From 3630ec0460eff75f0cf4d154b7fe81d10bed6804 Mon Sep 17 00:00:00 2001 From: Terrtia Date: Fri, 16 Aug 2019 17:52:02 +0200 Subject: [PATCH] fix: [api register_sensor] fix role + endpoint --- server/lib/Sensor.py | 8 ++++--- server/web/Flask_server.py | 38 +++++++++++++++++++++++++++---- server/web/Role_Manager.py | 6 ++--- server/web/create_default_user.py | 10 ++++++++ 4 files changed, 51 insertions(+), 11 deletions(-) diff --git a/server/lib/Sensor.py b/server/lib/Sensor.py index 796dc04..d4134f6 100755 --- a/server/lib/Sensor.py +++ b/server/lib/Sensor.py @@ -21,7 +21,7 @@ def is_valid_uuid_v4(UUID): except: return False -## TODO: add user_id + description +## TODO: add description def register_sensor(req_dict): sensor_uuid = req_dict.get('uuid', None) hmac_key = req_dict.get('hmac_key', None) @@ -33,14 +33,16 @@ def register_sensor(req_dict): if r_serv_db.exists('metadata_uuid:{}'.format(sensor_uuid)): return ({"status": "error", "reason": "Sensor already registred"}, 409) - res = _register_sensor(sensor_uuid, hmac_key, user_id=None, description=None) + user_id = req_dict.get('uuid', None) + + res = _register_sensor(sensor_uuid, hmac_key, user_id=user_id, description=None) return res def _register_sensor(sensor_uuid, secret_key, user_id=None, description=None): r_serv_db.hset('metadata_uuid:{}'.format(sensor_uuid), 'hmac_key', secret_key) if user_id: - r_serv_db.hset('metadata_uuid:{}'.format(sensor_uuid), 'description', description) + r_serv_db.hset('metadata_uuid:{}'.format(sensor_uuid), 'user_mail', user_id) if description: r_serv_db.hset('metadata_uuid:{}'.format(sensor_uuid), 'description', description) return ({'uuid': sensor_uuid}, 200) diff --git a/server/web/Flask_server.py b/server/web/Flask_server.py index 4f24881..b7343a2 100755 --- a/server/web/Flask_server.py +++ b/server/web/Flask_server.py @@ -24,7 +24,7 @@ import bcrypt # Import Role_Manager from Role_Manager import create_user_db, check_password_strength, check_user_role_integrity -from Role_Manager import login_admin, login_analyst +from Role_Manager import login_user_basic sys.path.append(os.path.join(os.environ['D4_HOME'], 'lib')) from User import User @@ -361,18 +361,16 @@ def logout(): def role(): return render_template("error/403.html"), 403 -@app.route('/test') -def test(): - return 'test' - @app.route('/') @login_required +@login_user_basic def index(): date = datetime.datetime.now().strftime("%Y/%m/%d") return render_template("index.html", date=date) @app.route('/_json_daily_uuid_stats') @login_required +@login_user_basic def _json_daily_uuid_stats(): date = datetime.datetime.now().strftime("%Y%m%d") daily_uuid = redis_server_metadata.zrange('daily_uuid:{}'.format(date), 0, -1, withscores=True) @@ -385,6 +383,7 @@ def _json_daily_uuid_stats(): @app.route('/_json_daily_type_stats') @login_required +@login_user_basic def _json_daily_type_stats(): date = datetime.datetime.now().strftime("%Y%m%d") daily_uuid = redis_server_metadata.zrange('daily_type:{}'.format(date), 0, -1, withscores=True) @@ -402,6 +401,7 @@ def _json_daily_type_stats(): @app.route('/sensors_status') @login_required +@login_user_basic def sensors_status(): active_connection_filter = request.args.get('active_connection_filter') if active_connection_filter is None: @@ -482,6 +482,7 @@ def sensors_status(): @app.route('/show_active_uuid') @login_required +@login_user_basic def show_active_uuid(): #swap switch value active_connection_filter = request.args.get('show_active_connection') @@ -497,6 +498,7 @@ def show_active_uuid(): @app.route('/server_management') @login_required +@login_user_basic def server_management(): blacklisted_ip = request.args.get('blacklisted_ip') unblacklisted_ip = request.args.get('unblacklisted_ip') @@ -568,6 +570,7 @@ def server_management(): @app.route('/uuid_management') @login_required +@login_user_basic def uuid_management(): uuid_sensor = request.args.get('uuid') if is_valid_uuid_v4(uuid_sensor): @@ -641,6 +644,7 @@ def uuid_management(): @app.route('/blacklisted_ip') @login_required +@login_user_basic def blacklisted_ip(): blacklisted_ip = request.args.get('blacklisted_ip') unblacklisted_ip = request.args.get('unblacklisted_ip') @@ -667,6 +671,7 @@ def blacklisted_ip(): @app.route('/blacklisted_uuid') @login_required +@login_user_basic def blacklisted_uuid(): blacklisted_uuid = request.args.get('blacklisted_uuid') unblacklisted_uuid = request.args.get('unblacklisted_uuid') @@ -694,6 +699,7 @@ def blacklisted_uuid(): @app.route('/uuid_change_stream_max_size') @login_required +@login_user_basic def uuid_change_stream_max_size(): uuid_sensor = request.args.get('uuid') user = request.args.get('redirect') @@ -713,6 +719,7 @@ def uuid_change_stream_max_size(): @app.route('/uuid_change_description') @login_required +@login_user_basic def uuid_change_description(): uuid_sensor = request.args.get('uuid') description = request.args.get('description') @@ -725,6 +732,7 @@ def uuid_change_description(): # # TODO: check analyser uuid dont exist @app.route('/add_new_analyzer') @login_required +@login_user_basic def add_new_analyzer(): type = request.args.get('type') user = request.args.get('redirect') @@ -752,6 +760,7 @@ def add_new_analyzer(): @app.route('/empty_analyzer_queue') @login_required +@login_user_basic def empty_analyzer_queue(): analyzer_uuid = request.args.get('analyzer_uuid') type = request.args.get('type') @@ -775,6 +784,7 @@ def empty_analyzer_queue(): @app.route('/remove_analyzer') @login_required +@login_user_basic def remove_analyzer(): analyzer_uuid = request.args.get('analyzer_uuid') type = request.args.get('type') @@ -801,6 +811,7 @@ def remove_analyzer(): @app.route('/analyzer_change_max_size') @login_required +@login_user_basic def analyzer_change_max_size(): analyzer_uuid = request.args.get('analyzer_uuid') user = request.args.get('redirect') @@ -820,6 +831,7 @@ def analyzer_change_max_size(): @app.route('/kick_uuid') @login_required +@login_user_basic def kick_uuid(): uuid_sensor = request.args.get('uuid') if is_valid_uuid_v4(uuid_sensor): @@ -830,6 +842,7 @@ def kick_uuid(): @app.route('/blacklist_uuid') @login_required +@login_user_basic def blacklist_uuid(): uuid_sensor = request.args.get('uuid') user = request.args.get('redirect') @@ -851,6 +864,7 @@ def blacklist_uuid(): @app.route('/unblacklist_uuid') @login_required +@login_user_basic def unblacklist_uuid(): uuid_sensor = request.args.get('uuid') user = request.args.get('redirect') @@ -875,6 +889,7 @@ def unblacklist_uuid(): @app.route('/blacklist_ip') @login_required +@login_user_basic def blacklist_ip(): ip = request.args.get('ip') user = request.args.get('redirect') @@ -901,6 +916,7 @@ def blacklist_ip(): @app.route('/unblacklist_ip') @login_required +@login_user_basic def unblacklist_ip(): ip = request.args.get('ip') user = request.args.get('redirect') @@ -929,6 +945,7 @@ def unblacklist_ip(): @app.route('/blacklist_ip_by_uuid') @login_required +@login_user_basic def blacklist_ip_by_uuid(): uuid_sensor = request.args.get('uuid') user = request.args.get('redirect') @@ -941,6 +958,7 @@ def blacklist_ip_by_uuid(): @app.route('/unblacklist_ip_by_uuid') @login_required +@login_user_basic def unblacklist_ip_by_uuid(): uuid_sensor = request.args.get('uuid') user = request.args.get('redirect') @@ -953,6 +971,7 @@ def unblacklist_ip_by_uuid(): @app.route('/add_accepted_type') @login_required +@login_user_basic def add_accepted_type(): type = request.args.get('type') extended_type_name = request.args.get('extended_type_name') @@ -973,6 +992,7 @@ def add_accepted_type(): @app.route('/remove_accepted_type') @login_required +@login_user_basic def remove_accepted_type(): type = request.args.get('type') user = request.args.get('redirect') @@ -986,6 +1006,7 @@ def remove_accepted_type(): @app.route('/remove_accepted_extended_type') @login_required +@login_user_basic def remove_accepted_extended_type(): type_name = request.args.get('type_name') redis_server_metadata.srem('server:accepted_extended_type', type_name) @@ -994,6 +1015,7 @@ def remove_accepted_extended_type(): # demo function @app.route('/delete_data') @login_required +@login_user_basic def delete_data(): date = datetime.datetime.now().strftime("%Y%m%d") redis_server_metadata.delete('daily_type:{}'.format(date)) @@ -1003,6 +1025,7 @@ def delete_data(): # demo function @app.route('/set_uuid_hmac_key') @login_required +@login_user_basic def set_uuid_hmac_key(): uuid_sensor = request.args.get('uuid') user = request.args.get('redirect') @@ -1015,6 +1038,7 @@ def set_uuid_hmac_key(): # demo function @app.route('/whois_data') @login_required +@login_user_basic def whois_data(): ip = request.args.get('ip') if is_valid_ip: @@ -1024,12 +1048,14 @@ def whois_data(): @app.route('/generate_uuid') @login_required +@login_user_basic def generate_uuid(): new_uuid = uuid.uuid4() return jsonify({'uuid': new_uuid}) @app.route('/get_analyser_sample') @login_required +@login_user_basic def get_analyser_sample(): type = request.args.get('type') analyzer_uuid = request.args.get('analyzer_uuid') @@ -1058,6 +1084,7 @@ def get_analyser_sample(): @app.route('/get_uuid_type_history_json') @login_required +@login_user_basic def get_uuid_type_history_json(): uuid_sensor = request.args.get('uuid_sensor') if is_valid_uuid_v4(uuid_sensor): @@ -1089,6 +1116,7 @@ def get_uuid_type_history_json(): @app.route('/get_uuid_stats_history_json') @login_required +@login_user_basic def get_uuid_stats_history_json(): uuid_sensor = request.args.get('uuid_sensor') stats = request.args.get('stats') diff --git a/server/web/Role_Manager.py b/server/web/Role_Manager.py index 48c1eee..8ac76ba 100644 --- a/server/web/Role_Manager.py +++ b/server/web/Role_Manager.py @@ -42,12 +42,12 @@ def login_admin(func): return func(*args, **kwargs) return decorated_view -def login_analyst(func): +def login_user_basic(func): @wraps(func) def decorated_view(*args, **kwargs): if not current_user.is_authenticated: return login_manager.unauthorized() - elif (not current_user.is_in_role('analyst')): + elif (not current_user.is_in_role('user')): return login_manager.unauthorized() return func(*args, **kwargs) return decorated_view @@ -158,7 +158,7 @@ def get_role_level(role): def get_all_user_role(user_role): current_role_val = get_role_level(user_role) - return r_serv_db.zrange('d4:all_role', current_role_val -1, -1) + return r_serv_db.zrangebyscore('d4:all_role', current_role_val -1, 50) def get_all_user_upper_role(user_role): current_role_val = get_role_level(user_role) diff --git a/server/web/create_default_user.py b/server/web/create_default_user.py index 944f8b9..68fe248 100755 --- a/server/web/create_default_user.py +++ b/server/web/create_default_user.py @@ -33,6 +33,16 @@ if __name__ == "__main__": edit_user_db(username, password=password, role='admin') else: create_user_db(username, password, role='admin', default=True) + + + username2 = 'config_generator@register.test' + password2 = gen_password() + if r_serv.exists('user_metadata:config_generator@register.test'): + edit_user_db(username2, password=password2, role='sensor_register') + else: + create_user_db(username2, password2, role='sensor_register', default=True) + + token = get_default_admin_token() default_passwd_file = os.path.join(os.environ['D4_HOME'], 'DEFAULT_PASSWORD')