From 0b462404de246579992a37892161cd30107d65ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A9borah=20Servili?=
 <Delta-Sierra@users.noreply.github.com>
Date: Thu, 3 Nov 2016 11:23:48 +0100
Subject: [PATCH] add user management and examples

---
 examples/add_user.py      | 28 ++++++++++++++++++++++++
 examples/delete_user.py   | 25 +++++++++++++++++++++
 examples/edit_user.py     | 29 ++++++++++++++++++++++++
 examples/sighting.py      |  4 +---
 examples/user_sample.json |  6 +++++
 examples/users_list.py    | 24 ++++++++++++++++++++
 pymisp/api.py             | 46 +++++++++++++++++++++++++++++++++++++++
 7 files changed, 159 insertions(+), 3 deletions(-)
 create mode 100755 examples/add_user.py
 create mode 100755 examples/delete_user.py
 create mode 100755 examples/edit_user.py
 create mode 100644 examples/user_sample.json
 create mode 100644 examples/users_list.py

diff --git a/examples/add_user.py b/examples/add_user.py
new file mode 100755
index 0000000..6236f09
--- /dev/null
+++ b/examples/add_user.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key
+import argparse
+
+# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
+try:
+    input = raw_input
+except NameError:
+    pass
+
+
+def init(url, key):
+    return PyMISP(url, key, True, 'json')
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Add  the user described in the given json. If no file is provided, returns a json listing all the fields used to describe a user.')
+    parser.add_argument("-f", "--json_file", help="The name of the json file describing the user you want to create.")
+    args = parser.parse_args()
+
+    misp = init(misp_url, misp_key)
+
+    if args.json_file is None:
+        print (misp.get_add_user_fields_list())
+    else:
+        print(misp.add_user(args.json_file))
diff --git a/examples/delete_user.py b/examples/delete_user.py
new file mode 100755
index 0000000..b6aaf7d
--- /dev/null
+++ b/examples/delete_user.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key
+import argparse
+
+# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
+try:
+    input = raw_input
+except NameError:
+    pass
+
+
+def init(url, key):
+    return PyMISP(url, key, True, 'json')
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Delete the user with the given id. Keep in mind that disabling users (by setting the disabled flag via an edit) is always prefered to keep user associations to events intact.')
+    parser.add_argument("-i", "--user_id", help="The id of the user you want to delete.")
+    args = parser.parse_args()
+
+    misp = init(misp_url, misp_key)
+
+    print(misp.delete_user(args.user_id))
diff --git a/examples/edit_user.py b/examples/edit_user.py
new file mode 100755
index 0000000..f7b3d98
--- /dev/null
+++ b/examples/edit_user.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key
+import argparse
+
+# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
+try:
+    input = raw_input
+except NameError:
+    pass
+
+
+def init(url, key):
+    return PyMISP(url, key, True, 'json')
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Edit the user designed by the user_id. If no file is provided, returns a json listing all the fields used to describe a user.')
+    parser.add_argument("-i", "--user_id", required=True, help="The name of the json file describing the user you want to modify.")
+    parser.add_argument("-f", "--json_file", help="The name of the json file describing your modifications.")
+    args = parser.parse_args()
+
+    misp = init(misp_url, misp_key)
+
+    if args.json_file is None:
+        print (misp.get_edit_user_fields_list(args.user_id))
+    else:
+        print(misp.edit_user(args.json_file, args.user_id))
diff --git a/examples/sighting.py b/examples/sighting.py
index 433c2c2..10bd72d 100755
--- a/examples/sighting.py
+++ b/examples/sighting.py
@@ -17,11 +17,9 @@ def init(url, key):
 
 if __name__ == '__main__':
     parser = argparse.ArgumentParser(description='Add sighting.')
-    parser.add_argument("-f", "--json_file", help="The name of the json file describing the attribute you want to add sighting to.")
+    parser.add_argument("-f", "--json_file", required=True, help="The name of the json file describing the attribute you want to add sighting to.")
     args = parser.parse_args()
 
     misp = init(misp_url, misp_key)
 
     misp.sighting_per_json(args.json_file)
-    
-
diff --git a/examples/user_sample.json b/examples/user_sample.json
new file mode 100644
index 0000000..626b519
--- /dev/null
+++ b/examples/user_sample.json
@@ -0,0 +1,6 @@
+{
+    "email":"maaiil@domain.lu",
+    "org_id":1,
+    "role_id":1,
+    "autoalert":1
+}
diff --git a/examples/users_list.py b/examples/users_list.py
new file mode 100644
index 0000000..78620ee
--- /dev/null
+++ b/examples/users_list.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from pymisp import PyMISP
+from keys import misp_url, misp_key
+import argparse
+
+# For python2 & 3 compat, a bit dirty, but it seems to be the least bad one
+try:
+    input = raw_input
+except NameError:
+    pass
+
+
+def init(url, key):
+    return PyMISP(url, key, True, 'json')
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Get a list of the sharing groups from the MISP instance.')
+
+    misp = init(misp_url, misp_key)
+
+    users_list = misp.get_users_list()
+    print (users_list)
diff --git a/pymisp/api.py b/pymisp/api.py
index 16cacd1..327b128 100644
--- a/pymisp/api.py
+++ b/pymisp/api.py
@@ -1094,3 +1094,49 @@ class PyMISP(object):
         url = urljoin(self.root_url, 'sharing_groups/index.json')
         response = session.get(url)
         return self._check_response(response)['response'][0]
+
+    # ############## Users ##################
+
+    def get_users_list(self):
+        session = self.__prepare_session()
+        url = urljoin(self.root_url, 'admin/users')
+        response = session.get(url)
+        return self._check_response(response)['response']
+
+    def get_user(self, user_id):
+        session = self.__prepare_session()
+        url = urljoin(self.root_url, 'admin/users/view/{}'.format(user_id))
+        response = session.get(url)
+        return self._check_response(response)
+
+    def add_user(self, json_file):
+        session = self.__prepare_session()
+        jdata = json.load(open(json_file))
+        url = urljoin(self.root_url, 'admin/users/add/')
+        response = session.post(url, data=json.dumps(jdata))
+        return self._check_response(response)
+
+    def get_add_user_fields_list(self):
+        session = self.__prepare_session()
+        url = urljoin(self.root_url, 'admin/users/add/')
+        response = session.get(url)
+        return self._check_response(response)
+
+    def edit_user(self, json_file, user_id):
+        session = self.__prepare_session()
+        jdata = json.load(open(json_file))
+        url = urljoin(self.root_url, 'admin/users/edit/{}'.format(user_id))
+        response = session.post(url, data=json.dumps(jdata))
+        return self._check_response(response)
+
+    def get_edit_user_fields_list(self, user_id):
+        session = self.__prepare_session()
+        url = urljoin(self.root_url, 'admin/users/edit/{}'.format(user_id))
+        response = session.get(url)
+        return self._check_response(response)
+
+    def delete_user(self, user_id):
+        session = self.__prepare_session()
+        url = urljoin(self.root_url, 'admin/users/delete/{}'.format(user_id))
+        response = session.post(url)
+        return self._check_response(response)