chg: [Authentication] User authentication can be disabled in config. If disabled, users are automatically logged in with a randomly generated account name and redirected to /index.

pull/129/head
VVX7 2019-10-03 17:26:58 -04:00
parent b313b7cc74
commit 4d5ee49357
2 changed files with 10 additions and 1 deletions

View File

@ -4,7 +4,8 @@ port = 8001
debug = False debug = False
[Auth] [Auth]
misp_fqdn = "https://misp.local" auth_enabled = False
misp_fqdn = https://misp.local
ssl_verify = True ssl_verify = True
session_secret = **Change_Me** session_secret = **Change_Me**
# Only send cookies with requests over HTTPS if the cookie is marked secure. # Only send cookies with requests over HTTPS if the cookie is marked secure.

View File

@ -1,6 +1,7 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import configparser import configparser
import datetime import datetime
import uuid
import errno import errno
import json import json
import logging import logging
@ -35,6 +36,7 @@ server_host = cfg.get("Server", "host")
server_port = cfg.getint("Server", "port") server_port = cfg.getint("Server", "port")
server_debug = cfg.get("Server", "debug") server_debug = cfg.get("Server", "debug")
auth_host = cfg.get("Auth", "misp_fqdn") auth_host = cfg.get("Auth", "misp_fqdn")
auth_enabled = cfg.getboolean("Auth", "auth_enabled")
auth_ssl_verify = cfg.getboolean("Auth", "ssl_verify") auth_ssl_verify = cfg.getboolean("Auth", "ssl_verify")
auth_session_secret = cfg.get("Auth", "session_secret") auth_session_secret = cfg.get("Auth", "session_secret")
auth_session_cookie_secure = cfg.getboolean("Auth", "session_cookie_secure") auth_session_cookie_secure = cfg.getboolean("Auth", "session_cookie_secure")
@ -172,6 +174,12 @@ def login():
Login form route. Login form route.
:return: :return:
""" """
if not auth_enabled:
# Generate a random user name and redirect the automatically authenticated user to index.
user = User(str(uuid.uuid4()).replace('-',''), '')
login_user(user)
return redirect(url_for('index'))
if current_user.is_authenticated: if current_user.is_authenticated:
return redirect(url_for('index')) return redirect(url_for('index'))