From 8f242549fcf5c91700464c1228b22a3f46fd061e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Mon, 31 Aug 2020 16:34:28 +0200
Subject: [PATCH] chg: Allow to disable user context form

---
 config/generic.json.sample                | 2 ++
 website/web/__init__.py                   | 7 ++++++-
 website/web/templates/hostname_popup.html | 6 ++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/config/generic.json.sample b/config/generic.json.sample
index 507fa011..c6fa359a 100644
--- a/config/generic.json.sample
+++ b/config/generic.json.sample
@@ -14,6 +14,7 @@
   "max_depth": 1,
   "use_user_agents_users": false,
   "enable_default_blur_screenshot": false,
+  "enable_context_by_users": false,
   "enable_mail_notification": false,
   "email": {
       "from": "Lookyloo <lookyloo@myorg.local>",
@@ -35,6 +36,7 @@
     "max_depth": "Maximum depth for scraping. Anything > 1 will be exponentially bigger.",
     "use_user_agents_users": "Only usable for medium/high use instances: use the user agents of the users of the platform",
     "enable_default_blur_screenshot": "If true, blur the screenshot by default (useful on public instances)",
+    "enable_context_by_users": "Allow the users to add context to a response body",
     "enable_mail_notification": "Enable email notification or not",
     "email": "Configuration for sending email notifications."
   }
diff --git a/website/web/__init__.py b/website/web/__init__.py
index f135ed6b..06c07224 100644
--- a/website/web/__init__.py
+++ b/website/web/__init__.py
@@ -191,6 +191,10 @@ def hostnode_popup(tree_uuid: str, node_uuid: str):
     keys_request = {
         'request_cookie': "/static/cookie_read.png",
     }
+    if lookyloo.get_config('enable_context_by_users'):
+        enable_context_by_users = True
+    else:
+        enable_context_by_users = False
 
     hostnode, urls = lookyloo.get_hostnode_investigator(tree_uuid, node_uuid)
 
@@ -200,7 +204,8 @@ def hostnode_popup(tree_uuid: str, node_uuid: str):
                            hostname=hostnode.name,
                            urls=urls,
                            keys_response=keys_response,
-                           keys_request=keys_request)
+                           keys_request=keys_request,
+                           enable_context_by_users=enable_context_by_users)
 
 
 @app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/request_cookies', methods=['GET'])
diff --git a/website/web/templates/hostname_popup.html b/website/web/templates/hostname_popup.html
index 93f05f02..7eafcf91 100644
--- a/website/web/templates/hostname_popup.html
+++ b/website/web/templates/hostname_popup.html
@@ -158,9 +158,10 @@
             </p>
           </div>
           {% endif %}
+          {% if enable_context_by_users%}
           <button class="btn btn-primary collapsed" type="button" data-toggle="collapse" data-target="#context_response_{{ url['url_object'].uuid }}" aria-expanded="false" aria-controls="collapseContextForm">
-            <span class="if-collapsed">Add context.</span>
-            <span class="if-not-collapsed">Hide context form.</span>
+            <span class="if-collapsed">Add context</span>
+            <span class="if-not-collapsed">Hide context form</span>
           </button>
           <div class="collapse" id="context_response_{{ url['url_object'].uuid }}">
             <div class="card card-body">
@@ -199,6 +200,7 @@
                 </form>
             </div>
           </div>
+          {% endif %}
 
           {% if url['embedded_ressources'] %}
           {# Details on embedded resources #}