2019-08-29 09:24:33 +02:00
< ? php
App :: uses ( 'AppController' , 'Controller' );
2022-09-23 17:37:32 +02:00
/**
* @ property Community $Community
*/
2019-08-29 09:24:33 +02:00
class CommunitiesController extends AppController
{
public $components = array ( 'Session' , 'RequestHandler' );
public $paginate = array (
'limit' => 60 ,
'maxLimit' => 9999
);
public function index ()
{
2019-11-06 21:20:04 +01:00
$filters = $this -> IndexFilter -> harvestParameters ( array ( 'context' , 'value' ));
2019-08-29 09:24:33 +02:00
if ( empty ( $filters [ 'context' ])) {
$filters [ 'context' ] = 'vetted' ;
}
2019-11-06 21:20:04 +01:00
if ( ! empty ( $filters [ 'value' ])) {
$filters [ 'value' ] = strtolower ( $filters [ 'value' ]);
2019-08-29 09:24:33 +02:00
} else {
2019-11-06 21:20:04 +01:00
$filters [ 'value' ] = false ;
2019-08-29 09:24:33 +02:00
}
2019-11-06 21:20:04 +01:00
$community_list = $this -> Community -> getCommunityList ( $filters [ 'context' ], $filters [ 'value' ]);
2019-08-29 09:24:33 +02:00
//foreach ($community)
if ( $this -> _isRest ()) {
return $this -> RestResponse -> viewData ( $community_list , $this -> response -> type ());
}
App :: uses ( 'CustomPaginationTool' , 'Tools' );
$customPagination = new CustomPaginationTool ();
$customPagination -> truncateAndPaginate ( $community_list , $this -> params , $this -> modelClass , true );
$this -> set ( 'community_list' , $community_list );
$this -> set ( 'context' , $filters [ 'context' ]);
}
public function view ( $id )
{
$community = $this -> Community -> getCommunity ( $id );
if ( $this -> _isRest ()) {
return $this -> RestResponse -> viewData ( $community , $this -> response -> type ());
} else {
$this -> set ( 'community' , $community );
}
}
public function requestAccess ( $id )
{
$community = $this -> Community -> getCommunity ( $id );
$this -> loadModel ( 'User' );
$gpgkey = $this -> User -> find ( 'first' , array (
'conditions' => array ( 'User.id' => $this -> Auth -> user ( 'id' )),
'recursive' => - 1 ,
'fields' => array ( 'User.gpgkey' )
));
2019-08-30 11:10:59 +02:00
if ( ! empty ( $gpgkey [ 'User' ][ 'gpgkey' ])) {
$gpgkey = $gpgkey [ 'User' ][ 'gpgkey' ];
2019-08-30 11:16:16 +02:00
} else {
$gpgkey = '' ;
2019-08-30 11:10:59 +02:00
}
2019-08-29 09:24:33 +02:00
if ( ! $this -> request -> is ( 'post' )) {
2019-08-30 09:35:12 +02:00
if ( $this -> _isRest ()) {
return $this -> RestResponse -> describe ( 'Communities' , 'requestAccess' , false , $this -> response -> type ());
}
2019-08-29 09:24:33 +02:00
$this -> request -> data [ 'Server' ][ 'email' ] = $this -> Auth -> user ( 'email' );
$this -> request -> data [ 'Server' ][ 'org_name' ] = $this -> Auth -> user ( 'Organisation' )[ 'name' ];
$this -> request -> data [ 'Server' ][ 'org_uuid' ] = $this -> Auth -> user ( 'Organisation' )[ 'uuid' ];
2019-08-30 11:10:59 +02:00
$this -> request -> data [ 'Server' ][ 'gpgkey' ] = $gpgkey ;
2019-08-29 09:24:33 +02:00
} else {
if ( empty ( $this -> request -> data [ 'Server' ])) {
$this -> request -> data = array ( 'Server' => $this -> request -> data );
}
$body = sprintf (
' To whom it may concern ,
On behalf of my organisation ( % s - % s ),
I would hereby like to request % saccess to your MISP community :
% s
A brief description of my organisation :
% s
My e - mail address that I wish to use as my username :
% s
2019-08-29 10:32:02 +02:00
% s % s
2019-08-29 09:24:33 +02:00
Thank you in advance ! ' ,
2019-08-30 09:35:12 +02:00
empty ( $this -> request -> data [ 'Server' ][ 'org_name' ]) ? $this -> Auth -> user ( 'Organisation' )[ 'name' ] : $this -> request -> data [ 'Server' ][ 'org_name' ],
empty ( $this -> request -> data [ 'Server' ][ 'org_uuid' ]) ? $this -> Auth -> user ( 'Organisation' )[ 'uuid' ] : $this -> request -> data [ 'Server' ][ 'org_uuid' ],
2019-08-29 09:24:33 +02:00
empty ( $this -> request -> data [ 'Server' ][ 'sync' ]) ? '' : 'synchronisation ' ,
2019-08-30 09:46:22 +02:00
$community [ 'name' ],
2019-08-30 09:35:12 +02:00
empty ( $this -> request -> data [ 'Server' ][ 'org_description' ]) ? '' : $this -> request -> data [ 'Server' ][ 'org_description' ],
empty ( $this -> request -> data [ 'Server' ][ 'email' ]) ? '' : $this -> request -> data [ 'Server' ][ 'email' ],
2019-08-29 09:24:33 +02:00
empty ( $this -> request -> data [ 'Server' ][ 'message' ]) ? '' : sprintf (
'%sAdditional information:%s%s%s' ,
PHP_EOL ,
PHP_EOL ,
$this -> request -> data [ 'Server' ][ 'message' ],
PHP_EOL
2019-08-29 10:15:00 +02:00
),
! empty ( $this -> request -> data [ 'Server' ][ 'anonymise' ]) ? '' : sprintf (
2019-08-29 10:32:02 +02:00
'%sServer used to issue the request%sServer url: %sServer uuid: %sServer version: %s' ,
2019-08-29 10:15:00 +02:00
PHP_EOL ,
PHP_EOL ,
2019-08-29 10:32:02 +02:00
( empty ( Configure :: read ( 'MISP.external_baseurl' )) ? Configure :: read ( 'MISP.baseurl' ) : Configure :: read ( 'MISP.external_baseurl' )) . PHP_EOL ,
Configure :: read ( 'MISP.uuid' ) . PHP_EOL ,
$this -> mispVersion . PHP_EOL
2019-08-29 09:24:33 +02:00
)
);
$imgPath = APP . WEBROOT_DIR . DS . 'img' . DS . 'orgs' . DS ;
$possibleFields = array ( 'id' , 'name' );
$image = false ;
App :: uses ( 'File' , 'Utility' );
foreach ( $possibleFields as $field ) {
if ( isset ( $options [ $field ])) {
$file = new File ( $imgPath . $options [ $field ] . 'png' );
if ( $file -> exists ()) {
$image = $file -> read ();
break ;
}
}
}
2019-08-30 09:35:12 +02:00
if ( ! isset ( $this -> request -> data [ 'Server' ][ 'gpgkey' ])) {
$this -> request -> data [ 'Server' ][ 'gpgkey' ] = $gpgkey ;
}
2019-08-29 09:24:33 +02:00
if ( ! empty ( $image )) {
$params [ 'attachments' ][ 'logo.png' ] = $image ;
}
2019-08-30 09:35:12 +02:00
if ( ! empty ( $this -> request -> data [ 'Server' ][ 'gpgkey' ])) {
$params [ 'attachments' ][ 'requestor.asc' ] = $this -> request -> data [ 'Server' ][ 'gpgkey' ];
2019-08-29 09:24:33 +02:00
}
$params = array ();
$params [ 'to' ] = $community [ 'email' ];
2019-08-30 11:10:59 +02:00
$params [ 'reply-to' ] = empty ( $this -> request -> data [ 'Server' ][ 'email' ]) ? $this -> Auth -> user ( 'email' ) : $this -> request -> data [ 'Server' ][ 'email' ];
$params [ 'requestor_gpgkey' ] = empty ( $this -> request -> data [ 'Server' ][ 'gpgkey' ]) ? $gpgkey : $this -> request -> data [ 'Server' ][ 'gpgkey' ];
2019-08-29 09:24:33 +02:00
$params [ 'gpgkey' ] = $community [ 'pgp_key' ];
$params [ 'body' ] = $body ;
2019-08-30 09:46:22 +02:00
$params [ 'subject' ] = '[' . $community [ 'name' ] . '] Requesting MISP access' ;
2019-09-19 15:14:51 +02:00
$params [ 'mock' ] = ! empty ( $this -> request -> data [ 'Server' ][ 'mock' ]) ? $this -> request -> data [ 'Server' ][ 'mock' ] : 0 ;
if ( ! empty ( Configure :: read ( 'MISP.disable_emailing' ))) {
$params [ 'mock' ] = 1 ;
}
2021-09-14 14:55:54 +02:00
$result = $this -> User -> sendEmailExternal ( $params );
2019-08-29 10:08:44 +02:00
$message = $result ? __ ( 'Request sent.' ) : __ ( 'Something went wrong and the request could not be sent.' );
if ( $this -> _isRest ()) {
2019-08-30 11:10:59 +02:00
if ( $result === true ) {
2019-08-29 10:08:44 +02:00
return $this -> RestResponse -> saveSuccessResponse ( 'Communities' , 'requestAccess' , $id , false , $message );
2019-08-30 11:10:59 +02:00
} elseif ( $result ) {
return $this -> RestResponse -> viewData ( $result );
2019-08-29 10:08:44 +02:00
} else {
return $this -> RestResponse -> saveFailResponse ( 'Communities' , 'requestAccess' , false , $message );
}
} else {
2019-08-30 11:10:59 +02:00
if ( $result === true ) {
2019-08-29 10:08:44 +02:00
$this -> Flash -> success ( $message );
2019-08-30 11:10:59 +02:00
$this -> redirect ( array ( 'controller' => 'communities' , 'action' => 'view' , $id ));
} elseif ( $result ) {
$this -> set ( 'result' , $result );
2019-09-19 15:14:51 +02:00
if ( empty ( $this -> request -> data [ 'Server' ][ 'mock' ])) {
$this -> Flash -> error ( __ ( 'The message could not be sent (either because e-mailing is disabled or because encryption is misconfigured), however, you can view the e-mail that would have been sent below. Feel free to send it manually.' ));
}
2019-08-30 11:10:59 +02:00
$this -> render ( 'request_access_email' );
2019-08-29 10:08:44 +02:00
} else {
$this -> Flash -> error ( $message );
2019-08-30 11:10:59 +02:00
$this -> redirect ( array ( 'controller' => 'communities' , 'action' => 'view' , $id ));
2019-08-29 10:08:44 +02:00
}
2019-08-30 11:10:59 +02:00
}
if ( ! empty ( $this -> request -> data [ 'Server' ][ 'mock' ])) {
$this -> set ( 'mock' , $this -> request -> data [ 'Server' ][ 'mock' ]);
2019-08-29 10:08:44 +02:00
}
2019-08-29 09:24:33 +02:00
}
$this -> set ( 'community' , $community );
}
}