chg: [UI user_management] incorrect passwords: display errors

This commit is contained in:
Terrtia 2019-06-20 10:56:31 +02:00
parent e4ab9b6a05
commit 7ecd43db99
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
6 changed files with 62 additions and 21 deletions

View file

@ -193,18 +193,26 @@ def login():
def change_password(): def change_password():
password1 = request.form.get('password1') password1 = request.form.get('password1')
password2 = request.form.get('password2') password2 = request.form.get('password2')
error = request.args.get('error')
# # TODO: display errors message if error:
return render_template("change_password.html", error=error)
if current_user.is_authenticated and password1!=None and password1==password2: if current_user.is_authenticated and password1!=None:
if password1==password2:
if check_password_strength(password1): if check_password_strength(password1):
user_id = current_user.get_id() user_id = current_user.get_id()
create_user_db(user_id , password1, update=True) create_user_db(user_id , password1, update=True)
return redirect(url_for('dashboard.index')) return redirect(url_for('dashboard.index'))
else: else:
return render_template("change_password.html") error = 'Incorrect password'
return render_template("change_password.html", error=error)
else: else:
return render_template("change_password.html") error = "Passwords don't match"
return render_template("change_password.html", error=error)
else:
error = 'Please choose a new password'
return render_template("change_password.html", error=error)
@app.route('/logout') @app.route('/logout')
@login_required @login_required
@ -229,7 +237,7 @@ def searchbox():
@app.errorhandler(404) @app.errorhandler(404)
@login_required @login_required
def page_not_found(e): def page_not_found(e):
# note that we set the 404 status explicitly # avoid endpoint enumeration
return render_template('error/404.html'), 404 return render_template('error/404.html'), 404
# ========== INITIAL taxonomies ============ # ========== INITIAL taxonomies ============

View file

@ -7,6 +7,7 @@
import configparser import configparser
import redis import redis
import os import os
import re
import sys import sys
# FLASK # # FLASK #
@ -175,6 +176,9 @@ max_dashboard_logs = int(cfg.get("Flask", "max_dashboard_logs"))
crawler_enabled = cfg.getboolean("Crawler", "activate_crawler") crawler_enabled = cfg.getboolean("Crawler", "activate_crawler")
email_regex = r'[^@]+@[^@]+\.[^@]+'
email_regex = re.compile(email_regex)
# VT # VT
try: try:
from virusTotalKEYS import vt_key from virusTotalKEYS import vt_key

View file

@ -27,6 +27,7 @@ max_preview_char = Flask_config.max_preview_char
max_preview_modal = Flask_config.max_preview_modal max_preview_modal = Flask_config.max_preview_modal
REPO_ORIGIN = Flask_config.REPO_ORIGIN REPO_ORIGIN = Flask_config.REPO_ORIGIN
dict_update_description = Flask_config.dict_update_description dict_update_description = Flask_config.dict_update_description
email_regex = Flask_config.email_regex
settings = Blueprint('settings', __name__, template_folder='templates') settings = Blueprint('settings', __name__, template_folder='templates')
@ -36,6 +37,13 @@ settings = Blueprint('settings', __name__, template_folder='templates')
def one(): def one():
return 1 return 1
def check_email(email):
result = email_regex.match(email)
if result:
return True
else:
return False
def generate_new_token(user_id): def generate_new_token(user_id):
# create user token # create user token
current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token') current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
@ -142,13 +150,15 @@ def new_token_user():
@login_admin @login_admin
def create_user(): def create_user():
user_id = request.args.get('user_id') user_id = request.args.get('user_id')
error = request.args.get('error')
error_mail = request.args.get('error_mail')
role = None role = None
if r_serv_db.exists('user_metadata:{}'.format(user_id)): if r_serv_db.exists('user_metadata:{}'.format(user_id)):
role = r_serv_db.hget('user_metadata:{}'.format(user_id), 'role') role = r_serv_db.hget('user_metadata:{}'.format(user_id), 'role')
else: else:
user_id = None user_id = None
all_roles = get_all_roles() all_roles = get_all_roles()
return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role) return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role, error=error, error_mail=error_mail)
@settings.route("/settings/create_user_post", methods=['POST']) @settings.route("/settings/create_user_post", methods=['POST'])
@login_required @login_required
@ -161,7 +171,7 @@ def create_user_post():
all_roles = get_all_roles() all_roles = get_all_roles()
if email and len(email)< 300 and role: if email and len(email)< 300 and check_email(email) and role:
if role in all_roles: if role in all_roles:
# password set # password set
if password1 and password2: if password1 and password2:
@ -169,9 +179,9 @@ def create_user_post():
if check_password_strength(password1): if check_password_strength(password1):
password = password1 password = password1
else: else:
return render_template("create_user.html", all_roles=all_roles) return render_template("create_user.html", all_roles=all_roles, error="Incorrect Password")
else: else:
return render_template("create_user.html", all_roles=all_roles) return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match")
# generate password # generate password
else: else:
password = secrets.token_urlsafe() password = secrets.token_urlsafe()
@ -193,7 +203,7 @@ def create_user_post():
else: else:
return render_template("create_user.html", all_roles=all_roles) return render_template("create_user.html", all_roles=all_roles)
else: else:
return render_template("create_user.html", all_roles=all_roles) return render_template("create_user.html", all_roles=all_roles, error_mail=True)
@settings.route("/settings/users_list", methods=['GET']) @settings.route("/settings/users_list", methods=['GET'])
@login_required @login_required

View file

@ -33,7 +33,12 @@
<h1 class="h3 mt-1 mb-3 text-center text-secondary">Create User</h1> <h1 class="h3 mt-1 mb-3 text-center text-secondary">Create User</h1>
<label for="inputEmail" class="sr-only">Email address</label> <label for="inputEmail" class="sr-only">Email address</label>
<input type="email" id="inputEmail" name="username" class="form-control" placeholder="Email address" autocomplete="off" required {% if user_id %}value="{{user_id}}"{% else %}{% endif %}> <input type="email" id="inputEmail" name="username" class="form-control {% if error_mail %}is-invalid{% endif %}" placeholder="Email address" autocomplete="off" required {% if user_id %}value="{{user_id}}"{% else %}{% endif %}>
{% if error_mail %}
<div class="invalid-feedback">
Please provide a valid email address
</div>
{% endif %}
<label class="mt-3" for="role_selector">User Role</label> <label class="mt-3" for="role_selector">User Role</label>
<select class="custom-select" id="role_selector" name="user_role"> <select class="custom-select" id="role_selector" name="user_role">
@ -54,9 +59,14 @@
<div id="password-section"> <div id="password-section">
<h1 class="h3 mb-3 text-center text-secondary">Create Password</h1> <h1 class="h3 mb-3 text-center text-secondary">Create Password</h1>
<label for="inputPassword1" class="sr-only">Password</label> <label for="inputPassword1" class="sr-only">Password</label>
<input type="password" id="inputPassword1" name="password1" class="form-control" placeholder="Password" autocomplete="new-password"> <input type="password" id="inputPassword1" name="password1" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Password" autocomplete="new-password">
<label for="inputPassword2" class="sr-only">Confirm Password</label> <label for="inputPassword2" class="sr-only">Confirm Password</label>
<input type="password" id="inputPassword2" name="password2" class="form-control" placeholder="Confirm Password" value="" autocomplete="new-password"> <input type="password" id="inputPassword2" name="password2" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Confirm Password" value="" autocomplete="new-password">
{% if error %}
<div class="invalid-feedback">
{{error}}
</div>
{% endif %}
</div> </div>
<button class="btn btn-lg btn-primary btn-block mt-3" type="submit">Submit</button> <button class="btn btn-lg btn-primary btn-block mt-3" type="submit">Submit</button>
@ -104,6 +114,10 @@ $(document).ready(function(){
$("#password-section-info").hide(); $("#password-section-info").hide();
$("#nav_create_user").addClass("active"); $("#nav_create_user").addClass("active");
$("#nav_user_management").removeClass("text-muted"); $("#nav_user_management").removeClass("text-muted");
{% if error %}
toggle_password_fields();
{% endif %}
} ); } );
function toggle_password_fields() { function toggle_password_fields() {

View file

@ -65,9 +65,14 @@
<img class="mb-4" src="{{ url_for('static', filename='image/logo-small.png')}}" width="300"> <img class="mb-4" src="{{ url_for('static', filename='image/logo-small.png')}}" width="300">
<h1 class="h3 mb-3 text-secondary">Change Password</h1> <h1 class="h3 mb-3 text-secondary">Change Password</h1>
<label for="inputPassword1" class="sr-only">Password</label> <label for="inputPassword1" class="sr-only">Password</label>
<input type="password" id="inputPassword1" name="password1" class="form-control" placeholder="Password" autocomplete="new-password" required autofocus> <input type="password" id="inputPassword1" name="password1" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Password" autocomplete="new-password" required autofocus>
<label for="inputPassword2" class="sr-only">Confirm Password</label> <label for="inputPassword2" class="sr-only">Confirm Password</label>
<input type="password" id="inputPassword2" name="password2" class="form-control" placeholder="Confirm Password" value="" autocomplete="new-password" required> <input type="password" id="inputPassword2" name="password2" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Confirm Password" value="" autocomplete="new-password" required>
{% if error %}
<div class="invalid-feedback">
{{error}}
</div>
{% endif %}
<button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button> <button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button>
<br> <br>

View file

@ -2,7 +2,7 @@
<html> <html>
<head> <head>
<title>403 - AIL</title> <title>404 - AIL</title>
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}"> <link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
<!-- Core CSS --> <!-- Core CSS -->