mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-10 00:28:22 +00:00
chg: [user_managemant] clean code + check password and email length
This commit is contained in:
parent
5b58872b15
commit
34e57fe7af
10 changed files with 53 additions and 147 deletions
|
@ -44,10 +44,8 @@ class User(UserMixin):
|
|||
|
||||
def check_password(self, password):
|
||||
password = password.encode()
|
||||
print(self.id)
|
||||
hashed_password = self.r_serv_db.hget('user:all', self.id).encode()
|
||||
if bcrypt.checkpw(password, hashed_password):
|
||||
print('password correct')
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*-coding:UTF-8 -*
|
||||
|
||||
import os
|
||||
import re
|
||||
import sys
|
||||
|
||||
import redis
|
||||
import configparser
|
||||
import random
|
||||
|
@ -15,10 +19,7 @@ import bcrypt
|
|||
|
||||
import flask
|
||||
import importlib
|
||||
import os
|
||||
import re
|
||||
from os.path import join
|
||||
import sys
|
||||
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages/'))
|
||||
sys.path.append('./modules/')
|
||||
import Paste
|
||||
|
@ -31,52 +32,20 @@ from pytaxonomies import Taxonomies
|
|||
# Import config
|
||||
import Flask_config
|
||||
|
||||
# Import Role_Manager
|
||||
from Role_Manager import create_user_db, check_password_strength
|
||||
|
||||
def flask_init():
|
||||
# check if an account exists
|
||||
if not r_serv_db.exists('user:all'):
|
||||
password = secrets.token_urlsafe()
|
||||
create_user_db('admin@admin.test', password, role='admin',default=True)
|
||||
# add default roles
|
||||
# # TODO: move this to update
|
||||
# role init
|
||||
if not r_serv_db.exists('ail:all_role'):
|
||||
r_serv_db.zadd('ail:all_role', 1, 'admin')
|
||||
r_serv_db.zadd('ail:all_role', 2, 'analyst')
|
||||
|
||||
def hashing_password(bytes_password):
|
||||
hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt())
|
||||
return hashed
|
||||
|
||||
def verify_password(id, bytes_password):
|
||||
hashed_password = r_serv_db.hget('user:all', id)
|
||||
if bcrypt.checkpw(password, hashed):
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def check_password_strength(password):
|
||||
result = regex_password.match(password)
|
||||
if result:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
def create_user_db(username_id , password, default=False, role=None, update=False):
|
||||
password = password.encode()
|
||||
password_hash = hashing_password(password)
|
||||
r_serv_db.hset('user:all', username_id, password_hash)
|
||||
if update:
|
||||
r_serv_db.hdel('user_metadata:{}'.format(username_id), 'change_passwd')
|
||||
if username_id=='admin@admin.test':
|
||||
os.remove(default_passwd_file)
|
||||
else:
|
||||
if default:
|
||||
r_serv_db.hset('user_metadata:{}'.format(username_id), 'change_passwd', True)
|
||||
if role:
|
||||
if role in get_all_role():
|
||||
r_serv_db.sadd('user_role:{}'.format(role), username_id)
|
||||
|
||||
def get_all_role():
|
||||
return r_serv_db.zrange('ail:all_role', 0 , -1)
|
||||
# check if an account exists
|
||||
if not r_serv_db.exists('user:all'):
|
||||
password = secrets.token_urlsafe()
|
||||
create_user_db('admin@admin.test', password, role='admin',default=True)
|
||||
|
||||
# CONFIG #
|
||||
cfg = Flask_config.cfg
|
||||
|
@ -85,11 +54,6 @@ baseUrl = baseUrl.replace('/', '')
|
|||
if baseUrl != '':
|
||||
baseUrl = '/'+baseUrl
|
||||
|
||||
default_passwd_file = os.path.join(os.environ['AIL_HOME'], 'DEFAULT_PASSWORD')
|
||||
|
||||
regex_password = r'^(?=(.*\d){2})(?=.*[a-z])(?=.*[A-Z]).{10,}$'
|
||||
regex_password = re.compile(regex_password)
|
||||
|
||||
# ========= REDIS =========#
|
||||
r_serv_db = redis.StrictRedis(
|
||||
host=cfg.get("ARDB_DB", "host"),
|
||||
|
@ -181,9 +145,6 @@ modified_header = modified_header.replace('<!--insert here-->', '\n'.join(to_add
|
|||
with open('templates/header.html', 'w') as f:
|
||||
f.write(modified_header)
|
||||
|
||||
flask_init()
|
||||
|
||||
|
||||
# ========= JINJA2 FUNCTIONS ========
|
||||
def list_len(s):
|
||||
return len(s)
|
||||
|
@ -213,7 +174,6 @@ def login():
|
|||
user = User.get(username)
|
||||
if user and user.check_password(password):
|
||||
login_user(user) ## TODO: use remember me ?
|
||||
print(user.is_active)
|
||||
if user.request_password_change():
|
||||
return redirect(url_for('change_password'))
|
||||
else:
|
||||
|
@ -245,37 +205,12 @@ def change_password():
|
|||
else:
|
||||
return render_template("change_password.html")
|
||||
|
||||
@app.route('/role', methods=['POST', 'GET'])
|
||||
def role():
|
||||
return 'ERROR role'
|
||||
|
||||
@app.route('/logout')
|
||||
@login_required
|
||||
def logout():
|
||||
logout_user()
|
||||
return redirect(url_for('login'))
|
||||
|
||||
@app.route('/create_user')
|
||||
@login_required
|
||||
def create_user():
|
||||
username = request.form.get('username')
|
||||
password = request.form.get('password')
|
||||
#role = request.form.get('role') ## TODO: create role
|
||||
|
||||
## TODO: validate username
|
||||
## TODO: validate password
|
||||
|
||||
username = 'admin@admin.test'
|
||||
password = 'admin'
|
||||
|
||||
if r_serv_db.hexists('user:all', username):
|
||||
return 'this id is not available'
|
||||
|
||||
create_user_db(username, password)
|
||||
|
||||
return 'True'
|
||||
|
||||
|
||||
@app.route('/searchbox/')
|
||||
def searchbox():
|
||||
return render_template("searchbox.html")
|
||||
|
|
|
@ -3,60 +3,21 @@
|
|||
|
||||
import os
|
||||
import sys
|
||||
import redis
|
||||
import configparser
|
||||
|
||||
import bcrypt
|
||||
import secrets
|
||||
|
||||
# Import config
|
||||
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages/'))
|
||||
sys.path.append('./modules/')
|
||||
|
||||
def get_all_role():
|
||||
return r_serv_db.zrange('ail:all_role', 0 , -1)
|
||||
from Role_Manager import create_user_db, get_default_admin_token
|
||||
|
||||
def hashing_password(bytes_password):
|
||||
hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt())
|
||||
return hashed
|
||||
|
||||
def create_user_db(username_id , password, default=False, role=None, update=False):
|
||||
password = password.encode()
|
||||
password_hash = hashing_password(password)
|
||||
r_serv_db.hset('user:all', username_id, password_hash)
|
||||
if update:
|
||||
r_serv_db.hdel('user_metadata:{}'.format(username_id), 'change_passwd')
|
||||
else:
|
||||
if default:
|
||||
r_serv_db.hset('user_metadata:{}'.format(username_id), 'change_passwd', True)
|
||||
r_serv_db.hset('user_metadata:{}'.format(username_id), 'role', role)
|
||||
if role:
|
||||
if role in get_all_role():
|
||||
r_serv_db.sadd('user_role:{}'.format(role), username_id)
|
||||
|
||||
if __name__ == "__main__":
|
||||
configfile = os.path.join(os.environ['AIL_BIN'], 'packages/config.cfg')
|
||||
if not os.path.exists(configfile):
|
||||
raise Exception('Unable to find the configuration file. \
|
||||
Did you set environment variables? \
|
||||
Or activate the virtualenv.')
|
||||
|
||||
cfg = configparser.ConfigParser()
|
||||
cfg.read(configfile)
|
||||
|
||||
r_serv_db = redis.StrictRedis(
|
||||
host=cfg.get("ARDB_DB", "host"),
|
||||
port=cfg.getint("ARDB_DB", "port"),
|
||||
db=cfg.getint("ARDB_DB", "db"),
|
||||
decode_responses=True)
|
||||
|
||||
username = 'admin@admin.test'
|
||||
password = secrets.token_urlsafe()
|
||||
create_user_db(username, password, role='admin', default=True)
|
||||
|
||||
# create user token
|
||||
token = secrets.token_urlsafe(41)
|
||||
r_serv_db.hset('user:tokens', token, username)
|
||||
r_serv_db.hset('user_metadata:{}'.format(username), 'token', token)
|
||||
token = get_default_admin_token()
|
||||
|
||||
default_passwd_file = os.path.join(os.environ['AIL_HOME'], 'DEFAULT_PASSWORD')
|
||||
to_write_str = '# Password Generated by default\n# This file is deleted after the first login\n#\nemail=admin@admin.test\npassword='
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
import configparser
|
||||
import redis
|
||||
import os
|
||||
import re
|
||||
import sys
|
||||
|
||||
# FLASK #
|
||||
|
@ -176,9 +175,6 @@ max_dashboard_logs = int(cfg.get("Flask", "max_dashboard_logs"))
|
|||
|
||||
crawler_enabled = cfg.getboolean("Crawler", "activate_crawler")
|
||||
|
||||
regex_password = r'^(?=(.*\d){2})(?=.*[a-z])(?=.*[A-Z]).{10,}$'
|
||||
regex_password = re.compile(regex_password)
|
||||
|
||||
# VT
|
||||
try:
|
||||
from virusTotalKEYS import vt_key
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
# -*-coding:UTF-8 -*
|
||||
|
||||
import os
|
||||
import re
|
||||
import redis
|
||||
import bcrypt
|
||||
import secrets
|
||||
|
@ -31,6 +32,15 @@ r_serv_db = redis.StrictRedis(
|
|||
db=cfg.getint("ARDB_DB", "db"),
|
||||
decode_responses=True)
|
||||
|
||||
default_passwd_file = os.path.join(os.environ['AIL_HOME'], 'DEFAULT_PASSWORD')
|
||||
|
||||
regex_password = r'^(?=(.*\d){2})(?=.*[a-z])(?=.*[A-Z]).{10,100}$'
|
||||
regex_password = re.compile(regex_password)
|
||||
|
||||
###############################################################
|
||||
############### CHECK ROLE ACCESS ##################
|
||||
###############################################################
|
||||
|
||||
def login_admin(func):
|
||||
@wraps(func)
|
||||
def decorated_view(*args, **kwargs):
|
||||
|
@ -57,7 +67,11 @@ def login_analyst(func):
|
|||
###############################################################
|
||||
###############################################################
|
||||
|
||||
|
||||
def get_default_admin_token():
|
||||
if r_serv_db.exists('user_metadata:admin@admin.test'):
|
||||
return r_serv_db.hget('user_metadata:admin@admin.test', 'token')
|
||||
else:
|
||||
return ''
|
||||
|
||||
def create_user_db(username_id , password, default=False, role=None, update=False):
|
||||
password = password.encode()
|
||||
|
@ -70,6 +84,9 @@ def create_user_db(username_id , password, default=False, role=None, update=Fals
|
|||
|
||||
if update:
|
||||
r_serv_db.hdel('user_metadata:{}'.format(username_id), 'change_passwd')
|
||||
# remove default user password file
|
||||
if username_id=='admin@admin.test':
|
||||
os.remove(default_passwd_file)
|
||||
else:
|
||||
if default:
|
||||
r_serv_db.hset('user_metadata:{}'.format(username_id), 'change_passwd', True)
|
||||
|
@ -93,22 +110,17 @@ def edit_user_db(user_id, role, password=None):
|
|||
|
||||
if current_role < request_level:
|
||||
role_to_remove = get_user_role_by_range(current_role -1, request_level - 2)
|
||||
print('to remove')
|
||||
print(role_to_remove)
|
||||
for role_id in role_to_remove:
|
||||
r_serv_db.srem('user_role:{}'.format(role_id), user_id)
|
||||
r_serv_db.hset('user_metadata:{}'.format(user_id), 'role', role)
|
||||
else:
|
||||
role_to_add = get_user_role_by_range(request_level -1, current_role)
|
||||
print('to add')
|
||||
print(role_to_add)
|
||||
for role_id in role_to_add:
|
||||
r_serv_db.sadd('user_role:{}'.format(role_id), user_id)
|
||||
r_serv_db.hset('user_metadata:{}'.format(user_id), 'role', role)
|
||||
|
||||
def delete_user_db(user_id):
|
||||
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
|
||||
print('r')
|
||||
role_to_remove =get_all_role()
|
||||
for role_id in role_to_remove:
|
||||
r_serv_db.srem('user_role:{}'.format(role_id), user_id)
|
||||
|
@ -121,6 +133,13 @@ def hashing_password(bytes_password):
|
|||
hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt())
|
||||
return hashed
|
||||
|
||||
def check_password_strength(password):
|
||||
result = regex_password.match(password)
|
||||
if result:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def get_all_role():
|
||||
return r_serv_db.zrange('ail:all_role', 0, -1)
|
||||
|
||||
|
@ -132,6 +151,4 @@ def get_all_user_role(user_role):
|
|||
return r_serv_db.zrange('ail:all_role', current_role_val -1, -1)
|
||||
|
||||
def get_user_role_by_range(inf, sup):
|
||||
print(inf)
|
||||
print(sup)
|
||||
return r_serv_db.zrange('ail:all_role', inf, sup)
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for
|
||||
from flask_login import login_required, current_user
|
||||
|
||||
from Role_Manager import login_admin, login_analyst, create_user_db, edit_user_db, delete_user_db
|
||||
from Role_Manager import login_admin, login_analyst, create_user_db, edit_user_db, delete_user_db, check_password_strength
|
||||
|
||||
import json
|
||||
import secrets
|
||||
|
@ -26,7 +26,6 @@ max_preview_char = Flask_config.max_preview_char
|
|||
max_preview_modal = Flask_config.max_preview_modal
|
||||
REPO_ORIGIN = Flask_config.REPO_ORIGIN
|
||||
dict_update_description = Flask_config.dict_update_description
|
||||
regex_password = Flask_config.regex_password
|
||||
|
||||
settings = Blueprint('settings', __name__, template_folder='templates')
|
||||
|
||||
|
@ -36,13 +35,6 @@ settings = Blueprint('settings', __name__, template_folder='templates')
|
|||
def one():
|
||||
return 1
|
||||
|
||||
def check_password_strength(password):
|
||||
result = regex_password.match(password)
|
||||
if result:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def generate_new_token(user_id):
|
||||
# create user token
|
||||
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
|
||||
|
@ -162,7 +154,7 @@ def create_user_post():
|
|||
|
||||
all_roles = get_all_roles()
|
||||
|
||||
if email and role:
|
||||
if email and len(email)< 300 and role:
|
||||
if role in all_roles:
|
||||
# password set
|
||||
if password1 and password2:
|
||||
|
@ -206,7 +198,6 @@ def users_list():
|
|||
new_user_dict['email'] = new_user
|
||||
new_user_dict['edited'] = request.args.get('new_user_edited')
|
||||
new_user_dict['password'] = request.args.get('new_user_password')
|
||||
print(new_user)
|
||||
return render_template("users_list.html", all_users=all_users, new_user=new_user_dict)
|
||||
|
||||
@settings.route("/settings/edit_user", methods=['GET'])
|
||||
|
|
|
@ -83,6 +83,10 @@
|
|||
Digits: 0-9
|
||||
<span class="badge badge-primary badge-pill">2</span>
|
||||
</li>
|
||||
<li class="list-group-item d-flex justify-content-between align-items-center">
|
||||
Maximum length
|
||||
<span class="badge badge-primary badge-pill">100</span>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -100,7 +100,7 @@
|
|||
|
||||
<script>
|
||||
$(document).ready(function(){
|
||||
$("#nav_edit_profile").addClass("active");
|
||||
$("#nav_users_list").addClass("active");
|
||||
$("#nav_user_management").removeClass("text-muted");
|
||||
} );
|
||||
</script>
|
||||
|
|
|
@ -91,6 +91,10 @@
|
|||
Digits: 0-9
|
||||
<span class="badge badge-primary badge-pill">2</span>
|
||||
</li>
|
||||
<li class="list-group-item d-flex justify-content-between align-items-center">
|
||||
Maximum length
|
||||
<span class="badge badge-primary badge-pill">100</span>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
</form>
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
</h5>
|
||||
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="{{url_for('hashDecoded.hashDecoded_page')}}" id="nav_server_status">
|
||||
<a class="nav-link" href="{{url_for('settings.settings_page')}}" id="nav_server_status">
|
||||
<i class="fas fa-tools"></i>
|
||||
<span>Server Status</span>
|
||||
</a>
|
||||
|
|
Loading…
Reference in a new issue