: raise return obj
def _create_admin_user(self, conn_string, choose_password, faraday_user_password): engine = create_engine(conn_string) # TODO change the random_password variable name, it is not always # random anymore if choose_password: user_password = click.prompt( 'Enter the desired password for the "faraday" user', confirmation_prompt=True, hide_input=True) else: if faraday_user_password: user_password = faraday_user_password else: user_password = self.generate_random_pw(12) already_created = False fs_uniquifier = str(uuid.uuid4()) try: statement = text(""" INSERT INTO faraday_user ( username, name, password, is_ldap, active, last_login_ip, current_login_ip, role, state_otp, fs_uniquifier ) VALUES ( 'faraday', 'Administrator', :password, false, true, '127.0.0.1', '127.0.0.1', 'admin', 'disabled', :fs_uniquifier ) """) params = { 'password': hash_password(user_password), 'fs_uniquifier': fs_uniquifier } connection = engine.connect() connection.execute(statement, **params) except sqlalchemy.exc.IntegrityError as ex: if is_unique_constraint_violation(ex): # when re using database user could be created previously already_created = True print( "{yellow}WARNING{white}: Faraday administrator user already exists." .format(yellow=Fore.YELLOW, white=Fore.WHITE)) else: print( "{yellow}WARNING{white}: Can't create administrator user.". format(yellow=Fore.YELLOW, white=Fore.WHITE)) raise if not already_created: print( "Admin user created with \n\n{red}username: {white}faraday \n" "{red}password:{white} {" "user_password} \n".format(user_password=user_password, white=Fore.WHITE, red=Fore.RED))
def _create_roles(self, conn_string): engine = create_engine(conn_string) try: statement = text( "INSERT INTO faraday_role(name) VALUES ('admin'),('pentester'),('client'),('asset_owner');" ) connection = engine.connect() connection.execute(statement) except sqlalchemy.exc.IntegrityError as ex: if is_unique_constraint_violation(ex): # when re using database user could be created previously print( "{yellow}WARNING{white}: Faraday administrator user already exists.".format( yellow=Fore.YELLOW, white=Fore.WHITE)) else: print( "{yellow}WARNING{white}: Can't create administrator user.".format( yellow=Fore.YELLOW, white=Fore.WHITE)) raise
def _create_admin_user(self, conn_string, choose_password): engine = create_engine(conn_string) # TODO change the random_password variable name, it is not always # random anymore if choose_password: random_password = click.prompt( 'Enter the desired password for the "faraday" user', confirmation_prompt=True, hide_input=True) else: random_password = self.generate_random_pw(12) already_created = False try: engine.execute( "INSERT INTO \"faraday_user\" (username, name, password, " "is_ldap, active, last_login_ip, current_login_ip, role, state_otp) VALUES ('faraday', 'Administrator', " "'{0}', false, true, '127.0.0.1', '127.0.0.1', 'admin', 'disabled');" .format(random_password)) except sqlalchemy.exc.IntegrityError as ex: if is_unique_constraint_violation(ex): # when re using database user could be created previously already_created = True print( "{yellow}WARNING{white}: Faraday administrator user already exists." .format(yellow=Fore.YELLOW, white=Fore.WHITE)) else: print( "{yellow}WARNING{white}: Can't create administrator user.". format(yellow=Fore.YELLOW, white=Fore.WHITE)) raise if not already_created: self._save_user_xml(random_password) print( "Admin user created with \n\n{red}username: {white}faraday \n" "{red}password:{white} {" "random_password} \n".format(random_password=random_password, white=Fore.WHITE, red=Fore.RED)) print( "{yellow}WARNING{white}: If you are going to execute couchdb importer you must use the couchdb password for faraday user." .format(white=Fore.WHITE, yellow=Fore.YELLOW))
def get_or_create(ws, model_class, data): """Check for conflicts and create a new object Is is passed the data parsed by the marshmallow schema (it transform from raw post data to a JSON) """ obj = model_class(**data) obj.workspace = ws # assert not db.session.new try: db.session.add(obj) db.session.commit() except sqlalchemy.exc.IntegrityError as ex: if not is_unique_constraint_violation(ex): raise db.session.rollback() conflict_obj = get_conflict_object(db.session, obj, data, ws) if conflict_obj: return (False, conflict_obj) else: raise # self._set_command_id(obj, True) # TODO check this return (True, obj)