mirror of https://github.com/MISP/MISP
Merge pull request #8180 from JakubOnderka/event_alert_default_enabled
new: [test] MISP.default_publish_alertpull/8351/head
commit
dba9d60ed9
|
@ -631,21 +631,19 @@ class UsersController extends AppController
|
|||
if (isset($this->request->data['User']['password'])) {
|
||||
$this->request->data['User']['confirm_password'] = $this->request->data['User']['password'];
|
||||
}
|
||||
$default_publish_alert = Configure::check('MISP.default_publish_alert') ? Configure::read('MISP.default_publish_alert') : 0;
|
||||
$defaults = array(
|
||||
'external_auth_required' => 0,
|
||||
'external_auth_key' => '',
|
||||
'server_id' => 0,
|
||||
'gpgkey' => '',
|
||||
'certif_public' => '',
|
||||
'autoalert' => $default_publish_alert,
|
||||
'contactalert' => 0,
|
||||
'disabled' => 0,
|
||||
'newsread' => 0,
|
||||
'change_pw' => 1,
|
||||
'authkey' => (new RandomTool())->random_str(true, 40),
|
||||
'termsaccepted' => 0,
|
||||
'org_id' => $this->Auth->user('org_id')
|
||||
'external_auth_required' => 0,
|
||||
'external_auth_key' => '',
|
||||
'server_id' => 0,
|
||||
'gpgkey' => '',
|
||||
'certif_public' => '',
|
||||
'autoalert' => $this->User->defaultPublishAlert(),
|
||||
'contactalert' => 0,
|
||||
'disabled' => 0,
|
||||
'newsread' => 0,
|
||||
'change_pw' => 1,
|
||||
'termsaccepted' => 0,
|
||||
'org_id' => $this->Auth->user('org_id'),
|
||||
);
|
||||
foreach ($defaults as $key => $value) {
|
||||
if (!isset($this->request->data['User'][$key])) {
|
||||
|
@ -654,7 +652,6 @@ class UsersController extends AppController
|
|||
}
|
||||
}
|
||||
$this->request->data['User']['date_created'] = time();
|
||||
$this->request->data['User']['date_modified'] = time();
|
||||
if (!array_key_exists($this->request->data['User']['role_id'], $syncRoles)) {
|
||||
$this->request->data['User']['server_id'] = 0;
|
||||
}
|
||||
|
|
|
@ -57,7 +57,6 @@ class User extends AppModel
|
|||
//'on' => 'create', // Limit validation to 'create' or 'update' operations
|
||||
),
|
||||
),
|
||||
|
||||
'org_id' => array(
|
||||
'valueNotEmpty' => array(
|
||||
'rule' => array('valueNotEmpty'),
|
||||
|
@ -227,6 +226,9 @@ class User extends AppModel
|
|||
'Containable'
|
||||
);
|
||||
|
||||
/** @var CryptGpgExtended|null|false */
|
||||
private $gpg;
|
||||
|
||||
public function __construct($id = false, $table = null, $ds = null)
|
||||
{
|
||||
parent::__construct($id, $table, $ds);
|
||||
|
@ -239,28 +241,23 @@ class User extends AppModel
|
|||
}
|
||||
}
|
||||
|
||||
/** @var CryptGpgExtended|null|false */
|
||||
private $gpg;
|
||||
|
||||
public function beforeValidate($options = array())
|
||||
{
|
||||
if (!isset($this->data['User']['id'])) {
|
||||
if ((isset($this->data['User']['enable_password']) && (!$this->data['User']['enable_password'])) || (empty($this->data['User']['password']) && empty($this->data['User']['confirm_password']))) {
|
||||
$this->data['User']['password'] = $this->generateRandomPassword();
|
||||
$this->data['User']['confirm_password'] = $this->data['User']['password'];
|
||||
$user = &$this->data['User'];
|
||||
if (!isset($user['id'])) {
|
||||
if ((isset($user['enable_password']) && !$user['enable_password']) || (empty($user['password']) && empty($user['confirm_password']))) {
|
||||
$user['password'] = $this->generateRandomPassword();
|
||||
$user['confirm_password'] = $user['password'];
|
||||
}
|
||||
}
|
||||
if (!isset($this->data['User']['certif_public']) || empty($this->data['User']['certif_public'])) {
|
||||
$this->data['User']['certif_public'] = '';
|
||||
if (empty($user['certif_public'])) {
|
||||
$user['certif_public'] = '';
|
||||
}
|
||||
if (!isset($this->data['User']['authkey']) || empty($this->data['User']['authkey'])) {
|
||||
$this->data['User']['authkey'] = $this->generateAuthKey();
|
||||
if (empty($user['authkey'])) {
|
||||
$user['authkey'] = $this->generateAuthKey();
|
||||
}
|
||||
if (!isset($this->data['User']['nids_sid']) || empty($this->data['User']['nids_sid'])) {
|
||||
$this->data['User']['nids_sid'] = mt_rand(1000000, 9999999);
|
||||
}
|
||||
if (isset($this->data['User']['newsread']) && $this->data['User']['newsread'] === null) {
|
||||
$this->data['User']['newsread'] = 0;
|
||||
if (empty($user['nids_sid'])) {
|
||||
$user['nids_sid'] = mt_rand(1000000, 9999999);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
@ -414,21 +411,14 @@ class User extends AppModel
|
|||
|
||||
public function identicalFieldValues($field = array(), $compareField = null)
|
||||
{
|
||||
foreach ($field as $key => $value) {
|
||||
$v1 = $value;
|
||||
$v2 = $this->data[$this->name][$compareField];
|
||||
if ($v1 !== $v2) {
|
||||
return false;
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
$v1 = array_values($field)[0];
|
||||
$v2 = $this->data[$this->name][$compareField];
|
||||
return $v1 === $v2;
|
||||
}
|
||||
|
||||
public function generateAuthKey()
|
||||
{
|
||||
return (new RandomTool())->random_str(true, 40);
|
||||
return RandomTool::random_str(true, 40);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -436,19 +426,19 @@ class User extends AppModel
|
|||
*
|
||||
* @param int $passwordLength
|
||||
* @return string
|
||||
* @throws Exception
|
||||
*/
|
||||
public function generateRandomPassword($passwordLength = 40)
|
||||
{
|
||||
// makes sure, the password policy isn't undermined by setting a manual passwordLength
|
||||
$policyPasswordLength = Configure::read('Security.password_policy_length') ? Configure::read('Security.password_policy_length') : false;
|
||||
$policyPasswordLength = Configure::read('Security.password_policy_length') ?: false;
|
||||
if (is_int($policyPasswordLength) && $policyPasswordLength > $passwordLength) {
|
||||
$passwordLength = $policyPasswordLength;
|
||||
}
|
||||
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-+=!@#$%^&*()<>/?';
|
||||
return (new RandomTool())->random_str(true, $passwordLength, $characters);
|
||||
return RandomTool::random_str(true, $passwordLength, $characters);
|
||||
}
|
||||
|
||||
|
||||
public function checkAndCorrectPgps()
|
||||
{
|
||||
$fails = array();
|
||||
|
@ -462,15 +452,6 @@ class User extends AppModel
|
|||
return $fails;
|
||||
}
|
||||
|
||||
public function getOrgs()
|
||||
{
|
||||
$orgs = $this->Organisation->find('list', array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('name'),
|
||||
));
|
||||
return $orgs;
|
||||
}
|
||||
|
||||
public function getOrgMemberCount($org)
|
||||
{
|
||||
return $this->find('count', array(
|
||||
|
@ -1303,20 +1284,21 @@ class User extends AppModel
|
|||
return $data;
|
||||
}
|
||||
|
||||
public function registerUser($added_by, $registration, $org_id, $role_id) {
|
||||
public function registerUser($added_by, $registration, $org_id, $role_id)
|
||||
{
|
||||
$user = array(
|
||||
'email' => $registration['data']['email'],
|
||||
'gpgkey' => empty($registration['data']['pgp']) ? '' : $registration['data']['pgp'],
|
||||
'disabled' => 0,
|
||||
'newsread' => 0,
|
||||
'change_pw' => 1,
|
||||
'authkey' => $this->generateAuthKey(),
|
||||
'termsaccepted' => 0,
|
||||
'org_id' => $org_id,
|
||||
'role_id' => $role_id,
|
||||
'invited_by' => $added_by['id'],
|
||||
'contactalert' => 1,
|
||||
'autoalert' => Configure::check('MISP.default_publish_alert') ? Configure::read('MISP.default_publish_alert') : 1
|
||||
'email' => $registration['data']['email'],
|
||||
'gpgkey' => empty($registration['data']['pgp']) ? '' : $registration['data']['pgp'],
|
||||
'disabled' => 0,
|
||||
'newsread' => 0,
|
||||
'change_pw' => 1,
|
||||
'authkey' => $this->generateAuthKey(),
|
||||
'termsaccepted' => 0,
|
||||
'org_id' => $org_id,
|
||||
'role_id' => $role_id,
|
||||
'invited_by' => $added_by['id'],
|
||||
'contactalert' => 1,
|
||||
'autoalert' => $this->defaultPublishAlert(),
|
||||
);
|
||||
$this->create();
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
|
@ -1528,6 +1510,14 @@ class User extends AppModel
|
|||
return $banStatus;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function defaultPublishAlert()
|
||||
{
|
||||
return (bool)Configure::read('MISP.default_publish_alert');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $user
|
||||
* @return bool
|
||||
|
|
|
@ -115,13 +115,15 @@ class Oidc
|
|||
|
||||
$this->log($mispUsername, 'Not found in database.');
|
||||
|
||||
$time = time();
|
||||
$userData = [
|
||||
'email' => $mispUsername,
|
||||
'org_id' => $organisationId,
|
||||
'newsread' => time(),
|
||||
'newsread' => $time,
|
||||
'autoalert' => $this->User->defaultPublishAlert(),
|
||||
'role_id' => $roleId,
|
||||
'change_pw' => 0,
|
||||
'date_created' => time(),
|
||||
'date_created' => $time,
|
||||
'sub' => $sub,
|
||||
];
|
||||
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
?>
|
||||
<div class="user-edit-checkboxes" style="margin-bottom: 1em">
|
||||
<?php
|
||||
$default_publish_alert = Configure::check('MISP.default_publish_alert') ? Configure::read('MISP.default_publish_alert') : true;
|
||||
$default_publish_alert = Configure::read('MISP.default_publish_alert') ?: true;
|
||||
echo $this->Form->input('autoalert', array(
|
||||
'label' => __('Receive email alerts when events are published'),
|
||||
'type' => 'checkbox',
|
||||
|
|
|
@ -779,6 +779,24 @@ class TestComprehensive(unittest.TestCase):
|
|||
response = requests.get(self.admin_misp_connector.root_url + '/attributes/describeTypes.json', headers=headers)
|
||||
self.assertEqual(304, response.status_code, response.headers)
|
||||
|
||||
def test_event_alert_default_enabled(self):
|
||||
user = MISPUser()
|
||||
user.email = 'testusr_alert_disabled@user.local'
|
||||
user.org_id = self.test_org.id
|
||||
|
||||
created_user = check_response(self.admin_misp_connector.add_user(user))
|
||||
self.assertFalse(created_user.autoalert, created_user)
|
||||
self.admin_misp_connector.delete_user(created_user)
|
||||
|
||||
with MISPSetting(self.admin_misp_connector, {"MISP.default_publish_alert": True}):
|
||||
user = MISPUser()
|
||||
user.email = 'testusr_alert_enabled@user.local'
|
||||
user.org_id = self.test_org.id
|
||||
|
||||
created_user = check_response(self.admin_misp_connector.add_user(user))
|
||||
self.assertTrue(created_user.autoalert, created_user)
|
||||
self.admin_misp_connector.delete_user(created_user)
|
||||
|
||||
def _search(self, query: dict):
|
||||
response = self.admin_misp_connector._prepare_request('POST', 'events/restSearch', data=query)
|
||||
response = self.admin_misp_connector._check_response(response)
|
||||
|
|
Loading…
Reference in New Issue