chg: [Authentication] User authentication can be disabled in config. If disabled, users are automatically logged in with a randomly generated account name and redirected to /index.

4 years ago · 4d5ee49357
parent b313b7cc74
commit 4d5ee49357
2 changed files with 10 additions and 1 deletions
--- a/config/config.cfg.default
+++ b/config/config.cfg.default
@ -4,7 +4,8 @@ port = 8001
 debug = False

 [Auth]
-misp_fqdn = "https://misp.local"
+auth_enabled = False
+misp_fqdn = https://misp.local
 ssl_verify = True
 session_secret = **Change_Me**
 # Only send cookies with requests over HTTPS if the cookie is marked secure.
--- a/server.py
+++ b/server.py
@ -1,6 +1,7 @@
 #!/usr/bin/env python3
 import configparser
 import datetime
+import uuid
 import errno
 import json
 import logging
@ -35,6 +36,7 @@ server_host = cfg.get("Server", "host")
 server_port = cfg.getint("Server", "port")
 server_debug = cfg.get("Server", "debug")
 auth_host = cfg.get("Auth", "misp_fqdn")
+auth_enabled = cfg.getboolean("Auth", "auth_enabled")
 auth_ssl_verify = cfg.getboolean("Auth", "ssl_verify")
 auth_session_secret = cfg.get("Auth", "session_secret")
 auth_session_cookie_secure = cfg.getboolean("Auth", "session_cookie_secure")
@ -172,6 +174,12 @@ def login():
    Login form route.
    :return:
    """
+    if not auth_enabled:
+        # Generate a random user name and redirect the automatically authenticated user to index.
+        user = User(str(uuid.uuid4()).replace('-',''), '')
+        login_user(user)
+        return redirect(url_for('index'))
+
    if current_user.is_authenticated:
        return redirect(url_for('index'))