From 7e27089255bbd010b9887340a001e8e2a9c079b4 Mon Sep 17 00:00:00 2001 From: terrtia Date: Tue, 14 Jan 2025 16:21:01 +0100 Subject: [PATCH] chg: [user] force lowercase + add v6.0.1 update --- bin/lib/Tracker.py | 10 +++--- bin/lib/ail_users.py | 39 ++++++++++++++++++++++ var/www/blueprints/hunters.py | 10 ++++-- var/www/blueprints/settings_b.py | 33 +++++++++++++++++- var/www/templates/dashboard/dashboard.html | 6 +++- 5 files changed, 90 insertions(+), 8 deletions(-) diff --git a/bin/lib/Tracker.py b/bin/lib/Tracker.py index dfb0198b..04b09549 100755 --- a/bin/lib/Tracker.py +++ b/bin/lib/Tracker.py @@ -744,20 +744,22 @@ def get_org_trackers_meta(user_org, tracker_type=None): metas.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'})) return metas -def get_users_trackers_meta(): +def get_users_trackers_meta(user_id): trackers = [] for tracker_uuid in get_trackers(): tracker = Tracker(tracker_uuid) if tracker.is_level_user(): - trackers.append(tracker.get_meta(options={'mails', 'sparkline', 'tags'})) + if tracker.get_user() != user_id: + trackers.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'})) return trackers -def get_orgs_trackers_meta(): +def get_orgs_trackers_meta(user_org): trackers = [] for tracker_uuid in get_trackers(): tracker = Tracker(tracker_uuid) if tracker.is_level_org(): - trackers.append(tracker.get_meta(options={'mails', 'sparkline', 'tags'})) + if tracker.get_org() != user_org: + trackers.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'})) return trackers def get_trackers_graph_by_day(l_trackers, num_day=31, date_from=None, date_to=None): diff --git a/bin/lib/ail_users.py b/bin/lib/ail_users.py index e60aec64..da2cb3da 100755 --- a/bin/lib/ail_users.py +++ b/bin/lib/ail_users.py @@ -731,6 +731,45 @@ def api_delete_user(user_id, admin_id, ip_address, user_agent): return user.delete(), 200 ######################################################################################################################## + +def _fix_user_lowercase(user_id): # TODO CHANGE EDIT DATE + l_user_id = user_id.lower() + + if user_id != l_user_id: + kill_session_user(user_id) + + # role + role = get_user_role(user_id) + for role_id in get_roles(): + r_serv_db.srem(f'ail:users:role:{role_id}', user_id) + set_user_role(l_user_id, role) + + # token + token = get_user_token(user_id) + r_serv_db.hdel('ail:users:tokens', token) + r_serv_db.hset('ail:users:tokens', token, l_user_id) + + # org + org = ail_orgs.Organisation(get_user_org(user_id)) + org.remove_user(user_id) + + # meta + try: + r_serv_db.rename(f'ail:user:metadata:{user_id}', f'ail:user:metadata:{l_user_id}') + except Exception: + pass + + # org + org.add_user(l_user_id) + + # sets + p_hash = get_user_passwd_hash(user_id) + r_serv_db.hdel('ail:users:all', user_id) + r_serv_db.hset('ail:users:all', l_user_id, p_hash) + + date = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S') + r_serv_db.hset(f'ail:user:metadata:{l_user_id}', 'last_edit', date) + ######################################################################################################################## #### ROLES #### diff --git a/var/www/blueprints/hunters.py b/var/www/blueprints/hunters.py index 8644b8e6..c489ab79 100644 --- a/var/www/blueprints/hunters.py +++ b/var/www/blueprints/hunters.py @@ -145,8 +145,10 @@ def tracked_menu_typosquatting(): @login_required @login_admin def tracked_menu_admin(): - org_trackers = Tracker.get_orgs_trackers_meta() - user_trackers = Tracker.get_users_trackers_meta() + user_id = current_user.get_user_id() + user_org = current_user.get_org() + org_trackers = Tracker.get_orgs_trackers_meta(user_org) + user_trackers = Tracker.get_users_trackers_meta(user_id) return render_template("trackersManagement.html", user_trackers=user_trackers, org_trackers=org_trackers, global_trackers=[], bootstrap_label=bootstrap_label) @@ -277,6 +279,10 @@ def parse_add_edit_request(request_form): if sources: sources = json.loads(sources) filters[obj_type]['sources'] = sources + excludes = request_form.get(f'sources_{obj_type}_exclude', []) + if excludes: + excludes = json.loads(excludes) + filters[obj_type]['excludes'] = excludes # Subtypes for obj_subtype in ail_core.get_object_all_subtypes(obj_type): subtype = request_form.get(f'filter_{obj_type}_{obj_subtype}') diff --git a/var/www/blueprints/settings_b.py b/var/www/blueprints/settings_b.py index 79ad9dbe..3e269c74 100644 --- a/var/www/blueprints/settings_b.py +++ b/var/www/blueprints/settings_b.py @@ -74,6 +74,8 @@ def user_profile(): global_2fa = ail_users.is_2fa_enabled() return render_template("user_profile.html", meta=meta, global_2fa=global_2fa,acl_admin=acl_admin) +#### USER OTP #### + @settings_b.route("/settings/user/hotp", methods=['GET']) @login_required @login_read_only @@ -160,6 +162,10 @@ def user_otp_reset(): # TODO ask for password ? user.kill_session() return redirect(url_for('settings_b.users_list')) +## --USER OTP-- ## + +#### USER API #### + @settings_b.route("/settings/user/api_key/new", methods=['GET']) @login_required @login_user @@ -183,6 +189,30 @@ def new_token_user(): else: return redirect(url_for('settings_b.users_list')) +## --USER API-- ## + +#### USER MISP #### + +# @settings_b.route("/settings/user/misp", methods=['GET']) +# @login_required +# @login_user +# def user_misp(): +# pass +# +# @settings_b.route("/settings/user/misp/add", methods=['GET']) +# @login_required +# @login_user +# def user_misp_add(): +# pass +# +# @settings_b.route("/settings/user/misp/delete", methods=['GET']) +# @login_required +# @login_user +# def user_misp_add(): +# pass + +## --USER MISP-- ## + @settings_b.route("/settings/user/logout", methods=['GET']) @login_required @login_admin @@ -244,7 +274,7 @@ def create_user_post(): # Admin ID admin_id = current_user.get_user_id() - email = request.form.get('username') + email = request.form.get('username', '') org_uuid = request.form.get('user_organisation') role = request.form.get('user_role') password1 = request.form.get('password1') @@ -260,6 +290,7 @@ def create_user_post(): all_roles = ail_users.get_roles() + email = email.lower() if email and len(email) < 300 and ail_users.check_email(email) and role: if role in all_roles: # password set diff --git a/var/www/templates/dashboard/dashboard.html b/var/www/templates/dashboard/dashboard.html index 0e3e6560..a0327894 100644 --- a/var/www/templates/dashboard/dashboard.html +++ b/var/www/templates/dashboard/dashboard.html @@ -332,7 +332,11 @@ function updateDate() { if (day < 10) { day = "0" + day; } - let current_date = d.getUTCFullYear() + ' - ' + (d.getUTCMonth() + 1) + ' - ' + day; + let month = d.getUTCMonth() + 1 + if (month < 10) { + month = "0" + month; + } + let current_date = d.getUTCFullYear() + ' - ' + month + ' - ' + day; $('#current_date').text(current_date) }