def main(): parser = argparse.ArgumentParser(description='King Phisher Interactive Database Console', conflict_handler='resolve') utilities.argp_add_args(parser) config_group = parser.add_mutually_exclusive_group(required=True) config_group.add_argument('-c', '--config', dest='server_config', type=argparse.FileType('r'), help='the server configuration file') config_group.add_argument('-u', '--url', dest='database_url', help='the database connection url') arguments = parser.parse_args() if arguments.database_url: database_connection_url = arguments.database_url elif arguments.server_config: server_config = yaml.load(arguments.server_config) database_connection_url = server_config['server']['database'] else: raise RuntimeError('no database connection was specified') engine = manager.init_database(database_connection_url) session = manager.Session() rpc_session = aaa.AuthenticatedSession(user=getpass.getuser()) console = code.InteractiveConsole(dict( engine=engine, graphql=graphql, graphql_query=graphql_query, manager=manager, models=models, pprint=pprint.pprint, rpc_session=rpc_session, session=session )) console.interact('starting interactive database console') if os.path.isdir(os.path.dirname(history_file)): readline.write_history_file(history_file)
def test_query_auth_middleware_session(self): self._init_db() session = db_manager.Session() rpc_session = aaa.AuthenticatedSession('alice') result = graphql.schema.execute( "{ db { users { edges { node { id, otpSecret } } } } }", context_value={'rpc_session': rpc_session, 'session': session} ) users = result.data['db']['users']['edges'] self.assertEquals(len(users), 2) self.assertEquals(users[0]['node']['id'], 'alice') self.assertEquals(users[0]['node']['otpSecret'], 'secret') self.assertIsNone(users[1]['node']['otpSecret'])
def test_query_auth_middleware_session(self): session = db_manager.Session() db_user = self.users['alice'] rpc_session = aaa.AuthenticatedSession(db_user) result = graphql_schema.execute( "{ db { users { edges { node { id name otpSecret } } } } }", context_value={'rpc_session': rpc_session, 'session': session} ) users = result.data['db']['users']['edges'] self.assertEquals(len(users), 2) self.assertEquals(users[0]['node']['id'], str(db_user.id)) self.assertEquals(users[0]['node']['name'], db_user.name) self.assertEquals(users[0]['node']['otpSecret'], 'secret') self.assertIsNone(users[1]['node']['otpSecret'])
def main(): parser = argparse.ArgumentParser( description='King Phisher Interactive Database Console', conflict_handler='resolve') utilities.argp_add_args(parser) config_group = parser.add_mutually_exclusive_group(required=True) config_group.add_argument('-c', '--config', dest='server_config', help='the server configuration file') config_group.add_argument('-u', '--url', dest='database_url', help='the database connection url') arguments = parser.parse_args() if arguments.database_url: database_connection_url = arguments.database_url elif arguments.server_config: server_config = configuration.ex_load_config(arguments.server_config) database_connection_url = server_config.get('server.database') else: raise RuntimeError('no database connection was specified') engine = manager.init_database(database_connection_url) session = manager.Session() username = getpass.getuser() user = session.query(models.User).filter_by(name=username).first() if user is None: print("[-] no user {0} found in the database".format(username)) return rpc_session = aaa.AuthenticatedSession(user=user) console = code.InteractiveConsole( dict(engine=engine, graphql_query=graphql_query, manager=manager, models=models, pprint=pprint.pprint, rpc_session=rpc_session, session=session)) console.interact('starting interactive database console') if os.path.isdir(os.path.dirname(history_file)): readline.write_history_file(history_file)