def new_user():
	test_username = '******'
	user = User.query.filter_by(username=test_username).first()

	# create user in database
	if not user:
		hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8')
		user = User(username=test_username, password=hashed_password)
		db.session.add(user)
		db.session.commit()

	# create user directory
	user_dir = os.path.join(OUTPUT_DIR, user.username)
	if not os.path.exists(user_dir):
		os.makedirs(user_dir)

	# create user src directory
	src_dir = os.path.join(user_dir, 'src')
	if not os.path.exists(src_dir):
		os.makedirs(src_dir)

	# create user exfiltrated files directory
	files_dir = os.path.join(user_dir, 'files')
	if not os.path.exists(files_dir):
		os.makedirs(files_dir)

	yield user
	cleanup()
Exemplo n.º 2
0
def new_user():
	test_username = '******'
	user = User.query.filter_by(username=test_username).first()
	if not user:
		hashed_password = bcrypt.generate_password_hash('test_password').decode('utf-8')
		user = User(username=test_username, password=hashed_password)
		db.session.add(user)
		db.session.commit()
	yield user
	cleanup()
Exemplo n.º 3
0
def account():
    """Account configuration page."""
    form = ResetPasswordForm()
    if form.validate_on_submit():

        # update user's password in the database
        user = User.query.filter_by(username=current_user.username).first()
        hashed_password = bcrypt.generate_password_hash(
            form.password.data).decode('utf-8')
        user.password = hashed_password
        db.session.commit()
        flash("Your password has been updated.", "success")
        db.session.commit()
    return render_template("account.html", title="Account", form=form)
Exemplo n.º 4
0
def register():
    """Register user"""

    form = RegistrationForm()

    if form.validate_on_submit():
        # only allow 1 user on locally hosted version
        if len(User.query.all()) == 0:
            # add user to database
            hashed_password = bcrypt.generate_password_hash(
                form.password.data).decode('utf-8')
            user = User(username=form.username.data, password=hashed_password)
            db.session.add(user)
            db.session.commit()

            # create user directory
            user_dir = os.path.join(OUTPUT_DIR, user.username)
            if not os.path.exists(user_dir):
                os.makedirs(user_dir)

            # create user src directory
            src_dir = os.path.join(user_dir, 'src')
            if not os.path.exists(src_dir):
                os.makedirs(src_dir)

            # create user exfiltrated files directory
            files_dir = os.path.join(user_dir, 'files')
            if not os.path.exists(files_dir):
                os.makedirs(files_dir)

            # initialize c2 session storage
            c2.sessions[user.username] = {}

            # notify user and redirect to login
            flash("You have successfully registered!", 'info')
            logout_user()
            return redirect(url_for('users.login'))
        else:
            flash("User already exists on this server.", 'danger')

    return render_template("register.html", form=form, title="Register")
Exemplo n.º 5
0
def test_add_user(app_client):
    """
    Given a username and hashed password,
    when the user_dao.add_user method is called,
    check the user data is added to the database correctly.
    """
    try:
        test_username = '******'
        test_password = '******'
        test_hashed_password = bcrypt.generate_password_hash(
            test_password).decode('utf-8')
        user = user_dao.add_user(username=test_username,
                                 hashed_password=test_hashed_password)
    except Exception as e:
        pytest.fail("user_dao.add_user returned exception: " + str(e))
    assert user.username == test_username
    assert user.password == test_hashed_password
    assert bcrypt.check_password_hash(user.password, test_password)

    # clean up
    User.query.delete()
    db.session.commit()