Пример #1
0
def profiles(workspace_id):
    '''
    For GET requests, return all profiles.
    For POST requests, add a new profile.
    '''
    if not validate_workspace(workspace_id):
        return 'workspace does not exist', 404

    if request.method == 'GET':
        all_profiles = Profile.query.filter_by(
            workspace_id=workspace_id).order_by(
                Profile.updated_at.desc()).all()
        schema = ProfileSchema(many=True)
        profiles = schema.dump(all_profiles)
        return jsonify(profiles)
    # request is a POST
    else:
        name = request.form.get('Name')
        from_address = request.form.get('From_Address')
        host = request.form.get('SMTP_Host')
        port = request.form.get('SMTP_Port')
        username = request.form.get('Username')
        password = request.form.get('Password')
        tls = request.form.get('TLS')
        ssl = request.form.get('SSL')

        profile = Profile.query.filter_by(name=name).first()
        ssl_bool = convert_to_bool(ssl)
        tls_bool = convert_to_bool(tls)

        if profile is not None:
            return json.dumps({'success': False}), 200, {
                'ContentType': 'application/json'
            }

        elif type(ssl_bool) != bool or type(tls_bool) != bool:
            return 'ssl/tls must be either true or false', 400


        profile = Profile(name=name, from_address=from_address, smtp_host=host, smtp_port=port, \
            username=encrypt(username.encode()), password=encrypt(password.encode()), tls=tls_bool, ssl=ssl_bool, workspace_id=workspace_id)
        db.session.add(profile)
        update_workspace_ts(Workspace.query.filter_by(id=workspace_id).first())
        db.session.commit()

        schema = ProfileSchema()
        profile_data = schema.dump(profile)
        app.logger.info(
            f'Added profile {name} - Added by {current_user.username} - Client IP address {request.remote_addr}'
        )
        return jsonify(profile_data), 201
Пример #2
0
def add_controller(data):
    iin = data['iin']
    iin2 = cipher.encrypt(iin.encode())
    iin = iin2.decode()
    user = models.User(first_name=data['name'],
                       last_name=data['surname'],
                       patronymic=data['patronymic'],
                       phone=data['phone'],
                       adress=data['adress'],
                       iin=iin)
    result = True
    try:
        db.session.add(user)
        db.session.commit()
    except:
        result = False
    return result
Пример #3
0
def init_db():
    if os.path.isdir('migrations'):
        shutil.rmtree('migrations')

    print(f'\n{Color.red}[*] Creating database{Color.end}')

    proc = subprocess.Popen(shlex.split('flask db init'),
                            stdout=subprocess.PIPE,
                            stderr=subprocess.DEVNULL)
    proc.wait()
    proc = subprocess.Popen(shlex.split('flask db migrate'),
                            stdout=subprocess.PIPE,
                            stderr=subprocess.DEVNULL)
    proc.wait()
    proc = subprocess.Popen(shlex.split('flask db upgrade'),
                            stdout=subprocess.PIPE,
                            stderr=subprocess.DEVNULL)
    proc.wait()

    print(f'{Color.red}[+] Initializing database values\n{Color.end}')

    general_ws = Workspace(name='General')
    db.session.add(general_ws)
    db.session.commit()

    administrator = Role(name='redlure admin', role_type='Administrator')
    general_ws = Workspace.query.filter_by(id=1, name='General').first()
    if general_ws is not None:
        administrator.workspaces.append(general_ws)

    db.session.add(administrator)
    db.session.commit()

    admin = User(username='******', role_id=1)
    admin.set_password('redlure')
    db.session.add(admin)
    db.session.commit()

    encrypted_val = encrypt(b'Bingo. Welcome to redlure')
    cipher_test = CipherTest(value=encrypted_val)
    db.session.add(cipher_test)
    db.session.commit()

    key = APIKey()
Пример #4
0
def record_form():
    '''
    Requires matching API key. For POST requests, check the database for a result with
    a matching identifier and record the submiited form values.
    '''
    tracker = request.form.get('tracker')
    form_data = request.form.get('data')
    ip = request.form.get('ip')
    user_agent = request.form.get('user-agent')

    result = Result.query.filter_by(tracker=tracker).first()

    # create event
    event = Event(ip_address=ip,
                  user_agent=user_agent,
                  action='Submitted',
                  time=datetime.now())

    # create form
    enc_form_data = encrypt(form_data.encode())
    form = Form(data=enc_form_data)

    # add form to event object
    event.form = form

    # tracker string is not in db, add event + form will null result ID
    if result is None:
        db.session.add(event)
        db.session.commit()

    # else add event + form to our result
    else:
        app.logger.info(
            f'Received form data from worker for result ID {result.id} in campaign {result.campaign.name} ({result.campaign.id})'
        )

        # add event to result object
        result.events.append(event)
        #result.forms.append(form)
        result.status = 'Submitted'
        db.session.commit()
    return 'updated'
Пример #5
0
def profile(workspace_id, profile_id):
    '''
    For GET requests, return the profile with the given name.
    For POST requests, use the given profile to send a test email.
    For DELETE requests, delete the given profile.
    '''
    if not validate_workspace(workspace_id):
        return 'workspace does not exist', 404

    profile = Profile.query.filter_by(id=profile_id,
                                      workspace_id=workspace_id).first()
    if profile is None:
        return 'profile does not exist', 404

    # request is a GET
    if request.method == 'GET':
        schema = ProfileSchema()
        profile_data = schema.dump(profile)
        return jsonify(profile_data)

    # request is a DELETE
    elif request.method == 'DELETE':
        app.logger.info(
            f'Deleted profile {profile.name} - Deleted by {current_user.username} - Client IP address {request.remote_addr}'
        )
        db.session.delete(profile)
        update_workspace_ts(Workspace.query.filter_by(id=workspace_id).first())
        db.session.commit()
        return 'profile deleted', 204

    # request is a POST
    elif request.method == 'POST':
        address = request.form.get('Address')

        if not validate_email_format(address):
            return 'Enter a valid email address', 400

        success = profile.send_test_mail(address)
        if success:
            app.logger.info(
                f'Test email successfully email to {address} using profile {profile.name} - Sent by {current_user.username} - Client IP address {request.remote_addr}'
            )
        else:
            app.logger.warning(
                f'Test email failed to {address} using profile {profile.name} - Sent by {current_user.username} - Client IP address {request.remote_addr}'
            )
        return json.dumps({'success': success}), 200, {
            'ContentType': 'application/json'
        }

    # request is a PUT
    elif request.method == 'PUT':
        name = request.form.get('Name')
        from_address = request.form.get('From_Address')
        host = request.form.get('SMTP_Host')
        port = request.form.get('SMTP_Port')
        username = request.form.get('Username')
        password = request.form.get('Password')
        tls = request.form.get('TLS')
        ssl = request.form.get('SSL')

        same_profile = Profile.query.filter_by(name=name).first()

        if same_profile is not None and str(same_profile.id) != profile_id:
            return json.dumps({'success': False}), 200, {
                'ContentType': 'application/json'
            }

        ssl_bool = convert_to_bool(ssl)
        tls_bool = convert_to_bool(tls)

        if type(ssl_bool) != bool or type(tls_bool) != bool:
            return 'ssl/tls must be either true or false', 400

        profile.name = name
        profile.from_address = from_address
        profile.smtp_host = host
        profile.smtp_port = port
        profile.username = encrypt(username.encode())
        profile.password = encrypt(password.encode())
        profile.tls = tls_bool
        profile.ssl = ssl_bool
        profile.workspace_id = workspace_id
        update_workspace_ts(Workspace.query.filter_by(id=workspace_id).first())
        db.session.commit()

        schema = ProfileSchema()
        profile_data = schema.dump(profile)
        app.logger.info(
            f'Updated profile {name} - Updated by {current_user.username} - Client IP address {request.remote_addr}'
        )
        return jsonify(profile_data), 200