MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into 2.4

pull/4262/head
iglocska 2019-03-03 23:42:11 +01:00
parent 45fdac214f f1f70ca996
commit e5abc97df5
10 changed files with 266 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Config/config.default.php
View File

@ -159,6 +159,7 @@ $config = array(
//
'ldapDefaultOrg' => '1', // uses 1st local org in MISP if undefined,
'ldapAllowReferrals' => true, // allow or disallow chasing LDAP referrals
//'ldapEmailField' => array('emailAddress, 'mail'), // Optional : fields from which the email address should be retrieved. Default to 'mail' only. If more than one field is set (e.g. 'emailAddress' and 'mail' in this example), only the first one will be used.
),
*/
);

2
app/Controller/AttributesController.php
View File

@ -1171,7 +1171,7 @@ class AttributesController extends AppController
throw new NotFoundException('Invalid attribute');
}
if ($this->_isRest()) {
$conditions = array('conditions' => array('Attribute.id' => $id), 'withAttachments' => true);
$conditions = array('conditions' => array('Attribute.id' => $id), 'withAttachments' => true, 'flatten' => true);
$conditions['includeAllTags'] = false;
$conditions['includeAttributeUuid'] = true;
$attribute = $this->Attribute->fetchAttributes($this->Auth->user(), $conditions);

4
app/Controller/Component/ACLComponent.php
View File

@ -429,8 +429,12 @@ class ACLComponent extends Component
'enable' => array(),
'index' => array('*'),
'taxonomyMassConfirmation' => array('perm_tagger'),
'taxonomyMassHide' => array('perm_tagger'),
'taxonomyMassUnhide' => array('perm_tagger'),
'update' => array(),
'view' => array('*'),
'unhideTag' => array('perm_tagger'),
'hideTag' => array('perm_tagger'),
),
'templateElements' => array(
'add' => array('perm_template'),

20
app/Controller/Component/Auth/ApacheAuthenticate.php
View File

@ -38,6 +38,17 @@ class ApacheAuthenticate extends BaseAuthenticate
}
return $returnCode;
}
private function getEmailAddress($ldapEmailField, $ldapUserData)
{
// return the email address of an LDAP user if one of the fields in $ldapEmaiLField exists
foreach($ldapEmailField as $field) {
if (isset($ldapUserData[0][$field][0])) {
return $ldapUserData[0][$field][0];
}
}
return NULL;
}
public function authenticate(CakeRequest $request, CakeResponse $response)
{
@ -51,6 +62,7 @@ class ApacheAuthenticate extends BaseAuthenticate
$ldaprdn = Configure::read('ApacheSecureAuth.ldapReaderUser'); // DN ou RDN LDAP
$ldappass = Configure::read('ApacheSecureAuth.ldapReaderPassword');
$ldapSearchFilter = Configure::read('ApacheSecureAuth.ldapSearchFilter');
$ldapEmailField = Configure::read('ApacheSecureAuth.ldapEmailField');
// LDAP connection
ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, Configure::read('ApacheSecureAuth.ldapNetworkTimeout', -1));
@ -83,13 +95,17 @@ class ApacheAuthenticate extends BaseAuthenticate
$ldapUserData = ldap_get_entries($ldapconn, $result);
// the request returns only 1 field
if (isset($ldapUserData[0]['mail'][0])) {
// find the email address in the query's result
// first if the ldapEmailField option is not specified, look for the email address in the default field
if (!isset($ldapEmailField) && isset($ldapUserData[0]['mail'][0])) {
// assign the real user for MISP
$mispUsername = $ldapUserData[0]['mail'][0];
} else if (isset($ldapEmailField)) {
$mispUsername = $this->getEmailAddress($ldapEmailField, $ldapUserData);
} else {
die("User not found in LDAP");
}
// close LDAP connection
ldap_close($ldapconn);
}

78
app/Controller/TaxonomiesController.php
View File

@ -254,6 +254,66 @@ class TaxonomiesController extends AppController
$this->redirect($this->referer());
}
public function hideTag($taxonomy_id = false)
{
if ((!$this->_isSiteAdmin() && !$this->userRole['perm_tagger']) || !$this->request->is('post')) {
throw new NotFoundException('You don\'t have permission to do that.');
}
if ($taxonomy_id) {
$result = $this->Taxonomy->hideTags($taxonomy_id);
} else {
if (isset($this->request->data['Taxonomy'])) {
$this->request->data['Tag'] = $this->request->data['Taxonomy'];
unset($this->request->data['Taxonomy']);
}
if (isset($this->request->data['Tag']['request'])) {
$this->request->data['Tag'] = $this->request->data['Tag']['request'];
}
if (!isset($this->request->data['Tag']['nameList'])) {
$this->request->data['Tag']['nameList'] = array($this->request->data['Tag']['name']);
} else {
$this->request->data['Tag']['nameList'] = json_decode($this->request->data['Tag']['nameList'], true);
}
$result = $this->Taxonomy->hideTags($this->request->data['Tag']['taxonomy_id'], $this->request->data['Tag']['nameList']);
}
if ($result) {
$this->Flash->success('The tag(s) has been saved.');
} else {
$this->Flash->error('The tag(s) could not be saved. Please, try again.');
}
$this->redirect($this->referer());
}
public function unhideTag($taxonomy_id = false)
{
if ((!$this->_isSiteAdmin() && !$this->userRole['perm_tagger']) || !$this->request->is('post')) {
throw new NotFoundException('You don\'t have permission to do that.');
}
if ($taxonomy_id) {
$result = $this->Taxonomy->unhideTags($taxonomy_id);
} else {
if (isset($this->request->data['Taxonomy'])) {
$this->request->data['Tag'] = $this->request->data['Taxonomy'];
unset($this->request->data['Taxonomy']);
}
if (isset($this->request->data['Tag']['request'])) {
$this->request->data['Tag'] = $this->request->data['Tag']['request'];
}
if (!isset($this->request->data['Tag']['nameList'])) {
$this->request->data['Tag']['nameList'] = array($this->request->data['Tag']['name']);
} else {
$this->request->data['Tag']['nameList'] = json_decode($this->request->data['Tag']['nameList'], true);
}
$result = $this->Taxonomy->unhideTags($this->request->data['Tag']['taxonomy_id'], $this->request->data['Tag']['nameList']);
}
if ($result) {
$this->Flash->success('The tag(s) has been saved.');
} else {
$this->Flash->error('The tag(s) could not be saved. Please, try again.');
}
$this->redirect($this->referer());
}
public function disableTag($taxonomy_id = false)
{
if ((!$this->_isSiteAdmin() && !$this->userRole['perm_tagger']) || !$this->request->is('post')) {
@ -293,6 +353,24 @@ class TaxonomiesController extends AppController
$this->render('ajax/taxonomy_mass_confirmation');
}
public function taxonomyMassHide($id)
{
if (!$this->_isSiteAdmin() && !$this->userRole['perm_tagger']) {
throw new NotFoundException('You don\'t have permission to do that.');
}
$this->set('id', $id);
$this->render('ajax/taxonomy_mass_hide');
}
public function taxonomyMassUnhide($id)
{
if (!$this->_isSiteAdmin() && !$this->userRole['perm_tagger']) {
throw new NotFoundException('You don\'t have permission to do that.');
}
$this->set('id', $id);
$this->render('ajax/taxonomy_mass_unhide');
}
public function delete($id)
{
if ($this->request->is('post')) {

66
app/Model/Taxonomy.php
View File

@ -362,6 +362,72 @@ class Taxonomy extends AppModel
return true;
}
public function hideTags($id, $tagList = false)
{
if ($tagList && !is_array($tagList)) {
$tagList = array($tagList);
}
$this->Tag = ClassRegistry::init('Tag');
App::uses('ColourPaletteTool', 'Tools');
$paletteTool = new ColourPaletteTool();
$taxonomy = $this->__getTaxonomy($id, array('full' => true));
$tags = $this->Tag->getTagsForNamespace($taxonomy['Taxonomy']['namespace']);
$colours = $paletteTool->generatePaletteFromString($taxonomy['Taxonomy']['namespace'], count($taxonomy['entries']));
foreach ($taxonomy['entries'] as $k => $entry) {
$colour = $colours[$k];
if (isset($entry['colour']) && !empty($entry['colour'])) {
$colour = $entry['colour'];
}
if ($tagList) {
foreach ($tagList as $tagName) {
if ($tagName === $entry['tag']) {
if (isset($tags[strtoupper($entry['tag'])])) {
$this->Tag->quickEdit($tags[strtoupper($entry['tag'])], $tagName, $colour, 1);
}
}
}
} else {
if (isset($tags[strtoupper($entry['tag'])])) {
$this->Tag->quickEdit($tags[strtoupper($entry['tag'])], $entry['tag'], $colour, 1);
}
}
}
return true;
}
public function unhideTags($id, $tagList = false)
{
if ($tagList && !is_array($tagList)) {
$tagList = array($tagList);
}
$this->Tag = ClassRegistry::init('Tag');
App::uses('ColourPaletteTool', 'Tools');
$paletteTool = new ColourPaletteTool();
$taxonomy = $this->__getTaxonomy($id, array('full' => true));
$tags = $this->Tag->getTagsForNamespace($taxonomy['Taxonomy']['namespace']);
$colours = $paletteTool->generatePaletteFromString($taxonomy['Taxonomy']['namespace'], count($taxonomy['entries']));
foreach ($taxonomy['entries'] as $k => $entry) {
$colour = $colours[$k];
if (isset($entry['colour']) && !empty($entry['colour'])) {
$colour = $entry['colour'];
}
if ($tagList) {
foreach ($tagList as $tagName) {
if ($tagName === $entry['tag']) {
if (isset($tags[strtoupper($entry['tag'])])) {
$this->Tag->quickEdit($tags[strtoupper($entry['tag'])], $tagName, $colour, 0);
}
}
}
} else {
if (isset($tags[strtoupper($entry['tag'])])) {
$this->Tag->quickEdit($tags[strtoupper($entry['tag'])], $entry['tag'], $colour, 0);
}
}
}
return true;
}
public function listTaxonomies($options = array('full' => false, 'enabled' => false))
{
$recursive = -1;

37
app/View/Taxonomies/ajax/taxonomy_mass_hide.ctp Normal file
View File

@ -0,0 +1,37 @@
<div class="confirmation">
<?php
echo $this->Form->create('Taxonomy', array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => '/taxonomies/hideTag'));
?>
<div class="hidden">
<?php
echo $this->Form->input('nameList', array('value' => '{}'));
?>
</div>
<?php
echo $this->Form->input('taxonomy_id', array('type' => 'hidden', 'value' => $id));
?>
<legend><?php echo __('Hide Tags');?></legend>
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
<p><?php echo __('Are you sure you want to hide all selected tags?');?></p>
<table>
<tr>
<td style="vertical-align:top">
<span id="PromptYesButton" role="button" tabindex="0" aria-label="<?php echo __('Hide all selected tags');?>" title="<?php echo __('Hide all selected tags');?>" class="btn btn-primary" onClick="submitMassTaxonomyTag();"><?php echo __('Yes');?></span>
</td>
<td style="width:540px;">
</td>
<td style="vertical-align:top;">
<span role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="btn btn-inverse" id="PromptNoButton" onClick="cancelPrompt();"><?php echo __('No');?></span>
</td>
</tr>
</table>
</div>
<script type="text/javascript">
$(document).ready(function(){
getSelectedTaxonomyNames();
});
</script>
<?php
echo $this->Form->end();
?>
</div>

37
app/View/Taxonomies/ajax/taxonomy_mass_unhide.ctp Normal file
View File

@ -0,0 +1,37 @@
<div class="confirmation">
<?php
echo $this->Form->create('Taxonomy', array('style' => 'margin:0px;', 'id' => 'PromptForm', 'url' => '/taxonomies/unhideTag'));
?>
<div class="hidden">
<?php
echo $this->Form->input('nameList', array('value' => '{}'));
?>
</div>
<?php
echo $this->Form->input('taxonomy_id', array('type' => 'hidden', 'value' => $id));
?>
<legend><?php echo __('Unhide Tags');?></legend>
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
<p><?php echo __('Are you sure you want to unhide all selected tags?');?></p>
<table>
<tr>
<td style="vertical-align:top">
<span id="PromptYesButton" role="button" tabindex="0" aria-label="<?php echo __('Unhide all selected tags');?>" title="<?php echo __('Unhide all selected tags');?>" class="btn btn-primary" onClick="submitMassTaxonomyTag();"><?php echo __('Yes');?></span>
</td>
<td style="width:540px;">
</td>
<td style="vertical-align:top;">
<span role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="btn btn-inverse" id="PromptNoButton" onClick="cancelPrompt();"><?php echo __('No');?></span>
</td>
</tr>
</table>
</div>
<script type="text/javascript">
$(document).ready(function(){
getSelectedTaxonomyNames();
});
</script>
<?php
echo $this->Form->end();
?>
</div>

10
app/View/Taxonomies/view.ctp
View File

@ -64,6 +64,16 @@
<div style="float:right !important;overflow:hidden;border:0px;padding:0px;padding-right:200px;">
<input type="text" id="quickFilterField" class="tabMenuFilterField taxFilter" value="<?php echo h($filter);?>" /><span id="quickFilterButton" class="useCursorPointer taxFilterButton" onClick='quickFilterTaxonomy("<?php echo h($taxonomy['id']);?>");'><?php echo __('Filter');?></span>
</div>
<span class="tabMenuFixed tabMenuFixedLeft tabMenuSides useCursorPointer noPrint mass-select" style="margin-left:50px;">
<span id="multi-edit-button" title="<?php echo __('Hide selected tags');?>" role="button" tabindex="1" aria-label="<?php echo __('Hide selected tags');?>" class="useCursorPointer" onClick="hideSelectedTags(<?php echo $taxonomy['id']; ?>);">
<?php echo __('Hide selected tags');?>
</span>
</span>
<span class="tabMenuFixed tabMenuFixedLeft tabMenuSides useCursorPointer noPrint mass-select">
<span id="multi-edit-button" title="<?php echo __('Unhide selected tags');?>" role="button" tabindex="2" aria-label="<?php echo __('Unhide selected tags');?>" class="useCursorPointer" onClick="unhideSelectedTags(<?php echo $taxonomy['id']; ?>);">
<?php echo __('Unhide selected tags');?>
</span>
</span>
</div>
<table class="table table-striped table-hover table-condensed">
<tr>

14
app/webroot/js/misp.js
View File

@ -877,6 +877,20 @@ function addSelectedTaxonomies(taxonomy) {
});
}
function hideSelectedTags(taxonomy) {
$.get("/taxonomies/taxonomyMassHide/"+taxonomy, function(data) {
$("#confirmation_box").html(data);
openPopup("#confirmation_box");
});
}
function unhideSelectedTags(taxonomy) {
$.get("/taxonomies/taxonomyMassUnhide/"+taxonomy, function(data) {
$("#confirmation_box").html(data);
openPopup("#confirmation_box");
});
}
function submitMassTaxonomyTag() {
$('#PromptForm').submit();
}