def set_password(self, password): salt = bcrypt.gensalt(14) p_bytes = password.encode() pw_hash = bcrypt.hashpw(p_bytes, salt) self.password_hash = pw_hash.decode() self.salt = salt.decode() logger.upd_log(f'{self.username} changed password', 0) return True
def get_backup(): if not current_user.is_superuser: logger.upd_log( f'{current_user.username} tried to download backups from IP: {request.access_route}', 2) return '', 204 logger.upd_log( f'Backup downloaded by: {current_user.username} from IP: {request.access_route}', 1) return send_from_directory(directory=app.config['BACKUP_FOLDER'], filename='backup.zip')
def del_user(data): user = User.query.get(int(data['id'])) if not user: logger.upd_log( f'Unsuccess user delete from IP: {request.access_route}', 2) return 1 else: db.session.delete(user) db.session.commit() logger.upd_log( f'User \"{user.username}\" deleted from IP: {request.access_route}', 0) return 0
def addsu(suname, password): if not hassu(): user = User() user.username = suname user.set_description('Adminisztrátor felhasználó') user.set_contact('*****@*****.**') user.set_password(password) user.is_superuser = True user.settings = '' db.session.add(user) db.session.commit() login_user(user, remember=True) logger.upd_log( f'First admin: {suname} added and logged in from IP: {request.access_route}', 1) return redirect('/')
def reset_db(): for user in User.query.all(): if not user.is_superuser: db.session.delete(user) db.session.commit() Module.query.delete() Modaux.query.delete() Testbattery.query.delete() Testsession.query.delete() Client.query.delete() Clientlog.query.delete() Result.query.delete() Userlog.query.delete() Message.query.delete() db.session.commit() logger.upd_log('Database wiped except superusers', 1) return 0
def login(): if current_user.is_authenticated: logger.upd_log( f'{current_user.username} tried to reach loginsite, redirected to /', 1) return redirect('/') form = LoginForm() if request.method == 'POST' and not current_user.is_authenticated: if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if not user: mess = {} mess['event'] = 1109 socket.emit('generic', mess) logger.upd_log( f'Login attempt with invalid username: {form.username.data} from IP: {request.access_route}', 2) return '', 204 if user.check_password(form.password.data): login_user(user, remember=form.remember_me.data) logger.upd_log( f'Successful login: {form.username.data} from IP: {request.access_route}', 0) return redirect('/') else: mess = {} mess['event'] = 1109 socket.emit('generic', mess) logger.upd_log( f'Login attempt with invalid password: {form.username.data} from IP: {request.access_route}', 2) return '', 204 return render_template('/noauth/login.html', title='Belépés', form=form)
def get_log(log): if not current_user.is_superuser: logger.upd_log( f'{current_user.username} tried to download logs from IP: {request.access_route}', 2) return '', 204 if log == 'archive': logger.upd_log( f'Log archive downloaded by: {current_user.username} from IP: {request.access_route}', 1) return send_from_directory(directory=app.config['LOG_FOLDER'], filename='log_archive.zip') if log == 'current': logger.upd_log( f'Current log downloaded by: {current_user.username} from IP: {request.access_route}', 1) return send_from_directory(directory=app.config['LOG_FOLDER'], filename='log.file') else: logger.upd_log(f'Log download failed from IP: {request.access_route}', 3) return '', 204
def check_adduser(data): u = User.query.filter(User.username == str(data['username'])).all() num_of_su = len(User.query.filter(User.is_superuser).all()) if len(u) != 0: logger.upd_log(f'Unsuccess user add from IP: {request.access_route}', 2) return 1 #User exists if not validate_password(str(data['password'])): logger.upd_log(f'Unsuccess user add from IP: {request.access_route}', 2) return 2 #invalid password user = User() user.username = str(data['username']) user.set_password(str(data['password'])) user.set_description(str(data['description'])) user.set_contact(str(data['contact'])) if user.is_superuser and num_of_su < 5: user.is_superuser = data['is_superuser'] elif user.is_superuser and num_of_su >= 5: logger.upd_log(f'Unsuccess user add from IP: {request.access_route}', 2) return 3 # su munber exceeded db.session.add(user) db.session.commit() logger.upd_log( f'User \"{user.username}\" added from IP: {request.access_route}', 0) return 0
def index(): #if user is not autheticated, display noauth index.html if not current_user.is_authenticated: logger.upd_log(f'Non-auth visit from IP: {request.access_route}', 0) return render_template('/noauth/index.html') #else if user is superuser display admin index.html elif current_user.is_authenticated and current_user.is_superuser: adduserform = AddUserForm() logger.upd_log( f'Admin visit from IP: {request.access_route}, admin: {current_user.username}', 0) return render_template('/admin/index-admin.html', data=get_sudata(), adduserform=adduserform) # else if user is not superuser display user index.html elif current_user.is_authenticated and not current_user.is_superuser: logger.upd_log( f'User visit from IP: {request.access_route}, user: {current_user.username}', 0) return render_template('/user/index.html')
def logout(): logger.upd_log( f'User logged out from ip: {request.access_route}, user: {current_user.username}', 0) logout_user() return redirect('/')
def new_admin_message(data): if not current_user.is_authenticated or not current_user.is_superuser: logger.upd_log( f'Non-superuser tried to reach ws admin namespace from IP {request.access_route}', 2) return False # where to send the answer -> sid sid = request.sid #check adduser creditentials if data['event'] == 2201: mess = {} mess['event'] = 1201 mess['status'] = check_adduser(data) if mess['status'] == 0: mess['new_users'] = json.dumps(json.loads(get_sudata())['users']) socket.emit('admin', mess, room=sid) logger.upd_log( f'{current_user.username} adder new user with status code {mess["status"]}', 1) return True #del user by id if data['event'] == 2251: mess = {} mess['event'] = 1251 mess['status'] = del_user(data) mess['new_users'] = json.dumps(json.loads(get_sudata())['users']) socket.emit('admin', mess, room=sid) return True #send test mail if data['event'] == 2701: mess = {} mess['event'] = 1701 mess['status'] = sendmail_flaskmail(data) socket.emit('admin', mess, room=sid) return True #request for refreshed logfile as json if data['event'] == 2801: mess = {} mess['event'] = 1801 mess['data'] = logger.return_json() socket.emit('admin', mess, room=sid) return True #backup entire db if data['event'] == 2851: mess = {} mess['event'] = 1850 mess['status'] = bu.backup_all() socket.emit('admin', mess, room=sid) return True #restore entire db if data['event'] == 2871: mess = {} mess['event'] = 1871 mess['status'] = bu.restore_all() socket.emit('admin', mess, room=sid) return True #init password change if data['event'] == 2889: mess = {} mess['event'] = 1889 mess['status'] = bu.change_backup_password(iterates=100, password_length=32) socket.emit('admin', mess, room=sid) return True #reset entire db if data['event'] == 2899: mess = {} mess['event'] = 1899 mess['status'] = reset_db() socket.emit('admin', mess, room=sid) return True
def get_sudata(): ''' return a json, format: { current_user{ id: <id>, id : <id>, username : <username> description : <description> ! contact : <contact> ! is_superuser : <is_superuser> settings : <settings> added : <formatted string> last_modified : <formatted string> }, users : [ { id : <id>, username : <username> description : <description> ! contact : <contact> ! is_superuser : <is_superuser> settings : <settings> added : <formatted string> last_modified : <formatted string> } ] } ''' data = {} users = [] #DONE modules = [] #DONE modauxs = [] #DONE testbatteries = [] #DONE testsessions = [] #DONE clients = [] #DONE clientlogs = [] #DONE results = [] #DONE cu = {} cu['id'] = current_user.id cu['username'] = current_user.username cu['description'] = current_user.get_description() cu['contact'] = current_user.get_contact() cu['is_superuser'] = current_user.is_superuser cu['settings'] = current_user.settings #cu['added'] = current_user.added cu['added'] = current_user.added.strftime("%Y-%m-%dT%H:%M:%S") #cu['last_modified'] = current_user.last_modified cu['last_modified'] = current_user.last_modified.strftime( "%Y-%m-%dT%H:%M:%S") data['current_user'] = cu for user in User.query.all(): u = {} u['id'] = user.id u['username'] = user.username u['description'] = user.get_description() u['contact'] = user.get_contact() u['is_superuser'] = user.is_superuser u['settings'] = user.settings #u['added'] = user.added u['added'] = user.added.strftime("%Y-%m-%dT%H:%M:%S") #u['last_modified'] = user.last_modified u['last_modified'] = user.last_modified.strftime("%Y-%m-%dT%H:%M:%S") users.append(u) data['users'] = users for module in Module.query.all(): m = {} m['id'] = module.id m['uuid'] = module.uuid m['short_name'] = module.short_name m['verbose_name'] = module.verbose_name m['description'] = module.description m['attributes'] = module.attributes m['added'] = module.added.strftime("%Y-%m-%dT%H:%M:%S") m['last_modified'] = module.last_modified.strftime("%Y-%m-%dT%H:%M:%S") modules.append(module) data['modules'] = modules for modaux in Modaux.query.all(): ma = {} ma[id] = modaux.id ma['user_id'] = module.user_id ma['module_id'] = module.module_id modauxs.append(ma) data['modaux'] = modauxs for testbattery in Testbattery.query.all(): tb = {} tb['id'] = testbattery.id tb['user_id'] = testbattery.user_id tb['name'] = testbattery.name tb['description'] = testbattery.description tb['created'] = testbattery.created.strftime("%Y-%m-%dT%H:%M:%S") tb['last_modified'] = testbattery.last_modified.strftime( "%Y-%m-%dT%H:%M:%S") tb['modules'] = testbattery.modules testbatteries.append(tb) data['testbatteries'] = testbatteries for testsession in Testsession.query.all(): ts = {} ts['id'] = testsession.id ts['uuid'] = testsession.uuid ts['user_id'] = testsession.user_id ts['testbattery_id'] = testsession.testbattery_id ts['created'] = testsession.created.strftime("%Y-%m-%dT%H:%M:%S") ts['due'] = testsession.due.strftime("%Y-%m-%dT%H:%M:%S") ts['state'] = testsession.state ts['invitation_text'] = testsession.get_invitation() ts['added'] = testsession.added.strftime("%Y-%m-%dT%H:%M:%S") ts['last_modified'] = testsession.last_modified.strftime( "%Y-%m-%dT%H:%M:%S") testsessions.append(ts) data['testsessions'] = testsessions for client in Client.query.all(): c = {} c['id'] = client.id c['uuid'] = client.uuid c['name'] = client.get_name() c['email'] = client.get_email() c['state'] = client.state c['session_id'] = client.session_id c['invitation_status'] = client.invitation_status c['added'] = client.added.strftime("%Y-%m-%dT%H:%M:%S") c['last_modified'] = client.last_modified.strftime("%Y-%m-%dT%H:%M:%S") clients.append(c) data['clients'] = clients for clientlog in Clientlog.query.all(): cl = {} cl['id'] = clientlog.id cl['client_id'] = clientlog.client_id cl['message'] = clientlog.message cl['source'] = clientlog.source cl['timestamp'] = clientlog.timestamp.strftime("%Y-%m-%dT%H:%M:%S") clientlogs.append(cl) data['clientlogs'] = clientlogs for result in Result.query.all(): r = {} r['id'] = result.id r['client_id'] = result.client_id r['session_id'] = result.session_id r['module_id'] = result.module_id r['timestamp'] = result.timestamp.strftime("%Y-%m-%dT%H:%M:%S") r['result_raw'] = result.get_result() r['added'] = result.added.strftime("%Y-%m-%dT%H:%M:%S") r['last_modified'] = result.last_modified.strftime("%Y-%m-%dT%H:%M:%S") results.append(r) data['results'] = results logger.upd_log(f'All data provided to IP: {request.access_route}', 1) return json.dumps(data)