def admin_update_check():
if current_user.is_white_team:
if "name" in request.form and "value" in request.form and "pk" in request.form:
check = session.query(Check).get(int(request.form["pk"]))
if check:
modified_check = False
if request.form["name"] == "check_value":
if request.form["value"] == "1":
check.result = True
elif request.form["value"] == "2":
check.result = False
modified_check = True
elif request.form["name"] == "check_reason":
modified_check = True
check.reason = request.form["value"]
if modified_check:
session.add(check)
session.commit()
update_scoreboard_data()
update_overview_data()
update_services_navbar(check.service.team.id)
update_team_stats(check.service.team.id)
update_services_data(check.service.team.id)
update_service_data(check.service.id)
return jsonify({"status": "Updated Property Information"})
return jsonify({"error": "Incorrect permissions"})
return jsonify({"error": "Incorrect permissions"})
def admin_update_check():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
check = session.query(Check).get(int(request.form['pk']))
if check:
modified_check = False
if request.form['name'] == 'check_value':
if request.form['value'] == '1':
check.result = True
elif request.form['value'] == '2':
check.result = False
modified_check = True
elif request.form['name'] == 'check_reason':
modified_check = True
check.reason = request.form['value']
if modified_check:
session.add(check)
session.commit()
update_scoreboard_data()
update_overview_data()
update_services_navbar(check.service.team.id)
update_team_stats(check.service.team.id)
update_services_data(check.service.team.id)
update_service_data(check.service.id)
return jsonify({'status': 'Updated Property Information'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
def update_team_score(team_id: int,
first_round: int,
last_round: int,
add: bool = False) -> None:
"""Update the scores of a specific team.
Note that it doesn't really make sense to perform an update that doesn't continue
all the way to the most recent round of scoring, since that will be used as the
basis for the team's score for the next round.
:param team_id: The ID of the team whose scores should be updated.
:type team_id: int
:param first_round: The first round that scores will be recalculated for.
:type first_round: int
:param last_round: The last round (inclusive) that scores will be recalculated for.
:type last_round: int
:param add: Whether to add new score objects if they don't exist. Defaults to False.
:tpe add: bool
"""
# Validate the first and last round
if first_round < 1:
first_round = 1
max_round = Round.get_last_round_num(
) # save value so we only it database once
if last_round > max_round:
last_round = max_round
# Get score of previous round
score = 0
if first_round > 1:
prev_round = session.query(Round).filter_by(number=(first_round -
1)).first()
prev_score = (session.query(Score).filter_by(
team_id=team_id, round_id=prev_round.id).first())
score = prev_score.value
# Get all services for the team
services = session.query(Service).filter_by(team_id=team_id).all()
# Iterate through each round
for round_num in range(first_round, last_round + 1):
round_obj = session.query(Round).filter_by(number=round_num).first()
# Determine the check result for each service
for service_obj in services:
# Get the service's check
check_obj = (session.query(Check).filter_by(
service_id=service_obj.id, round_id=round_obj.id).first())
if check_obj.result:
score += service_obj.points
# Update the round's score
score_obj = (session.query(Score).filter_by(
team_id=team_id, round_id=round_obj.id).first())
if (score_obj is None) and add:
score_obj = Score(value=score, team_id=team_id, round=round_obj)
session.add(score_obj)
elif score_obj is not None:
score_obj.value = score
session.commit()
def logout():
user = current_user
user.authenticated = False
session.add(user)
session.commit()
logout_user()
flash('You have successfully logged out.', 'success')
return redirect(url_for('auth.login'))
def admin_update_blueteam_edit_account_passwords():
if current_user.is_white_team:
setting = Setting.get_setting("blue_team_update_account_passwords")
if setting.value is True:
setting.value = False
else:
setting.value = True
session.add(setting)
session.commit()
return redirect(url_for("admin.permissions"))
return {"status": "Unauthorized"}, 403
def admin_update_points():
if current_user.is_white_team:
if "name" in request.form and "value" in request.form and "pk" in request.form:
service = session.query(Service).get(int(request.form["pk"]))
if service:
if request.form["name"] == "points":
service.points = int(request.form["value"])
session.add(service)
session.commit()
return jsonify({"status": "Updated Service Information"})
return jsonify({"error": "Incorrect permissions"})
def admin_update_blueteam_edit_account_usernames():
if current_user.is_white_team:
setting = Setting.get_setting('blue_team_update_account_usernames')
if setting.value is True:
setting.value = False
else:
setting.value = True
session.add(setting)
session.commit()
return redirect(url_for('admin.permissions'))
return {'status': 'Unauthorized'}, 403
def admin_update_points():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
service = session.query(Service).get(int(request.form['pk']))
if service:
if request.form['name'] == 'points':
service.points = int(request.form['value'])
session.add(service)
session.commit()
return jsonify({'status': 'Updated Service Information'})
return jsonify({'error': 'Incorrect permissions'})
def admin_update_blueteam_view_check_output():
if current_user.is_white_team:
setting = Setting.get_setting("blue_team_view_check_output")
print(setting.__dict__)
if setting.value is True:
setting.value = False
else:
setting.value = True
session.add(setting)
session.commit()
return redirect(url_for("admin.permissions"))
return {"status": "Unauthorized"}, 403
def admin_update_welcome_page_content():
if current_user.is_white_team:
if "welcome_page_content" in request.form:
setting = Setting.get_setting("welcome_page_content")
setting.value = request.form["welcome_page_content"]
session.add(setting)
session.commit()
flash("Welcome Page Content Successfully Updated.", "success")
return redirect(url_for("admin.settings"))
flash("Error: welcome_page_content not specified.", "danger")
return redirect(url_for("admin.manage"))
return {"status": "Unauthorized"}, 403
def admin_update_welcome_page_content():
if current_user.is_white_team:
if 'welcome_page_content' in request.form:
setting = Setting.get_setting('welcome_page_content')
setting.value = request.form['welcome_page_content']
session.add(setting)
session.commit()
flash('Welcome Page Content Successfully Updated.', 'success')
return redirect(url_for('admin.settings'))
flash('Error: welcome_page_content not specified.', 'danger')
return redirect(url_for('admin.manage'))
return {'status': 'Unauthorized'}, 403
def profile_update_password():
if 'user_id' in request.form and 'password' in request.form:
if str(current_user.id) == request.form['user_id']:
current_user.update_password(html.escape(request.form['password']))
current_user.authenticated = False
session.add(current_user)
session.commit()
flash('Password Successfully Updated.', 'success')
return redirect(url_for('profile.home'))
else:
return {'status': 'Unauthorized'}, 403
else:
return {'status': 'Unauthorized'}, 403
def admin_update_environment():
if current_user.is_white_team:
if "name" in request.form and "value" in request.form and "pk" in request.form:
environment = session.query(Environment).get(
int(request.form["pk"]))
if environment:
if request.form["name"] == "matching_content":
environment.matching_content = html.escape(
request.form["value"])
session.add(environment)
session.commit()
return jsonify({"status": "Updated Environment Information"})
return jsonify({"error": "Incorrect permissions"})
return jsonify({"error": "Incorrect permissions"})
def admin_update_host():
if current_user.is_white_team:
if "name" in request.form and "value" in request.form and "pk" in request.form:
service = session.query(Service).get(int(request.form["pk"]))
if service:
if request.form["name"] == "host":
service.host = html.escape(request.form["value"])
session.add(service)
session.commit()
update_overview_data()
update_services_data(service.team.id)
update_service_data(service.id)
return jsonify({"status": "Updated Service Information"})
return jsonify({"error": "Incorrect permissions"})
def queue_update(self):
"""Queue a score update for this team.
"""
teams_to_update = session.query(Setting).filter_by(
name='teams_to_update').first()
team_list = teams_to_update.value
# Only add a preceeding comma if the list is not empty
if team_list != '':
team_list += ','
team_list += str(self.id)
teams_to_update.value = team_list
session.commit()
def admin_update_property():
if current_user.is_white_team:
if "name" in request.form and "value" in request.form and "pk" in request.form:
property_obj = session.query(Property).get(int(request.form["pk"]))
if property_obj:
if request.form["name"] == "property_name":
property_obj.name = html.escape(request.form["value"])
elif request.form["name"] == "property_value":
property_obj.value = html.escape(request.form["value"])
session.add(property_obj)
session.commit()
return jsonify({"status": "Updated Property Information"})
return jsonify({"error": "Incorrect permissions"})
return jsonify({"error": "Incorrect permissions"})
def admin_add_team():
if current_user.is_white_team:
if "name" in request.form and "color" in request.form:
team_obj = Team(html.escape(request.form["name"]),
html.escape(request.form["color"]))
session.add(team_obj)
session.commit()
flash("Team successfully added.", "success")
return redirect(url_for("admin.manage"))
else:
flash("Error: Team name or color not defined.", "danger")
return redirect(url_for("admin.manage"))
else:
return {"status": "Unauthorized"}, 403
def admin_update_host():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
service = session.query(Service).get(int(request.form['pk']))
if service:
if request.form['name'] == 'host':
service.host = html.escape(request.form['value'])
session.add(service)
session.commit()
update_overview_data()
update_services_data(service.team.id)
update_service_data(service.id)
return jsonify({'status': 'Updated Service Information'})
return jsonify({'error': 'Incorrect permissions'})
def admin_add_team():
if current_user.is_white_team:
if 'name' in request.form and 'color' in request.form:
team_obj = Team(html.escape(request.form['name']),
html.escape(request.form['color']))
session.add(team_obj)
session.commit()
flash('Team successfully added.', 'success')
return redirect(url_for('admin.manage'))
else:
flash('Error: Team name or color not defined.', 'danger')
return redirect(url_for('admin.manage'))
else:
return {'status': 'Unauthorized'}, 403
def admin_update_property():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
property_obj = session.query(Property).get(int(request.form['pk']))
if property_obj:
if request.form['name'] == 'property_name':
property_obj.name = html.escape(request.form['value'])
elif request.form['name'] == 'property_value':
property_obj.value = html.escape(request.form['value'])
session.add(property_obj)
session.commit()
return jsonify({'status': 'Updated Property Information'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
def admin_update_environment():
if current_user.is_white_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
environment = session.query(Environment).get(
int(request.form['pk']))
if environment:
if request.form['name'] == 'matching_regex':
environment.matching_regex = html.escape(
request.form['value'])
session.add(environment)
session.commit()
return jsonify({'status': 'Updated Environment Information'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
def admin_update_round_time_sleep():
if current_user.is_white_team:
if 'round_time_sleep' in request.form:
setting = Setting.get_setting('round_time_sleep')
input_time = request.form['round_time_sleep']
if not input_time.isdigit():
flash('Error: Round Sleep Time must be an integer.', 'danger')
return redirect(url_for('admin.settings'))
setting.value = input_time
session.add(setting)
session.commit()
flash('Round Sleep Time Successfully Updated.', 'success')
return redirect(url_for('admin.settings'))
flash('Error: round_time_sleep not specified.', 'danger')
return redirect(url_for('admin.settings'))
return {'status': 'Unauthorized'}, 403
def admin_update_target_round_time():
if current_user.is_white_team:
if "target_round_time" in request.form:
setting = Setting.get_setting("target_round_time")
input_time = request.form["target_round_time"]
if not input_time.isdigit():
flash("Error: Target Round Time must be an integer.", "danger")
return redirect(url_for("admin.settings"))
setting.value = input_time
session.add(setting)
session.commit()
flash("Target Round Time Successfully Updated.", "success")
return redirect(url_for("admin.settings"))
flash("Error: target_round_time not specified.", "danger")
return redirect(url_for("admin.settings"))
return {"status": "Unauthorized"}, 403
def update_service_account_info():
if current_user.is_white_team or current_user.is_blue_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
account = session.query(Account).get(int(request.form['pk']))
if current_user.team == account.service.team or current_user.is_white_team:
if account:
if request.form['name'] == 'username':
account.username = html.escape(request.form['value'])
elif request.form['name'] == 'password':
account.password = html.escape(request.form['value'])
session.add(account)
session.commit()
return jsonify({'status': 'Updated Account Information'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
return jsonify({'error': 'Incorrect permissions'})
def admin_update_worker_refresh_time():
if current_user.is_white_team:
if 'worker_refresh_time' in request.form:
setting = Setting.get_setting('worker_refresh_time')
input_time = request.form['worker_refresh_time']
if not input_time.isdigit():
flash('Error: Worker Refresh Time must be an integer.',
'danger')
return redirect(url_for('admin.settings'))
setting.value = input_time
session.add(setting)
session.commit()
flash('Worker Refresh Time Successfully Updated.', 'success')
return redirect(url_for('admin.settings'))
flash('Error: worker_refresh_time not specified.', 'danger')
return redirect(url_for('admin.settings'))
return {'status': 'Unauthorized'}, 403
def admin_add_user():
if current_user.is_white_team:
if 'username' in request.form and 'password' in request.form and 'team_id' in request.form:
team_obj = session.query(Team).filter(
Team.id == request.form['team_id']).one()
user_obj = User(username=html.escape(request.form['username']),
password=html.escape(request.form['password']),
team=team_obj)
session.add(user_obj)
session.commit()
flash('User successfully added.', 'success')
return redirect(url_for('admin.manage'))
else:
flash('Error: Username, Password, or Team ID not specified.',
'danger')
return redirect(url_for('admin.manage'))
else:
return {'status': 'Unauthorized'}, 403
def update_port():
if current_user.is_blue_team:
if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
service = session.query(Service).get(int(request.form['pk']))
if service:
if service.team == current_user.team and request.form[
'name'] == 'port':
modify_port_setting = Setting.get_setting(
'blue_team_update_port').value
if modify_port_setting is not True:
return jsonify({'error': 'Incorrect permissions'})
service.port = int(html.escape(request.form['value']))
session.add(service)
session.commit()
update_overview_data()
update_services_data(service.team.id)
update_service_data(service.id)
return jsonify({'status': 'Updated Service Information'})
return jsonify({'error': 'Incorrect permissions'})
def admin_update_password():
if current_user.is_white_team:
if 'user_id' in request.form and 'password' in request.form:
try:
user_obj = session.query(User).filter(
User.id == request.form['user_id']).one()
except NoResultFound:
return redirect(url_for('auth.login'))
user_obj.update_password(html.escape(request.form['password']))
user_obj.authenticated = False
session.add(user_obj)
session.commit()
flash('Password Successfully Updated.', 'success')
return redirect(url_for('admin.manage'))
else:
flash('Error: user_id or password not specified.', 'danger')
return redirect(url_for('admin.manage'))
else:
return {'status': 'Unauthorized'}, 403
def update_host():
if current_user.is_blue_team:
if "name" in request.form and "value" in request.form and "pk" in request.form:
service = session.query(Service).get(int(request.form["pk"]))
if service:
if service.team == current_user.team and request.form[
"name"] == "host":
modify_hostname_setting = Setting.get_setting(
"blue_team_update_hostname").value
if modify_hostname_setting is not True:
return jsonify({"error": "Incorrect permissions"})
service.host = html.escape(request.form["value"])
session.add(service)
session.commit()
update_overview_data()
update_services_data(service.team.id)
update_service_data(service.id)
return jsonify({"status": "Updated Service Information"})
return jsonify({"error": "Incorrect permissions"})
def admin_update_password():
if current_user.is_white_team:
if "user_id" in request.form and "password" in request.form:
try:
user_obj = (session.query(User).filter(
User.id == request.form["user_id"]).one())
except NoResultFound:
return redirect(url_for("auth.login"))
user_obj.update_password(html.escape(request.form["password"]))
user_obj.authenticated = False
session.add(user_obj)
session.commit()
flash("Password Successfully Updated.", "success")
return redirect(url_for("admin.manage"))
else:
flash("Error: user_id or password not specified.", "danger")
return redirect(url_for("admin.manage"))
else:
return {"status": "Unauthorized"}, 403
