def edit_tokens():
if request.method == 'POST':
try:
# check if this is remove vs update POST request
action = request.form.getlist('action')
if action[0] == 'remove':
# read in the content of a present click
list_value = request.form.getlist('id')
# if list is not empty - content has gone through
if len(list_value) > 0:
value = int(list_value[0])
# token exists since we delete from the dropdown from the db
token = Tokens.get(Tokens.tokenid == value)
# delete recursively - all dependencies incl. nullable
token.delete_instance(recursive=True, delete_nullable=True)
except socket.error:
pass
entries = [
dict(tid=each.tokenid,
ttype=(Tokentypes.get(
Tokentypes.tokentypeid == each.tokentypeid.tokentypeid)
).tokentype,
ttypeid=each.tokentypeid.tokentypeid,
ttoken=each.token,
tdescr=each.description,
tres=each.result,
targs=each.args) for each in Tokens.select()
]
return render_template('edit_tokens.html', entries=entries)
def saveExtend(self, screen, id):
try:
token = Tokens(user=screen,
idt=id,
client=self.auth.access_token,
secret=self.auth.access_token_secret)
token.save()
except Exception as e:
logging.warning(e)
pass
def post(self):
data = request.form
user = User.query.filter_by(login=data['login']).first()
if bcrypt.check_password_hash(user.pw_hash, data['password']):
token = user.gen_token()
if token:
new_token = Tokens(token)
db.session.add(new_token)
db.session.commit()
response_obj = {'auth_token': token}
return make_response(jsonify(response_obj), 200)
def list_devicerules():
# select device
devices = [
dict(did=device.deviceid, dname=device.devicename)
for device in Devices.select()
]
# select token
tokens = [
dict(tid=each.tokenid, tname=each.token) for each in Tokens.select()
]
return render_template('list_devicerules.html', entries=[devices, tokens])
def show_args():
entries = [
dict(argid=arg.argid,
argname=arg.argname,
argnum=arg.argnumber,
ttype=arg.arg_tokentype,
hasrestr=arg.hasrestriction,
restr=arg.restriction,
tokenid=Tokens.get(Tokens.tokenid == arg.tokenid.tokenid).token)
for arg in Args.select()
]
return render_template('show_args.html', entries=entries)
def edit_tokens():
if request.method == 'POST':
try:
# check if this is remove vs update POST request
action = request.form.getlist('action')
if action[0] == 'remove':
# read in the content of a present click
list_value = request.form.getlist('id')
# if list is not empty - content has gone through
if len(list_value) > 0:
value = int(list_value[0])
# token exists since we delete from the dropdown from the db
token = Tokens.get(Tokens.tokenid == value)
# delete recursively - all dependencies incl. nullable
token.delete_instance(recursive=True,delete_nullable=True)
except socket.error:
pass
entries = [dict(tid=each.tokenid, ttype=(Tokentypes.get(Tokentypes.tokentypeid==each.tokentypeid.tokentypeid)).tokentype, ttypeid=each.tokentypeid.tokentypeid, ttoken=each.token, tdescr=each.description, tres=each.result, targs=each.args) for each in Tokens.select()]
return render_template('edit_tokens.html', entries=entries)
def list_devicerules():
# select device
devices = [dict(did=device.deviceid, dname=device.devicename) for device in Devices.select()]
# select token
tokens = [dict(tid=each.tokenid, tname=each.token) for each in Tokens.select()]
return render_template('list_devicerules.html', entries=[devices, tokens])
def generate():
params_list = params.split(',')
if int(params_list[0]) == 0 and int(params_list[1]) == 0:
db_query = [dict(rid=drule.ruleid, did=Devices.get(Devices.deviceid==drule.deviceid.deviceid).devicename, tid=Tokens.get(Tokens.tokenid==drule.tokenid.tokenid).token, rule=drule.ruleline, condition=drule.cond, config=drule.configcommand) for drule in Devicerules.select()]
elif int(params_list[0]) == 0:
db_query = [dict(rid=drule.ruleid, did=Devices.get(Devices.deviceid==drule.deviceid.deviceid).devicename, tid=Tokens.get(Tokens.tokenid==drule.tokenid.tokenid).token, rule=drule.ruleline, condition=drule.cond, config=drule.configcommand) for drule in Devicerules.select().where(Devicerules.tokenid==params_list[1])]
elif int(params_list[1]) == 0:
db_query = [dict(rid=drule.ruleid, did=Devices.get(Devices.deviceid==drule.deviceid.deviceid).devicename, tid=Tokens.get(Tokens.tokenid==drule.tokenid.tokenid).token, rule=drule.ruleline, condition=drule.cond, config=drule.configcommand) for drule in Devicerules.select().where(Devicerules.deviceid==params_list[0])]
else:
db_query = [dict(rid=drule.ruleid, did=Devices.get(Devices.deviceid==drule.deviceid.deviceid).devicename, tid=Tokens.get(Tokens.tokenid==drule.tokenid.tokenid).token, rule=drule.ruleline, condition=drule.cond, config=drule.configcommand) for drule in Devicerules.select().where(Devicerules.deviceid==params_list[0], Devicerules.tokenid==params_list[1])]
table_start = '<table class="table table-condensed"><tr><th>Device</th><th>Token</th><th>Rule line</th><th>Condition</th><th>Configuration command</th></tr>'
q = ''
for each in db_query:
q += '<tr>'
q += '<td>' + str(each.get('did')) + '</td>'
q += '<td>' + str(each.get('tid')) + '</td>'
q += '<td>' + str(each.get('rule')) + '</td>'
q += '<td>' + str(each.get('condition')) + '</td>'
q += '<td>' + str(each.get('config')) + '</td>'
q += '</tr>'
table_end = '</table>'
res = table_start + q + table_end
yield res
def show_args():
entries = [dict(argid=arg.argid, argname=arg.argname, argnum=arg.argnumber, ttype=arg.arg_tokentype, hasrestr=arg.hasrestriction, restr=arg.restriction, tokenid=Tokens.get(Tokens.tokenid==arg.tokenid.tokenid).token) for arg in Args.select()]
return render_template('show_args.html', entries=entries)
def generate():
params_list = params.split(',')
if int(params_list[0]) == 0 and int(params_list[1]) == 0:
db_query = [
dict(rid=drule.ruleid,
did=Devices.get(Devices.deviceid ==
drule.deviceid.deviceid).devicename,
tid=Tokens.get(
Tokens.tokenid == drule.tokenid.tokenid).token,
rule=drule.ruleline,
condition=drule.cond,
config=drule.configcommand)
for drule in Devicerules.select()
]
elif int(params_list[0]) == 0:
db_query = [
dict(rid=drule.ruleid,
did=Devices.get(Devices.deviceid ==
drule.deviceid.deviceid).devicename,
tid=Tokens.get(
Tokens.tokenid == drule.tokenid.tokenid).token,
rule=drule.ruleline,
condition=drule.cond,
config=drule.configcommand)
for drule in Devicerules.select().where(
Devicerules.tokenid == params_list[1])
]
elif int(params_list[1]) == 0:
db_query = [
dict(rid=drule.ruleid,
did=Devices.get(Devices.deviceid ==
drule.deviceid.deviceid).devicename,
tid=Tokens.get(
Tokens.tokenid == drule.tokenid.tokenid).token,
rule=drule.ruleline,
condition=drule.cond,
config=drule.configcommand)
for drule in Devicerules.select().where(
Devicerules.deviceid == params_list[0])
]
else:
db_query = [
dict(rid=drule.ruleid,
did=Devices.get(Devices.deviceid ==
drule.deviceid.deviceid).devicename,
tid=Tokens.get(
Tokens.tokenid == drule.tokenid.tokenid).token,
rule=drule.ruleline,
condition=drule.cond,
config=drule.configcommand)
for drule in Devicerules.select().where(
Devicerules.deviceid == params_list[0], Devicerules.tokenid
== params_list[1])
]
table_start = '<table class="table table-condensed"><tr><th>Device</th><th>Token</th><th>Rule line</th><th>Condition</th><th>Configuration command</th></tr>'
q = ''
for each in db_query:
q += '<tr>'
q += '<td>' + str(each.get('did')) + '</td>'
q += '<td>' + str(each.get('tid')) + '</td>'
q += '<td>' + str(each.get('rule')) + '</td>'
q += '<td>' + str(each.get('condition')) + '</td>'
q += '<td>' + str(each.get('config')) + '</td>'
q += '</tr>'
table_end = '</table>'
res = table_start + q + table_end
yield res
def login():
auth = request.authorization
if not auth or not auth.username or not auth.password:
return make_response(
'Could not verify', 401,
{'WWW-Authenticate': 'Basic realm = "Login required!"'})
user = User.query.filter_by(username=auth.username).first()
tokens = Tokens.query.filter_by(uid=user.id).first()
print('a')
fmt = '%Y-%m-%d %H:%M:%S.%f %Z'
if not user:
print('b')
return make_response(
'Could not verify', 401,
{'WWW-Authenticate': 'Basic realm = "Login required!"'})
if check_password_hash(user.password_hash, auth.password):
print('c')
if tokens is None:
print('d')
exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=4320)
exp = exp.replace(tzinfo=pytz.utc)
token = jwt.encode(
{
'public_id': user.public_id,
'exp': exp.astimezone(pytz.timezone("Asia/Singapore"))
}, app.config['SECRET_KEY'])
utc_changed = datetime.datetime.utcnow() + datetime.timedelta(
minutes=4320) + datetime.timedelta(hours=8)
utc_changed = utc_changed.replace(tzinfo=pytz.utc)
new_token = Tokens(uid=user.id,
token=token,
ttl=utc_changed.astimezone(
pytz.timezone("Asia/Singapore")))
db.session.add(new_token)
db.session.commit()
return jsonify({
'status': '200',
'token': token.decode('UTF-8'),
'role_id': user.role_id,
'public_id': user.public_id,
'message': 'login successful!',
'prisoner': user.prisoner,
'accountStatus': user.status
})
else:
print('e')
diff1 = tokens.ttl
diff2 = datetime.datetime.utcnow()
diff2 = diff2.replace(tzinfo=pytz.utc)
diff = diff1 - (diff2.astimezone(pytz.timezone("Asia/Singapore")))
minutessince = int(diff.total_seconds() / 60)
if (minutessince > 0):
expiry = datetime.datetime.utcnow() + datetime.timedelta(
minutes=minutessince)
expiry = expiry.replace(tzinfo=pytz.utc)
token = jwt.encode(
{
'public_id': user.public_id,
'exp': expiry.astimezone(
pytz.timezone("Asia/Singapore"))
}, app.config['SECRET_KEY'])
return jsonify({
'status': '200',
'token': token.decode('UTF-8'),
'role_id': user.role_id,
'public_id': user.public_id,
'message': 'login successful!',
'prisoner': user.prisoner,
'accountStatus': user.status
})
elif (minutessince <= 0):
tokened = jwt.encode(
{
'public_id':
user.public_id,
'exp':
datetime.datetime.utcnow() +
datetime.timedelta(minutes=4320) +
datetime.timedelta(hours=8)
}, app.config['SECRET_KEY'])
updated = Tokens.query.filter_by(uid=user.id).first()
updated.token = tokened
utc = datetime.datetime.utcnow() + datetime.timedelta(
minutes=4320) + datetime.timedelta(hours=8)
utc = utc.replace(tzinfo=pytz.utc)
updated.ttl = (utc.astimezone(pytz.timezone("Asia/Singapore")))
db.session.commit()
return jsonify({
'status': '200',
'token': tokened.decode('UTF-8'),
'role_id': user.role_id,
'public_id': user.public_id,
'message': 'login successful!',
'prisoner': user.prisoner,
'accountStatus': user.status
})
def the_tokens():
return flask.render_template('mt.html', tokens=Tokens.select())