mirror of https://github.com/MISP/MISP
181 lines
8.1 KiB
PHP
181 lines
8.1 KiB
PHP
<?php
|
|
App::uses('AppController', 'Controller');
|
|
|
|
class CommunitiesController extends AppController
|
|
{
|
|
public $components = array('Session', 'RequestHandler');
|
|
|
|
public function beforeFilter()
|
|
{
|
|
parent::beforeFilter();
|
|
}
|
|
|
|
public $paginate = array(
|
|
'limit' => 60,
|
|
'maxLimit' => 9999
|
|
);
|
|
|
|
public function index()
|
|
{
|
|
$filters = $this->IndexFilter->harvestParameters(array('context', 'value'));
|
|
if (empty($filters['context'])) {
|
|
$filters['context'] = 'vetted';
|
|
}
|
|
if (!empty($filters['value'])) {
|
|
$filters['value'] = strtolower($filters['value']);
|
|
} else {
|
|
$filters['value'] = false;
|
|
}
|
|
$community_list = $this->Community->getCommunityList($filters['context'], $filters['value']);
|
|
|
|
//foreach ($community)
|
|
if ($this->_isRest()) {
|
|
return $this->RestResponse->viewData($community_list, $this->response->type());
|
|
}
|
|
App::uses('CustomPaginationTool', 'Tools');
|
|
$customPagination = new CustomPaginationTool();
|
|
$customPagination->truncateAndPaginate($community_list, $this->params, $this->modelClass, true);
|
|
$this->set('community_list', $community_list);
|
|
$this->set('context', $filters['context']);
|
|
}
|
|
|
|
public function view($id)
|
|
{
|
|
|
|
$community = $this->Community->getCommunity($id);
|
|
if ($this->_isRest()) {
|
|
return $this->RestResponse->viewData($community, $this->response->type());
|
|
} else {
|
|
$this->set('community', $community);
|
|
}
|
|
}
|
|
|
|
public function requestAccess($id)
|
|
{
|
|
$community = $this->Community->getCommunity($id);
|
|
$this->loadModel('User');
|
|
$gpgkey = $this->User->find('first', array(
|
|
'conditions' => array('User.id' => $this->Auth->user('id')),
|
|
'recursive' => -1,
|
|
'fields' => array('User.gpgkey')
|
|
));
|
|
if (!empty($gpgkey['User']['gpgkey'])) {
|
|
$gpgkey = $gpgkey['User']['gpgkey'];
|
|
} else {
|
|
$gpgkey = '';
|
|
}
|
|
if (!$this->request->is('post')) {
|
|
if ($this->_isRest()) {
|
|
return $this->RestResponse->describe('Communities', 'requestAccess', false, $this->response->type());
|
|
}
|
|
$this->request->data['Server']['email'] = $this->Auth->user('email');
|
|
$this->request->data['Server']['org_name'] = $this->Auth->user('Organisation')['name'];
|
|
$this->request->data['Server']['org_uuid'] = $this->Auth->user('Organisation')['uuid'];
|
|
$this->request->data['Server']['gpgkey'] = $gpgkey;
|
|
} else {
|
|
if (empty($this->request->data['Server'])) {
|
|
$this->request->data = array('Server' => $this->request->data);
|
|
}
|
|
$body = sprintf(
|
|
'To whom it may concern,
|
|
|
|
On behalf of my organisation (%s - %s),
|
|
I would hereby like to request %saccess to your MISP community:
|
|
%s
|
|
|
|
A brief description of my organisation:
|
|
%s
|
|
|
|
My e-mail address that I wish to use as my username:
|
|
%s
|
|
%s%s
|
|
|
|
Thank you in advance!',
|
|
empty($this->request->data['Server']['org_name']) ? $this->Auth->user('Organisation')['name'] : $this->request->data['Server']['org_name'],
|
|
empty($this->request->data['Server']['org_uuid']) ? $this->Auth->user('Organisation')['uuid'] : $this->request->data['Server']['org_uuid'],
|
|
empty($this->request->data['Server']['sync']) ? '' : 'synchronisation ',
|
|
$community['name'],
|
|
empty($this->request->data['Server']['org_description']) ? '' : $this->request->data['Server']['org_description'],
|
|
empty($this->request->data['Server']['email']) ? '' : $this->request->data['Server']['email'],
|
|
empty($this->request->data['Server']['message']) ? '' : sprintf(
|
|
'%sAdditional information:%s%s%s',
|
|
PHP_EOL,
|
|
PHP_EOL,
|
|
$this->request->data['Server']['message'],
|
|
PHP_EOL
|
|
),
|
|
!empty($this->request->data['Server']['anonymise']) ? '' : sprintf(
|
|
'%sServer used to issue the request%sServer url: %sServer uuid: %sServer version: %s',
|
|
PHP_EOL,
|
|
PHP_EOL,
|
|
(empty(Configure::read('MISP.external_baseurl')) ? Configure::read('MISP.baseurl') : Configure::read('MISP.external_baseurl')) . PHP_EOL,
|
|
Configure::read('MISP.uuid') . PHP_EOL,
|
|
$this->mispVersion . PHP_EOL
|
|
)
|
|
);
|
|
$imgPath = APP . WEBROOT_DIR . DS . 'img' . DS . 'orgs' . DS;
|
|
$possibleFields = array('id', 'name');
|
|
$image = false;
|
|
App::uses('File', 'Utility');
|
|
foreach ($possibleFields as $field) {
|
|
if (isset($options[$field])) {
|
|
$file = new File($imgPath . $options[$field] . 'png');
|
|
if ($file->exists()) {
|
|
$image = $file->read();
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
if (!isset($this->request->data['Server']['gpgkey'])) {
|
|
$this->request->data['Server']['gpgkey'] = $gpgkey;
|
|
}
|
|
if (!empty($image)) {
|
|
$params['attachments']['logo.png'] = $image;
|
|
}
|
|
if (!empty($this->request->data['Server']['gpgkey'])) {
|
|
$params['attachments']['requestor.asc'] = $this->request->data['Server']['gpgkey'];
|
|
}
|
|
$params = array();
|
|
$params['to'] = $community['email'];
|
|
$params['reply-to'] = empty($this->request->data['Server']['email']) ? $this->Auth->user('email') : $this->request->data['Server']['email'];
|
|
$params['requestor_gpgkey'] = empty($this->request->data['Server']['gpgkey']) ? $gpgkey : $this->request->data['Server']['gpgkey'];
|
|
$params['gpgkey'] = $community['pgp_key'];
|
|
$params['body'] = $body;
|
|
$params['subject'] = '[' . $community['name'] . '] Requesting MISP access';
|
|
$params['mock'] = !empty($this->request->data['Server']['mock']) ? $this->request->data['Server']['mock'] : 0;
|
|
if (!empty(Configure::read('MISP.disable_emailing'))) {
|
|
$params['mock'] = 1;
|
|
}
|
|
$result = $this->User->sendEmailExternal($this->Auth->user(), $params);
|
|
$message = $result ? __('Request sent.') : __('Something went wrong and the request could not be sent.');
|
|
if ($this->_isRest()) {
|
|
if ($result === true) {
|
|
return $this->RestResponse->saveSuccessResponse('Communities', 'requestAccess', $id, false, $message);
|
|
} elseif ($result) {
|
|
return $this->RestResponse->viewData($result);
|
|
} else {
|
|
return $this->RestResponse->saveFailResponse('Communities', 'requestAccess', false, $message);
|
|
}
|
|
} else {
|
|
if ($result === true) {
|
|
$this->Flash->success($message);
|
|
$this->redirect(array('controller' => 'communities', 'action' => 'view', $id));
|
|
} elseif ($result) {
|
|
$this->set('result', $result);
|
|
if (empty($this->request->data['Server']['mock'])) {
|
|
$this->Flash->error(__('The message could not be sent (either because e-mailing is disabled or because encryption is misconfigured), however, you can view the e-mail that would have been sent below. Feel free to send it manually.'));
|
|
}
|
|
$this->render('request_access_email');
|
|
} else {
|
|
$this->Flash->error($message);
|
|
$this->redirect(array('controller' => 'communities', 'action' => 'view', $id));
|
|
}
|
|
}
|
|
if (!empty($this->request->data['Server']['mock'])) {
|
|
$this->set('mock', $this->request->data['Server']['mock']);
|
|
}
|
|
}
|
|
$this->set('community', $community);
|
|
}
|
|
}
|