mirror of https://github.com/MISP/MISP
removed reference to useless user_id.
fixed bug where Contact reporter doesn't work when user does not exist (contact reporter now sends mails to all the org)pull/61/head
parent
0687d3f6f4
commit
5eb6a89384
|
@ -20,6 +20,8 @@
|
||||||
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
|
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
// TODO GPG encryption has issues when keys are expired
|
||||||
|
|
||||||
App::uses('Controller', 'Controller');
|
App::uses('Controller', 'Controller');
|
||||||
App::uses('Sanitize', 'Utility');
|
App::uses('Sanitize', 'Utility');
|
||||||
|
|
||||||
|
|
|
@ -168,7 +168,6 @@ class EventsController extends AppController {
|
||||||
*/
|
*/
|
||||||
public function _add(&$data, &$auth, $fromXml) {
|
public function _add(&$data, &$auth, $fromXml) {
|
||||||
// force check userid and orgname to be from yourself
|
// force check userid and orgname to be from yourself
|
||||||
$data['Event']['user_id'] = $auth->user('id');
|
|
||||||
$data['Event']['org'] = $auth->user('org');
|
$data['Event']['org'] = $auth->user('org');
|
||||||
unset ($data['Event']['id']);
|
unset ($data['Event']['id']);
|
||||||
$this->Event->create();
|
$this->Event->create();
|
||||||
|
@ -192,7 +191,7 @@ class EventsController extends AppController {
|
||||||
}
|
}
|
||||||
|
|
||||||
$fieldList = array(
|
$fieldList = array(
|
||||||
'Event' => array('org', 'date', 'risk', 'info', 'user_id', 'published', 'uuid', 'private'),
|
'Event' => array('org', 'date', 'risk', 'info', 'published', 'uuid', 'private'),
|
||||||
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private')
|
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private')
|
||||||
);
|
);
|
||||||
// this saveAssociated() function will save not only the event, but also the attributes
|
// this saveAssociated() function will save not only the event, but also the attributes
|
||||||
|
@ -229,14 +228,10 @@ class EventsController extends AppController {
|
||||||
}
|
}
|
||||||
|
|
||||||
// say what fields are to be updated
|
// say what fields are to be updated
|
||||||
$fieldList=array('user_id', 'date', 'risk', 'info', 'published', 'private');
|
$fieldList=array('date', 'risk', 'info', 'published', 'private');
|
||||||
// always force the user and org, but do not force it for admins
|
// always force the org, but do not force it for admins
|
||||||
if (!$this->_isAdmin()) {
|
if ($this->_isAdmin()) {
|
||||||
$this->request->data['Event']['user_id'] = $this->Auth->user('id');
|
$this->Event->read(); // FIXME URGENT this should be deleted? delete and test
|
||||||
|
|
||||||
} else {
|
|
||||||
$this->Event->read();
|
|
||||||
$this->request->data['Event']['user_id'] = $this->Event->data['Event']['user_id'];
|
|
||||||
$fieldList[]='org';
|
$fieldList[]='org';
|
||||||
$this->request->data['Event']['org'] = $this->Event->data['Event']['org'];
|
$this->request->data['Event']['org'] = $this->Event->data['Event']['org'];
|
||||||
}
|
}
|
||||||
|
@ -533,18 +528,19 @@ class EventsController extends AppController {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* Sends out an email with the request to be contacted about a specific event.
|
* Sends out an email to all people within the same group
|
||||||
|
* with the request to be contacted about a specific event.
|
||||||
* @todo move _sendContactEmail($id, $message) to a better place. (components?)
|
* @todo move _sendContactEmail($id, $message) to a better place. (components?)
|
||||||
* FIXME this _sendContactEmail() gives bugs when a user is deleted. Maybe we should send emails to everyone?
|
|
||||||
*
|
*
|
||||||
* @param unknown_type $id The id of the event for wich you want to contact the person.
|
* @param unknown_type $id The id of the event for wich you want to contact the org.
|
||||||
* @param unknown_type $message The custom message that will be appended to the email.
|
* @param unknown_type $message The custom message that will be appended to the email.
|
||||||
* @return True if success, False if error
|
* @return True if success, False if error
|
||||||
*/
|
*/
|
||||||
private function _sendContactEmail($id, $message) {
|
private function _sendContactEmail($id, $message) {
|
||||||
// fetch the event
|
// fetch the event
|
||||||
$event = $this->Event->read(null, $id);
|
$event = $this->Event->read(null, $id);
|
||||||
$reporter = $event['User']; // email, gpgkey
|
$this->loadModel('User');
|
||||||
|
$org_members = $this->User->findAllByOrg($event['Event']['org'], array('email', 'gpgkey'));
|
||||||
|
|
||||||
// The mail body, h() is NOT needed as we are sending plain-text mails.
|
// The mail body, h() is NOT needed as we are sending plain-text mails.
|
||||||
$body = "";
|
$body = "";
|
||||||
|
@ -601,28 +597,6 @@ class EventsController extends AppController {
|
||||||
$gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password'));
|
$gpg->addSignKey(Configure::read('GnuPG.email'), Configure::read('GnuPG.password'));
|
||||||
$body_signed = $gpg->sign($body, Crypt_GPG::SIGN_MODE_CLEAR);
|
$body_signed = $gpg->sign($body, Crypt_GPG::SIGN_MODE_CLEAR);
|
||||||
|
|
||||||
if (!empty($reporter['gpgkey'])) {
|
|
||||||
// import the key of the user into the keyring
|
|
||||||
// this isn't really necessary, but it gives it the fingerprint necessary for the next step
|
|
||||||
$key_import_output = $gpg->importKey($reporter['gpgkey']);
|
|
||||||
// say what key should be used to encrypt
|
|
||||||
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
|
|
||||||
$gpg->addEncryptKey($key_import_output['fingerprint']); // use the key that was given in the import
|
|
||||||
|
|
||||||
$body_enc_sig = $gpg->encrypt($body_signed, true);
|
|
||||||
} else {
|
|
||||||
$body_enc_sig = $body_signed;
|
|
||||||
// FIXME should I allow sending unencrypted "contact" mails to people if they didn't import they GPG key?
|
|
||||||
}
|
|
||||||
|
|
||||||
// prepare the email
|
|
||||||
$this->Email->from = Configure::read('CyDefSIG.email');
|
|
||||||
$this->Email->to = $reporter['email'];
|
|
||||||
$this->Email->subject = "[CyDefSIG] Need info about event ".$id." - TLP Amber";
|
|
||||||
//$this->Email->delivery = 'debug'; // do not really send out mails, only display it on the screen
|
|
||||||
$this->Email->template = 'body';
|
|
||||||
$this->Email->sendAs = 'text'; // both text or html
|
|
||||||
$this->set('body', $body_enc_sig);
|
|
||||||
|
|
||||||
// Add the GPG key of the user as attachment
|
// Add the GPG key of the user as attachment
|
||||||
// LATER sign the attached GPG key
|
// LATER sign the attached GPG key
|
||||||
|
@ -638,8 +612,44 @@ class EventsController extends AppController {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
foreach ($org_members as $reporter) {
|
||||||
|
if (!empty($reporter['User']['gpgkey'])) {
|
||||||
|
// import the key of the user into the keyring
|
||||||
|
// this isn't really necessary, but it gives it the fingerprint necessary for the next step
|
||||||
|
$key_import_output = $gpg->importKey($reporter['User']['gpgkey']);
|
||||||
|
// say what key should be used to encrypt
|
||||||
|
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
|
||||||
|
$gpg->addEncryptKey($key_import_output['fingerprint']); // use the key that was given in the import
|
||||||
|
|
||||||
|
$body_enc_sig = $gpg->encrypt($body_signed, true);
|
||||||
|
} else {
|
||||||
|
$body_enc_sig = $body_signed;
|
||||||
|
// FIXME should I allow sending unencrypted "contact" mails to people if they didn't import they GPG key?
|
||||||
|
}
|
||||||
|
|
||||||
|
// prepare the email
|
||||||
|
$this->Email->from = Configure::read('CyDefSIG.email');
|
||||||
|
$this->Email->to = $reporter['User']['email'];
|
||||||
|
$this->Email->subject = "[CyDefSIG] Need info about event ".$id." - TLP Amber";
|
||||||
|
//$this->Email->delivery = 'debug'; // do not really send out mails, only display it on the screen
|
||||||
|
$this->Email->template = 'body';
|
||||||
|
$this->Email->sendAs = 'text'; // both text or html
|
||||||
|
$this->set('body', $body_enc_sig);
|
||||||
|
// Add the GPG key of the user as attachment
|
||||||
|
// LATER sign the attached GPG key
|
||||||
|
if (!empty($me_user['gpgkey'])) {
|
||||||
|
// attach the gpg key
|
||||||
|
$this->Email->attachments = array(
|
||||||
|
'gpgkey.asc' => $tmpfname
|
||||||
|
);
|
||||||
|
}
|
||||||
// send it
|
// send it
|
||||||
$result = $this->Email->send();
|
$result = $this->Email->send();
|
||||||
|
// If you wish to send multiple emails using a loop, you'll need
|
||||||
|
// to reset the email fields using the reset method of the Email component.
|
||||||
|
$this->Email->reset();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// remove the temporary gpg file
|
// remove the temporary gpg file
|
||||||
if (!empty($me_user['gpgkey']))
|
if (!empty($me_user['gpgkey']))
|
||||||
|
@ -680,7 +690,7 @@ class EventsController extends AppController {
|
||||||
} else {
|
} else {
|
||||||
$conditions = array();
|
$conditions = array();
|
||||||
}
|
}
|
||||||
// do not expose all the data like user_id, ...
|
// do not expose all the data ...
|
||||||
$fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info', 'Event.published', 'Event.uuid');
|
$fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info', 'Event.published', 'Event.uuid');
|
||||||
if ('true' == Configure::read('CyDefSIG.showorg')) {
|
if ('true' == Configure::read('CyDefSIG.showorg')) {
|
||||||
$fields[] = 'Event.org';
|
$fields[] = 'Event.org';
|
||||||
|
|
|
@ -47,9 +47,9 @@ CREATE TABLE `events` (
|
||||||
`date` date NOT NULL,
|
`date` date NOT NULL,
|
||||||
`risk` enum('Undefined','Low','Medium','High') COLLATE utf8_bin NOT NULL,
|
`risk` enum('Undefined','Low','Medium','High') COLLATE utf8_bin NOT NULL,
|
||||||
`info` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
|
`info` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
|
||||||
`user_id` int(11) NOT NULL,
|
|
||||||
`published` tinyint(1) NOT NULL DEFAULT '0',
|
`published` tinyint(1) NOT NULL DEFAULT '0',
|
||||||
`uuid` varchar(40) COLLATE utf8_bin NOT NULL,
|
`uuid` varchar(40) COLLATE utf8_bin NOT NULL,
|
||||||
|
`revision` int(11) NOT NULL DEFAULT '0',
|
||||||
`private` tinyint(1) NOT NULL,
|
`private` tinyint(1) NOT NULL,
|
||||||
PRIMARY KEY (`id`),
|
PRIMARY KEY (`id`),
|
||||||
KEY `uuid` (`uuid`),
|
KEY `uuid` (`uuid`),
|
||||||
|
|
|
@ -69,16 +69,6 @@ class Event extends AppModel {
|
||||||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
'user_id' => array(
|
|
||||||
'numeric' => array(
|
|
||||||
'rule' => array('numeric'),
|
|
||||||
//'message' => 'Your custom message here',
|
|
||||||
//'allowEmpty' => false,
|
|
||||||
//'required' => false,
|
|
||||||
//'last' => false, // Stop validation after this rule
|
|
||||||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
|
||||||
),
|
|
||||||
),
|
|
||||||
'published' => array(
|
'published' => array(
|
||||||
'boolean' => array(
|
'boolean' => array(
|
||||||
'rule' => array('boolean'),
|
'rule' => array('boolean'),
|
||||||
|
@ -126,15 +116,15 @@ class Event extends AppModel {
|
||||||
*
|
*
|
||||||
* @var array
|
* @var array
|
||||||
*/
|
*/
|
||||||
public $belongsTo = array(
|
// public $belongsTo = array(
|
||||||
'User' => array(
|
// 'Org' => array(
|
||||||
'className' => 'User',
|
// 'className' => 'Org',
|
||||||
'foreignKey' => 'user_id',
|
// 'foreignKey' => 'org',
|
||||||
'conditions' => '',
|
// 'conditions' => '',
|
||||||
'fields' => '',
|
// 'fields' => '',
|
||||||
'order' => ''
|
// 'order' => ''
|
||||||
)
|
// )
|
||||||
);
|
// );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* hasMany associations
|
* hasMany associations
|
||||||
|
@ -258,7 +248,6 @@ class Event extends AppModel {
|
||||||
unset($event['Attribute']);
|
unset($event['Attribute']);
|
||||||
|
|
||||||
// cleanup the array from things we do not want to expose
|
// cleanup the array from things we do not want to expose
|
||||||
unset($event['Event']['user_id']);
|
|
||||||
unset($event['Event']['org']);
|
unset($event['Event']['org']);
|
||||||
// remove value1 and value2 from the output
|
// remove value1 and value2 from the output
|
||||||
foreach($event['Event']['Attribute'] as $key => $attribute) {
|
foreach($event['Event']['Attribute'] as $key => $attribute) {
|
||||||
|
|
|
@ -155,27 +155,6 @@ class User extends AppModel {
|
||||||
|
|
||||||
//The Associations below have been created with all possible keys, those that are not needed can be removed
|
//The Associations below have been created with all possible keys, those that are not needed can be removed
|
||||||
|
|
||||||
/**
|
|
||||||
* hasMany associations
|
|
||||||
*
|
|
||||||
* @var array
|
|
||||||
*/
|
|
||||||
public $hasMany = array(
|
|
||||||
'Event' => array(
|
|
||||||
'className' => 'Event',
|
|
||||||
'foreignKey' => 'user_id',
|
|
||||||
'dependent' => false,
|
|
||||||
'conditions' => '',
|
|
||||||
'fields' => '',
|
|
||||||
'order' => '',
|
|
||||||
'limit' => '',
|
|
||||||
'offset' => '',
|
|
||||||
'exclusive' => '',
|
|
||||||
'finderQuery' => '',
|
|
||||||
'counterQuery' => ''
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
public function beforeSave() {
|
public function beforeSave() {
|
||||||
if (isset($this->data[$this->alias]['password'])) {
|
if (isset($this->data[$this->alias]['password'])) {
|
||||||
|
|
|
@ -6,9 +6,7 @@ foreach ($events as $key => $event) {
|
||||||
$events[$key] = $events[$key]['Event'];
|
$events[$key] = $events[$key]['Event'];
|
||||||
|
|
||||||
// cleanup the array from things we do not want to expose
|
// cleanup the array from things we do not want to expose
|
||||||
unset($events[$key]['User']);
|
|
||||||
unset($events[$key]['Event']);
|
unset($events[$key]['Event']);
|
||||||
unset($events[$key]['user_id']);
|
|
||||||
// hide the private field is we are not in sync mode
|
// hide the private field is we are not in sync mode
|
||||||
if ('true' != Configure::read('CyDefSIG.sync')) {
|
if ('true' != Configure::read('CyDefSIG.sync')) {
|
||||||
unset($events[$key]['private']);
|
unset($events[$key]['private']);
|
||||||
|
|
|
@ -5,7 +5,6 @@ $event['Event']['Attribute'] = $event['Attribute'];
|
||||||
unset($event['Attribute']);
|
unset($event['Attribute']);
|
||||||
|
|
||||||
// cleanup the array from things we do not want to expose
|
// cleanup the array from things we do not want to expose
|
||||||
unset($event['Event']['user_id']);
|
|
||||||
// remove value1 and value2 from the output
|
// remove value1 and value2 from the output
|
||||||
foreach($event['Event']['Attribute'] as $key => $value) {
|
foreach($event['Event']['Attribute'] as $key => $value) {
|
||||||
unset($event['Event']['Attribute'][$key]['value1']);
|
unset($event['Event']['Attribute'][$key]['value1']);
|
||||||
|
|
Loading…
Reference in New Issue