Tips-Of-Mine/soc-fortress
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first sync
Some checks failed
Deployment Verification / deploy-and-test (push) Failing after 29s
Details

Browse Source
This commit is contained in:
Hubert Cornet
2025-03-04 07:59:21 +01:00
parent 9cdcf486b6
commit 506716e703
1450 changed files with 577316 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
iris-web/source/app/blueprints/profile/__init__.py Normal file
View File

224
iris-web/source/app/blueprints/profile/profile_routes.py Normal file
View File

@@ -0,0 +1,224 @@
#!/usr/bin/env python3
#
# IRIS Source Code
# Copyright (C) 2021 - Airbus CyberSecurity (SAS)
# ir@cyberactionlab.net
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 3 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
import marshmallow
# IMPORTS ------------------------------------------------
import secrets
from flask import Blueprint
from flask import redirect
from flask import render_template
from flask import request
from flask import session
from flask import url_for
from flask_login import current_user
from flask_wtf import FlaskForm
from app import db
from app.datamgmt.manage.manage_srv_settings_db import get_srv_settings
from app.datamgmt.manage.manage_users_db import get_user
from app.datamgmt.manage.manage_users_db import get_user_primary_org
from app.datamgmt.manage.manage_users_db import update_user
from app.iris_engine.access_control.utils import ac_current_user_has_permission
from app.iris_engine.access_control.utils import ac_get_effective_permissions_of_user
from app.iris_engine.access_control.utils import ac_recompute_effective_ac
from app.iris_engine.utils.tracker import track_activity
from app.models.authorization import Permissions
from app.schema.marshables import UserSchema, BasicUserSchema
from app.util import ac_api_requires
from app.util import ac_requires
from app.util import endpoint_deprecated
from app.util import response_error
from app.util import response_success
profile_blueprint = Blueprint('profile',
__name__,
template_folder='templates')
# CONTENT ------------------------------------------------
@profile_blueprint.route('/user/settings', methods=['GET'])
@ac_requires(no_cid_required=True)
def user_settings(caseid, url_redir):
if url_redir:
return redirect(url_for('profile.user_settings', cid=caseid))
return render_template('profile.html')
@profile_blueprint.route('/user/token/renew', methods=['GET'])
@ac_api_requires(no_cid_required=True)
def user_renew_api(caseid):
user = get_user(current_user.id)
user.api_key = secrets.token_urlsafe(nbytes=64)
db.session.commit()
return response_success("Token renewed")
@profile_blueprint.route('/user/is-admin', methods=['GET'])
@endpoint_deprecated('Use /user/has-permission to check permission', 'v1.5.0')
def user_is_admin(caseid):
pass
@profile_blueprint.route('/user/has-permission', methods=['POST'])
@ac_api_requires(no_cid_required=True)
def user_has_permission(caseid):
req_js = request.json
if not req_js:
return response_error('Invalid request')
if not req_js.get('permission_name') or not \
req_js.get('permission_value'):
return response_error('Invalid request')
if req_js.get('permission_value') not in Permissions._value2member_map_:
return response_error('Invalid permission')
if Permissions(req_js.get('permission_value')).name.lower() != req_js.get('permission_name').lower():
return response_error('Permission value-name mismatch')
if ac_current_user_has_permission(Permissions(req_js.get('permission_value'))):
return response_success('User has permission')
else:
return response_error('User does not have permission', status=403)
@profile_blueprint.route('/user/update/modal', methods=['GET'])
@ac_requires(no_cid_required=True)
def update_pwd_modal(caseid, url_redir):
if url_redir:
return redirect(url_for('profile.user_settings', cid=caseid))
form = FlaskForm()
server_settings = get_srv_settings()
return render_template("modal_pwd_user.html", form=form, server_settings=server_settings)
@profile_blueprint.route('/user/update', methods=['POST'])
@ac_api_requires(no_cid_required=True)
def update_user_view(caseid):
try:
user = get_user(current_user.id)
if not user:
return response_error("Invalid user ID for this case")
# validate before saving
user_schema = UserSchema()
jsdata = request.get_json()
jsdata['user_id'] = current_user.id
puo = get_user_primary_org(current_user.id)
jsdata['user_primary_organisation_id'] = puo.org_id
cuser = user_schema.load(jsdata, instance=user, partial=True)
update_user(password=jsdata.get('user_password'),
user=user)
db.session.commit()
if cuser:
track_activity("user {} updated itself".format(user.user), caseid=caseid)
return response_success("User updated", data=user_schema.dump(user))
return response_error("Unable to update user for internal reasons")
except marshmallow.exceptions.ValidationError as e:
return response_error(msg="Data error", data=e.messages, status=400)
@profile_blueprint.route('/user/theme/set/<string:theme>', methods=['GET'])
@ac_api_requires(no_cid_required=True)
def profile_set_theme(theme, caseid):
if theme not in ['dark', 'light']:
return response_error('Invalid data')
user = get_user(current_user.id)
if not user:
return response_error("Invalid user ID")
user.in_dark_mode = (theme == 'dark')
db.session.commit()
return response_success('Theme changed')
@profile_blueprint.route('/user/deletion-prompt/set/<string:val>', methods=['GET'])
@ac_api_requires(no_cid_required=True)
def profile_set_deletion_prompt(val, caseid):
if val not in ['true', 'false']:
return response_error('Invalid data')
user = get_user(current_user.id)
if not user:
return response_error("Invalid user ID")
user.has_deletion_confirmation = (val == 'true')
db.session.commit()
return response_success('Deletion prompt {}'.format('enabled' if val == 'true' else 'disabled'))
@profile_blueprint.route('/user/mini-sidebar/set/<string:val>', methods=['GET'])
@ac_api_requires(no_cid_required=True)
def profile_set_minisidebar(val, caseid):
if val not in ['true', 'false']:
return response_error('Invalid data')
user = get_user(current_user.id)
if not user:
return response_error("Invalid user ID")
user.has_mini_sidebar = (val == 'true')
db.session.commit()
return response_success('Mini sidebar {}'.format('enabled' if val == 'true' else 'disabled'))
@profile_blueprint.route('/user/refresh-permissions', methods=['GET'])
@ac_api_requires(no_cid_required=True)
def profile_refresh_permissions_and_ac(caseid):
user = get_user(current_user.id)
if not user:
return response_error("Invalid user ID")
ac_recompute_effective_ac(current_user.id)
session['permissions'] = ac_get_effective_permissions_of_user(user)
return response_success('Access control and permissions refreshed')
@profile_blueprint.route('/user/whoami', methods=['GET'])
@ac_api_requires(no_cid_required=True)
def profile_whoami(caseid):
"""
Returns the current user's profile
"""
user = get_user(current_user.id)
if not user:
return response_error("Invalid user ID")
user_schema = BasicUserSchema()
return response_success(data=user_schema.dump(user))

44
iris-web/source/app/blueprints/profile/templates/modal_pwd_user.html Normal file
View File

@@ -0,0 +1,44 @@
<div class="modal-header">
<h4>Change password</h4>
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
aria-hidden="true">&times;</span></button>
</div>
<div class="modal-body">
<div class="container col-md-12">
<form method="post" action="" id="form_update_pwd">
<div class="col-md-12 col-lg-12 col-sm-12">
{{ form.hidden_tag() }}
<div class="form-group mt-3">
<label for="user_password" class="placeholder">Password</label>
<ul >
<li><small>Must contain at least {{ server_settings.password_policy_min_length }} chars</small></li>
{% if server_settings.password_policy_upper_case %}
<li class="text-sm"><small>Must contain at least an upper case</small></li>
{% endif %}
{% if server_settings.password_policy_lower_case %}
<li class="text-sm"><small>Must contain at least a lower case</small></li>
{% endif %}
{% if server_settings.password_policy_digit %}
<li class="text-sm"><small>Must contain at least a digit</small></li>
{% endif %}
{% if server_settings.password_policy_special_chars %}
<li class="text-sm"><small>Must contain at least one of : {{ server_settings.password_policy_special_chars }}</small></li>
{% endif %}
</ul>
<input type="password" class="form-control" id="user_password" placeholder="Password">
</div>
<div class="form-group mt-3">
<label for="user_password" class="placeholder">Password verification</label>
<input type="password" class="form-control" id="user_password_v" placeholder="Verification">
</div>
</div>
<button type="button" class="btn btn-outline-success ml-4 mt-5 float-right"
onclick="save_user_password();">Save</button>
</form>
</div>
</div>

166
iris-web/source/app/blueprints/profile/templates/profile.html Normal file
View File

@@ -0,0 +1,166 @@
{% extends "layouts/default.html" %}
{% block title %} Dashboard {% endblock title %}
{% block stylesheets %}
{% endblock stylesheets %}
{% block content %}
{% if current_user.is_authenticated %}
<div class="page-inner">
<div class="row ">
<div class="col-md-12">
<div class="card card-profile">
<div class="card-header">
<div class="profile-picture">
<div class="avatar avatar-xl">
<img src="/static/assets/img/profile.jpg" alt="..." class="avatar-img rounded-circle">
</div>
</div>
</div>
<div class="card-body">
<div class="user-profile text-center">
<div class="name">{{ current_user.name }}</div>
<div class="desc">Forensicator</div>
</div>
</div>
<div class="card-footer">
<div class="row">
<div class="form-group col">
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text">
<i class="icon-token"></i>
Name
</span>
</div>
<input class="form-control" value="{{ current_user.name }}" readonly>
</div>
</div>
<div class="form-group col">
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text">
<i class="icon-token"></i>
Username
</span>
</div>
<input class="form-control disable" value="{{ current_user.user }}" readonly>
</div>
</div>
</div>
<div class="row">
<div class="form-group col">
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text">
<i class="icon-token"></i>
Email
</span>
</div>
<input class="form-control disable" value="{{ current_user.email }}" readonly>
</div>
</div>
<div class="form-group col">
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text">
<i class="icon-token"></i>
#ID
</span>
</div>
<input class="form-control disable" value="{{ current_user.id }}" readonly>
</div>
</div>
<div class="form-group col">
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text">
<i class="icon-token"></i>
#UUID
</span>
</div>
<input class="form-control disable" value="{{ current_user.uuid }}" readonly>
</div>
</div>
</div>
{% if config['AUTHENTICATION_TYPE'] == 'local' or config['AUTHENTICATION_TYPE'] == 'ldap' %}
<div class="row mb-4">
<div class="form-group col">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text">
<i class="icon-token"></i>
API Key
</span>
</div>
<input class="form-control disable" value="{{ current_user.api_key }}" readonly>
<div class="input-group-append">
<button class="btn btn-sm btn-dark" type="button" onclick="renew_api()">Renew</button>
</div>
</div>
</div>
</div>
{% endif %}
<div class="row">
<div class="col">
<div class="form-group">
<label class="form-label d-block">IRIS Theme</label>
<div class="selectgroup selectgroup-primary selectgroup-pills">
<label class="selectgroup-item" title="Light mode">
<input type="radio" name="iris-theme" value="false" class="selectgroup-input" {% if not current_user.in_dark_mode %}checked{% endif %}>
<span class="selectgroup-button selectgroup-button-icon"><i class="fa fa-sun"></i></span>
</label>
<label class="selectgroup-item" title="Dark mode">
<input type="radio" name="iris-theme" value="true" class="selectgroup-input" {% if current_user.in_dark_mode %}checked{% endif %}>
<span class="selectgroup-button selectgroup-button-icon"><i class="fa fa-moon"></i></span>
</label>
</div>
</div>
</div>
<div class="col">
<div class="form-group">
<label class="form-label d-block">Prompt a confirmation box before deleting objects</label>
<div class="selectgroup selectgroup-primary selectgroup-pills">
<label class="selectgroup-item" title="Do not prompt a confirmation popup and delete objects directly">
<input type="radio" name="user-has-deletion-prompt" value="false" class="selectgroup-input" {% if not current_user.has_deletion_confirmation %}checked{% endif %}>
<span class="selectgroup-button selectgroup-button-icon"><i class="fa fa-comment-slash"></i></span>
</label>
<label class="selectgroup-item" title="Prompt a confirmation popup before deleting objects">
<input type="radio" name="user-has-deletion-prompt" value="true" class="selectgroup-input" {% if current_user.has_deletion_confirmation %}checked{% endif %}>
<span class="selectgroup-button selectgroup-button-icon"><i class="fa fa-comment"></i></span>
</label>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-6 float-left mt-4">
<button class="btn btn-dark" type="button" onclick="refresh_user_permissions();" id="user_refresh_perms_btn">Refresh access</button>
</div>
<div class="col-6 float-right mt-4">
<button class="btn btn-primary float-right" type="button" onclick="update_password();">Change password</button>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="modal" tabindex="-1" role="dialog" id="modal_pwd_user" data-backdrop="true">
<div class="modal-lg modal-dialog" role="document">
<div class="modal-content" id="modal_pwd_user_content">
</div><!-- /.modal-content -->
</div><!-- /.modal-dialog -->
</div>
{% endif %}
{% endblock content %}
{% block javascripts %}
<script src="/static/assets/js/iris/user.js"></script>
{% endblock javascripts %}