def test_get(self): with self.assertRaisesRegexp(exc.NoSuchEntity, r'Password'): passwords.get(0) no_match = passwords.get(0, assert_exists=False) self.assertIs(None, no_match)
def getPassword(self, password_id, include_history=False): """ Get the specified password record (decrypted) and optionally password history. :param password_id: The ID of password to lookup. :type password_id: int :param include_history: Whether to include history (previous passwords) for this password. :type include_history: bool """ pw = passwords.get(password_id) auditlog.log(auditlog.CODE_CONTENT_VIEW, target=pw) return pw.to_dict(decrypt=True, include_history=include_history)
def reveal(self, password_id, _=None): """ (AJAX) Returns the specified password. (This is a separate action for the purposes of auditing.) (jquery will pass an additional _ arg for no-caching purposes.) """ pw = passwords.get(password_id) if not pw: raise ValueError("Invalid password specified: {0}".format(password_id)) auditlog.log(auditlog.CODE_CONTENT_VIEW, target=pw) return pw.password_decrypted
def backup_database(): """ Backups entire database contents to a YAML file which is encrypted using the password from a specified mapped password in the database. """ try: dir_mode = int(config.get("backups.dir_mode", "0700"), 8) file_mode = int(config.get("backups.file_mode", "0600"), 8) # Before we do anything, validate the configuration. if not os.path.exists(config["backups.path"]): # Attempt to make the directories. os.makedirs(config["backups.path"], mode=dir_mode) if not config.get("backups.encryption.password_id"): raise exc.ConfigurationError( "Cannot backup without configured password_id (backups.encryption.password_id)" ) try: pw = passwords.get(config["backups.encryption.password_id"]) except exc.NoSuchEntity as x: raise exc.ConfigurationError( "Configured backups.encryption.password_id does not exist in database: {0}".format(x) ) backup_fname = datetime.now().strftime("backup-%Y-%m-%d-%H-%M.gpg") msg = "Backing up database to {fname}, secured by password id={pw.id}, resource={resource.name}[{resource.id}]" log.info(msg.format(fname=backup_fname, pw=pw, resource=pw.resource)) exporter = GpgYamlExporter(passphrase=pw.password_decrypted, use_tags=True, include_key_metadata=True) encrypted_stream = BytesIO() exporter.export(stream=encrypted_stream) encrypted_stream.seek(0) # Just to ensure it's rewound backup_file = os.path.join(config["backups.path"], backup_fname) with open(backup_file, "w") as fp: fp.write(encrypted_stream.read()) os.chmod(backup_file, file_mode) except: log.critical("Error backing up database.", exc_info=True) raise
def check_duplicate_username(form, field): username = field.data existing = resource = None if hasattr(form, 'resource_id'): # It's being added resource = resources.get(form.resource_id.data) existing = resource.passwords.filter_by(username=username).first() elif hasattr(form, 'password_id'): # Lookup from pw_id pw = passwords.get(form.password_id.data) resource = pw.resource q = resource.passwords.filter_by(username=username) q = q.filter(Password.id != pw.id) # @UndefinedVariable existing = q.first() else: raise Exception("Unexpected condition.") if existing: raise ValidationError("Username \"{0}\" already exists for this resource \"{1}\".".format(username, resource.name))
def view(self, password_id): pw = passwords.get(password_id) auditlog.log(auditlog.CODE_CONTENT_VIEW, target=pw) return render('password/view.html', {'password': pw})
def edit(self, password_id): pw = passwords.get(password_id) form = PasswordEditForm(request_params(), obj=pw, password_id=pw.id) return render('password/edit.html', {'form': form})