From c218090463ea2bb17ac13f647024f54ae150067f Mon Sep 17 00:00:00 2001 From: David Cruciani Date: Tue, 5 Mar 2024 11:30:58 +0100 Subject: [PATCH] chg: [conf] generate password if empty --- .gitignore | 1 + website/README.md | 10 ++++-- website/app.py | 2 ++ website/app/__init__.py | 2 +- website/app/home.py | 58 +++++++++++++++++++++------------- website/app/utils/utils.py | 23 +++++++++++--- website/conf/config.cfg.sample | 4 +++ website/{ => conf}/config.py | 2 -- 8 files changed, 71 insertions(+), 31 deletions(-) create mode 100644 website/conf/config.cfg.sample rename website/{ => conf}/config.py (92%) diff --git a/.gitignore b/.gitignore index f36ec06..b602dfd 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ venv* #vscode .vscode* *.sqlite +website/conf/config.cfg diff --git a/website/README.md b/website/README.md index 77e194d..f79774b 100644 --- a/website/README.md +++ b/website/README.md @@ -35,14 +35,20 @@ Edit `config.py` - `ADMIN_PASSWORD`: Password for Admin user if `ADMIN_USER` is True + + +Rename `config.cfg.sample` to `config.cfg` then edit it: + +- `ADMIN_USER`: If True, config page will not be accessible + +- `ADMIN_PASSWORD`: Password for Admin user if `ADMIN_USER` is True + ## Launch ```bash ./launch.sh -l ``` - - ## Admin user If admin user is active, type `/login` in url to access a login page and type the password wrote in `config.py` in `ADMIN_PASSOWRD`. diff --git a/website/app.py b/website/app.py index 520adf0..a2fcf7e 100644 --- a/website/app.py +++ b/website/app.py @@ -7,6 +7,7 @@ from app.utils.init_modules import create_modules_db import signal import sys import subprocess +from app.utils.utils import gen_admin_password def signal_handler(sig, frame): path = os.path.join(os.getcwd(), "launch.sh") @@ -47,4 +48,5 @@ elif args.create_module: with app.app_context(): create_modules_db() else: + gen_admin_password() app.run(host=app.config.get("FLASK_URL"), port=app.config.get("FLASK_PORT")) diff --git a/website/app/__init__.py b/website/app/__init__.py index 173fb3e..6cf0a3c 100644 --- a/website/app/__init__.py +++ b/website/app/__init__.py @@ -5,7 +5,7 @@ from flask_migrate import Migrate from flask_session import Session from flask_login import LoginManager -from config import config as Config +from conf.config import config as Config import os diff --git a/website/app/home.py b/website/app/home.py index e86ba9e..e71b3b5 100644 --- a/website/app/home.py +++ b/website/app/home.py @@ -15,7 +15,7 @@ home_blueprint = Blueprint( @home_blueprint.route("/") def home(): - sess["admin_user"] = admin_user_active() + sess["admin_user"] = bool(admin_user_active()) if "query" in request.args: return render_template("home.html", query=request.args.get("query")) return render_template("home.html") @@ -168,46 +168,60 @@ def download(sid): def modules_config(): """List all modules for configuration""" sess["admin_user"] = admin_user_active() + flag = True if sess.get("admin_user"): - if current_user.is_authenticated: - return render_template("modules_config.html") + if not current_user.is_authenticated: + flag = False + if flag: + return render_template("modules_config.html") return render_template("404.html") - + + @home_blueprint.route("/modules_config_data") def modules_config_data(): """List all modules for configuration""" sess["admin_user"] = admin_user_active() + flag = True if sess.get("admin_user"): - if current_user.is_authenticated: - modules_config = HomeModel.get_modules_config() - return modules_config, 200 + if not current_user.is_authenticated: + flag = False + if flag: + modules_config = HomeModel.get_modules_config() + return modules_config, 200 return {"message": "Permission denied"}, 403 - + @home_blueprint.route("/change_config", methods=["POST"]) def change_config(): """Change configuation for a module""" sess["admin_user"] = admin_user_active() + flag = True if sess.get("admin_user"): - if current_user.is_authenticated: - if "module_name" in request.json["result_dict"]: - res = HomeModel.change_config_core(request.json["result_dict"]) - if res: - return {'message': 'Config changed', 'toast_class': "success-subtle"}, 200 - return {'message': 'Something went wrong', 'toast_class': "danger-subtle"}, 400 - return {'message': 'Need to pass "module_name"', 'toast_class': "warning-subtle"}, 400 + if not current_user.is_authenticated: + flag = False + if flag: + if "module_name" in request.json["result_dict"]: + res = HomeModel.change_config_core(request.json["result_dict"]) + if res: + return {'message': 'Config changed', 'toast_class': "success-subtle"}, 200 + return {'message': 'Something went wrong', 'toast_class': "danger-subtle"}, 400 + return {'message': 'Need to pass "module_name"', 'toast_class': "warning-subtle"}, 400 return {'message': 'Permission denied', 'toast_class': "danger-subtle"}, 403 @home_blueprint.route("/change_status", methods=["GET"]) def change_status(): """Change the status of a module, active or unactive""" sess["admin_user"] = admin_user_active() + flag = True if sess.get("admin_user"): - if current_user.is_authenticated: - if "module_id" in request.args: - res = HomeModel.change_status_core(request.args.get("module_id")) - if res: - return {'message': 'Module status changed', 'toast_class': "success-subtle"}, 200 - return {'message': 'Something went wrong', 'toast_class': "danger-subtle"}, 400 - return {'message': 'Need to pass "module_id"', 'toast_class': "warning-subtle"}, 400 + if not current_user.is_authenticated: + flag = False + # if admin is active and user is logon or if admin is not active + if flag: + if "module_id" in request.args: + res = HomeModel.change_status_core(request.args.get("module_id")) + if res: + return {'message': 'Module status changed', 'toast_class': "success-subtle"}, 200 + return {'message': 'Something went wrong', 'toast_class': "danger-subtle"}, 400 + return {'message': 'Need to pass "module_id"', 'toast_class': "warning-subtle"}, 400 return {'message': 'Permission denied', 'toast_class': "danger-subtle"}, 403 diff --git a/website/app/utils/utils.py b/website/app/utils/utils.py index 724f186..12a649d 100644 --- a/website/app/utils/utils.py +++ b/website/app/utils/utils.py @@ -1,10 +1,15 @@ import os +import random import uuid import json import requests # import jsonschema -from config import Config +from conf.config import Config from pathlib import Path +import configparser +config = configparser.ConfigParser() +CONF_PATH = os.path.join(os.getcwd(), "conf", "config.cfg") +config.read(CONF_PATH) MODULES = [] @@ -51,9 +56,19 @@ def get_object(obj_name): def admin_user_active(): - return Config.ADMIN_USER + config.read(CONF_PATH) + return config.getboolean("ADMIN", "ADMIN_USER") def admin_password(): - return Config.ADMIN_PASSWORD - + return config["ADMIN"]["ADMIN_PASSWORD"] +def gen_admin_password(): + if not admin_password(): + chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%#[]+-:;_&*().,?0123456789' + password = '' + for _ in range(20): + password += random.choice(chars) + print(f"##########################\n## Admin password ##\n## {password} ##\n##########################") + config["ADMIN"]["ADMIN_PASSWORD"] = password + with open(CONF_PATH, "w") as conffile: + config.write(conffile) \ No newline at end of file diff --git a/website/conf/config.cfg.sample b/website/conf/config.cfg.sample new file mode 100644 index 0000000..43ee293 --- /dev/null +++ b/website/conf/config.cfg.sample @@ -0,0 +1,4 @@ +[ADMIN] +admin_user = False +admin_password = + diff --git a/website/config.py b/website/conf/config.py similarity index 92% rename from website/config.py rename to website/conf/config.py index 3a65e3b..bb49a8a 100644 --- a/website/config.py +++ b/website/conf/config.py @@ -4,8 +4,6 @@ class Config: FLASK_URL = '127.0.0.1' FLASK_PORT = 7008 MISP_MODULE = '127.0.0.1:6666' - ADMIN_USER = False - ADMIN_PASSWORD = "Password1234" class DevelopmentConfig(Config): DEBUG = True