mirror of
https://github.com/ail-project/ail-framework.git
synced 2025-01-18 16:36:13 +00:00
chg: [user] force lowercase + add v6.0.1 update
This commit is contained in:
terrtia
parent
aecf71d5a3
commit
7e27089255
5 changed files with 90 additions and 8 deletions
|
|
@ -744,20 +744,22 @@ def get_org_trackers_meta(user_org, tracker_type=None):
|
||||||
metas.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'}))
|
metas.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'}))
|
||||||
return metas
|
return metas
|
||||||
|
|
||||||
def get_users_trackers_meta():
|
def get_users_trackers_meta(user_id):
|
||||||
trackers = []
|
trackers = []
|
||||||
for tracker_uuid in get_trackers():
|
for tracker_uuid in get_trackers():
|
||||||
tracker = Tracker(tracker_uuid)
|
tracker = Tracker(tracker_uuid)
|
||||||
if tracker.is_level_user():
|
if tracker.is_level_user():
|
||||||
trackers.append(tracker.get_meta(options={'mails', 'sparkline', 'tags'}))
|
if tracker.get_user() != user_id:
|
||||||
|
trackers.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'}))
|
||||||
return trackers
|
return trackers
|
||||||
|
|
||||||
def get_orgs_trackers_meta():
|
def get_orgs_trackers_meta(user_org):
|
||||||
trackers = []
|
trackers = []
|
||||||
for tracker_uuid in get_trackers():
|
for tracker_uuid in get_trackers():
|
||||||
tracker = Tracker(tracker_uuid)
|
tracker = Tracker(tracker_uuid)
|
||||||
if tracker.is_level_org():
|
if tracker.is_level_org():
|
||||||
trackers.append(tracker.get_meta(options={'mails', 'sparkline', 'tags'}))
|
if tracker.get_org() != user_org:
|
||||||
|
trackers.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'}))
|
||||||
return trackers
|
return trackers
|
||||||
|
|
||||||
def get_trackers_graph_by_day(l_trackers, num_day=31, date_from=None, date_to=None):
|
def get_trackers_graph_by_day(l_trackers, num_day=31, date_from=None, date_to=None):
|
||||||
|
|
|
||||||
|
|
@ -731,6 +731,45 @@ def api_delete_user(user_id, admin_id, ip_address, user_agent):
|
||||||
return user.delete(), 200
|
return user.delete(), 200
|
||||||
|
|
||||||
########################################################################################################################
|
########################################################################################################################
|
||||||
|
|
||||||
|
def _fix_user_lowercase(user_id): # TODO CHANGE EDIT DATE
|
||||||
|
l_user_id = user_id.lower()
|
||||||
|
|
||||||
|
if user_id != l_user_id:
|
||||||
|
kill_session_user(user_id)
|
||||||
|
|
||||||
|
# role
|
||||||
|
role = get_user_role(user_id)
|
||||||
|
for role_id in get_roles():
|
||||||
|
r_serv_db.srem(f'ail:users:role:{role_id}', user_id)
|
||||||
|
set_user_role(l_user_id, role)
|
||||||
|
|
||||||
|
# token
|
||||||
|
token = get_user_token(user_id)
|
||||||
|
r_serv_db.hdel('ail:users:tokens', token)
|
||||||
|
r_serv_db.hset('ail:users:tokens', token, l_user_id)
|
||||||
|
|
||||||
|
# org
|
||||||
|
org = ail_orgs.Organisation(get_user_org(user_id))
|
||||||
|
org.remove_user(user_id)
|
||||||
|
|
||||||
|
# meta
|
||||||
|
try:
|
||||||
|
r_serv_db.rename(f'ail:user:metadata:{user_id}', f'ail:user:metadata:{l_user_id}')
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
|
||||||
|
# org
|
||||||
|
org.add_user(l_user_id)
|
||||||
|
|
||||||
|
# sets
|
||||||
|
p_hash = get_user_passwd_hash(user_id)
|
||||||
|
r_serv_db.hdel('ail:users:all', user_id)
|
||||||
|
r_serv_db.hset('ail:users:all', l_user_id, p_hash)
|
||||||
|
|
||||||
|
date = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
|
||||||
|
r_serv_db.hset(f'ail:user:metadata:{l_user_id}', 'last_edit', date)
|
||||||
|
|
||||||
########################################################################################################################
|
########################################################################################################################
|
||||||
|
|
||||||
#### ROLES ####
|
#### ROLES ####
|
||||||
|
|
|
||||||
|
|
@ -145,8 +145,10 @@ def tracked_menu_typosquatting():
|
||||||
@login_required
|
@login_required
|
||||||
@login_admin
|
@login_admin
|
||||||
def tracked_menu_admin():
|
def tracked_menu_admin():
|
||||||
org_trackers = Tracker.get_orgs_trackers_meta()
|
user_id = current_user.get_user_id()
|
||||||
user_trackers = Tracker.get_users_trackers_meta()
|
user_org = current_user.get_org()
|
||||||
|
org_trackers = Tracker.get_orgs_trackers_meta(user_org)
|
||||||
|
user_trackers = Tracker.get_users_trackers_meta(user_id)
|
||||||
return render_template("trackersManagement.html", user_trackers=user_trackers, org_trackers=org_trackers, global_trackers=[],
|
return render_template("trackersManagement.html", user_trackers=user_trackers, org_trackers=org_trackers, global_trackers=[],
|
||||||
bootstrap_label=bootstrap_label)
|
bootstrap_label=bootstrap_label)
|
||||||
|
|
||||||
|
|
@ -277,6 +279,10 @@ def parse_add_edit_request(request_form):
|
||||||
if sources:
|
if sources:
|
||||||
sources = json.loads(sources)
|
sources = json.loads(sources)
|
||||||
filters[obj_type]['sources'] = sources
|
filters[obj_type]['sources'] = sources
|
||||||
|
excludes = request_form.get(f'sources_{obj_type}_exclude', [])
|
||||||
|
if excludes:
|
||||||
|
excludes = json.loads(excludes)
|
||||||
|
filters[obj_type]['excludes'] = excludes
|
||||||
# Subtypes
|
# Subtypes
|
||||||
for obj_subtype in ail_core.get_object_all_subtypes(obj_type):
|
for obj_subtype in ail_core.get_object_all_subtypes(obj_type):
|
||||||
subtype = request_form.get(f'filter_{obj_type}_{obj_subtype}')
|
subtype = request_form.get(f'filter_{obj_type}_{obj_subtype}')
|
||||||
|
|
|
||||||
|
|
@ -74,6 +74,8 @@ def user_profile():
|
||||||
global_2fa = ail_users.is_2fa_enabled()
|
global_2fa = ail_users.is_2fa_enabled()
|
||||||
return render_template("user_profile.html", meta=meta, global_2fa=global_2fa,acl_admin=acl_admin)
|
return render_template("user_profile.html", meta=meta, global_2fa=global_2fa,acl_admin=acl_admin)
|
||||||
|
|
||||||
|
#### USER OTP ####
|
||||||
|
|
||||||
@settings_b.route("/settings/user/hotp", methods=['GET'])
|
@settings_b.route("/settings/user/hotp", methods=['GET'])
|
||||||
@login_required
|
@login_required
|
||||||
@login_read_only
|
@login_read_only
|
||||||
|
|
@ -160,6 +162,10 @@ def user_otp_reset(): # TODO ask for password ?
|
||||||
user.kill_session()
|
user.kill_session()
|
||||||
return redirect(url_for('settings_b.users_list'))
|
return redirect(url_for('settings_b.users_list'))
|
||||||
|
|
||||||
|
## --USER OTP-- ##
|
||||||
|
|
||||||
|
#### USER API ####
|
||||||
|
|
||||||
@settings_b.route("/settings/user/api_key/new", methods=['GET'])
|
@settings_b.route("/settings/user/api_key/new", methods=['GET'])
|
||||||
@login_required
|
@login_required
|
||||||
@login_user
|
@login_user
|
||||||
|
|
@ -183,6 +189,30 @@ def new_token_user():
|
||||||
else:
|
else:
|
||||||
return redirect(url_for('settings_b.users_list'))
|
return redirect(url_for('settings_b.users_list'))
|
||||||
|
|
||||||
|
## --USER API-- ##
|
||||||
|
|
||||||
|
#### USER MISP ####
|
||||||
|
|
||||||
|
# @settings_b.route("/settings/user/misp", methods=['GET'])
|
||||||
|
# @login_required
|
||||||
|
# @login_user
|
||||||
|
# def user_misp():
|
||||||
|
# pass
|
||||||
|
#
|
||||||
|
# @settings_b.route("/settings/user/misp/add", methods=['GET'])
|
||||||
|
# @login_required
|
||||||
|
# @login_user
|
||||||
|
# def user_misp_add():
|
||||||
|
# pass
|
||||||
|
#
|
||||||
|
# @settings_b.route("/settings/user/misp/delete", methods=['GET'])
|
||||||
|
# @login_required
|
||||||
|
# @login_user
|
||||||
|
# def user_misp_add():
|
||||||
|
# pass
|
||||||
|
|
||||||
|
## --USER MISP-- ##
|
||||||
|
|
||||||
@settings_b.route("/settings/user/logout", methods=['GET'])
|
@settings_b.route("/settings/user/logout", methods=['GET'])
|
||||||
@login_required
|
@login_required
|
||||||
@login_admin
|
@login_admin
|
||||||
|
|
@ -244,7 +274,7 @@ def create_user_post():
|
||||||
# Admin ID
|
# Admin ID
|
||||||
admin_id = current_user.get_user_id()
|
admin_id = current_user.get_user_id()
|
||||||
|
|
||||||
email = request.form.get('username')
|
email = request.form.get('username', '')
|
||||||
org_uuid = request.form.get('user_organisation')
|
org_uuid = request.form.get('user_organisation')
|
||||||
role = request.form.get('user_role')
|
role = request.form.get('user_role')
|
||||||
password1 = request.form.get('password1')
|
password1 = request.form.get('password1')
|
||||||
|
|
@ -260,6 +290,7 @@ def create_user_post():
|
||||||
|
|
||||||
all_roles = ail_users.get_roles()
|
all_roles = ail_users.get_roles()
|
||||||
|
|
||||||
|
email = email.lower()
|
||||||
if email and len(email) < 300 and ail_users.check_email(email) and role:
|
if email and len(email) < 300 and ail_users.check_email(email) and role:
|
||||||
if role in all_roles:
|
if role in all_roles:
|
||||||
# password set
|
# password set
|
||||||
|
|
|
||||||
|
|
@ -332,7 +332,11 @@ function updateDate() {
|
||||||
if (day < 10) {
|
if (day < 10) {
|
||||||
day = "0" + day;
|
day = "0" + day;
|
||||||
}
|
}
|
||||||
let current_date = d.getUTCFullYear() + ' - ' + (d.getUTCMonth() + 1) + ' - ' + day;
|
let month = d.getUTCMonth() + 1
|
||||||
|
if (month < 10) {
|
||||||
|
month = "0" + month;
|
||||||
|
}
|
||||||
|
let current_date = d.getUTCFullYear() + ' - ' + month + ' - ' + day;
|
||||||
$('#current_date').text(current_date)
|
$('#current_date').text(current_date)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue