chg: [user] force lowercase + add v6.0.1 update

CIRCL · Jan 14, 2025 · 7e27089 · 7e27089
1 parent aecf71d
commit 7e27089
Show file tree

Hide file tree

Showing 5 changed files with 90 additions and 8 deletions.
diff --git a/bin/lib/Tracker.py b/bin/lib/Tracker.py
@@ -744,20 +744,22 @@ def get_org_trackers_meta(user_org, tracker_type=None):
         metas.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'}))
     return metas
 
-def get_users_trackers_meta():
+def get_users_trackers_meta(user_id):
     trackers = []
     for tracker_uuid in get_trackers():
         tracker = Tracker(tracker_uuid)
         if tracker.is_level_user():
-            trackers.append(tracker.get_meta(options={'mails', 'sparkline', 'tags'}))
+            if tracker.get_user() != user_id:
+                trackers.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'}))
     return trackers
 
-def get_orgs_trackers_meta():
+def get_orgs_trackers_meta(user_org):
     trackers = []
     for tracker_uuid in get_trackers():
         tracker = Tracker(tracker_uuid)
         if tracker.is_level_org():
-            trackers.append(tracker.get_meta(options={'mails', 'sparkline', 'tags'}))
+            if tracker.get_org() != user_org:
+                trackers.append(tracker.get_meta(options={'description', 'mails', 'org', 'org_name', 'sparkline', 'tags'}))
     return trackers
 
 def get_trackers_graph_by_day(l_trackers, num_day=31, date_from=None, date_to=None):

diff --git a/bin/lib/ail_users.py b/bin/lib/ail_users.py
@@ -731,6 +731,45 @@ def api_delete_user(user_id, admin_id, ip_address, user_agent):
     return user.delete(), 200
 
 ########################################################################################################################
+
+def _fix_user_lowercase(user_id):  # TODO CHANGE EDIT DATE
+    l_user_id = user_id.lower()
+
+    if user_id != l_user_id:
+        kill_session_user(user_id)
+
+        # role
+        role = get_user_role(user_id)
+        for role_id in get_roles():
+            r_serv_db.srem(f'ail:users:role:{role_id}', user_id)
+        set_user_role(l_user_id, role)
+
+        # token
+        token = get_user_token(user_id)
+        r_serv_db.hdel('ail:users:tokens', token)
+        r_serv_db.hset('ail:users:tokens', token, l_user_id)
+
+        # org
+        org = ail_orgs.Organisation(get_user_org(user_id))
+        org.remove_user(user_id)
+
+        # meta
+        try:
+            r_serv_db.rename(f'ail:user:metadata:{user_id}', f'ail:user:metadata:{l_user_id}')
+        except Exception:
+            pass
+
+        # org
+        org.add_user(l_user_id)
+
+        # sets
+        p_hash = get_user_passwd_hash(user_id)
+        r_serv_db.hdel('ail:users:all', user_id)
+        r_serv_db.hset('ail:users:all', l_user_id, p_hash)
+
+        date = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
+        r_serv_db.hset(f'ail:user:metadata:{l_user_id}', 'last_edit', date)
+
 ########################################################################################################################
 
 #### ROLES ####

diff --git a/var/www/blueprints/hunters.py b/var/www/blueprints/hunters.py
@@ -145,8 +145,10 @@ def tracked_menu_typosquatting():
 @login_required
 @login_admin
 def tracked_menu_admin():
-    org_trackers = Tracker.get_orgs_trackers_meta()
-    user_trackers = Tracker.get_users_trackers_meta()
+    user_id = current_user.get_user_id()
+    user_org = current_user.get_org()
+    org_trackers = Tracker.get_orgs_trackers_meta(user_org)
+    user_trackers = Tracker.get_users_trackers_meta(user_id)
     return render_template("trackersManagement.html", user_trackers=user_trackers, org_trackers=org_trackers, global_trackers=[],
                            bootstrap_label=bootstrap_label)
 
@@ -277,6 +279,10 @@ def parse_add_edit_request(request_form):
             if sources:
                 sources = json.loads(sources)
                 filters[obj_type]['sources'] = sources
+            excludes = request_form.get(f'sources_{obj_type}_exclude', [])
+            if excludes:
+                excludes = json.loads(excludes)
+                filters[obj_type]['excludes'] = excludes
             # Subtypes
             for obj_subtype in ail_core.get_object_all_subtypes(obj_type):
                 subtype = request_form.get(f'filter_{obj_type}_{obj_subtype}')

diff --git a/var/www/blueprints/settings_b.py b/var/www/blueprints/settings_b.py
@@ -74,6 +74,8 @@ def user_profile():
     global_2fa = ail_users.is_2fa_enabled()
     return render_template("user_profile.html", meta=meta, global_2fa=global_2fa,acl_admin=acl_admin)
 
+#### USER OTP ####
+
 @settings_b.route("/settings/user/hotp", methods=['GET'])
 @login_required
 @login_read_only
@@ -160,6 +162,10 @@ def user_otp_reset():  # TODO ask for password ?
         user.kill_session()
         return redirect(url_for('settings_b.users_list'))
 
+## --USER OTP-- ##
+
+#### USER API ####
+
 @settings_b.route("/settings/user/api_key/new", methods=['GET'])
 @login_required
 @login_user
@@ -183,6 +189,30 @@ def new_token_user():
     else:
         return redirect(url_for('settings_b.users_list'))
 
+## --USER API-- ##
+
+#### USER MISP ####
+
+# @settings_b.route("/settings/user/misp", methods=['GET'])
+# @login_required
+# @login_user
+# def user_misp():
+#     pass
+#
+# @settings_b.route("/settings/user/misp/add", methods=['GET'])
+# @login_required
+# @login_user
+# def user_misp_add():
+#     pass
+#
+# @settings_b.route("/settings/user/misp/delete", methods=['GET'])
+# @login_required
+# @login_user
+# def user_misp_add():
+#     pass
+
+## --USER MISP-- ##
+
 @settings_b.route("/settings/user/logout", methods=['GET'])
 @login_required
 @login_admin
@@ -244,7 +274,7 @@ def create_user_post():
     # Admin ID
     admin_id = current_user.get_user_id()
 
-    email = request.form.get('username')
+    email = request.form.get('username', '')
     org_uuid = request.form.get('user_organisation')
     role = request.form.get('user_role')
     password1 = request.form.get('password1')
@@ -260,6 +290,7 @@ def create_user_post():
 
     all_roles = ail_users.get_roles()
 
+    email = email.lower()
     if email and len(email) < 300 and ail_users.check_email(email) and role:
         if role in all_roles:
             # password set

diff --git a/var/www/templates/dashboard/dashboard.html b/var/www/templates/dashboard/dashboard.html
@@ -332,7 +332,11 @@ <h3 class="text-center mt-1 mb-4" id="current_date"></h3>
     if (day < 10) {
         day = "0" + day;
     }
-    let current_date = d.getUTCFullYear() + ' - ' + (d.getUTCMonth() + 1) + ' - ' + day;
+    let month = d.getUTCMonth() + 1
+    if (month < 10) {
+        month = "0" + month;
+    }
+    let current_date = d.getUTCFullYear() + ' - ' + month + ' - ' + day;
     $('#current_date').text(current_date)
 }