Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue #252 Case insensitive login #306

Open
wants to merge 19 commits into
base: develop
Choose a base branch
from
Open

Issue #252 Case insensitive login #306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
b874948
[CLEAN] Made two, more precise, methods out of get_user
c8y3 Sep 1, 2023
19b7aab
[CLEAN] Grouped methods filtering Users
c8y3 Sep 1, 2023
f7580f9
[CLEAN] Factoring code
c8y3 Sep 1, 2023
281e4f8
[CLEAN] Using method from manage_users_db instead of calling a low-le…
c8y3 Sep 1, 2023
ecbb8da
[CLEAN] Created method get_active_user_by_api_key to factor code
c8y3 Sep 1, 2023
3dcf951
[CLEAN] Created method get_uses_ordered_by_name to factor code
c8y3 Sep 1, 2023
00ecdaa
[CLEAN] Using already existing method get_user to factor code
c8y3 Sep 1, 2023
27f2785
[CLEAN] Using already existing method get_user to factor code
c8y3 Sep 1, 2023
7bccb08
[CLEAN] Using already existing method get_user to factor code
c8y3 Sep 1, 2023
474e4f5
[CLEAN] Using already existing method get_user_by_username to factor …
c8y3 Sep 1, 2023
9246e5d
[CLEAN] Using already existing method get_user_by_mail to factor code
c8y3 Sep 1, 2023
8540019
[CLEAN] Renamed get_user_by_mail into get_user_by_email
c8y3 Sep 1, 2023
fbd6cbd
[CLEAN] Using already existing method get_user to factor code
c8y3 Sep 1, 2023
1ff040d
[#252][ADD] Searching users by login is now done in a case insensitiv…
c8y3 Sep 1, 2023
0828027
[CLEAN] Elimination of code duplication by using common code from man…
c8y3 Sep 6, 2023
5dffec8
[CLEAN] Moved code down into manage_users_db
c8y3 Sep 6, 2023
4a73a8a
[clean] Replaced type tuple by Tuple so that it works with python 3.8…
c8y3 Sep 6, 2023
df23618
[CLEAN] Factored code which should be down into manage_users_db
c8y3 Sep 6, 2023
4ced0d2
[CLEAN] Factored code down into manage_users_db
c8y3 Sep 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions source/app/blueprints/case/case_tasks_routes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@

from app import db
from app.blueprints.case.case_comments import case_comment_update
from app.datamgmt.manage.manage_users_db import get_user
from app.datamgmt.case.case_db import get_case
from app.datamgmt.case.case_tasks_db import add_comment_to_task
from app.datamgmt.case.case_tasks_db import add_task
Expand Down Expand Up @@ -205,10 +206,10 @@ def case_task_view_modal(cur_id, caseid, url_redir):

form.task_title.render_kw = {'value': task.task_title}
form.task_description.data = task.task_description
user_name, = User.query.with_entities(User.name).filter(User.id == task.task_userid_update).first()
user = get_user(task.task_userid_update)
comments_map = get_case_tasks_comments_count([task.id])

return render_template("modal_add_case_task.html", form=form, task=task, user_name=user_name,
return render_template("modal_add_case_task.html", form=form, task=task, user_name=user.name,
comments_map=comments_map, attributes=task.custom_attributes)


Expand Down
5 changes: 3 additions & 2 deletions source/app/blueprints/case/case_timeline_routes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@
from app.datamgmt.case.case_events_db import update_event_iocs
from app.datamgmt.case.case_iocs_db import get_ioc_by_value
from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes
from app.datamgmt.manage.manage_users_db import get_user
from app.datamgmt.states import get_timeline_state
from app.datamgmt.states import update_timeline_state
from app.forms import CaseEventForm
Expand Down Expand Up @@ -749,9 +750,9 @@ def event_view_modal(cur_id, caseid, url_redir):
iocs_prefill = get_event_iocs_ids(cur_id, caseid)
comments_map = get_case_events_comments_count([cur_id])

usr_name, = User.query.filter(User.id == event.user_id).with_entities(User.name).first()
user = get_user(event.user_id)

return render_template("modal_add_case_event.html", form=form, event=event, user_name=usr_name, tags=event_tags,
return render_template("modal_add_case_event.html", form=form, event=event, user_name=user.name, tags=event_tags,
assets=assets, iocs=iocs, comments_map=comments_map,
assets_prefill=assets_prefill, iocs_prefill=iocs_prefill,
category=event.category, attributes=event.custom_attributes)
Expand Down
13 changes: 7 additions & 6 deletions source/app/blueprints/dashboard/dashboard_routes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@
from app.datamgmt.dashboard.dashboard_db import get_tasks_status
from app.datamgmt.dashboard.dashboard_db import list_global_tasks
from app.datamgmt.dashboard.dashboard_db import list_user_tasks
from app.datamgmt.manage.manage_users_db import get_user
from app.datamgmt.manage.manage_users_db import get_users_ordered_by_name
from app.forms import CaseGlobalTaskForm
from app.iris_engine.module_handler.module_handler import call_modules_hook
from app.iris_engine.utils.tracker import track_activity
Expand Down Expand Up @@ -267,7 +269,7 @@ def add_gtask_modal(caseid):

form = CaseGlobalTaskForm()

form.task_assignee_id.choices = [(user.id, user.name) for user in User.query.filter(User.active == True).order_by(User.name).all()]
form.task_assignee_id.choices = [(user.id, user.name) for user in get_users_ordered_by_name()]
form.task_status_id.choices = [(a.id, a.status_name) for a in get_tasks_status()]

return render_template("modal_add_global_task.html", form=form, task=task, uid=current_user.id, user_name=None)
Expand Down Expand Up @@ -312,17 +314,16 @@ def add_gtask(caseid):
def edit_gtask_modal(cur_id, caseid):
form = CaseGlobalTaskForm()
task = GlobalTasks.query.filter(GlobalTasks.id == cur_id).first()
form.task_assignee_id.choices = [(user.id, user.name) for user in
User.query.filter(User.active == True).order_by(User.name).all()]
form.task_assignee_id.choices = [(user.id, user.name) for user in get_users_ordered_by_name()]
form.task_status_id.choices = [(a.id, a.status_name) for a in get_tasks_status()]

# Render the task
form.task_title.render_kw = {'value': task.task_title}
form.task_description.data = task.task_description
user_name, = User.query.with_entities(User.name).filter(User.id == task.task_userid_update).first()
user = get_user(task.task_userid_update)

return render_template("modal_add_global_task.html", form=form, task=task,
uid=task.task_assignee_id, user_name=user_name)
uid=task.task_assignee_id, user_name=user.name)


@dashboard_blueprint.route('/global/tasks/update/<int:cur_id>', methods=['POST'])
Expand All @@ -331,7 +332,7 @@ def edit_gtask(cur_id, caseid):

form = CaseGlobalTaskForm()
task = GlobalTasks.query.filter(GlobalTasks.id == cur_id).first()
form.task_assignee_id.choices = [(user.id, user.name) for user in User.query.filter(User.active == True).order_by(User.name).all()]
form.task_assignee_id.choices = [(user.id, user.name) for user in get_users_ordered_by_name()]
form.task_status_id.choices = [(a.id, a.status_name) for a in get_tasks_status()]

if not task:
Expand Down
2 changes: 1 addition & 1 deletion source/app/datamgmt/alerts/alerts_db.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1187,7 +1187,7 @@ def remove_case_alerts_by_ids(alert_ids: List[int]) -> None:
db.session.commit()


def delete_alerts(alert_ids: List[int]) -> tuple[bool, str]:
def delete_alerts(alert_ids: List[int]) -> Tuple[bool, str]:
"""
Delete multiples alerts from the database

Expand Down
3 changes: 2 additions & 1 deletion source/app/datamgmt/case/case_tasks_db.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

from app import db
from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes
from app.datamgmt.manage.manage_users_db import get_user
from app.datamgmt.manage.manage_users_db import get_users_list_restricted_from_case
from app.datamgmt.states import update_tasks_state
from app.models import CaseTasks, TaskAssignee
Expand Down Expand Up @@ -192,7 +193,7 @@ def update_task_assignees(task, task_assignee_list, caseid):
if uid not in allowed_users:
continue

user = User.query.filter(User.id == uid).first()
user = get_user(uid)
if user:
ta = TaskAssignee()
ta.task_id = task.id
Expand Down
3 changes: 2 additions & 1 deletion source/app/datamgmt/manage/manage_groups_db.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
from app import db
from app.datamgmt.case.case_db import get_case
from app.datamgmt.manage.manage_cases_db import list_cases_id
from app.datamgmt.manage.manage_users_db import get_user
from app.iris_engine.access_control.utils import ac_access_level_mask_from_val_list, ac_ldp_group_removal
from app.iris_engine.access_control.utils import ac_access_level_to_list
from app.iris_engine.access_control.utils import ac_auto_update_user_effective_access
Expand Down Expand Up @@ -168,7 +169,7 @@ def update_group_members(group, members):
users_to_remove = set_cur_groups - set_members

for uid in users_to_add:
user = User.query.filter(User.id == uid).first()
user = get_user(uid)
if user:
ug = UserGroup()
ug.group_id = group.group_id
Expand Down
202 changes: 109 additions & 93 deletions source/app/datamgmt/manage/manage_users_db.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,22 +40,125 @@
from app.models.authorization import UserOrganisation


def get_user(user_id, id_key: str = 'id'):
user = User.query.filter(getattr(User, id_key) == user_id).first()
def get_user(user_id):
user = User.query.filter(User.id == user_id).first()
return user


# TODO Isn't this doing the exact same thing as get_user?
# Replace all calls to get_user by calls to get_user_by_id and remove get_user?
def get_user_by_id(user_id: int):
return User.query.get(user_id)


def get_user_by_username(username):
user = User.query.filter(User.user.ilike(username)).first()
return user


def get_user_by_email(user_email):
return User.query.filter(User.email == user_email).first()


def get_active_user_by_login(username):
user = User.query.filter(
User.user == username,
User.user.ilike(username),
User.active == True
).first()
return user


def list_users_id():
users = User.query.with_entities(User.user_id).all()
return users
def get_active_user_by_api_key(api_key):
user = User.query.filter(
User.api_key == api_key,
User.active == True
).first()
return user


def get_user_details(user_id, include_api_key=False):

user = get_user(user_id)

if not user:
return None

row = {}
row['user_id'] = user.id
row['user_uuid'] = user.uuid
row['user_name'] = user.name
row['user_login'] = user.user
row['user_email'] = user.email
row['user_active'] = user.active
row['user_is_service_account'] = user.is_service_account

if include_api_key:
row['user_api_key'] = user.api_key

row['user_groups'] = get_user_groups(user_id)
row['user_organisations'] = get_user_organisations(user_id)
row['user_permissions'] = get_user_effective_permissions(user_id)
row['user_cases_access'] = get_user_cases_access(user_id)

upg = get_user_primary_org(user_id)
row['user_primary_organisation_id'] = upg.org_id if upg else 0

return row


def user_exists(user_name, user_email):
user = get_user_by_username(user_name)
user_by_email = get_user_by_email(user_email)

return user or user_by_email


def delete_user(user_id):
UserCaseAccess.query.filter(UserCaseAccess.user_id == user_id).delete()
UserOrganisation.query.filter(UserOrganisation.user_id == user_id).delete()
UserGroup.query.filter(UserGroup.user_id == user_id).delete()
UserCaseEffectiveAccess.query.filter(UserCaseEffectiveAccess.user_id == user_id).delete()

User.query.filter(User.id == user_id).delete()
db.session.commit()


def get_users_ordered_by_name():
return User.query.filter(User.active == True).order_by(User.name).all()


def get_users_list():
users = User.query.all()

output = []
for user in users:
row = {}
row['user_id'] = user.id
row['user_uuid'] = user.uuid
row['user_name'] = user.name
row['user_login'] = user.user
row['user_email'] = user.email
row['user_active'] = user.active
row['user_is_service_account'] = user.is_service_account
output.append(row)

return output


def get_users_list_restricted():
users = User.query.all()

output = []
for user in users:
row = {}
row['user_id'] = user.id
row['user_uuid'] = user.uuid
row['user_name'] = user.name
row['user_login'] = user.user
row['user_active'] = user.active
output.append(row)

return output


def get_user_effective_permissions(user_id):
Expand Down Expand Up @@ -402,36 +505,6 @@ def set_user_case_access(user_id, case_id, access_level):
return True, 'Case access set to {} for user {}'.format(access_level, user_id)


def get_user_details(user_id, include_api_key=False):

user = User.query.filter(User.id == user_id).first()

if not user:
return None

row = {}
row['user_id'] = user.id
row['user_uuid'] = user.uuid
row['user_name'] = user.name
row['user_login'] = user.user
row['user_email'] = user.email
row['user_active'] = user.active
row['user_is_service_account'] = user.is_service_account

if include_api_key:
row['user_api_key'] = user.api_key

row['user_groups'] = get_user_groups(user_id)
row['user_organisations'] = get_user_organisations(user_id)
row['user_permissions'] = get_user_effective_permissions(user_id)
row['user_cases_access'] = get_user_cases_access(user_id)

upg = get_user_primary_org(user_id)
row['user_primary_organisation_id'] = upg.org_id if upg else 0

return row


def add_case_access_to_user(user, cases_list, access_level):
if not user:
return None, "Invalid user"
Expand Down Expand Up @@ -464,45 +537,6 @@ def add_case_access_to_user(user, cases_list, access_level):
return user, "Updated"


def get_user_by_username(username):
user = User.query.filter(User.user == username).first()
return user


def get_users_list():
users = User.query.all()

output = []
for user in users:
row = {}
row['user_id'] = user.id
row['user_uuid'] = user.uuid
row['user_name'] = user.name
row['user_login'] = user.user
row['user_email'] = user.email
row['user_active'] = user.active
row['user_is_service_account'] = user.is_service_account
output.append(row)

return output


def get_users_list_restricted():
users = User.query.all()

output = []
for user in users:
row = {}
row['user_id'] = user.id
row['user_uuid'] = user.uuid
row['user_name'] = user.name
row['user_login'] = user.user
row['user_active'] = user.active
output.append(row)

return output


def get_users_view_from_user_id(user_id):
organisations = get_user_organisations(user_id)
orgs_id = [uo.get('org_id') for uo in organisations]
Expand Down Expand Up @@ -620,21 +654,3 @@ def update_user(user: User, name: str = None, email: str = None, password: str =
db.session.commit()

return user


def delete_user(user_id):
UserCaseAccess.query.filter(UserCaseAccess.user_id == user_id).delete()
UserOrganisation.query.filter(UserOrganisation.user_id == user_id).delete()
UserGroup.query.filter(UserGroup.user_id == user_id).delete()
UserCaseEffectiveAccess.query.filter(UserCaseEffectiveAccess.user_id == user_id).delete()

User.query.filter(User.id == user_id).delete()
db.session.commit()


def user_exists(user_name, user_email):
user = User.query.filter_by(user=user_name).first()
user_by_email = User.query.filter_by(email=user_email).first()

return user or user_by_email

Loading