def feedback(request, requestid=False):
resources = ResourceLink.objects.all()
certInfo = getCert(request)
cftsUser = getOrCreateUser(request, certInfo)
if requestid != False:
rc = {'resources': resources, 'user': cftsUser, 'rqst': Request.objects.get(request_id=requestid)}
else:
rc = {'resources': resources, 'user': cftsUser}
return render(request, 'pages/feedback.html', {'rc': rc})
def submitFeedback(request):
if request.method == 'POST':
form_data = request.POST
certInfo = getCert(request)
cftsUser = getOrCreateUser(request, certInfo)
feedback = Feedback(
title=form_data.get('title'),
body=form_data.get('feedback'),
#user = cftsUser,
category=form_data.get('category'),
admin_feedback=form_data.get('adminUser'),
date_submitted=timezone.now()
)
if cftsUser != None:
feedback.user = cftsUser
else:
buggedUserInfo = '''
User Name: {uname}
First Name: {fname}
Last Name: {lname}
Email: {email}
Phone: {phone}
'''.format(uname=form_data.get('userName'), fname=form_data.get('firstName'), lname=form_data.get('lastName'), email=form_data.get('userEmail'), phone=form_data.get('userPhone'))
feedback.body = buggedUserInfo + form_data.get('feedback')
# bugged PKI user, try and return a CFTS userser account based on username
try:
userFromUserName = User.objects.get(auth_user=authUser.objects.get(username=form_data.get('userName')))
feedback.user = userFromUserName
# no luck with username
except (User.DoesNotExist, authUser.DoesNotExist):
# try thier emmail
try:
userFromEmail = User.objects.get(source_email=Email.objects.get(address=form_data.get('userEmail')))
feedback.user = userFromEmail
# still nothing, pass a Null user
except (User.DoesNotExist, User.MultipleObjectsReturned, Email.DoesNotExist):
pass
feedback.save()
return JsonResponse({'status': "Success"})
else:
return JsonResponse({'resp': "This method only accepts POST requests"})
def userRequests(request):
resources = ResourceLink.objects.all()
certInfo = getCert(request)
cftsUser = getOrCreateUser(request, certInfo)
if cftsUser == None:
return redirect("/login")
else:
requests = Request.objects.filter(user=cftsUser, is_submitted=True)
requestPage = paginator.Paginator(requests, 8)
pageNum = request.GET.get('page')
pageObj = requestPage.get_page(pageNum)
rc = {
'requests': pageObj,
'resources': resources,
'firstName': cftsUser.name_first,
'lastName': cftsUser.name_last
}
return render(request, 'pages/userRequests.html', {'rc': rc})
def frontend(request):
browser = request.user_agent.browser.family
resources = ResourceLink.objects.all()
# get the consent header, redirect to consent page if not found
try:
if browser == "IE":
rc = {'resources': resources, 'browser': browser}
return render(request, 'pages/frontend.html', {'rc': rc})
request.session.__getitem__('consent')
request.session.set_expiry(0)
# grab client cert form the request create user hash, ignore if no cert info is found in request
certInfo = getCert(request)
cftsUser = getOrCreateUser(request, certInfo)
if cftsUser == None:
return redirect("/login")
elif cftsUser.update_info == True:
return redirect("/user-info")
checkBan(cftsUser)
nets = getDestinationNetworks(request, cftsUser)
if nets == None:
return redirect('user-info')
rc = {
'networks': nets,
'submission_disabled': Settings.DISABLE_SUBMISSIONS,
'debug': str(Settings.DEBUG),
'resources': resources,
'user': cftsUser,
'browser': browser
}
return render(request, 'pages/frontend.html', {'rc': rc})
except KeyError:
return redirect('consent')
def process(request):
resp = {}
if request.method == 'POST':
form_data = request.POST
form_files = request.FILES
requestData = ""
# use the form data to create the necessary records for the request
sourceNet = Network.objects.get(name=NETWORK)
try:
source_email = Email.objects.get(
address=form_data.get('userEmail'), network=sourceNet)
except Email.DoesNotExist:
source_email = Email(address=form_data.get('userEmail'),
network=sourceNet)
source_email.save()
except Email.MultipleObjectsReturned:
source_email = Email.objects.filter(
address=form_data.get('userEmail'))[0]
if source_email.network == None:
source_email.network = sourceNet
source_email.save()
requestData += form_data.get('userEmail')
# log why some users are getting a Network object error, what does their form contain???
try:
destinationNet = Network.objects.get(name=form_data.get('network'))
except Network.DoesNotExist:
# log their form 'network' value but cause the error again, because I still don't want their submission to go through
logger.error(
"Network object does not exist, network value from form: " +
str(form_data.get('network')))
destinationNet = Network.objects.get(name=form_data.get('network'))
destination_list = form_data.get('targetEmail').split(",")
destSplit_list = []
target_list = []
for destination in destination_list:
destSplit_list.append(destination.split("@")[0])
try:
target_email = Email.objects.get(address=destination,
network=destinationNet)
except Email.DoesNotExist:
target_email = Email(address=destination,
network=destinationNet)
target_email.save()
except Email.MultipleObjectsReturned:
target_email = Email.objects.filter(address=destination,
network=destinationNet)[0]
requestData += destination
target_list.append(target_email)
# only check for unique users if userID is provided
requestData += form_data.get('firstName').replace(" ", "").lower()
requestData += form_data.get('lastName').replace(" ", "").lower()
from pages.views.auth import getCert, getOrCreateUser
certInfo = getCert(request)
cftsUser = getOrCreateUser(request, certInfo)
org = form_data.get('organization')
if form_data.get('organization') == "CENTCOM HQ":
org = "HQ"
rqst = Request(user=cftsUser,
network=destinationNet,
comments=form_data.get('comments'),
org=org,
is_centcom=form_data.get('isCentcom'))
rqst.save()
requestData += form_data.get('network')
rqst.target_email.add(*target_list)
if form_data.get('network') == "NIPR":
if form_data.get('userEmail').split("@")[0] not in destSplit_list:
rqst.destFlag = True
fileList = []
# add files to the request
file_info = json.loads(form_data.get('fileInfo'))
# print( form_files.getlist( "files" ) )
for i, f in enumerate(form_files.getlist("files")):
this_file = File(
file_object=f,
# classification = Classification.objects.get( abbrev = file_info[ i ][ 'classification' ] ),
is_pii=file_info[i]['encrypt'] == 'true',
org=form_data.get('organization'),
is_centcom=form_data.get('isCentcom'),
)
# if the uploaded file is a zip get the info of the contente
if str(f).split('.')[-1] == "zip":
with ZipFile(f, 'r') as zip:
# get info for all files
info = zip.infolist()
fileCount = 0
for entry in info:
if entry.is_dir() == False:
fileCount += 1
# count of all files in zip
this_file.file_count = fileCount
# count the total uncompressed file size for all files in the zip
fileSize = 0
for file in info:
fileSize += file.file_size
this_file.file_size = fileSize
else:
# if its not a zip just get the file size from the file object, file count defaults to 1
this_file.file_size = this_file.file_object.size
this_file.save()
this_file.file_name = str(
this_file.file_object.name).split("/")[-1]
this_file.save()
rqst.files.add(this_file)
fileList.append(str(f))
fileList.sort()
for file in fileList:
requestData += file
requestHash = hashlib.md5()
requestHash.update(requestData.encode())
requestHash = requestHash.hexdigest()
rqst.request_hash = requestHash
dupes = Request.objects.filter(pull__date_complete=None,
request_hash=requestHash)
if dupes:
rqst.is_dupe = True
dupes.update(is_dupe=True)
rqst.is_submitted = True
rqst.save()
# scan all files in request, append results to file
try:
scan(request, rqst.request_id)
except:
pass
resp = {'status': 'success', 'request_id': rqst.pk}
else:
resp = {
'status': 'fail',
'reason': 'bad-request-type',
'msg': "The 'api-processrequest' view only accepts POST requests."
}
return JsonResponse(resp)