def logout(): user = current_user user.authenticated = False db.save(user) logout_user() flash('You have successfully logged out.', 'success') return redirect(url_for('auth.login'))
def admin_update_port(): if current_user.is_white_team: if 'name' in request.form and 'value' in request.form and 'pk' in request.form: service = Service.query.get(int(request.form['pk'])) if service: if request.form['name'] == 'port': service.port = int(request.form['value']) db.save(service) return jsonify({'status': 'Updated Service Information'}) return jsonify({'error': 'Incorrect permissions'})
def admin_update_welcome_page_content(): if current_user.is_white_team: if 'welcome_page_content' in request.form: setting = Setting.get_setting('welcome_page_content') setting.value = request.form['welcome_page_content'] db.save(setting) flash('Welcome Page Content Successfully Updated.', 'success') return redirect(url_for('admin.settings')) flash('Error: welcome_page_content not specified.', 'danger') return redirect(url_for('admin.manage')) return {'status': 'Unauthorized'}, 403
def update_ip_address(): if current_user.is_blue_team: if 'name' in request.form and 'value' in request.form and 'pk' in request.form: service = Service.query.get(int(request.form['pk'])) if service: if service.team == current_user.team and request.form[ 'name'] == 'ip_address': service.ip_address = html.escape(request.form['value']) db.save(service) return jsonify({'status': 'Updated Service Information'}) return jsonify({'error': 'Incorrect permissions'})
def admin_update_environment(): if current_user.is_white_team: if 'name' in request.form and 'value' in request.form and 'pk' in request.form: environment = Environment.query.get(int(request.form['pk'])) if environment: if request.form['name'] == 'matching_regex': environment.matching_regex = html.escape( request.form['value']) db.save(environment) return jsonify({'status': 'Updated Environment Information'}) return jsonify({'error': 'Incorrect permissions'}) return jsonify({'error': 'Incorrect permissions'})
def profile_update_password(): if 'user_id' in request.form and 'password' in request.form: if str(current_user.id) == request.form['user_id']: current_user.update_password(html.escape(request.form['password'])) current_user.authenticated = False db.save(current_user) flash('Password Successfully Updated.', 'success') return redirect(url_for('profile.home')) else: return {'status': 'Unauthorized'}, 403 else: return {'status': 'Unauthorized'}, 403
def admin_update_property(): if current_user.is_white_team: if 'name' in request.form and 'value' in request.form and 'pk' in request.form: property_obj = Property.query.get(int(request.form['pk'])) if property_obj: if request.form['name'] == 'property_name': property_obj.name = html.escape(request.form['value']) elif request.form['name'] == 'property_value': property_obj.value = html.escape(request.form['value']) db.save(property_obj) return jsonify({'status': 'Updated Property Information'}) return jsonify({'error': 'Incorrect permissions'}) return jsonify({'error': 'Incorrect permissions'})
def admin_add_team(): if current_user.is_white_team: if 'name' in request.form and 'color' in request.form: team_obj = Team(html.escape(request.form['name']), html.escape(request.form['color'])) db.save(team_obj) flash('Team successfully added.', 'success') return redirect(url_for('admin.manage')) else: flash('Error: Team name or color not defined.', 'danger') return redirect(url_for('admin.manage')) else: return {'status': 'Unauthorized'}, 403
def admin_update_check(): if current_user.is_white_team: if 'name' in request.form and 'value' in request.form and 'pk' in request.form: check = Check.query.get(int(request.form['pk'])) if check: if request.form['name'] == 'check_value': if request.form['value'] == '1': check.result = True elif request.form['value'] == '2': check.result = False db.save(check) return jsonify({'status': 'Updated Property Information'}) return jsonify({'error': 'Incorrect permissions'}) return jsonify({'error': 'Incorrect permissions'})
def update_service_account_info(): if current_user.is_white_team or current_user.is_blue_team: if 'name' in request.form and 'value' in request.form and 'pk' in request.form: account = Account.query.get(int(request.form['pk'])) if current_user.team == account.service.team: if account: if request.form['name'] == 'username': account.username = html.escape(request.form['value']) elif request.form['name'] == 'password': account.password = html.escape(request.form['value']) db.save(account) return jsonify({'status': 'Updated Account Information'}) return jsonify({'error': 'Incorrect permissions'}) return jsonify({'error': 'Incorrect permissions'}) return jsonify({'error': 'Incorrect permissions'})
def modify_service_account(): if current_user.is_blue_team: if 'account_id' in request.form and 'password' in request.form: account = Account.query.get(int(request.form['account_id'])) if account: if account.service.team == current_user.team: account.password = html.escape(request.form['password']) db.save(account) flash( 'Successfully updated password for ' + account.username, 'success') return redirect('/service/' + str(account.service.id)) flash('Incorrect permissions', 'error') return jsonify({'error': 'Incorrect permissions'}) flash('Incorrect permissions', 'error') return jsonify({'error': 'Incorrect permissions'})
def admin_add_user(): if current_user.is_white_team: if 'username' in request.form and 'password' in request.form and 'team_id' in request.form: team_obj = Team.query.filter( Team.id == request.form['team_id']).one() user_obj = User(username=html.escape(request.form['username']), password=html.escape(request.form['password']), team=team_obj) db.save(user_obj) flash('User successfully added.', 'success') return redirect(url_for('admin.manage')) else: flash('Error: Username, Password, or Team ID not specified.', 'danger') return redirect(url_for('admin.manage')) else: return {'status': 'Unauthorized'}, 403
def admin_update_password(): if current_user.is_white_team: if 'user_id' in request.form and 'password' in request.form: try: user_obj = User.query.filter( User.id == request.form['user_id']).one() except NoResultFound: return redirect(url_for('auth.login')) user_obj.update_password(html.escape(request.form['password'])) user_obj.authenticated = False db.save(user_obj) flash('Password Successfully Updated.', 'success') return redirect(url_for('admin.manage')) else: flash('Error: user_id or password not specified.', 'danger') return redirect(url_for('admin.manage')) else: return {'status': 'Unauthorized'}, 403
def login(): if current_user.is_authenticated: flash('You are already logged in.', 'info') return redirect(url_for("welcome.home")) form = LoginForm() if form.errors: flash(form.errors, 'danger') return render_template('login.html', form=form) if form.validate_on_submit(): username = request.form.get('username') password = request.form.get('password') try: user = db.session.query(User).filter(User.username == username).one() except NoResultFound: flash('Invalid username or password. Please try again.', 'danger') return render_template('login.html', form=form) except OperationalError: flash("Error 'OperationError' received!. Try restarting the db service.", 'danger') return render_template('login.html', form=form) if user: if User.generate_hash(password, user.password) == user.password: user.authenticated = True db.save(user) login_user(user, remember=True) if user.is_white_team: return redirect(request.values.get('next') or url_for("admin.status")) elif user.is_blue_team: return redirect(request.values.get('next') or url_for("services.home")) else: return redirect(request.values.get('next') or url_for("overview.home")) else: flash('Invalid username or password. Please try again.', 'danger') return render_template('login.html', form=form) else: flash('Invalid username or password. Please try again.', 'danger') return render_template('login.html', form=form) return render_template('login.html', form=form)