def webpush_save(): provider = Provider() settings = provider.settings() vapid_private = request.form['vapid_private'].strip() vapid_public = request.form['vapid_public'].strip() webpush_enabled = True if int(request.form.get('webpush_enabled', 0)) == 1 else False if len(vapid_private) == 0: flash('Please enter a VAPID Private Key', 'error') return redirect(url_for('config.webpush')) elif vapid_private == '********' and len(settings.get('vapid_private', '')) == 0: flash('Please enter a VAPID Private Key', 'error') return redirect(url_for('config.webpush')) elif len(vapid_public) == 0: flash('Please enter a VAPID Public Key', 'error') return redirect(url_for('config.webpush')) if vapid_private != '********': settings.save('vapid_private', vapid_private) settings.save('vapid_public', vapid_public) settings.save('webpush_enabled', webpush_enabled) flash('Settings saved', 'success') return redirect(url_for('config.webpush'))
def radius_save(): provider = Provider() settings = provider.settings() radius_enabled = True if int(request.form.get('radius_enabled', 0)) == 1 else False radius_host = request.form['radius_host'].strip() radius_port = request.form['radius_port'].strip() radius_port = int(radius_port) if radius_port.isdigit else 0 radius_secret = request.form['radius_secret'].strip() if len(radius_host) == 0: flash('RADIUS Host cannot be empty', 'error') return redirect(url_for('config.radius')) elif radius_port <= 0: flash('Invalid RADIUS port', 'error') return redirect(url_for('config.radius')) settings.save('radius_host', radius_host) settings.save('radius_port', radius_port) settings.save('radius_enabled', radius_enabled) # If the password is not '********' then save it. This is because we show that value instead of the actual password. if len(radius_secret) > 0 and radius_secret != '********': settings.save('radius_secret', radius_secret) flash('Settings saved', 'success') return redirect(url_for('config.radius'))
def login_process(): if current_user.is_authenticated: return redirect(url_for('home.index')) provider = Provider() ldap = provider.ldap() users = provider.users() settings = provider.settings() username = request.form['username'] password = request.form['password'] next = urllib.parse.unquote_plus(request.form['next'].strip()) allow_logins = int(settings.get('allow_logins', 0)) # First check if user is local. Local users take priority. user = UserModel.query.filter( and_( func.lower(UserModel.username) == func.lower(username), UserModel.ldap == 0)).first() if user: if not users.validate_password(user.password, password): flash('Invalid credentials', 'error') return redirect(url_for('auth.login', next=next)) elif ldap.is_enabled() and allow_logins == 1: if not ldap.authenticate(username, password, True): flash('Invalid credentials', 'error') return redirect(url_for('auth.login', next=next)) user = UserModel.query.filter( and_( func.lower(UserModel.username) == func.lower(username), UserModel.ldap == 1)).first() if not user: flash( 'Could not create your local account. Please contact the administrator.', 'error') return redirect(url_for('auth.login', next=next)) else: flash('Invalid credentials', 'error') return redirect(url_for('auth.login', next=next)) # If we reach this point it means that our user exists. Check if the user is active. if user.active is False: flash('Your account has been disabled by the Administrator.', 'error') return redirect(url_for('auth.login', next=next)) user = users.login_session(user) login_user(user) users.record_login(user.id) # On every login we get the hashcat version and the git hash version. system = provider.system() system.run_updates() if next and url_parse(next).netloc == '': return redirect(next) return redirect(url_for('home.index'))
def slack_save(): provider = Provider() settings = provider.settings() slack_enabled = True if int(request.form.get('slack_enabled', 0)) == 1 else False settings.save('slack_enabled', slack_enabled) flash('Settings saved', 'success') return redirect(url_for('config.slack'))
def settings_general_save(): provider = Provider() settings = provider.settings() filesystem = provider.filesystem() if not current_user.admin: flash('Access Denied', 'error') return redirect(url_for('home.index')) wordlists_path = request.form['wordlists_path'].strip() uploaded_hashes_path = request.form['uploaded_hashes_path'].strip() theme = request.form['theme'].strip() webpush_enabled = int(request.form.get('webpush_enabled', 0)) vapid_private = request.form['vapid_private'].strip() vapid_public = request.form['vapid_public'].strip() has_errors = False if len(wordlists_path) == 0 or not os.path.isdir(wordlists_path): has_errors = True flash('Wordlist directory does not exist', 'error') elif not os.access(wordlists_path, os.R_OK): has_errors = True flash('Wordlist directory is not readable', 'error') if len(uploaded_hashes_path) > 0 and not os.path.isdir( uploaded_hashes_path): has_errors = True flash('Uploaded Hashes directory does not exist', 'error') elif len(uploaded_hashes_path) > 0 and not os.access( uploaded_hashes_path, os.R_OK): has_errors = True flash('Uploaded Hashes directory is not readable', 'error') themes = filesystem.get_files( os.path.join(current_app.root_path, 'static', 'css', 'themes')) if not (theme + '.css') in themes: flash('Invalid theme', 'error') return redirect(url_for('admin.settings_general')) if has_errors: return redirect(url_for('admin.settings_general')) settings.save('wordlists_path', wordlists_path) settings.save('uploaded_hashes_path', uploaded_hashes_path) settings.save('theme', theme) # Only update if it's not '********' because we don't show it in the UI. if vapid_private != '********': settings.save('vapid_private', vapid_private) settings.save('vapid_public', vapid_public) settings.save('webpush_enabled', webpush_enabled) flash('Settings saved', 'success') return redirect(url_for('admin.settings_general'))
def messages_save(): provider = Provider() settings = provider.settings() system_message_login = request.form['system_message_login'].strip() system_message_login_show = int(request.form.get('system_message_login_show', 0)) settings.save('system_message_login', system_message_login) settings.save('system_message_login_show', system_message_login_show) flash('Settings saved', 'success') return redirect(url_for('config.messages'))
def settings_hashcat_save(): if not current_user.admin: flash('Access Denied', 'error') return redirect(url_for('home.index')) provider = Provider() settings = provider.settings() hashcat_binary = request.form['hashcat_binary'].strip() hashcat_rules_path = request.form['hashcat_rules_path'].strip() hashcat_status_interval = request.form['hashcat_status_interval'].strip() hashcat_force = int(request.form.get('hashcat_force', 0)) has_errors = False if len(hashcat_binary) == 0 or not os.path.isfile(hashcat_binary): has_errors = True flash('Hashcat executable does not exist', 'error') elif not os.access(hashcat_binary, os.X_OK): has_errors = True flash('Hashcat file is not executable', 'error') if len(hashcat_rules_path) == 0 or not os.path.isdir(hashcat_rules_path): has_errors = True flash('Hashcat rules directory does not exist', 'error') elif not os.access(hashcat_rules_path, os.R_OK): has_errors = True flash('Hashcat rules directory is not readable', 'error') if len(hashcat_status_interval) == 0: has_errors = True flash('Hashcat Status Interval must be set', 'error') hashcat_status_interval = int(hashcat_status_interval) if hashcat_status_interval <= 0: hashcat_status_interval = 10 if has_errors: return redirect(url_for('admin.settings_hashcat')) settings.save('hashcat_binary', hashcat_binary) settings.save('hashcat_rules_path', hashcat_rules_path) settings.save('hashcat_status_interval', hashcat_status_interval) settings.save('hashcat_force', hashcat_force) # When settings are saved, run system updates. system = provider.system() system.run_updates() flash('Settings saved', 'success') return redirect(url_for('admin.settings_hashcat'))
def webpush_save(): provider = Provider() settings = provider.settings() webpush_enabled = int(request.form.get('webpush_enabled', 0)) vapid_private = request.form['vapid_private'].strip() vapid_public = request.form['vapid_public'].strip() if vapid_private != '********': settings.save('vapid_private', vapid_private) settings.save('vapid_public', vapid_public) settings.save('webpush_enabled', webpush_enabled) flash('Settings saved', 'success') return redirect(url_for('config.webpush'))
def general_save(): provider = Provider() settings = provider.settings() filesystem = provider.filesystem() theme = request.form['theme'].strip() themes = filesystem.get_files( os.path.join(current_app.root_path, 'static', 'css', 'themes')) if not (theme + '.css') in themes: flash('Invalid theme', 'error') return redirect(url_for('config.general')) settings.save('theme', theme) flash('Settings saved', 'success') return redirect(url_for('config.general'))
def __run_db_update(self): provider = Provider() settings = provider.settings() db_version = settings.get('db_version', '0.0.0') installed_version = version.parse(db_version) if installed_version >= version.parse(app_version.__version__): print("No database updates required") return True if installed_version < version.parse('1.1.0'): migration = v1_1_0.DBMigration(provider) if migration.run(): settings.save('db_version', '1.1.0') return True
def system_messages_save(): if not current_user.admin: flash('Access Denied', 'error') return redirect(url_for('home.index')) provider = Provider() settings = provider.settings() system_message_login = request.form['system_message_login'].strip() system_message_login_show = int( request.form.get('system_message_login_show', 0)) settings.save('system_message_login', system_message_login) settings.save('system_message_login_show', system_message_login_show) flash('Settings saved', 'success') return redirect(url_for('admin.system_messages'))
def settings_auth_save_general(): if not current_user.admin: flash('Access Denied', 'error') return redirect(url_for('home.index')) provider = Provider() settings = provider.settings() allow_logins = request.form.get('allow_logins', 0) settings.save('allow_logins', allow_logins) # When settings are saved, run system updates. system = provider.system() system.run_updates() flash('Settings saved', 'success') return redirect(url_for('admin.settings_auth'))
def theme(): provider = Provider() users = provider.users() filesystem = provider.filesystem() user_settings = provider.user_settings() settings = provider.settings() user = users.get_by_id(current_user.id) themes = filesystem.get_files( os.path.join(current_app.root_path, 'static', 'css', 'themes')) theme = user_settings.get(current_user.id, 'theme', settings.get('theme', 'lumen')) return render_template('config/account/theme.html', user=user, themes=themes, selected_theme=theme)
def password_complexity_save(): pwd_min_length = int(request.form['pwd_min_length'].strip()) pwd_min_lower = int(request.form['pwd_min_lower'].strip()) pwd_min_upper = int(request.form['pwd_min_upper'].strip()) pwd_min_digits = int(request.form['pwd_min_digits'].strip()) pwd_min_special = int(request.form['pwd_min_special'].strip()) provider = Provider() settings = provider.settings() settings.save('pwd_min_length', pwd_min_length) settings.save('pwd_min_lower', pwd_min_lower) settings.save('pwd_min_upper', pwd_min_upper) settings.save('pwd_min_digits', pwd_min_digits) settings.save('pwd_min_special', pwd_min_special) flash('Settings saved', 'success') return redirect(url_for('config.password_complexity'))
def smtp_save(): provider = Provider() settings = provider.settings() smtp_enabled = True if int(request.form.get('smtp_enabled', 0)) == 1 else False smtp_host = request.form['smtp_host'].strip() smtp_port = int(request.form['smtp_port'].strip()) smtp_tls = True if int(request.form.get('smtp_tls', 0)) == 1 else False smtp_user = request.form['smtp_user'].strip() smtp_pass = request.form['smtp_pass'].strip() smtp_sender = request.form['smtp_sender'].strip() if len(smtp_host) == 0: flash('Please enter SMTP Host', 'error') return redirect(url_for('config.smtp')) elif smtp_port <= 0 or smtp_port > 65535: flash('Please enter SMTP Port', 'error') return redirect(url_for('config.smtp')) elif len(smtp_user) == 0: flash('Please enter SMTP User', 'error') return redirect(url_for('config.smtp')) elif len(smtp_pass) == 0: flash('Please enter SMTP Pass', 'error') return redirect(url_for('config.smtp')) elif smtp_pass == '********' and len(settings.get('smtp_pass', '')) == 0: flash('Please enter SMTP Pass', 'error') return redirect(url_for('config.smtp')) elif len(smtp_sender) == 0: flash('Please enter SMTP Sender E-mail', 'error') return redirect(url_for('config.smtp')) settings.save('smtp_enabled', smtp_enabled) settings.save('smtp_host', smtp_host) settings.save('smtp_port', smtp_port) settings.save('smtp_tls', smtp_tls) settings.save('smtp_user', smtp_user) settings.save('smtp_sender', smtp_sender) if smtp_pass != '********': settings.save('smtp_pass', smtp_pass) flash('Settings saved', 'success') return redirect(url_for('config.smtp'))
def theme(user_id): if current_user.id != user_id: flash('Access denied', 'error') return redirect(url_for('home.index')) provider = Provider() users = provider.users() filesystem = provider.filesystem() user_settings = provider.user_settings() settings = provider.settings() user = users.get_by_id(current_user.id) themes = filesystem.get_files( os.path.join(current_app.root_path, 'static', 'css', 'themes')) theme = user_settings.get(user_id, 'theme', settings.get('theme', 'lumen')) return render_template('account/theme.html', user=user, themes=themes, selected_theme=theme)
def settings_auth_save_complexity(): if not current_user.admin: flash('Access Denied', 'error') return redirect(url_for('home.index')) pwd_min_length = int(request.form['pwd_min_length'].strip()) pwd_min_lower = int(request.form['pwd_min_lower'].strip()) pwd_min_upper = int(request.form['pwd_min_upper'].strip()) pwd_min_digits = int(request.form['pwd_min_digits'].strip()) pwd_min_special = int(request.form['pwd_min_special'].strip()) provider = Provider() settings = provider.settings() settings.save('pwd_min_length', pwd_min_length) settings.save('pwd_min_lower', pwd_min_lower) settings.save('pwd_min_upper', pwd_min_upper) settings.save('pwd_min_digits', pwd_min_digits) settings.save('pwd_min_special', pwd_min_special) flash('Settings saved', 'success') return redirect(url_for('admin.settings_auth'))
def system_daemon(): provider = Provider() daemon = provider.daemon() settings = provider.settings() # First check to see is everyoneis allowed to start the daemon. dns_daemon_start_everyone = settings.get('dns_daemon_start_everyone', False, type=bool) if not dns_daemon_start_everyone: # If it's not an admin, return to homepage. if not current_user.admin: flash('Access Denied', 'error') return redirect(url_for('home.index')) action = request.form['action'].strip() if not daemon.is_configured(): flash('DNS Daemon is not configured', 'error') return redirect(url_for('config.system')) elif action not in ['start', 'stop']: flash('Invalid action', 'error') return redirect(url_for('config.system')) if action == 'start': if daemon.start(): flash('DNS Daemon Started', 'success') else: flash('Could not start DNS Daemon', 'error') elif action == 'stop' and current_user.admin: # Only admins can stop the service. if daemon.stop(): flash('DNS Daemon Stopped', 'success') else: flash('Could not stop DNS Daemon', 'error') redirect_to = 'config.system' if current_user.admin else 'home.index' return redirect(url_for(redirect_to))
def hashcat_save(): provider = Provider() settings = provider.settings() hashcat_binary = request.form['hashcat_binary'].strip() hashcat_rules_path = request.form['hashcat_rules_path'].strip() hashcat_masks_path = request.form['hashcat_masks_path'].strip() hashcat_status_interval = request.form['hashcat_status_interval'].strip() hashcat_force = int(request.form.get('hashcat_force', 0)) wordlists_path = request.form['wordlists_path'].strip() uploaded_hashes_path = request.form['uploaded_hashes_path'].strip() has_errors = False # Validate wordlist if len(wordlists_path) == 0 or not os.path.isdir(wordlists_path): has_errors = True flash('Wordlist directory does not exist', 'error') elif not os.access(wordlists_path, os.R_OK): has_errors = True flash('Wordlist directory is not readable', 'error') # Validate uploaded hash path if len(uploaded_hashes_path) > 0 and not os.path.isdir( uploaded_hashes_path): has_errors = True flash('Uploaded Hashes directory does not exist', 'error') elif len(uploaded_hashes_path) > 0 and not os.access( uploaded_hashes_path, os.R_OK): has_errors = True flash('Uploaded Hashes directory is not readable', 'error') # Validate executable if len(hashcat_binary) == 0 or not os.path.isfile(hashcat_binary): has_errors = True flash('Hashcat executable does not exist', 'error') elif not os.access(hashcat_binary, os.X_OK): has_errors = True flash('Hashcat file is not executable', 'error') # Validate rules if len(hashcat_rules_path) == 0 or not os.path.isdir(hashcat_rules_path): has_errors = True flash('Hashcat rules directory does not exist', 'error') elif not os.access(hashcat_rules_path, os.R_OK): has_errors = True flash('Hashcat rules directory is not readable', 'error') # Validate masks if len(hashcat_masks_path) == 0 or not os.path.isdir(hashcat_masks_path): has_errors = True flash('Hashcat masks directory does not exist', 'error') elif not os.access(hashcat_masks_path, os.R_OK): has_errors = True flash('Hashcat masks directory is not readable', 'error') # Validate interval if len(hashcat_status_interval) == 0: has_errors = True flash('Hashcat Status Interval must be set', 'error') if has_errors: return redirect(url_for('config.hashcat')) hashcat_status_interval = int(hashcat_status_interval) if hashcat_status_interval <= 0: hashcat_status_interval = 10 settings.save('hashcat_binary', hashcat_binary) settings.save('hashcat_rules_path', hashcat_rules_path) settings.save('hashcat_masks_path', hashcat_masks_path) settings.save('hashcat_status_interval', hashcat_status_interval) settings.save('hashcat_force', hashcat_force) settings.save('wordlists_path', wordlists_path) settings.save('uploaded_hashes_path', uploaded_hashes_path) flash('Settings saved', 'success') return redirect(url_for('config.hashcat'))
def ldap_save(): provider = Provider() settings = provider.settings() ldap_enabled = int(request.form.get('ldap_enabled', 0)) ldap_ssl = int(request.form.get('ldap_ssl', 0)) ldap_bind_pass = request.form['ldap_bind_pass'].strip() # Put the rest of the ldap options in a dict to make it easier to validate and save. ldap_settings = { 'ldap_auth_type': { 'value': request.form['ldap_auth_type'].strip(), 'error': 'Please select authentication type' }, 'ldap_host': { 'value': request.form['ldap_host'].strip(), 'error': 'LDAP Host cannot be empty' }, 'ldap_base_dn': { 'value': request.form['ldap_base_dn'].strip(), 'error': 'LDAP Base cannot be empty' }, 'ldap_domain': { 'value': request.form['ldap_domain'].strip(), 'error': 'LDAP Domain cannot be empty' }, 'ldap_bind_user': { 'value': request.form['ldap_bind_user'].strip(), 'error': 'LDAP Bind User cannot be empty' }, 'ldap_mapping_username': { 'value': request.form['ldap_mapping_username'].strip(), 'error': 'LDAP Mapping Username cannot be empty' }, 'ldap_mapping_fullname': { 'value': request.form['ldap_mapping_fullname'].strip(), 'error': 'LDAP Mapping Full Name cannot be empty' } } has_errors = False if ldap_enabled == 1: # If it's disabled it doesn't make sense to validate any settings. for key, data in ldap_settings.items(): if len(data['value']) == 0: has_errors = True flash(data['error'], 'error') if has_errors: return redirect(url_for('config.ldap')) settings.save('ldap_mapping_email', request.form['ldap_mapping_email'].strip()) settings.save('ldap_enabled', ldap_enabled) settings.save('ldap_ssl', ldap_ssl) for key, data in ldap_settings.items(): settings.save(key, data['value']) # If the password is not '********' then save it. This is because we show that value instead of the actual password. if len(ldap_bind_pass) > 0 and ldap_bind_pass != '********': settings.save('ldap_bind_pass', ldap_bind_pass) # When settings are saved, run system updates. system = provider.system() system.run_updates() flash('Settings saved', 'success') return redirect(url_for('config.ldap'))
def setting_get(name, default=None): provider = Provider() return provider.settings().get(name, default)
def dns_save(): provider = Provider() settings = provider.settings() dns = provider.dns_manager() # DNS Base Domain dns_base_domain = request.form['dns_base_domain'].strip() # DNS Daemon dns_daemon_bind_ip = request.form['dns_daemon_bind_ip'].strip() dns_daemon_bind_port = request.form['dns_daemon_bind_port'].strip() dns_daemon_bind_port = int( dns_daemon_bind_port) if dns_daemon_bind_port.isdigit() else 0 dns_daemon_start_everyone = True if int( request.form.get('dns_daemon_start_everyone', 0)) == 1 else False # DNS Forwarding forward_dns_address = request.form['forward_dns_address'].strip() forward_dns_enabled = True if int( request.form.get('forward_dns_enabled', 0)) == 1 else False # DNS CSV Logging csv_logging_file = request.form['csv_logging_file'].strip() csv_logging_enabled = True if int( request.form.get('csv_logging_enabled', 0)) == 1 else False # DNS Daemon Validation if not dns.is_valid_ip_address(dns_daemon_bind_ip): flash('Invalid IP Address', 'error') return redirect(url_for('config.dns')) elif dns_daemon_bind_port <= 0 or dns_daemon_bind_port > 65535: flash('Invalid Port', 'error') return redirect(url_for('config.dns')) elif dns_daemon_bind_port < 1024: flash( 'Please enter a port between 1024 and 65535. Port numbers below 1024 require root access.', 'error') return redirect(url_for('config.dns')) # DNS Forwarding Validation forwarders = [] for item in forward_dns_address.split(','): item = item.strip() if len(item) > 0: if dns.is_valid_ip_address(item): forwarders.append(item) # DNS CSV Logging Validation if csv_logging_enabled: if len(csv_logging_file) == 0: flash('Please enter a CSV output location', 'error') return redirect(url_for('config.dns')) elif not dns.is_file_writable(csv_logging_file): flash('CSV output location is not writable', 'error') return redirect(url_for('config.dns')) # Save Base Domain settings.save('dns_base_domain', dns_base_domain) # Save Daemon settings.save('dns_daemon_bind_ip', dns_daemon_bind_ip) settings.save('dns_daemon_bind_port', dns_daemon_bind_port) settings.save('dns_daemon_start_everyone', dns_daemon_start_everyone) # Save Forwarding settings.save('forward_dns_address', forwarders) settings.save('forward_dns_enabled', forward_dns_enabled) # Save Logging settings.save('csv_logging_file', csv_logging_file) settings.save('csv_logging_enabled', csv_logging_enabled) flash('Settings saved - Please restart the DNS Daemon.', 'success') return redirect(url_for('config.dns'))
def login_process(): if current_user.is_authenticated: return redirect(url_for('home.index')) provider = Provider() ldap = provider.ldap() users = provider.users() settings = provider.settings() username = request.form['username'] password = request.form['password'] next = urllib.parse.unquote_plus(request.form['next'].strip()) # First check if user is local. Local users take priority. user = UserModel.query.filter(and_(func.lower(UserModel.username) == func.lower(username), UserModel.ldap == 0)).first() if user: if not users.validate_password(user.password, password): flash('Invalid credentials', 'error') return redirect(url_for('auth.login', next=next)) elif ldap.is_enabled(): ldap_result = ldap.authenticate(username, password) if ldap_result is False: if len(ldap.error_message) > 0: flash(ldap.error_message, 'error') else: flash('Invalid credentials', 'error') return redirect(url_for('auth.login', next=next)) elif ldap_result['result'] == ldap.AUTH_SUCCESS: ldap_user = ldap_result['user'] elif ldap_result['result'] == ldap.AUTH_CHANGE_PASSWORD: session['ldap_username'] = username session['ldap_time'] = int(time.time()) flash('Your LDAP password has expired or needs changing', 'error') return redirect(url_for('auth.ldap_changepwd', next=next)) elif ldap_result['result'] == ldap.AUTH_LOCKED: flash('Your AD account is disabled', 'error') return redirect(url_for('auth.login', next=next)) else: if len(ldap.error_message) > 0: flash(ldap.error_message, 'error') else: flash('Invalid credentials', 'error') return redirect(url_for('auth.login', next=next)) user = users.get_ldap_user(ldap_user['username']) if not user: # Create user = users.create_ldap_user(ldap_user['username'], ldap_user['fullname'], ldap_user['email']) if not user: flash('Could not create LDAP user', 'error') return redirect(url_for('auth.login', next=next)) else: flash('Invalid credentials', 'error') return redirect(url_for('auth.login', next=next)) # If we reach this point it means that our user exists. Check if the user is active. if user.active is False: flash('Your account has been disabled by the Administrator.', 'error') return redirect(url_for('auth.login', next=next)) user = users.login_session(user) login_user(user) users.record_login(user.id) # On every login we get the hashcat version and the git hash version. system = provider.system() system.run_updates() if next and url_parse(next).netloc == '': return redirect(next) return redirect(url_for('home.index'))