def post(self, name): schema = GroupSchema() obj = schema.loads(request.get_data(as_text=True)) if obj.errors: return {"errors": obj.errors}, 400 group_name_obj = GroupNameSchemaBase().load({"name": name}) if group_name_obj.errors: return {"errors": group_name_obj.errors}, 400 if db.session.query(exists().where(Group.name == name)).scalar(): raise Conflict("Group exists yet") group = Group() group.name = name group.capabilities = obj.data.get("capabilities") or [] db.session.add(group) db.session.commit() logger.info('group created', extra={ 'group': group.name, 'capabilities': group.capabilities }) schema = GroupSchema() return schema.dump({"name": obj.data.get("name")})
def post(self, login): schema = UserProfileManageInfoSchema() obj = schema.loads(request.get_data(as_text=True)) if obj.errors: return {"errors": obj.errors}, 400 user_login_obj = UserLoginSchemaBase().load({"login": login}) if user_login_obj.errors: return {"errors": user_login_obj.errors}, 400 if db.session.query(exists().where(User.login == login)).scalar(): raise Conflict("User exists yet") if db.session.query(exists().where(Group.name == login)).scalar(): raise Conflict("Group exists yet") user = User() user.login = login user.email = obj.data.get("email") user.additional_info = obj.data.get("additional_info") user.feed_quality = obj.data.get("feed_quality") user.disabled = False user.pending = False user.registered_by = g.auth_user.id user.registered_on = datetime.datetime.now() user.groups.append(Group.public_group()) user.reset_sessions() db.session.add(user) group = Group() group.name = login group.private = True group.users.append(user) db.session.add(group) if obj.data.get("send_email", False): try: send_email_notification("register", "New account registered in Malwarecage", user.email, base_url=app_config.malwarecage.base_url, login=user.login, set_password_token=user.generate_set_password_token().decode("utf-8")) except MailError: logger.exception("Can't send e-mail notification") raise InternalServerError("SMTP server needed to fulfill this request is" " not configured or unavailable.") db.session.commit() logger.info('User created', extra={'user': user.login}) schema = UserSuccessSchema() return schema.dump({"login": user.login})
def post(self, name): """ --- summary: Create a new group description: | Creates a new group. Requires `manage_users` capability. security: - bearerAuth: [] tags: - group parameters: - in: path name: name schema: type: string description: Group name responses: 200: description: When group was created successfully 400: description: When group name or request body is invalid 403: description: When user doesn't have `manage_users` capability 409: description: When group exists yet """ schema = GroupSchema() obj = schema.loads(request.get_data(as_text=True)) if obj.errors: return {"errors": obj.errors}, 400 group_name_obj = GroupNameSchemaBase().load({"name": name}) if group_name_obj.errors: return {"errors": group_name_obj.errors}, 400 if db.session.query(exists().where(Group.name == name)).scalar(): raise Conflict("Group exists yet") group = Group() group.name = name group.capabilities = obj.data.get("capabilities") or [] db.session.add(group) db.session.commit() logger.info('group created', extra={ 'group': group.name, 'capabilities': group.capabilities }) schema = GroupSchema() return schema.dump({"name": obj.data.get("name")})
def post(self): """ --- description: Request new user account tags: - auth requestBody: description: User basic information content: application/json: schema: UserRegisterSchema responses: 200: description: User login on successful registration content: application/json: schema: UserSuccessSchema """ if not app_config.malwarecage.enable_registration: raise Forbidden("User registration is not enabled.") schema = UserRegisterSchema() obj = schema.loads(request.get_data(as_text=True)) if obj.errors: return {"errors": obj.errors}, 400 login = obj.data.get("login") if db.session.query(exists().where(User.login == login)).scalar(): raise Conflict("Name already exists") if db.session.query(exists().where(Group.name == login)).scalar(): raise Conflict("Name already exists") recaptcha_secret = app_config.malwarecage.recaptcha_secret if recaptcha_secret: try: recaptcha_token = obj.data.get("recaptcha") recaptcha_response = requests.post( 'https://www.google.com/recaptcha/api/siteverify', data={ 'secret': recaptcha_secret, 'response': recaptcha_token }) recaptcha_response.raise_for_status() except Exception as e: logger.exception("Temporary problem with ReCAPTCHA.") raise InternalServerError( "Temporary problem with ReCAPTCHA.") from e if not recaptcha_response.json().get('success'): raise Forbidden("Wrong ReCAPTCHA, please try again.") user = User() user.login = login user.email = obj.data.get("email") user.additional_info = obj.data.get("additional_info") user.pending = True user.disabled = False user.requested_on = datetime.datetime.now() user.groups.append(Group.public_group()) user.reset_sessions() db.session.add(user) group = Group() group.name = login group.private = True group.users.append(user) db.session.add(group) db.session.commit() try: send_email_notification("pending", "Pending registration in Malwarecage", user.email, base_url=app_config.malwarecage.base_url, login=user.login) except MailError: logger.exception("Can't send e-mail notification") logger.info('User registered', extra={'user': user.login}) schema = UserSuccessSchema() return schema.dump({"login": user.login})
def post(self, login): """ --- summary: Create a new user description: | Creates new user account Requires `manage_users` capability. security: - bearerAuth: [] tags: - user parameters: - in: path name: login schema: type: string description: New user login requestBody: description: User information content: application/json: schema: UserProfileManageInfoSchema responses: 200: description: When user was created successfully content: application/json: schema: UserSuccessSchema 400: description: When request body is invalid 403: description: When user doesn't have `manage_users` capability. 409: description: When user or group with provided name already exists. 500: description: When SMTP server is unavailable or not properly configured on the server. """ schema = UserProfileManageInfoSchema() obj = schema.loads(request.get_data(as_text=True)) if obj.errors: return {"errors": obj.errors}, 400 user_login_obj = UserLoginSchemaBase().load({"login": login}) if user_login_obj.errors: return {"errors": user_login_obj.errors}, 400 if db.session.query(exists().where(User.login == login)).scalar(): raise Conflict("User exists yet") if db.session.query(exists().where(Group.name == login)).scalar(): raise Conflict("Group exists yet") user = User() user.login = login user.email = obj.data.get("email") user.additional_info = obj.data.get("additional_info") user.feed_quality = obj.data.get("feed_quality") user.disabled = False user.pending = False user.registered_by = g.auth_user.id user.registered_on = datetime.datetime.now() user.groups.append(Group.public_group()) user.reset_sessions() db.session.add(user) group = Group() group.name = login group.private = True group.users.append(user) db.session.add(group) if obj.data.get("send_email", False): try: send_email_notification( "register", "New account registered in Malwarecage", user.email, base_url=app_config.malwarecage.base_url, login=user.login, set_password_token=user.generate_set_password_token( ).decode("utf-8")) except MailError: logger.exception("Can't send e-mail notification") raise InternalServerError( "SMTP server needed to fulfill this request is" " not configured or unavailable.") db.session.commit() logger.info('User created', extra={'user': user.login}) schema = UserSuccessSchema() return schema.dump({"login": user.login})
def newgroup(): # Standard conditions to check if the user has proper right to acces the page *** if DEBUG: pdb.set_trace() user = User.query.filter( User.ext_id_hashed == session.get('profile_ext_id_hashed')).first() if user is None: session.clear() return redirect(url_for('index')) elif user.account_status == 0: return render_template( "message.html", message= "Please wait for admin approval. Contact an admin if needed.", avatar_url=user.avatar_url) elif user.account_type != 2: return render_template( "message.html", message="You do not have proper right to access this site. " "Please contact an admin if needed.", avatar_url=user.avatar_url) # End of conditions ****************************** group_action = request.values.get('group_action', '') user_action = request.values.get('user_action', '') if group_action: new_name = request.values.get('new_name', '') group_id = request.values.get('group_id', '') if group_action == "add": try: group = Group(name=new_name) db.session.add(group) db.session.commit() except Exception: db.session.rollback() if group_action == "rename": try: group = Group.query.filter(Group.id == group_id).first() group.name = new_name db.session.commit() except Exception: db.session.rollback() elif group_action == "cancel": return redirect("/groups") elif group_action == "delete": try: group = Group.query.filter(Group.id == group_id).first() member_data = GroupMember.query.filter( GroupMember.group_id == group_id).all() db.session.delete(group) for member in member_data: db.session.delete(member) db.session.commit() except Exception: db.session.rollback() return redirect('/groups') if user_action: user_id = request.values.get('user_id', '') group_id = request.values.get('group_id', '') if user_action == "add": try: new_member = GroupMember(group_id=group_id, user_id=user_id) db.session.add(new_member) db.session.commit() except Exception: db.session.rollback() elif user_action == "remove": try: old_member = GroupMember.query.filter( GroupMember.user_id == user_id, GroupMember.group_id == group_id).first() db.session.delete(old_member) db.session.commit() except Exception: db.session.rollback() if len(str(group_id)) > 0: return redirect('/groups/' + str(group_id)) else: return redirect('/groups') return render_template('newgroup.html', user=user, group=None, member=[], outer=User.query.all())