From aa4ed936658c4cccc5a492dec0bf5d09f2c06bec Mon Sep 17 00:00:00 2001 From: whikernel Date: Tue, 22 Apr 2025 08:30:34 +0200 Subject: [PATCH 01/10] [ADD] Start transition of current_user flask --- source/app/__init__.py | 20 +-- source/app/blueprints/access_controls.py | 111 ++++++++++++++--- .../blueprints/pages/alerts/alerts_routes.py | 4 +- .../pages/case/case_tasks_routes.py | 4 +- .../pages/dashboard/dashboard_routes.py | 5 +- .../blueprints/pages/login/login_routes.py | 8 +- .../pages/manage/manage_cases_routes.py | 6 +- .../pages/manage/manage_groups_routes.py | 3 +- .../blueprints/pages/manage/manage_users.py | 5 +- source/app/blueprints/rest/v2/auth.py | 44 ++++++- source/app/business/auth.py | 114 +++++++++++++++++- source/app/configuration.py | 2 + source/app/iris_engine/utils/tracker.py | 3 +- source/app/util.py | 3 +- 14 files changed, 288 insertions(+), 44 deletions(-) diff --git a/source/app/__init__.py b/source/app/__init__.py index 61e3b5a7e..04f74aef0 100644 --- a/source/app/__init__.py +++ b/source/app/__init__.py @@ -116,15 +116,17 @@ def ac_current_user_has_manage_perms(): set_celery_flask_context(celery, app) -if app.config.get('DEVELOPMENT_ENABLED'): - CORS(app, - supports_credentials=True, - resources={r"/api/*": {"origins": [ - "https://127.0.0.1:5137", - "https://localhost:5173", - "https://localhost", - "https://127.0.0.1" - ]}}) +#if app.config.get('DEVELOPMENT_ENABLED'): +CORS(app, + supports_credentials=True, + resources={r"/api/*": {"origins": [ + "https://127.0.0.1:5137", + "https://localhost:5173", + "https://localhost", + "https://127.0.0.1", + "http://app:8000", + "http://frontend:5173", + ]}}) app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1) diff --git a/source/app/blueprints/access_controls.py b/source/app/blueprints/access_controls.py index fb491be71..2bdbb518d 100644 --- a/source/app/blueprints/access_controls.py +++ b/source/app/blueprints/access_controls.py @@ -30,6 +30,7 @@ from flask import request from flask import render_template from flask import session +from flask import g from flask_login import current_user from flask_login import login_user from flask_wtf import FlaskForm @@ -42,6 +43,7 @@ from app import app from app import db from app.blueprints.responses import response_error +from app.business.auth import validate_auth_token, get_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.manage.manage_access_control_db import user_has_client_access from app.datamgmt.manage.manage_users_db import get_user @@ -55,12 +57,36 @@ def _user_has_at_least_a_required_permission(permissions: list[Permissions]): """ - Returns true as soon as the user has at least one permission in the list of permissions - Returns true if the list of required permissions is empty + Returns true if the user has at least one of the required permissions + Works with both session-based and token-based authentication """ if not permissions: return True + # For token-based authentication + if hasattr(g, 'auth_token_user_id'): + # Use cached permissions from token if available + if hasattr(g, 'auth_user_permissions'): + user_permissions = g.auth_user_permissions + else: + # Lazy load permissions only once per request + from app.datamgmt.manage.manage_users_db import get_user + user = get_user(g.auth_token_user_id) + if not user: + return False + + user_permissions = ac_get_effective_permissions_of_user(user) + g.auth_user_permissions = user_permissions # Cache for this request + + for permission in permissions: + if user_permissions & permission.value: + return True + return False + + # For session-based authentication + if 'permissions' not in session: + session['permissions'] = ac_get_effective_permissions_of_user(current_user) + for permission in permissions: if session['permissions'] & permission.value: return True @@ -182,7 +208,8 @@ def _get_case_access(request_data, access_level, no_cid_required=False): if ctmp is not None: return redir, ctmp, has_access - eaccess_level = ac_fast_check_user_has_case_access(current_user.id, caseid, access_level) + current_user_wrap = get_current_user() + eaccess_level = ac_fast_check_user_has_case_access(current_user_wrap.id, caseid, access_level) if eaccess_level is None and access_level: _update_denied_case(caseid) return redir, caseid, False @@ -218,8 +245,9 @@ def _is_csrf_token_valid(): def _ac_return_access_denied(caseid: int = None): error_uuid = uuid.uuid4() - log.warning(f"Access denied to case #{caseid} for user ID {current_user.id}. Error {error_uuid}") - return render_template('pages/error-403.html', user=current_user, caseid=caseid, error_uuid=error_uuid, + current_user_wrap = get_current_user() + log.warning(f"Access denied to case #{caseid} for user ID {current_user_wrap.id}. Error {error_uuid}") + return render_template('pages/error-403.html', user=current_user_wrap, caseid=caseid, error_uuid=error_uuid, template_folder=TEMPLATE_PATH), 403 @@ -251,11 +279,13 @@ def get_case_access_from_api(request_data, access_level): redir, caseid, has_access = _get_caseid_from_request_data(request_data, False) redir = False - if not hasattr(current_user, 'id'): + current_user_wrap = get_current_user() + + if not hasattr(current_user_wrap, 'id'): # Anonymous request, deny access return False, 1, False - eaccess_level = ac_fast_check_user_has_case_access(current_user.id, caseid, access_level) + eaccess_level = ac_fast_check_user_has_case_access(current_user_wrap.id, caseid, access_level) if eaccess_level is None and access_level: return redir, caseid, False @@ -321,19 +351,37 @@ def inner_wrap(f): @wraps(f) def wrap(*args, **kwargs): if not _is_csrf_token_valid(): - return response_error('Invalid CSRF token') + if 'auth_token_user_id' not in g: + return response_error('Invalid CSRF token') if not is_user_authenticated(request): return response_error('Authentication required', status=401) - if 'permissions' not in session: - session['permissions'] = ac_get_effective_permissions_of_user(current_user) + # Set the user for token-based authentication + if hasattr(g, 'auth_token_user_id'): + from app.datamgmt.manage.manage_users_db import get_user + user = get_user(g.auth_token_user_id) + if not user: + return response_error('User not found', status=404) - if not _user_has_at_least_a_required_permission(permissions): - return response_error('Permission denied', status=403) + # Create a compatibility layer for token auth + g.token_user = user + + # Check permissions + if not _user_has_at_least_a_required_permission(permissions): + return response_error('Permission denied', status=403) + else: + # Session-based auth - use the normal approach + if 'permissions' not in session: + session['permissions'] = ac_get_effective_permissions_of_user(current_user) + + if not _user_has_at_least_a_required_permission(permissions): + return response_error('Permission denied', status=403) return f(*args, **kwargs) + return wrap + return inner_wrap @@ -341,8 +389,9 @@ def ac_requires_client_access(): def inner_wrap(f): @wraps(f) def wrap(*args, **kwargs): + current_user_wrap = get_current_user() client_id = kwargs.get('client_id') - if not user_has_client_access(current_user.id, client_id): + if not user_has_client_access(current_user_wrap.id, client_id): return _ac_return_access_denied() return f(*args, **kwargs) @@ -364,7 +413,8 @@ def wrap(*args, **kwargs): else: return _ac_return_access_denied(caseid=0) - access = ac_fast_check_user_has_case_access(current_user.id, case_id, access_level) + current_user_wrap = get_current_user() + access = ac_fast_check_user_has_case_access(current_user_wrap.id, case_id, access_level) if not access: return _ac_return_access_denied(caseid=case_id) @@ -375,7 +425,8 @@ def wrap(*args, **kwargs): def ac_api_return_access_denied(caseid: int = None): - user_id = current_user.id if hasattr(current_user, 'id') else 'Anonymous' + current_user_wrap = get_current_user() + user_id = current_user_wrap.id if hasattr(current_user_wrap, 'id') else 'Anonymous' error_uuid = uuid.uuid4() log.warning(f"EID {error_uuid} - Access denied with case #{caseid} for user ID {user_id} " f"accessing URI {request.full_path}") @@ -392,7 +443,8 @@ def inner_wrap(f): @wraps(f) def wrap(*args, **kwargs): client_id = kwargs.get('client_id') - if not user_has_client_access(current_user.id, client_id): + current_user_wrap = get_current_user() + if not user_has_client_access(current_user_wrap.id, client_id): return response_error("Permission denied", status=403) return f(*args, **kwargs) @@ -497,7 +549,29 @@ def _oidc_proxy_authentication_process(incoming_request: Request): def _local_authentication_process(incoming_request: Request): - return current_user.is_authenticated + current_user_wrap = get_current_user() + return current_user_wrap.is_authenticated + + +def _token_authentication_process(incoming_request: Request): + """ + Process authentication using an Authorization header with Bearer token + """ + auth_header = incoming_request.headers.get('Authorization', '') + if not auth_header.startswith('Bearer '): + return False + + token = auth_header.split(' ')[1] + user_data = validate_auth_token(token) + + if not user_data: + return False + + # Store user data for later use + g.auth_user = user_data + g.auth_token_user_id = user_data['user_id'] + + return True def is_user_authenticated(incoming_request: Request): @@ -508,6 +582,9 @@ def is_user_authenticated(incoming_request: Request): "oidc": _local_authentication_process, } + if _token_authentication_process(incoming_request): + return True + return authentication_mapper.get(app.config.get("AUTHENTICATION_TYPE"))(incoming_request) diff --git a/source/app/blueprints/pages/alerts/alerts_routes.py b/source/app/blueprints/pages/alerts/alerts_routes.py index 00d7e1005..76f6aea63 100644 --- a/source/app/blueprints/pages/alerts/alerts_routes.py +++ b/source/app/blueprints/pages/alerts/alerts_routes.py @@ -20,7 +20,6 @@ from flask import render_template from flask import redirect from flask import url_for -from flask_login import current_user from flask_wtf import FlaskForm from typing import Union from werkzeug import Response @@ -30,6 +29,8 @@ from app.models.authorization import Permissions from app.blueprints.responses import response_error from app.blueprints.access_controls import ac_requires +from app.business.auth import get_current_user + alerts_blueprint = Blueprint( 'alerts', @@ -78,6 +79,7 @@ def alert_comment_modal(cur_id, caseid, url_redir): if not alert: return response_error('Invalid alert ID') + current_user = get_current_user() if not user_has_client_access(current_user.id, alert.alert_customer_id): return response_error('User not entitled to update alerts for the client', status=403) diff --git a/source/app/blueprints/pages/case/case_tasks_routes.py b/source/app/blueprints/pages/case/case_tasks_routes.py index 1ca44cae6..fce822727 100644 --- a/source/app/blueprints/pages/case/case_tasks_routes.py +++ b/source/app/blueprints/pages/case/case_tasks_routes.py @@ -20,9 +20,9 @@ from flask import redirect from flask import render_template from flask import url_for -from flask_login import current_user from flask_wtf import FlaskForm +from app.business.auth import get_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.case.case_tasks_db import get_case_tasks_comments_count from app.datamgmt.case.case_tasks_db import get_task @@ -65,6 +65,8 @@ def case_add_task_modal(caseid, url_redir): form.task_status_id.choices = [(a.id, a.status_name) for a in get_tasks_status()] form.task_assignees_id.choices = [] + current_user = get_current_user() + return render_template("modal_add_case_task.html", form=form, task=task, uid=current_user.id, user_name=None, attributes=task.custom_attributes) diff --git a/source/app/blueprints/pages/dashboard/dashboard_routes.py b/source/app/blueprints/pages/dashboard/dashboard_routes.py index e8b9ba415..78afc8832 100644 --- a/source/app/blueprints/pages/dashboard/dashboard_routes.py +++ b/source/app/blueprints/pages/dashboard/dashboard_routes.py @@ -20,10 +20,10 @@ from flask import redirect from flask import render_template from flask import url_for -from flask_login import current_user from flask_wtf import FlaskForm from app import app +from app.business.auth import get_current_user from app.datamgmt.dashboard.dashboard_db import get_tasks_status from app.forms import CaseGlobalTaskForm from app.iris_engine.access_control.utils import ac_get_user_case_counts @@ -60,6 +60,7 @@ def index(caseid, url_redir): msg = None + current_user = get_current_user() acgucc = ac_get_user_case_counts(current_user.id) data = { @@ -87,6 +88,8 @@ def add_gtask_modal(caseid, url_redir): form.task_assignee_id.choices = [(user.id, user.name) for user in User.query.filter(User.active == True).order_by(User.name).all()] form.task_status_id.choices = [(a.id, a.status_name) for a in get_tasks_status()] + current_user = get_current_user() + return render_template("modal_add_global_task.html", form=form, task=task, uid=current_user.id, user_name=None) diff --git a/source/app/blueprints/pages/login/login_routes.py b/source/app/blueprints/pages/login/login_routes.py index 84af5ebcf..e8302c73e 100644 --- a/source/app/blueprints/pages/login/login_routes.py +++ b/source/app/blueprints/pages/login/login_routes.py @@ -40,7 +40,7 @@ from app.blueprints.access_controls import is_authentication_oidc from app.blueprints.access_controls import is_authentication_ldap from app.blueprints.responses import response_error -from app.business.auth import validate_ldap_login +from app.business.auth import validate_ldap_login, get_current_user from app.business.users import retrieve_user_by_username from app.business.auth import wrap_login_user from app.datamgmt.manage.manage_users_db import create_user, update_user_groups @@ -113,7 +113,8 @@ def _authenticate_password(form, username, password): if app.config.get("AUTHENTICATION_TYPE") in ["local", "ldap", "oidc"]: @login_blueprint.route('/login', methods=['GET', 'POST']) def login(): - if current_user.is_authenticated: + current_user_wrap = get_current_user() + if current_user_wrap.is_authenticated: return redirect(url_for('index.index')) if is_authentication_oidc() and app.config.get('AUTHENTICATION_LOCAL_FALLBACK') is False: @@ -138,7 +139,8 @@ def login(): if is_authentication_oidc(): @login_blueprint.route('/oidc-login') def oidc_login(): - if current_user.is_authenticated: + current_user_wrap = get_current_user() + if current_user_wrap.is_authenticated: return redirect(url_for('index.index')) session["oidc_state"] = rndstr() diff --git a/source/app/blueprints/pages/manage/manage_cases_routes.py b/source/app/blueprints/pages/manage/manage_cases_routes.py index 9667e3640..ffd89fe69 100644 --- a/source/app/blueprints/pages/manage/manage_cases_routes.py +++ b/source/app/blueprints/pages/manage/manage_cases_routes.py @@ -21,10 +21,10 @@ from flask import redirect from flask import render_template from flask import url_for -from flask_login import current_user from flask_wtf import FlaskForm from werkzeug import Response +from app.business.auth import get_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.client.client_db import get_client_list from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes @@ -84,6 +84,8 @@ def _details_case(cur_id: int, caseid: int, url_redir: bool) -> Union[str, Respo case_states = get_case_states_list() user_is_server_administrator = ac_current_user_has_permission(Permissions.server_administrator) + current_user = get_current_user() + customers = get_client_list(current_user_id=current_user.id, is_server_administrator=user_is_server_administrator) @@ -116,6 +118,8 @@ def add_case_modal(caseid: int, url_redir: bool): return redirect(url_for('manage_case.manage_index_cases', cid=caseid)) form = AddCaseForm() + current_user = get_current_user() + # Show only clients that the user has access to client_list = get_client_list(current_user_id=current_user.id, is_server_administrator=ac_current_user_has_permission( diff --git a/source/app/blueprints/pages/manage/manage_groups_routes.py b/source/app/blueprints/pages/manage/manage_groups_routes.py index 51322618e..ed9f516b8 100644 --- a/source/app/blueprints/pages/manage/manage_groups_routes.py +++ b/source/app/blueprints/pages/manage/manage_groups_routes.py @@ -17,9 +17,9 @@ from flask import Blueprint from flask import render_template from flask import url_for -from flask_login import current_user from werkzeug.utils import redirect +from app.business.auth import get_current_user from app.datamgmt.manage.manage_cases_db import list_cases_dict from app.datamgmt.manage.manage_groups_db import get_group_details from app.datamgmt.manage.manage_groups_db import get_group_with_members @@ -95,6 +95,7 @@ def manage_groups_cac_modal(cur_id, caseid, url_redir): if not group: return response_error("Invalid group ID") + current_user = get_current_user() cases_list = list_cases_dict(current_user.id) group_cases_access = [case.get('case_id') for case in group.group_cases_access] outer_cases_list = [] diff --git a/source/app/blueprints/pages/manage/manage_users.py b/source/app/blueprints/pages/manage/manage_users.py index 419881858..39e8ac5af 100644 --- a/source/app/blueprints/pages/manage/manage_users.py +++ b/source/app/blueprints/pages/manage/manage_users.py @@ -20,8 +20,8 @@ from flask import redirect from flask import render_template from flask import url_for -from flask_login import current_user +from app.business.auth import get_current_user from app.datamgmt.client.client_db import get_client_list from app.datamgmt.manage.manage_cases_db import list_cases_dict from app.datamgmt.manage.manage_groups_db import get_groups_list @@ -102,6 +102,8 @@ def manage_user_customers_modal(cur_id, caseid, url_redir): if not user: return response_error("Invalid user ID") + current_user = get_current_user() + user_is_server_administrator = ac_current_user_has_permission(Permissions.server_administrator) groups = get_client_list(current_user_id=current_user.id, is_server_administrator=user_is_server_administrator) @@ -120,6 +122,7 @@ def manage_user_cac_modal(cur_id, caseid, url_redir): if not user: return response_error("Invalid user ID") + current_user = get_current_user() cases_list = list_cases_dict(current_user.id) user_cases_access = [case.get('case_id') for case in user.get('user_cases_access')] diff --git a/source/app/blueprints/rest/v2/auth.py b/source/app/blueprints/rest/v2/auth.py index 26b062edb..70b61be8a 100644 --- a/source/app/blueprints/rest/v2/auth.py +++ b/source/app/blueprints/rest/v2/auth.py @@ -15,7 +15,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - +import jwt from flask import Blueprint, session from flask import redirect, url_for from flask import request @@ -25,13 +25,14 @@ from app import app from app import db from app import oidc_client +from app.datamgmt.manage.manage_users_db import get_active_user from app.logger import logger from app.blueprints.access_controls import is_authentication_ldap from app.blueprints.access_controls import is_authentication_oidc from app.blueprints.access_controls import not_authenticated_redirection_url -from app.blueprints.rest.endpoints import response_api_error +from app.blueprints.rest.endpoints import response_api_error, response_api_not_found from app.blueprints.rest.endpoints import response_api_success -from app.business.auth import validate_ldap_login, validate_local_login, return_authed_user_info +from app.business.auth import validate_ldap_login, validate_local_login, return_authed_user_info, generate_auth_tokens from app.iris_engine.utils.tracker import track_activity from app.schema.marshables import UserSchema @@ -127,3 +128,40 @@ def whoami(): return response_api_success(data=UserSchema(only=[ 'id', 'user_name', 'user_login', 'user_email' ]).dump(current_user)) + + + +@auth_blueprint.post('/refresh-token') +def refresh_token_endpoint(): + """ + Refresh authentication tokens using a valid refresh token + """ + refresh_token = request.json.get('refresh_token') + if not refresh_token: + return response_api_error('Refresh token is required') + + try: + # Decode the token manually to check the type + payload = jwt.decode(refresh_token, app.config.get('SECRET_KEY'), algorithms=['HS256']) + + # Verify it's a refresh token + if payload.get('type') != 'refresh': + return response_api_error('Invalid token type') + + user_id = payload.get('user_id') + user = get_active_user(user_id=user_id) + + if not user: + return response_api_not_found() + + # Generate new tokens + new_tokens = generate_auth_tokens(user_id) + + return response_api_success(data={ + 'tokens': new_tokens + }) + + except jwt.ExpiredSignatureError: + return response_api_error('Refresh token has expired') + except jwt.InvalidTokenError: + return response_api_error('Invalid refresh token') \ No newline at end of file diff --git a/source/app/business/auth.py b/source/app/business/auth.py index c11fd3c0d..d9cb8fb39 100644 --- a/source/app/business/auth.py +++ b/source/app/business/auth.py @@ -18,11 +18,11 @@ from urllib.parse import urlparse, urljoin -from flask import session +from flask import session, g from flask import redirect from flask import url_for from flask import request -from flask_login import login_user +from flask_login import login_user, current_user from app import bc from app import app @@ -37,6 +37,31 @@ from app.models.cases import Cases from app.schema.marshables import UserSchema +import datetime +import jwt +from flask import jsonify + + +class TokenUser: + """A class that mimics the Flask-Login current_user interface for token auth""" + def __init__(self, user_data): + self.id = user_data['user_id'] + self.user = user_data['username'] + self.is_authenticated = True + self.is_active = True + self.is_anonymous = False + + +def get_current_user(): + """ + Returns a compatible user object for both session and token auth + For token auth, uses data from g.auth_user + For session auth, returns Flask current_user + """ + if hasattr(g, 'auth_user'): + return TokenUser(g.auth_user) + return current_user + def return_authed_user_info(user_id): """ @@ -74,7 +99,13 @@ def validate_ldap_login(username: str, password: str, local_fallback: bool = Tru if not user: return None - return UserSchema(exclude=['user_password', 'mfa_secrets', 'webauthn_credentials']).dump(user) + user_data = UserSchema(exclude=['user_password', 'mfa_secrets', 'webauthn_credentials']).dump(user) + + # Generate auth tokens for API access + tokens = generate_auth_tokens(user.id) + user_data.update({'tokens': tokens}) + + return user_data except Exception as e: logger.error(e.__str__()) return None @@ -95,7 +126,14 @@ def validate_local_login(username: str, password: str): if bc.check_password_hash(user.password, password): wrap_login_user(user) - return UserSchema(exclude=['user_password', 'mfa_secrets', 'webauthn_credentials']).dump(user) + + user_data = UserSchema(exclude=['user_password', 'mfa_secrets', 'webauthn_credentials']).dump(user) + + # Generate auth tokens for API access + tokens = generate_auth_tokens(user.id) + user_data.update({'tokens': tokens}) + + return user_data track_activity(f'wrong login password for user \'{username}\' using local auth', ctx_less=True, display_in_ui=False) return None @@ -157,3 +195,71 @@ def wrap_login_user(user, is_oidc=False): next_url = _filter_next_url(request.args.get('next'), user.ctx_case) return redirect(next_url) + + +def generate_auth_tokens(user_id, username): + """ + Generate access and refresh tokens with essential user data + + :param user_id: The user ID + :param username: The username + :return: Dict containing tokens with expiry + """ + # Configure token expiration times + access_token_expiry = datetime.datetime.now(datetime.UTC) + datetime.timedelta( + minutes=app.config.get('ACCESS_TOKEN_EXPIRES_MINUTES', 15) + ) + refresh_token_expiry = datetime.datetime.now(datetime.UTC) + datetime.timedelta( + days=app.config.get('REFRESH_TOKEN_EXPIRES_DAYS', 14) + ) + + # Generate access token with user data + access_token_payload = { + 'user_id': user_id, + 'username': username, + 'exp': access_token_expiry + } + access_token = jwt.encode( + access_token_payload, + app.config.get('SECRET_KEY'), + algorithm='HS256' + ) + + # Generate refresh token + refresh_token_payload = { + 'user_id': user_id, + 'username': username, + 'exp': refresh_token_expiry, + 'type': 'refresh' + } + refresh_token = jwt.encode( + refresh_token_payload, + app.config.get('SECRET_KEY'), + algorithm='HS256' + ) + + return { + 'access_token': access_token, + 'refresh_token': refresh_token, + 'access_token_expires_at': access_token_expiry.timestamp(), + 'refresh_token_expires_at': refresh_token_expiry.timestamp() + } + + +def validate_auth_token(token): + """ + Validate an authentication token + + :param token: JWT token to validate + :return: Dict with user data if valid, None otherwise + """ + try: + payload = jwt.decode(token, app.config.get('SECRET_KEY'), algorithms=['HS256']) + return { + 'user_id': payload.get('user_id'), + 'username': payload.get('username') + } + except jwt.ExpiredSignatureError: + return None + except jwt.InvalidTokenError: + return None \ No newline at end of file diff --git a/source/app/configuration.py b/source/app/configuration.py index 034a0c8e1..1330e2a5a 100644 --- a/source/app/configuration.py +++ b/source/app/configuration.py @@ -260,6 +260,8 @@ class Config: SESSION_COOKIE_SECURE = True SESSION_COOKIE_HTTPONLY = True MFA_ENABLED = config.load('IRIS', 'MFA_ENABLED', fallback=False) == 'True' + ACCESS_TOKEN_EXPIRES_MINUTES = 15 + REFRESH_TOKEN_EXPIRES_DAYS = 14 PG_ACCOUNT = PG_ACCOUNT_ PG_PASSWD = PG_PASSWD_ diff --git a/source/app/iris_engine/utils/tracker.py b/source/app/iris_engine/utils/tracker.py index bdddec88a..d688ba900 100644 --- a/source/app/iris_engine/utils/tracker.py +++ b/source/app/iris_engine/utils/tracker.py @@ -18,10 +18,10 @@ from datetime import datetime from flask import request -from flask_login import current_user import app from app import db +from app.blueprints.access_controls import get_current_user from app.models.models import UserActivity log = app.app.logger @@ -34,6 +34,7 @@ def track_activity(message, caseid=None, ctx_less=False, user_input=False, displ :return: Nothing """ ua = UserActivity() + current_user = get_current_user() try: diff --git a/source/app/util.py b/source/app/util.py index bf08d97f3..00c0e52b8 100644 --- a/source/app/util.py +++ b/source/app/util.py @@ -26,11 +26,11 @@ from cryptography.exceptions import InvalidSignature from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import hmac -from flask_login import current_user from sqlalchemy.orm.attributes import flag_modified from flask import current_app from app import db +from app.business.auth import get_current_user class FileRemover(object): @@ -48,6 +48,7 @@ def _do_cleanup(self, wr): def add_obj_history_entry(obj, action, commit=False): if hasattr(obj, 'modification_history'): + current_user = get_current_user() if isinstance(obj.modification_history, dict): From 529cb5de1a76285eb54c78ca4b69f9da021447e0 Mon Sep 17 00:00:00 2001 From: whikernel Date: Tue, 22 Apr 2025 09:30:22 +0200 Subject: [PATCH 02/10] [UPD] Updated with iris_current_user --- .../blueprints/pages/alerts/alerts_routes.py | 6 +- .../pages/case/case_tasks_routes.py | 6 +- .../pages/dashboard/dashboard_routes.py | 9 +-- .../pages/manage/manage_cases_routes.py | 9 +-- .../pages/manage/manage_groups_routes.py | 5 +- .../blueprints/pages/manage/manage_users.py | 9 +-- source/app/blueprints/rest/alerts_routes.py | 57 +++++++++---------- .../rest/case/case_assets_routes.py | 12 ++-- .../rest/case/case_evidences_routes.py | 4 +- .../blueprints/rest/case/case_ioc_routes.py | 6 +- .../blueprints/rest/case/case_notes_routes.py | 4 +- .../app/blueprints/rest/case/case_routes.py | 6 +- .../blueprints/rest/case/case_tasks_routes.py | 4 +- .../rest/case/case_timeline_routes.py | 9 ++- source/app/blueprints/rest/context_routes.py | 18 +++--- .../app/blueprints/rest/dashboard_routes.py | 17 +++--- .../app/blueprints/rest/datastore_routes.py | 4 +- source/app/blueprints/rest/filters_routes.py | 4 +- .../manage/manage_case_templates_routes.py | 4 +- .../rest/manage/manage_cases_routes.py | 6 +- .../rest/manage/manage_customers_routes.py | 6 +- .../blueprints/rest/manage/manage_groups.py | 6 +- source/app/blueprints/rest/overview_routes.py | 2 +- source/app/blueprints/rest/profile_routes.py | 27 +++++---- source/app/business/auth.py | 6 +- source/app/iris_engine/utils/tracker.py | 8 +-- source/app/util.py | 11 ++-- 27 files changed, 126 insertions(+), 139 deletions(-) diff --git a/source/app/blueprints/pages/alerts/alerts_routes.py b/source/app/blueprints/pages/alerts/alerts_routes.py index 76f6aea63..4aee6b7bf 100644 --- a/source/app/blueprints/pages/alerts/alerts_routes.py +++ b/source/app/blueprints/pages/alerts/alerts_routes.py @@ -29,8 +29,7 @@ from app.models.authorization import Permissions from app.blueprints.responses import response_error from app.blueprints.access_controls import ac_requires -from app.business.auth import get_current_user - +from app.business.auth import iris_current_user alerts_blueprint = Blueprint( 'alerts', @@ -79,8 +78,7 @@ def alert_comment_modal(cur_id, caseid, url_redir): if not alert: return response_error('Invalid alert ID') - current_user = get_current_user() - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to update alerts for the client', status=403) return render_template("modal_conversation.html", element_id=cur_id, element_type='alerts', diff --git a/source/app/blueprints/pages/case/case_tasks_routes.py b/source/app/blueprints/pages/case/case_tasks_routes.py index fce822727..3aafa23c4 100644 --- a/source/app/blueprints/pages/case/case_tasks_routes.py +++ b/source/app/blueprints/pages/case/case_tasks_routes.py @@ -22,7 +22,7 @@ from flask import url_for from flask_wtf import FlaskForm -from app.business.auth import get_current_user +from app.business.auth import iris_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.case.case_tasks_db import get_case_tasks_comments_count from app.datamgmt.case.case_tasks_db import get_task @@ -65,9 +65,7 @@ def case_add_task_modal(caseid, url_redir): form.task_status_id.choices = [(a.id, a.status_name) for a in get_tasks_status()] form.task_assignees_id.choices = [] - current_user = get_current_user() - - return render_template("modal_add_case_task.html", form=form, task=task, uid=current_user.id, user_name=None, + return render_template("modal_add_case_task.html", form=form, task=task, uid=iris_current_user.id, user_name=None, attributes=task.custom_attributes) diff --git a/source/app/blueprints/pages/dashboard/dashboard_routes.py b/source/app/blueprints/pages/dashboard/dashboard_routes.py index 78afc8832..ec111ac3e 100644 --- a/source/app/blueprints/pages/dashboard/dashboard_routes.py +++ b/source/app/blueprints/pages/dashboard/dashboard_routes.py @@ -23,7 +23,7 @@ from flask_wtf import FlaskForm from app import app -from app.business.auth import get_current_user +from app.business.auth import iris_current_user from app.datamgmt.dashboard.dashboard_db import get_tasks_status from app.forms import CaseGlobalTaskForm from app.iris_engine.access_control.utils import ac_get_user_case_counts @@ -60,8 +60,7 @@ def index(caseid, url_redir): msg = None - current_user = get_current_user() - acgucc = ac_get_user_case_counts(current_user.id) + acgucc = ac_get_user_case_counts(iris_current_user.id) data = { "user_open_count": acgucc[2], @@ -88,9 +87,7 @@ def add_gtask_modal(caseid, url_redir): form.task_assignee_id.choices = [(user.id, user.name) for user in User.query.filter(User.active == True).order_by(User.name).all()] form.task_status_id.choices = [(a.id, a.status_name) for a in get_tasks_status()] - current_user = get_current_user() - - return render_template("modal_add_global_task.html", form=form, task=task, uid=current_user.id, user_name=None) + return render_template("modal_add_global_task.html", form=form, task=task, uid=iris_current_user.id, user_name=None) @dashboard_blueprint.route('/global/tasks/update//modal', methods=['GET']) diff --git a/source/app/blueprints/pages/manage/manage_cases_routes.py b/source/app/blueprints/pages/manage/manage_cases_routes.py index ffd89fe69..8ea64e573 100644 --- a/source/app/blueprints/pages/manage/manage_cases_routes.py +++ b/source/app/blueprints/pages/manage/manage_cases_routes.py @@ -24,7 +24,7 @@ from flask_wtf import FlaskForm from werkzeug import Response -from app.business.auth import get_current_user +from app.business.auth import iris_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.client.client_db import get_client_list from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes @@ -84,9 +84,7 @@ def _details_case(cur_id: int, caseid: int, url_redir: bool) -> Union[str, Respo case_states = get_case_states_list() user_is_server_administrator = ac_current_user_has_permission(Permissions.server_administrator) - current_user = get_current_user() - - customers = get_client_list(current_user_id=current_user.id, + customers = get_client_list(current_user_id=iris_current_user.id, is_server_administrator=user_is_server_administrator) severities = get_severities_list() @@ -118,10 +116,9 @@ def add_case_modal(caseid: int, url_redir: bool): return redirect(url_for('manage_case.manage_index_cases', cid=caseid)) form = AddCaseForm() - current_user = get_current_user() # Show only clients that the user has access to - client_list = get_client_list(current_user_id=current_user.id, + client_list = get_client_list(current_user_id=iris_current_user.id, is_server_administrator=ac_current_user_has_permission( Permissions.server_administrator)) diff --git a/source/app/blueprints/pages/manage/manage_groups_routes.py b/source/app/blueprints/pages/manage/manage_groups_routes.py index ed9f516b8..f526d4133 100644 --- a/source/app/blueprints/pages/manage/manage_groups_routes.py +++ b/source/app/blueprints/pages/manage/manage_groups_routes.py @@ -19,7 +19,7 @@ from flask import url_for from werkzeug.utils import redirect -from app.business.auth import get_current_user +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_cases_db import list_cases_dict from app.datamgmt.manage.manage_groups_db import get_group_details from app.datamgmt.manage.manage_groups_db import get_group_with_members @@ -95,8 +95,7 @@ def manage_groups_cac_modal(cur_id, caseid, url_redir): if not group: return response_error("Invalid group ID") - current_user = get_current_user() - cases_list = list_cases_dict(current_user.id) + cases_list = list_cases_dict(iris_current_user.id) group_cases_access = [case.get('case_id') for case in group.group_cases_access] outer_cases_list = [] for case in cases_list: diff --git a/source/app/blueprints/pages/manage/manage_users.py b/source/app/blueprints/pages/manage/manage_users.py index 39e8ac5af..4b2f7dfe4 100644 --- a/source/app/blueprints/pages/manage/manage_users.py +++ b/source/app/blueprints/pages/manage/manage_users.py @@ -21,7 +21,7 @@ from flask import render_template from flask import url_for -from app.business.auth import get_current_user +from app.business.auth import iris_current_user from app.datamgmt.client.client_db import get_client_list from app.datamgmt.manage.manage_cases_db import list_cases_dict from app.datamgmt.manage.manage_groups_db import get_groups_list @@ -102,10 +102,8 @@ def manage_user_customers_modal(cur_id, caseid, url_redir): if not user: return response_error("Invalid user ID") - current_user = get_current_user() - user_is_server_administrator = ac_current_user_has_permission(Permissions.server_administrator) - groups = get_client_list(current_user_id=current_user.id, + groups = get_client_list(current_user_id=iris_current_user.id, is_server_administrator=user_is_server_administrator) return render_template("modal_manage_user_customers.html", groups=groups, user=user) @@ -122,8 +120,7 @@ def manage_user_cac_modal(cur_id, caseid, url_redir): if not user: return response_error("Invalid user ID") - current_user = get_current_user() - cases_list = list_cases_dict(current_user.id) + cases_list = list_cases_dict(iris_current_user.id) user_cases_access = [case.get('case_id') for case in user.get('user_cases_access')] outer_cases_list = [] diff --git a/source/app/blueprints/rest/alerts_routes.py b/source/app/blueprints/rest/alerts_routes.py index eb2dd919f..2f9d1b8a5 100644 --- a/source/app/blueprints/rest/alerts_routes.py +++ b/source/app/blueprints/rest/alerts_routes.py @@ -21,7 +21,6 @@ from flask import Blueprint from flask import request from flask import current_app -from flask_login import current_user from typing import List from werkzeug import Response @@ -29,6 +28,7 @@ from app.blueprints.rest.endpoints import endpoint_deprecated from app.blueprints.rest.parsing import parse_comma_separated_identifiers from app.blueprints.rest.case_comments import case_comment_update +from app.business.auth import iris_current_user from app.datamgmt.alerts.alerts_db import get_filtered_alerts from app.datamgmt.alerts.alerts_db import get_alert_by_id from app.datamgmt.alerts.alerts_db import create_case_from_alert @@ -129,6 +129,7 @@ def alerts_list_route() -> Response: else: fields = None + try: filtered_alerts = get_filtered_alerts( start_date=request.args.get('creation_start_date'), @@ -154,7 +155,7 @@ def alerts_list_route() -> Response: assets=alert_assets, iocs=alert_iocs, resolution_status=request.args.get('alert_resolution_id', type=int), - current_user_id=current_user.id + current_user_id=iris_current_user.id ) except Exception as e: @@ -219,8 +220,7 @@ def alerts_get_route(alert_id) -> Response: # Return the alert as JSON if alert is None: return response_error('Alert not found') - - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('Alert not found') alert_dump = alert_schema.dump(alert) @@ -251,8 +251,7 @@ def alerts_similarities_route(alert_id) -> Response: # Return the alert as JSON if alert is None: return response_error('Alert not found') - - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('Alert not found') open_alerts = request.args.get('open-alerts', 'false').lower() == 'true' @@ -295,8 +294,7 @@ def alerts_update_route(alert_id) -> Response: alert = get_alert_by_id(alert_id) if not alert: return response_error('Alert not found') - - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to update alerts for the client', status=403) alert_schema = AlertSchema() @@ -332,7 +330,7 @@ def alerts_update_route(alert_id) -> Response: # Deserialize the JSON data into an Alert object updated_alert = alert_schema.load(data, instance=alert, partial=True) if data.get('alert_owner_id') is None and updated_alert.alert_owner_id is None: - updated_alert.alert_owner_id = current_user.id + updated_alert.alert_owner_id = iris_current_user.id if data.get('alert_owner_id') == "-1" or data.get('alert_owner_id') == -1: updated_alert.alert_owner_id = None @@ -412,11 +410,11 @@ def alerts_batch_update_route() -> Response: activity_data.append(f"\"{key}\"") # Check if the user has access to the client - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to update alerts for the client', status=403) if getattr(alert, 'alert_owner_id') is None: - updates['alert_owner_id'] = current_user.id + updates['alert_owner_id'] = iris_current_user.id if data.get('alert_owner_id') == "-1" or data.get('alert_owner_id') == -1: updates['alert_owner_id'] = None @@ -472,7 +470,7 @@ def alerts_batch_delete_route() -> Response: if not alert: return response_error(f'Alert with ID {alert_id} not found') - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to delete alerts for the client', status=403) success, logs = delete_alerts(alert_ids) @@ -508,7 +506,7 @@ def alerts_delete_route(alert_id) -> Response: try: # Check if the user has access to the client - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to delete alerts for the client', status=403) # Delete the case association @@ -566,7 +564,7 @@ def alerts_escalate_route(alert_id) -> Response: try: # Check if the user has access to the client - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to escalate alerts for the client', status=403) # Escalate the alert to a case @@ -639,14 +637,13 @@ def alerts_merge_route(alert_id) -> Response: note: str = data.get('note') import_as_event: bool = data.get('import_as_event') case_tags = data.get('case_tags') - try: # Check if the user has access to the client - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to merge alerts for the client', status=403) # Check if the user has access to the case - if not check_ua_case_client(current_user.id, target_case_id): + if not check_ua_case_client(iris_current_user.id, target_case_id): return response_error('User not entitled to merge alerts for the case', status=403) # Merge the alert into a case @@ -702,11 +699,11 @@ def alerts_unmerge_route(alert_id) -> Response: try: # Check if the user has access to the client - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to unmerge alerts for the client', status=403) # Check if the user has access to the case - if not check_ua_case_client(current_user.id, target_case_id): + if not check_ua_case_client(iris_current_user.id, target_case_id): return response_error('User not entitled to unmerge alerts for the case', status=403) # Unmerge alert from the case @@ -762,9 +759,8 @@ def alerts_batch_merge_route() -> Response: note: str = data.get('note') import_as_event: bool = data.get('import_as_event') case_tags = data.get('case_tags') - # Check if the user has access to the case - if not check_ua_case_client(current_user.id, target_case_id): + if not check_ua_case_client(iris_current_user.id, target_case_id): return response_error('User not entitled to merge alerts for the case', status=403) try: @@ -776,7 +772,7 @@ def alerts_batch_merge_route() -> Response: continue # Check if the user has access to the client - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to merge alerts for the client', status=403) alert.alert_status_id = AlertStatus.query.filter_by(status_name='Merged').first().status_id @@ -835,7 +831,6 @@ def alerts_batch_escalate_route() -> Response: case_title = data.get('case_title') alerts_list = [] case_template_id: int = data.get('case_template_id', None) - try: # Merge the alerts into a case for alert_id in parse_comma_separated_identifiers(alert_ids): @@ -845,7 +840,7 @@ def alerts_batch_escalate_route() -> Response: continue # Check if the user has access to the client - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to escalate alerts for the client', status=403) alert.alert_status_id = AlertStatus.query.filter_by(status_name='Merged').first().status_id @@ -900,7 +895,7 @@ def alert_comments_get(alert_id): if not alert: return response_error('Invalid alert ID') - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to read alerts for the client', status=403) alert_comments = get_alert_comments(alert_id) @@ -929,7 +924,7 @@ def alert_comment_delete(alert_id, com_id): if not alert: return response_error('Invalid alert ID') - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to read alerts for the client', status=403) success, msg = delete_alert_comment(comment_id=com_id, alert_id=alert_id) @@ -962,7 +957,7 @@ def alert_comment_get(alert_id, com_id): if not alert: return response_error('Invalid alert ID') - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to read alerts for the client', status=403) comment = get_alert_comment(alert_id, com_id) @@ -990,7 +985,7 @@ def alert_comment_edit(alert_id, com_id): if not alert: return response_error('Invalid alert ID') - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to read alerts for the client', status=403) return case_comment_update(com_id, 'events', None) @@ -1014,15 +1009,15 @@ def case_comment_add(alert_id): alert = get_alert_by_id(alert_id=alert_id) if not alert: return response_error('Invalid alert ID') - - if not user_has_client_access(current_user.id, alert.alert_customer_id): + # Check if the user has access to the client + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): return response_error('User not entitled to read alerts for the client', status=403) comment_schema = CommentSchema() comment = comment_schema.load(request.get_json()) comment.comment_alert_id = alert_id - comment.comment_user_id = current_user.id + comment.comment_user_id = iris_current_user.id comment.comment_date = datetime.now() comment.comment_update_date = datetime.now() db.session.add(comment) diff --git a/source/app/blueprints/rest/case/case_assets_routes.py b/source/app/blueprints/rest/case/case_assets_routes.py index 766da2f60..82b0c3ed8 100644 --- a/source/app/blueprints/rest/case/case_assets_routes.py +++ b/source/app/blueprints/rest/case/case_assets_routes.py @@ -21,7 +21,6 @@ import marshmallow from flask import Blueprint from flask import request -from flask_login import current_user from app import db from app.blueprints.rest.case_comments import case_comment_update @@ -31,6 +30,7 @@ from app.business.assets import assets_get_detailed from app.business.assets import assets_get from app.business.assets import assets_update +from app.business.auth import iris_current_user from app.business.errors import BusinessProcessingError from app.datamgmt.case.case_assets_db import get_raw_assets from app.datamgmt.case.case_assets_db import add_comment_to_asset @@ -86,7 +86,7 @@ def case_filter_assets(caseid): else: cache_ioc_link[ioc.asset_id].append(ioc._asdict()) - cases_access = get_user_cases_fast(current_user.id) + cases_access = get_user_cases_fast(iris_current_user.id) for a in assets: a['ioc_links'] = cache_ioc_link.get(a['asset_id']) @@ -129,7 +129,7 @@ def case_list_assets(caseid): else: cache_ioc_link[ioc.asset_id].append(ioc._asdict()) - cases_access = get_user_cases_fast(current_user.id) + cases_access = get_user_cases_fast(iris_current_user.id) for asset in assets: asset = asset._asdict() @@ -199,6 +199,7 @@ def case_upload_ioc(caseid): analysis_status = AnalysisStatus.query.filter(AnalysisStatus.name == 'Unspecified').first() analysis_status_id = analysis_status.id + index = 0 for row in csv_data: missing_field = False @@ -246,7 +247,7 @@ def case_upload_ioc(caseid): asset_sc.custom_attributes = get_default_custom_attributes('asset') asset = create_asset(asset=asset_sc, caseid=caseid, - user_id=current_user.id + user_id=iris_current_user.id ) asset = call_modules_hook('on_postload_asset_create', data=asset, caseid=caseid) @@ -341,11 +342,12 @@ def case_comment_asset_add(cur_id, caseid): if not asset: return response_error('Invalid asset ID') + comment_schema = CommentSchema() comment = comment_schema.load(request.get_json()) comment.comment_case_id = caseid - comment.comment_user_id = current_user.id + comment.comment_user_id = iris_current_user.id comment.comment_date = datetime.now() comment.comment_update_date = datetime.now() db.session.add(comment) diff --git a/source/app/blueprints/rest/case/case_evidences_routes.py b/source/app/blueprints/rest/case/case_evidences_routes.py index a19863b4a..844550e65 100644 --- a/source/app/blueprints/rest/case/case_evidences_routes.py +++ b/source/app/blueprints/rest/case/case_evidences_routes.py @@ -21,11 +21,11 @@ import marshmallow from flask import Blueprint from flask import request -from flask_login import current_user from app import db from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated +from app.business.auth import iris_current_user from app.datamgmt.case.case_rfiles_db import add_comment_to_evidence from app.datamgmt.case.case_rfiles_db import delete_evidence_comment from app.datamgmt.case.case_rfiles_db import get_case_evidence_comment @@ -163,7 +163,7 @@ def case_comment_evidence_add(cur_id, caseid): comment = comment_schema.load(request.get_json()) comment.comment_case_id = caseid - comment.comment_user_id = current_user.id + comment.comment_user_id = iris_current_user.id comment.comment_date = datetime.now() comment.comment_update_date = datetime.now() db.session.add(comment) diff --git a/source/app/blueprints/rest/case/case_ioc_routes.py b/source/app/blueprints/rest/case/case_ioc_routes.py index bd6c96724..041762953 100644 --- a/source/app/blueprints/rest/case/case_ioc_routes.py +++ b/source/app/blueprints/rest/case/case_ioc_routes.py @@ -23,11 +23,11 @@ import marshmallow from flask import Blueprint from flask import request -from flask_login import current_user from app import db from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated +from app.business.auth import iris_current_user from app.business.iocs import iocs_create from app.business.iocs import iocs_update from app.business.iocs import iocs_delete @@ -181,7 +181,7 @@ def case_upload_ioc(caseid): log.error(f'Unable to create IOC {ioc.ioc_value} for internal reasons') continue - add_ioc(ioc, current_user.id, caseid) + add_ioc(ioc, iris_current_user.id, caseid) ioc = call_modules_hook('on_postload_ioc_create', data=ioc, caseid=caseid) ret.append(request_data) track_activity(f'added ioc "{ioc.ioc_value}"', caseid=caseid) @@ -268,7 +268,7 @@ def case_comment_ioc_add(cur_id, caseid): comment = comment_schema.load(request.get_json()) comment.comment_case_id = ioc.case_id - comment.comment_user_id = current_user.id + comment.comment_user_id = iris_current_user.id comment.comment_date = datetime.now() comment.comment_update_date = datetime.now() db.session.add(comment) diff --git a/source/app/blueprints/rest/case/case_notes_routes.py b/source/app/blueprints/rest/case/case_notes_routes.py index 9bc77112c..dae160a8c 100644 --- a/source/app/blueprints/rest/case/case_notes_routes.py +++ b/source/app/blueprints/rest/case/case_notes_routes.py @@ -20,7 +20,6 @@ from datetime import datetime from flask import Blueprint from flask import request -from flask_login import current_user from sqlalchemy import or_ from sqlalchemy import and_ @@ -28,6 +27,7 @@ from app import app from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated +from app.business.auth import iris_current_user from app.business.errors import BusinessProcessingError from app.business.notes import notes_create from app.business.notes import notes_list_revisions @@ -398,7 +398,7 @@ def case_comment_note_add(cur_id, caseid): comment = comment_schema.load(request.get_json()) comment.comment_case_id = caseid - comment.comment_user_id = current_user.id + comment.comment_user_id = iris_current_user.id comment.comment_date = datetime.now() comment.comment_update_date = datetime.now() db.session.add(comment) diff --git a/source/app/blueprints/rest/case/case_routes.py b/source/app/blueprints/rest/case/case_routes.py index a5dc82658..f6bf7d6e8 100644 --- a/source/app/blueprints/rest/case/case_routes.py +++ b/source/app/blueprints/rest/case/case_routes.py @@ -22,7 +22,6 @@ import traceback from flask import Blueprint from flask import request -from flask_login import current_user from sqlalchemy import and_ from sqlalchemy import desc @@ -30,6 +29,7 @@ from app import db from app import socket_io from app.blueprints.rest.endpoints import endpoint_deprecated +from app.business.auth import iris_current_user from app.business.cases import cases_exists from app.datamgmt.case.case_db import get_review_id_from_name from app.datamgmt.case.case_db import case_get_desc_crc @@ -92,7 +92,7 @@ def desc_fetch(caseid): # API call so we propagate the message to everyone data = { 'case_description': case.description, - 'last_saved': current_user.user + 'last_saved': iris_current_user.user } socket_io.emit('save', data, to=f'case-{caseid}') @@ -227,7 +227,7 @@ def user_cac_set_case(caseid): if not data: return response_error('Invalid request') - if data.get('user_id') == current_user.id: + if data.get('user_id') == iris_current_user.id: return response_error('I can\'t let you do that, Dave') user = get_user(data.get('user_id')) diff --git a/source/app/blueprints/rest/case/case_tasks_routes.py b/source/app/blueprints/rest/case/case_tasks_routes.py index 74066787e..dc24613a4 100644 --- a/source/app/blueprints/rest/case/case_tasks_routes.py +++ b/source/app/blueprints/rest/case/case_tasks_routes.py @@ -21,11 +21,11 @@ import marshmallow from flask import Blueprint from flask import request -from flask_login import current_user from app import db from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated +from app.business.auth import iris_current_user from app.business.errors import BusinessProcessingError from app.business.tasks import tasks_delete from app.business.tasks import tasks_create @@ -189,7 +189,7 @@ def case_comment_task_add(cur_id: int, caseid: int): comment = comment_schema.load(request.get_json()) comment.comment_case_id = caseid - comment.comment_user_id = current_user.id + comment.comment_user_id = iris_current_user.id comment.comment_date = datetime.now() comment.comment_update_date = datetime.now() db.session.add(comment) diff --git a/source/app/blueprints/rest/case/case_timeline_routes.py b/source/app/blueprints/rest/case/case_timeline_routes.py index a09862d28..7cfa91aa1 100644 --- a/source/app/blueprints/rest/case/case_timeline_routes.py +++ b/source/app/blueprints/rest/case/case_timeline_routes.py @@ -24,13 +24,13 @@ from marshmallow.exceptions import ValidationError from flask import Blueprint from flask import request -from flask_login import current_user from sqlalchemy import and_ from app import db from app import app from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated +from app.business.auth import iris_current_user from app.datamgmt.case.case_assets_db import get_asset_by_name from app.datamgmt.case.case_events_db import add_comment_to_event from app.datamgmt.case.case_events_db import get_category_by_name @@ -136,7 +136,7 @@ def case_comment_add(cur_id, caseid): comment = comment_schema.load(request.get_json()) comment.comment_case_id = caseid - comment.comment_user_id = current_user.id + comment.comment_user_id = iris_current_user.id comment.comment_date = datetime.now() comment.comment_update_date = datetime.now() db.session.add(comment) @@ -773,7 +773,7 @@ def case_duplicate_event(cur_id, caseid): # Override event_added and user_id event.event_added = datetime.utcnow() - event.user_id = current_user.id + event.user_id = iris_current_user.id if event.event_title.startswith("[DUPLICATED] - ") is False: event.event_title = f"[DUPLICATED] - {event.event_title}" @@ -947,7 +947,6 @@ def case_events_upload_csv(caseid): except Exception as e: return response_error(msg="Data error", data={"Exception": f"Unhandled error {e}.\nrow number: {line}"}) - # ========================== begin saving data ============================ session = db.session.begin_nested() line = 0 try: @@ -962,7 +961,7 @@ def case_events_upload_csv(caseid): request_data.get(u'event_tz')) event.case_id = caseid event.event_added = datetime.utcnow() - event.user_id = current_user.id + event.user_id = iris_current_user.id add_obj_history_entry(event, 'created') diff --git a/source/app/blueprints/rest/context_routes.py b/source/app/blueprints/rest/context_routes.py index b85b84257..f25d0e705 100644 --- a/source/app/blueprints/rest/context_routes.py +++ b/source/app/blueprints/rest/context_routes.py @@ -19,11 +19,11 @@ from flask import Blueprint from flask import redirect from flask import request -from flask_login import current_user from app import app from app import cache from app import db +from app.business.auth import iris_current_user from app.datamgmt.context.context_db import ctx_search_user_cases from app.models.authorization import Permissions from app.models.cases import Cases @@ -40,7 +40,7 @@ def cases_context_search(): search = request.args.get('q') # Get all investigations not closed - datao = ctx_search_user_cases(search, current_user.id, max_results=100) + datao = ctx_search_user_cases(search, iris_current_user.id, max_results=100) return response_success(data=datao) @@ -52,14 +52,14 @@ def set_ctx(): Set the context elements of a user i.e the current case :return: Page """ - if not current_user.is_authenticated: + if not iris_current_user.is_authenticated: return redirect(not_authenticated_redirection_url(request.full_path)) ctx = request.form.get('ctx') ctx_h = request.form.get('ctx_h') - current_user.ctx_case = ctx - current_user.ctx_human_case = ctx_h + iris_current_user.ctx_case = ctx + iris_current_user.ctx_human_case = ctx_h db.session.commit() @@ -102,21 +102,21 @@ def _update_user_case_ctx(): data = [row for row in res] - if current_user and current_user.ctx_case: + if iris_current_user and iris_current_user.ctx_case: # If the current user have a current case, # Look for it in the fresh list. If not # exists then remove from the user context is_found = False for row in data: - if row[2] == current_user.ctx_case: + if row[2] == iris_current_user.ctx_case: is_found = True break if not is_found: # The case does not exist, # Removes it from the context - current_user.ctx_case = None - current_user.ctx_human_case = "Not set" + iris_current_user.ctx_case = None + iris_current_user.ctx_human_case = "Not set" db.session.commit() app.jinja_env.globals.update({ diff --git a/source/app/blueprints/rest/dashboard_routes.py b/source/app/blueprints/rest/dashboard_routes.py index 78f78cbed..7b7f8b880 100644 --- a/source/app/blueprints/rest/dashboard_routes.py +++ b/source/app/blueprints/rest/dashboard_routes.py @@ -25,7 +25,6 @@ from flask import session from flask import request from flask import redirect -from flask_login import current_user from flask_login import logout_user from app import db @@ -33,6 +32,7 @@ from app import oidc_client from app.blueprints.rest.endpoints import endpoint_deprecated +from app.business.auth import iris_current_user from app.datamgmt.dashboard.dashboard_db import get_global_task, list_user_cases, list_user_reviews from app.datamgmt.dashboard.dashboard_db import get_tasks_status from app.datamgmt.dashboard.dashboard_db import list_global_tasks @@ -73,10 +73,9 @@ def logout(): Logout function. Erase its session and redirect to index i.e login :return: Page """ - if session['current_case']: - current_user.ctx_case = session['current_case']['case_id'] - current_user.ctx_human_case = session['current_case']['case_name'] + iris_current_user.ctx_case = session['current_case']['case_id'] + iris_current_user.ctx_human_case = session['current_case']['case_name'] db.session.commit() if is_authentication_oidc(): @@ -86,18 +85,18 @@ def logout(): state=session["oidc_state"]) logout_url = logout_request.request( oidc_client.provider_info["end_session_endpoint"]) - track_activity(f"user '{current_user.user}' is been logged-out", ctx_less=True, display_in_ui=False) + track_activity(f"user '{iris_current_user.user}' is been logged-out", ctx_less=True, display_in_ui=False) logout_user() session.clear() return redirect(logout_url) except GrantError: track_activity( - f"no oidc session found for user '{current_user.user}', skipping oidc provider logout and continuing to logout local user", + f"no oidc session found for user '{iris_current_user.user}', skipping oidc provider logout and continuing to logout local user", ctx_less=True, display_in_ui=False ) - track_activity(f"user '{current_user.user}' is been logged-out", + track_activity(f"user '{iris_current_user.user}' is been logged-out", ctx_less=True, display_in_ui=False) logout_user() session.clear() @@ -214,7 +213,7 @@ def add_gtask(caseid): except marshmallow.exceptions.ValidationError as e: return response_error(msg="Data error", data=e.messages) - gtask.task_userid_update = current_user.id + gtask.task_userid_update = iris_current_user.id gtask.task_open_date = datetime.utcnow() gtask.task_last_update = datetime.utcnow() gtask.task_last_update = datetime.utcnow() @@ -255,7 +254,7 @@ def edit_gtask(cur_id, caseid): caseid=caseid) gtask = gtask_schema.load(request_data, instance=task) - gtask.task_userid_update = current_user.id + gtask.task_userid_update = iris_current_user.id gtask.task_last_update = datetime.utcnow() db.session.commit() diff --git a/source/app/blueprints/rest/datastore_routes.py b/source/app/blueprints/rest/datastore_routes.py index dfa95c3ff..7d9acfb23 100644 --- a/source/app/blueprints/rest/datastore_routes.py +++ b/source/app/blueprints/rest/datastore_routes.py @@ -25,10 +25,10 @@ from flask import current_app from flask import request from flask import send_file -from flask_login import current_user from pathlib import Path from app import db +from app.business.auth import iris_current_user from app.datamgmt.datastore.datastore_db import datastore_add_child_node from app.datamgmt.datastore.datastore_db import datastore_add_file_as_evidence from app.datamgmt.datastore.datastore_db import datastore_add_file_as_ioc @@ -239,7 +239,7 @@ def datastore_add_file(cur_id: int, caseid: int): dsf_sc = dsf_schema.load(request.form, partial=True) dsf_sc.file_parent_id = dsp.path_id - dsf_sc.added_by_user_id = current_user.id + dsf_sc.added_by_user_id = iris_current_user.id dsf_sc.file_date_added = datetime.datetime.now() dsf_sc.file_local_name = 'tmp_xc' dsf_sc.file_case_id = caseid diff --git a/source/app/blueprints/rest/filters_routes.py b/source/app/blueprints/rest/filters_routes.py index 87b483e5e..526fd1edc 100644 --- a/source/app/blueprints/rest/filters_routes.py +++ b/source/app/blueprints/rest/filters_routes.py @@ -17,10 +17,10 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. from flask import Blueprint, request -from flask_login import current_user from werkzeug import Response from app import db +from app.business.auth import iris_current_user from app.datamgmt.filters.filters_db import get_filter_by_id from app.datamgmt.filters.filters_db import list_filters_by_type from app.iris_engine.utils.tracker import track_activity @@ -49,7 +49,7 @@ def filters_add_route() -> Response: try: # Load the JSON data from the request data = request.get_json() - data['created_by'] = current_user.id + data['created_by'] = iris_current_user.id new_saved_filter = saved_filter_schema.load(data) diff --git a/source/app/blueprints/rest/manage/manage_case_templates_routes.py b/source/app/blueprints/rest/manage/manage_case_templates_routes.py index 0f4fa5835..fa655c9b4 100644 --- a/source/app/blueprints/rest/manage/manage_case_templates_routes.py +++ b/source/app/blueprints/rest/manage/manage_case_templates_routes.py @@ -19,10 +19,10 @@ import json from flask import Blueprint from flask import request -from flask_login import current_user from marshmallow import ValidationError from app import db +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_case_templates_db import get_case_templates_list from app.datamgmt.manage.manage_case_templates_db import get_case_template_by_id from app.datamgmt.manage.manage_case_templates_db import validate_case_template @@ -78,7 +78,7 @@ def add_case_template(caseid): return response_error("Found errors in case template", data=str(e)) try: - case_template_dict["created_by_user_id"] = current_user.id + case_template_dict["created_by_user_id"] = iris_current_user.id case_template_data = CaseTemplateSchema().load(case_template_dict) case_template = CaseTemplate(**case_template_data) db.session.add(case_template) diff --git a/source/app/blueprints/rest/manage/manage_cases_routes.py b/source/app/blueprints/rest/manage/manage_cases_routes.py index c2c40bbd5..c6128606b 100644 --- a/source/app/blueprints/rest/manage/manage_cases_routes.py +++ b/source/app/blueprints/rest/manage/manage_cases_routes.py @@ -22,13 +22,13 @@ from flask import Blueprint from flask import request -from flask_login import current_user from werkzeug import Response from werkzeug.utils import secure_filename from app import db from app.blueprints.rest.parsing import parse_comma_separated_identifiers from app.blueprints.rest.endpoints import endpoint_deprecated +from app.business.auth import iris_current_user from app.datamgmt.alerts.alerts_db import get_alert_status_by_name from app.datamgmt.case.case_db import get_case from app.datamgmt.iris_engine.modules_db import get_pipelines_args_from_name @@ -111,7 +111,7 @@ def manage_case_filter() -> Response: draw = 1 filtered_cases = get_filtered_cases( - current_user.id, + iris_current_user.id, pagination_parameters, case_ids=case_ids_str, case_customer_id=case_customer_id, @@ -254,7 +254,7 @@ def api_add_case(): @manage_cases_rest_blueprint.route('/manage/cases/list', methods=['GET']) @ac_api_requires(Permissions.standard_user) def api_list_case(): - data = list_cases_dict(current_user.id) + data = list_cases_dict(iris_current_user.id) return response_success("", data=data) diff --git a/source/app/blueprints/rest/manage/manage_customers_routes.py b/source/app/blueprints/rest/manage/manage_customers_routes.py index 84cd20ebb..9fa7817e0 100644 --- a/source/app/blueprints/rest/manage/manage_customers_routes.py +++ b/source/app/blueprints/rest/manage/manage_customers_routes.py @@ -20,11 +20,11 @@ import traceback from flask import Blueprint from flask import request -from flask_login import current_user from marshmallow import ValidationError from app import ac_current_user_has_permission from app.blueprints.access_controls import ac_api_requires +from app.business.auth import iris_current_user from app.datamgmt.client.client_db import create_client from app.datamgmt.client.client_db import create_contact from app.datamgmt.client.client_db import delete_client @@ -54,7 +54,7 @@ @ac_api_requires(Permissions.customers_read) def list_customers(): user_is_server_administrator = ac_current_user_has_permission(Permissions.server_administrator) - client_list = get_client_list(current_user_id=current_user.id, + client_list = get_client_list(current_user_id=iris_current_user.id, is_server_administrator=user_is_server_administrator) return response_success("", data=client_list) @@ -255,7 +255,7 @@ def add_customers(): track_activity(f"Added customer {client.name}", ctx_less=True) # Associate the created customer with the current user - add_user_to_customer(current_user.id, client.client_id) + add_user_to_customer(iris_current_user.id, client.client_id) # Return the customer client_schema = CustomerSchema() diff --git a/source/app/blueprints/rest/manage/manage_groups.py b/source/app/blueprints/rest/manage/manage_groups.py index 2b32e56b0..9de557bc3 100644 --- a/source/app/blueprints/rest/manage/manage_groups.py +++ b/source/app/blueprints/rest/manage/manage_groups.py @@ -21,10 +21,10 @@ import marshmallow from flask import Blueprint from flask import request -from flask_login import current_user from app import db from app import app +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_groups_db import add_all_cases_access_to_group from app.datamgmt.manage.manage_groups_db import add_case_access_to_group from app.datamgmt.manage.manage_groups_db import delete_group @@ -117,7 +117,7 @@ def manage_groups_update(cur_id): data['group_id'] = cur_id ags_c = ags.load(data, instance=group, partial=True) - if not ac_flag_match_mask(data['group_permissions'], Permissions.server_administrator.value) and ac_ldp_group_update(current_user.id): + if not ac_flag_match_mask(data['group_permissions'], Permissions.server_administrator.value) and ac_ldp_group_update(iris_current_user.id): db.session.rollback() return response_error(msg="That might not be a good idea Dave", data="Update the group permissions will lock you out") @@ -140,7 +140,7 @@ def manage_groups_delete(cur_id): if protect_demo_mode_group(group): return ac_api_return_access_denied() - if ac_ldp_group_removal(current_user.id, group_id=group.group_id): + if ac_ldp_group_removal(iris_current_user.id, group_id=group.group_id): return response_error("I can't let you do that Dave", data="Removing this group will lock you out") delete_group(group) diff --git a/source/app/blueprints/rest/overview_routes.py b/source/app/blueprints/rest/overview_routes.py index 892c5abeb..41404934a 100644 --- a/source/app/blueprints/rest/overview_routes.py +++ b/source/app/blueprints/rest/overview_routes.py @@ -18,8 +18,8 @@ from flask import Blueprint from flask import request -from flask_login import current_user +from app.business.auth import iris_current_user from app.datamgmt.overview.overview_db import get_overview_db from app.blueprints.access_controls import ac_api_requires from app.blueprints.responses import response_success diff --git a/source/app/blueprints/rest/profile_routes.py b/source/app/blueprints/rest/profile_routes.py index dd02da15b..19b7dd8f0 100644 --- a/source/app/blueprints/rest/profile_routes.py +++ b/source/app/blueprints/rest/profile_routes.py @@ -21,9 +21,9 @@ from flask import Blueprint from flask import request from flask import session -from flask_login import current_user from app import db +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_users_db import get_user from app.datamgmt.manage.manage_users_db import get_user_primary_org from app.datamgmt.manage.manage_users_db import update_user @@ -46,7 +46,7 @@ @ac_api_requires() def user_renew_api(): - user = get_user(current_user.id) + user = get_user(iris_current_user.id) user.api_key = secrets.token_urlsafe(nbytes=64) db.session.commit() @@ -80,16 +80,17 @@ def user_has_permission(): @profile_rest_blueprint.route('/user/update', methods=['POST']) @ac_api_requires() def update_user_view(): + try: - user = get_user(current_user.id) + user = get_user(iris_current_user.id) if not user: return response_error("Invalid user ID for this case") # validate before saving user_schema = UserSchema() jsdata = request.get_json() - jsdata['user_id'] = current_user.id - puo = get_user_primary_org(current_user.id) + jsdata['user_id'] = iris_current_user.id + puo = get_user_primary_org(iris_current_user.id) jsdata['user_primary_organisation_id'] = puo.org_id @@ -111,10 +112,11 @@ def update_user_view(): @profile_rest_blueprint.route('/user/theme/set/', methods=['GET']) @ac_api_requires() def profile_set_theme(theme): + if theme not in ['dark', 'light']: return response_error('Invalid data') - user = get_user(current_user.id) + user = get_user(iris_current_user.id) if not user: return response_error("Invalid user ID") @@ -127,10 +129,11 @@ def profile_set_theme(theme): @profile_rest_blueprint.route('/user/deletion-prompt/set/', methods=['GET']) @ac_api_requires() def profile_set_deletion_prompt(val): + if val not in ['true', 'false']: return response_error('Invalid data') - user = get_user(current_user.id) + user = get_user(iris_current_user.id) if not user: return response_error("Invalid user ID") @@ -143,10 +146,11 @@ def profile_set_deletion_prompt(val): @profile_rest_blueprint.route('/user/mini-sidebar/set/', methods=['GET']) @ac_api_requires() def profile_set_minisidebar(val): + if val not in ['true', 'false']: return response_error('Invalid data') - user = get_user(current_user.id) + user = get_user(iris_current_user.id) if not user: return response_error("Invalid user ID") @@ -160,11 +164,11 @@ def profile_set_minisidebar(val): @ac_api_requires() def profile_refresh_permissions_and_ac(): - user = get_user(current_user.id) + user = get_user(iris_current_user.id) if not user: return response_error("Invalid user ID") - ac_recompute_effective_ac(current_user.id) + ac_recompute_effective_ac(iris_current_user.id) session['permissions'] = ac_get_effective_permissions_of_user(user) return response_success('Access control and permissions refreshed') @@ -174,7 +178,8 @@ def profile_refresh_permissions_and_ac(): @ac_api_requires() def profile_whoami(): """Returns the current user's profile""" - user = get_user(current_user.id) + + user = get_user(iris_current_user.id) if not user: return response_error("Invalid user ID") diff --git a/source/app/business/auth.py b/source/app/business/auth.py index d9cb8fb39..d08fcbc6d 100644 --- a/source/app/business/auth.py +++ b/source/app/business/auth.py @@ -41,7 +41,6 @@ import jwt from flask import jsonify - class TokenUser: """A class that mimics the Flask-Login current_user interface for token auth""" def __init__(self, user_data): @@ -262,4 +261,7 @@ def validate_auth_token(token): except jwt.ExpiredSignatureError: return None except jwt.InvalidTokenError: - return None \ No newline at end of file + return None + + +iris_current_user = get_current_user() \ No newline at end of file diff --git a/source/app/iris_engine/utils/tracker.py b/source/app/iris_engine/utils/tracker.py index d688ba900..f02b77c56 100644 --- a/source/app/iris_engine/utils/tracker.py +++ b/source/app/iris_engine/utils/tracker.py @@ -22,6 +22,7 @@ import app from app import db from app.blueprints.access_controls import get_current_user +from app.business.auth import iris_current_user from app.models.models import UserActivity log = app.app.logger @@ -34,11 +35,10 @@ def track_activity(message, caseid=None, ctx_less=False, user_input=False, displ :return: Nothing """ ua = UserActivity() - current_user = get_current_user() try: - ua.user_id = current_user.id + ua.user_id = iris_current_user.id except: pass @@ -51,8 +51,8 @@ def track_activity(message, caseid=None, ctx_less=False, user_input=False, displ ua.activity_date = datetime.utcnow() ua.activity_desc = message.capitalize() - if current_user.is_authenticated: - log.info(f"{current_user.user} [#{current_user.id}] :: Case {caseid} :: {ua.activity_desc}") + if iris_current_user.is_authenticated: + log.info(f"{iris_current_user.user} [#{iris_current_user.id}] :: Case {caseid} :: {ua.activity_desc}") else: log.info(f"Anonymous :: Case {caseid} :: {ua.activity_desc}") diff --git a/source/app/util.py b/source/app/util.py index 00c0e52b8..947620717 100644 --- a/source/app/util.py +++ b/source/app/util.py @@ -30,7 +30,7 @@ from flask import current_app from app import db -from app.business.auth import get_current_user +from app.business.auth import iris_current_user class FileRemover(object): @@ -48,14 +48,13 @@ def _do_cleanup(self, wr): def add_obj_history_entry(obj, action, commit=False): if hasattr(obj, 'modification_history'): - current_user = get_current_user() if isinstance(obj.modification_history, dict): obj.modification_history.update({ datetime.datetime.now().timestamp(): { - 'user': current_user.user, - 'user_id': current_user.id, + 'user': iris_current_user.user, + 'user_id': iris_current_user.id, 'action': action } }) @@ -64,8 +63,8 @@ def add_obj_history_entry(obj, action, commit=False): obj.modification_history = { datetime.datetime.now().timestamp(): { - 'user': current_user.user, - 'user_id': current_user.id, + 'user': iris_current_user.user, + 'user_id': iris_current_user.id, 'action': action } } From e071897d630b1599ccdfe2006b9d64f761590bbd Mon Sep 17 00:00:00 2001 From: whikernel Date: Tue, 22 Apr 2025 10:27:23 +0200 Subject: [PATCH 03/10] [FIX] Migrated all current users --- source/app/blueprints/access_controls.py | 31 +++++--------- .../app/blueprints/graphql/graphql_route.py | 4 +- source/app/blueprints/graphql/permissions.py | 4 +- .../blueprints/pages/login/login_routes.py | 1 - .../rest/case/case_graphs_routes.py | 4 +- .../rest/manage/manage_templates_routes.py | 4 +- .../blueprints/rest/manage/manage_users.py | 4 +- source/app/blueprints/rest/v2/alerts.py | 4 +- source/app/blueprints/rest/v2/auth.py | 25 +++++------ source/app/blueprints/rest/v2/cases.py | 4 +- .../rest/v2/context/api_v2_context_routes.py | 16 ++++---- .../case_event_handlers.py | 8 ++-- .../case_notes_event_handlers.py | 22 +++++----- .../update_event_handlers.py | 4 +- source/app/business/alerts.py | 4 +- source/app/business/assets.py | 4 +- source/app/business/case_comments.py | 7 ++-- source/app/business/cases.py | 6 +-- source/app/business/events.py | 5 +-- source/app/business/evidences.py | 6 +-- source/app/business/iocs.py | 6 +-- source/app/business/notes.py | 8 ++-- source/app/business/tasks.py | 6 +-- source/app/datamgmt/alerts/alerts_db.py | 41 +++++++++---------- source/app/datamgmt/case/case_assets_db.py | 4 +- source/app/datamgmt/case/case_events_db.py | 4 +- source/app/datamgmt/case/case_iocs_db.py | 6 +-- source/app/datamgmt/case/case_notes_db.py | 4 +- source/app/datamgmt/case/case_rfiles_db.py | 4 +- source/app/datamgmt/case/case_tasks_db.py | 4 +- source/app/datamgmt/dashboard/dashboard_db.py | 10 ++--- source/app/datamgmt/datastore/datastore_db.py | 6 +-- source/app/datamgmt/filters/filters_db.py | 6 +-- source/app/datamgmt/iris_engine/modules_db.py | 4 +- .../app/datamgmt/manage/manage_assets_db.py | 4 +- .../app/datamgmt/manage/manage_groups_db.py | 4 +- source/app/datamgmt/manage/manage_users_db.py | 5 ++- source/app/datamgmt/states.py | 4 +- .../app/iris_engine/access_control/utils.py | 20 ++++----- source/app/iris_engine/demo_builder.py | 7 ++-- .../module_handler/module_handler.py | 3 +- source/app/iris_engine/reporter/reporter.py | 9 ++-- source/app/iris_engine/tasker/tasks.py | 8 ++-- source/app/models/cases.py | 6 +-- source/app/schema/marshables.py | 4 +- 45 files changed, 170 insertions(+), 184 deletions(-) diff --git a/source/app/blueprints/access_controls.py b/source/app/blueprints/access_controls.py index 2bdbb518d..e1635d3f3 100644 --- a/source/app/blueprints/access_controls.py +++ b/source/app/blueprints/access_controls.py @@ -43,7 +43,7 @@ from app import app from app import db from app.blueprints.responses import response_error -from app.business.auth import validate_auth_token, get_current_user +from app.business.auth import validate_auth_token, iris_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.manage.manage_access_control_db import user_has_client_access from app.datamgmt.manage.manage_users_db import get_user @@ -208,8 +208,7 @@ def _get_case_access(request_data, access_level, no_cid_required=False): if ctmp is not None: return redir, ctmp, has_access - current_user_wrap = get_current_user() - eaccess_level = ac_fast_check_user_has_case_access(current_user_wrap.id, caseid, access_level) + eaccess_level = ac_fast_check_user_has_case_access(iris_current_user.id, caseid, access_level) if eaccess_level is None and access_level: _update_denied_case(caseid) return redir, caseid, False @@ -245,9 +244,8 @@ def _is_csrf_token_valid(): def _ac_return_access_denied(caseid: int = None): error_uuid = uuid.uuid4() - current_user_wrap = get_current_user() - log.warning(f"Access denied to case #{caseid} for user ID {current_user_wrap.id}. Error {error_uuid}") - return render_template('pages/error-403.html', user=current_user_wrap, caseid=caseid, error_uuid=error_uuid, + log.warning(f"Access denied to case #{caseid} for user ID {iris_current_user.id}. Error {error_uuid}") + return render_template('pages/error-403.html', user=iris_current_user, caseid=caseid, error_uuid=error_uuid, template_folder=TEMPLATE_PATH), 403 @@ -279,13 +277,11 @@ def get_case_access_from_api(request_data, access_level): redir, caseid, has_access = _get_caseid_from_request_data(request_data, False) redir = False - current_user_wrap = get_current_user() - - if not hasattr(current_user_wrap, 'id'): + if not hasattr(iris_current_user, 'id'): # Anonymous request, deny access return False, 1, False - eaccess_level = ac_fast_check_user_has_case_access(current_user_wrap.id, caseid, access_level) + eaccess_level = ac_fast_check_user_has_case_access(iris_current_user.id, caseid, access_level) if eaccess_level is None and access_level: return redir, caseid, False @@ -389,9 +385,8 @@ def ac_requires_client_access(): def inner_wrap(f): @wraps(f) def wrap(*args, **kwargs): - current_user_wrap = get_current_user() client_id = kwargs.get('client_id') - if not user_has_client_access(current_user_wrap.id, client_id): + if not user_has_client_access(iris_current_user.id, client_id): return _ac_return_access_denied() return f(*args, **kwargs) @@ -413,8 +408,7 @@ def wrap(*args, **kwargs): else: return _ac_return_access_denied(caseid=0) - current_user_wrap = get_current_user() - access = ac_fast_check_user_has_case_access(current_user_wrap.id, case_id, access_level) + access = ac_fast_check_user_has_case_access(iris_current_user.id, case_id, access_level) if not access: return _ac_return_access_denied(caseid=case_id) @@ -425,8 +419,7 @@ def wrap(*args, **kwargs): def ac_api_return_access_denied(caseid: int = None): - current_user_wrap = get_current_user() - user_id = current_user_wrap.id if hasattr(current_user_wrap, 'id') else 'Anonymous' + user_id = iris_current_user.id if hasattr(iris_current_user, 'id') else 'Anonymous' error_uuid = uuid.uuid4() log.warning(f"EID {error_uuid} - Access denied with case #{caseid} for user ID {user_id} " f"accessing URI {request.full_path}") @@ -443,8 +436,7 @@ def inner_wrap(f): @wraps(f) def wrap(*args, **kwargs): client_id = kwargs.get('client_id') - current_user_wrap = get_current_user() - if not user_has_client_access(current_user_wrap.id, client_id): + if not user_has_client_access(iris_current_user.id, client_id): return response_error("Permission denied", status=403) return f(*args, **kwargs) @@ -549,8 +541,7 @@ def _oidc_proxy_authentication_process(incoming_request: Request): def _local_authentication_process(incoming_request: Request): - current_user_wrap = get_current_user() - return current_user_wrap.is_authenticated + return iris_current_user.is_authenticated def _token_authentication_process(incoming_request: Request): diff --git a/source/app/blueprints/graphql/graphql_route.py b/source/app/blueprints/graphql/graphql_route.py index 4fb1d3caa..37821b926 100644 --- a/source/app/blueprints/graphql/graphql_route.py +++ b/source/app/blueprints/graphql/graphql_route.py @@ -21,7 +21,6 @@ from flask import request from flask_wtf import FlaskForm from flask import Blueprint -from flask_login import current_user from graphql_server.flask import GraphQLView from graphene import ObjectType @@ -51,6 +50,7 @@ from app.business.cases import cases_get_by_identifier from app.business.iocs import iocs_get +from app.business.auth import iris_current_user from app.blueprints.graphql.permissions import permissions_check_current_user_has_some_case_access import warnings @@ -70,7 +70,7 @@ class Query(ObjectType): @staticmethod def resolve_cases(root, info, classification_id=None, client_id=None, state_id=None, owner_id=None, open_date=None, name=None, soc_id=None, severity_id=None, tags=None, open_since=None, **kwargs): - return build_filter_case_query(current_user.id, start_open_date=open_date, end_open_date=None, case_customer_id=client_id, case_ids=None, + return build_filter_case_query(iris_current_user.id, start_open_date=open_date, end_open_date=None, case_customer_id=client_id, case_ids=None, case_name=name, case_description=None, case_classification_id=classification_id, case_owner_id=owner_id, case_opening_user_id=None, case_severity_id=severity_id, case_state_id=state_id, case_soc_id=soc_id, case_tags=tags, case_open_since=open_since) diff --git a/source/app/blueprints/graphql/permissions.py b/source/app/blueprints/graphql/permissions.py index 0c2151743..77a87207c 100644 --- a/source/app/blueprints/graphql/permissions.py +++ b/source/app/blueprints/graphql/permissions.py @@ -20,10 +20,10 @@ from uuid import uuid4 from flask import session -from flask_login import current_user from flask import request from app.blueprints.access_controls import get_case_access_from_api +from app.business.auth import iris_current_user from app.iris_engine.access_control.utils import ac_get_effective_permissions_of_user from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access @@ -66,7 +66,7 @@ def permissions_check_current_user_has_some_case_access_stricter(access_levels): # this method is used to replace annotation ac_api_requires def permissions_check_current_user_has_some_permission(permissions): if 'permissions' not in session: - session['permissions'] = ac_get_effective_permissions_of_user(current_user) + session['permissions'] = ac_get_effective_permissions_of_user(iris_current_user) for permission in permissions: if session['permissions'] & permission.value: diff --git a/source/app/blueprints/pages/login/login_routes.py b/source/app/blueprints/pages/login/login_routes.py index e8302c73e..8196af827 100644 --- a/source/app/blueprints/pages/login/login_routes.py +++ b/source/app/blueprints/pages/login/login_routes.py @@ -29,7 +29,6 @@ from flask import request from flask import session from flask import url_for -from flask_login import current_user from oic import rndstr from oic.oic.message import AuthorizationResponse diff --git a/source/app/blueprints/rest/case/case_graphs_routes.py b/source/app/blueprints/rest/case/case_graphs_routes.py index b128b3746..27d14dd58 100644 --- a/source/app/blueprints/rest/case/case_graphs_routes.py +++ b/source/app/blueprints/rest/case/case_graphs_routes.py @@ -18,9 +18,9 @@ import itertools from datetime import datetime -from flask_login import current_user from flask import Blueprint +from app.business.auth import iris_current_user from app.datamgmt.case.case_events_db import get_case_events_assets_graph from app.datamgmt.case.case_events_db import get_case_events_ioc_graph from app.models.authorization import CaseAccessLevel @@ -87,7 +87,7 @@ def case_graph_get_data(caseid): 'value': 1 } - if current_user.in_dark_mode: + if iris_current_user.in_dark_mode: new_node['font'] = "12px verdana white" if not any(node['id'] == idx for node in nodes): diff --git a/source/app/blueprints/rest/manage/manage_templates_routes.py b/source/app/blueprints/rest/manage/manage_templates_routes.py index 2c0c791cd..e9b83819a 100644 --- a/source/app/blueprints/rest/manage/manage_templates_routes.py +++ b/source/app/blueprints/rest/manage/manage_templates_routes.py @@ -25,11 +25,11 @@ from flask import redirect from flask import request from flask import send_file -from flask_login import current_user from werkzeug.utils import secure_filename from app import app from app import db +from app.business.auth import iris_current_user from app.iris_engine.utils.tracker import track_activity from app.models.authorization import Permissions from app.models.authorization import User @@ -96,7 +96,7 @@ def add_template(): report_template.language_id = request.form.get('report_language', '', type=int) report_template.report_type_id = request.form.get('report_type', '', type=int) - report_template.created_by_user_id = current_user.id + report_template.created_by_user_id = iris_current_user.id report_template.date_created = datetime.utcnow() template_file = request.files['file'] diff --git a/source/app/blueprints/rest/manage/manage_users.py b/source/app/blueprints/rest/manage/manage_users.py index c1f002b2d..9d2f5918e 100644 --- a/source/app/blueprints/rest/manage/manage_users.py +++ b/source/app/blueprints/rest/manage/manage_users.py @@ -21,11 +21,11 @@ import traceback from flask import Blueprint from flask import request -from flask_login import current_user from app import app from app import db from app.blueprints.rest.parsing import parse_comma_separated_identifiers +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_users_db import add_case_access_to_user from app.datamgmt.manage.manage_users_db import update_user_customers from app.datamgmt.manage.manage_users_db import get_filtered_users @@ -316,7 +316,7 @@ def deactivate_user_api(cur_id): if protect_demo_mode_user(user): return ac_api_return_access_denied() - if current_user.id == cur_id: + if iris_current_user.id == cur_id: return response_error('We do not recommend deactivating yourself for obvious reasons') user.active = False diff --git a/source/app/blueprints/rest/v2/alerts.py b/source/app/blueprints/rest/v2/alerts.py index c97200863..1f646465f 100644 --- a/source/app/blueprints/rest/v2/alerts.py +++ b/source/app/blueprints/rest/v2/alerts.py @@ -19,13 +19,13 @@ from flask import Blueprint from flask import request from flask import Response -from flask_login import current_user from app.blueprints.access_controls import ac_api_requires from app.blueprints.rest.endpoints import response_api_success from app.blueprints.rest.endpoints import response_api_error from app.blueprints.rest.endpoints import response_api_created from app.blueprints.rest.parsing import parse_comma_separated_identifiers +from app.business.auth import iris_current_user from app.datamgmt.alerts.alerts_db import get_filtered_alerts from app.models.authorization import Permissions from app.schema.marshables import AlertSchema @@ -112,7 +112,7 @@ def alerts_list_route() -> Response: assets=alert_assets, iocs=alert_iocs, resolution_status=request.args.get('alert_resolution_id', type=int), - current_user_id=current_user.id + current_user_id=iris_current_user.id ) if filtered_alerts is None: diff --git a/source/app/blueprints/rest/v2/auth.py b/source/app/blueprints/rest/v2/auth.py index 70b61be8a..48e2450a1 100644 --- a/source/app/blueprints/rest/v2/auth.py +++ b/source/app/blueprints/rest/v2/auth.py @@ -19,7 +19,7 @@ from flask import Blueprint, session from flask import redirect, url_for from flask import request -from flask_login import current_user, logout_user +from flask_login import logout_user from oic.oauth2.exception import GrantError from app import app @@ -32,7 +32,8 @@ from app.blueprints.access_controls import not_authenticated_redirection_url from app.blueprints.rest.endpoints import response_api_error, response_api_not_found from app.blueprints.rest.endpoints import response_api_success -from app.business.auth import validate_ldap_login, validate_local_login, return_authed_user_info, generate_auth_tokens +from app.business.auth import validate_ldap_login, validate_local_login, return_authed_user_info, generate_auth_tokens, \ + iris_current_user from app.iris_engine.utils.tracker import track_activity from app.schema.marshables import UserSchema @@ -46,10 +47,10 @@ def login(): Login endpoint. Handles taking user/pass combo and authenticating a local session or returning an error. """ logger.info('Authenticating user') - if current_user.is_authenticated: + if iris_current_user.is_authenticated: logger.info('User already authenticated - redirecting') - logger.debug(f'User {current_user.user} already logged in') - user = return_authed_user_info(user_id=current_user.id) + logger.debug(f'User {iris_current_user.user} already logged in') + user = return_authed_user_info(user_id=iris_current_user.id) return response_api_success(data=user) if is_authentication_oidc() and app.config.get('AUTHENTICATION_LOCAL_FALLBACK') is False: @@ -82,8 +83,8 @@ def logout(): """ if session['current_case']: - current_user.ctx_case = session['current_case']['case_id'] - current_user.ctx_human_case = session['current_case']['case_name'] + iris_current_user.ctx_case = session['current_case']['case_id'] + iris_current_user.ctx_human_case = session['current_case']['case_name'] db.session.commit() if is_authentication_oidc(): @@ -93,19 +94,19 @@ def logout(): state=session['oidc_state']) logout_url = logout_request.request( oidc_client.provider_info["end_session_endpoint"]) - track_activity(f'user \'{current_user.user}\' has been logged-out', + track_activity(f'user \'{iris_current_user.user}\' has been logged-out', ctx_less=True, display_in_ui=False) logout_user() session.clear() return redirect(logout_url) except GrantError: track_activity( - f'no oidc session found for user \'{current_user.user}\', skipping oidc provider logout and continuing to logout local user', + f'no oidc session found for user \'{iris_current_user.user}\', skipping oidc provider logout and continuing to logout local user', ctx_less=True, display_in_ui=False ) - track_activity(f'user \'{current_user.user}\' has been logged-out', + track_activity(f'user \'{iris_current_user.user}\' has been logged-out', ctx_less=True, display_in_ui=False) logout_user() session.clear() @@ -121,13 +122,13 @@ def whoami(): """ # Ensure we are authenticated - if not current_user.is_authenticated: + if not iris_current_user.is_authenticated: return response_api_error("Unauthenticated") # Return the current_user dict return response_api_success(data=UserSchema(only=[ 'id', 'user_name', 'user_login', 'user_email' - ]).dump(current_user)) + ]).dump(iris_current_user)) diff --git a/source/app/blueprints/rest/v2/cases.py b/source/app/blueprints/rest/v2/cases.py index dff91e116..070555f56 100644 --- a/source/app/blueprints/rest/v2/cases.py +++ b/source/app/blueprints/rest/v2/cases.py @@ -18,7 +18,6 @@ from flask import Blueprint from flask import request -from flask_login import current_user from werkzeug import Response from app.blueprints.rest.parsing import parse_comma_separated_identifiers @@ -36,6 +35,7 @@ from app.blueprints.rest.v2.case_objects.tasks import case_tasks_blueprint from app.blueprints.rest.v2.case_objects.evidences import case_evidences_blueprint from app.blueprints.rest.v2.case_objects.events import case_events_blueprint +from app.business.auth import iris_current_user from app.business.cases import cases_create from app.business.cases import cases_delete from app.datamgmt.case.case_db import get_case @@ -104,7 +104,7 @@ def get_cases() -> Response: is_open = request.args.get('is_open', None, type=parse_boolean) filtered_cases = get_filtered_cases( - current_user.id, + iris_current_user.id, pagination_parameters, case_ids=case_ids_str, case_customer_id=case_customer_id, diff --git a/source/app/blueprints/rest/v2/context/api_v2_context_routes.py b/source/app/blueprints/rest/v2/context/api_v2_context_routes.py index b2d897eca..f82e7e7f0 100644 --- a/source/app/blueprints/rest/v2/context/api_v2_context_routes.py +++ b/source/app/blueprints/rest/v2/context/api_v2_context_routes.py @@ -17,11 +17,11 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. from flask import Blueprint, request -from flask_login import current_user from app import db, app from app.blueprints.access_controls import ac_api_requires from app.blueprints.rest.endpoints import response_api_success +from app.business.auth import iris_current_user from app.datamgmt.context.context_db import ctx_search_user_cases from app.models.cases import Cases from app.models.models import Client @@ -37,7 +37,7 @@ def cases_context_search_v2(): V2: Search for user cases based on a query parameter (e.g., investigations not closed). """ search = request.args.get('q') - data = ctx_search_user_cases(search, current_user.id, max_results=100) + data = ctx_search_user_cases(search, iris_current_user.id, max_results=100) return response_api_success(data=data) @@ -52,8 +52,8 @@ def set_ctx_v2(): ctx = request.form.get('ctx') ctx_h = request.form.get('ctx_h') - current_user.ctx_case = ctx - current_user.ctx_human_case = ctx_h + iris_current_user.ctx_case = ctx + iris_current_user.ctx_human_case = ctx_h db.session.commit() _update_user_case_ctx() @@ -74,13 +74,13 @@ def _update_user_case_ctx(): data = [row for row in res] - if current_user and current_user.ctx_case: - is_found = any(row[2] == current_user.ctx_case for row in data) + if iris_current_user and iris_current_user.ctx_case: + is_found = any(row[2] == iris_current_user.ctx_case for row in data) if not is_found: # Remove invalid case from the user context - current_user.ctx_case = None - current_user.ctx_human_case = "Not set" + iris_current_user.ctx_case = None + iris_current_user.ctx_human_case = "Not set" db.session.commit() app.jinja_env.globals.update({'cases_context_selector': data}) diff --git a/source/app/blueprints/socket_io_event_handlers/case_event_handlers.py b/source/app/blueprints/socket_io_event_handlers/case_event_handlers.py index 6a82f4fdd..6110c4fce 100644 --- a/source/app/blueprints/socket_io_event_handlers/case_event_handlers.py +++ b/source/app/blueprints/socket_io_event_handlers/case_event_handlers.py @@ -17,26 +17,26 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. from flask import request -from flask_login import current_user from flask_socketio import emit from flask_socketio import join_room from app import socket_io from app.blueprints.access_controls import ac_socket_requires +from app.business.auth import iris_current_user from app.models.authorization import CaseAccessLevel @ac_socket_requires(CaseAccessLevel.full_access) def socket_summary_onchange(data): - data['last_change'] = current_user.user + data['last_change'] = iris_current_user.user emit('change', data, to=data['channel'], skip_sid=request.sid) @ac_socket_requires(CaseAccessLevel.full_access) def socket_summary_onsave(data): - data['last_saved'] = current_user.user + data['last_saved'] = iris_current_user.user emit('save', data, to=data['channel'], skip_sid=request.sid) @@ -51,7 +51,7 @@ def get_message(data): room = data['channel'] join_room(room=room) - emit('join', {'message': f"{current_user.user} just joined"}, room=room) + emit('join', {'message': f"{iris_current_user.user} just joined"}, room=room) @ac_socket_requires(CaseAccessLevel.full_access) diff --git a/source/app/blueprints/socket_io_event_handlers/case_notes_event_handlers.py b/source/app/blueprints/socket_io_event_handlers/case_notes_event_handlers.py index b4faa3adf..cffa77195 100644 --- a/source/app/blueprints/socket_io_event_handlers/case_notes_event_handlers.py +++ b/source/app/blueprints/socket_io_event_handlers/case_notes_event_handlers.py @@ -17,26 +17,26 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. from flask import request -from flask_login import current_user from flask_socketio import emit from flask_socketio import join_room from app import socket_io from app.blueprints.access_controls import ac_socket_requires +from app.business.auth import iris_current_user from app.models.authorization import CaseAccessLevel @ac_socket_requires(CaseAccessLevel.full_access) def socket_change_note(data): - data['last_change'] = current_user.user + data['last_change'] = iris_current_user.user emit('change-note', data, to=data['channel'], skip_sid=request.sid, room=data['channel']) @ac_socket_requires(CaseAccessLevel.full_access) def socket_save_note(data): - data['last_saved'] = current_user.user + data['last_saved'] = iris_current_user.user emit('save-note', data, to=data['channel'], skip_sid=request.sid, room=data['channel']) @@ -53,27 +53,27 @@ def socket_join_note(data): join_room(room=room) emit('join-notes', { - 'message': f"{current_user.user} just joined", - "user": current_user.user + 'message': f"{iris_current_user.user} just joined", + "user": iris_current_user.user }, room=room) @ac_socket_requires(CaseAccessLevel.full_access) def socket_ping_note(data): - emit('ping-note', {"user": current_user.name, "note_id": data['note_id']}, room=data['channel']) + emit('ping-note', {"user": iris_current_user.name, "note_id": data['note_id']}, room=data['channel']) @ac_socket_requires(CaseAccessLevel.full_access) def socket_pong_note(data): - emit('pong-note', {"user": current_user.name, "note_id": data['note_id']}, room=data['channel']) + emit('pong-note', {"user": iris_current_user.name, "note_id": data['note_id']}, room=data['channel']) @ac_socket_requires(CaseAccessLevel.full_access) def socket_overview_map_note(data): - emit('overview-map-note', {"user": current_user.user, "note_id": data['note_id']}, room=data['channel']) + emit('overview-map-note', {"user": iris_current_user.user, "note_id": data['note_id']}, room=data['channel']) @ac_socket_requires(CaseAccessLevel.full_access) @@ -83,14 +83,14 @@ def socket_join_overview(data): join_room(room=room) emit('join-notes-overview', { - 'message': f"{current_user.user} just joined", - "user": current_user.user + 'message': f"{iris_current_user.user} just joined", + "user": iris_current_user.user }, room=room) @ac_socket_requires(CaseAccessLevel.full_access) def socket_disconnect(data): - emit('disconnect', current_user.user, broadcast=True) + emit('disconnect', iris_current_user.user, broadcast=True) def register_notes_event_handlers(): diff --git a/source/app/blueprints/socket_io_event_handlers/update_event_handlers.py b/source/app/blueprints/socket_io_event_handlers/update_event_handlers.py index ea727760c..954cbe657 100644 --- a/source/app/blueprints/socket_io_event_handlers/update_event_handlers.py +++ b/source/app/blueprints/socket_io_event_handlers/update_event_handlers.py @@ -15,19 +15,19 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from flask_socketio import emit from flask_socketio import join_room from app import socket_io from app import app +from app.business.auth import iris_current_user def get_message(data): room = data['channel'] join_room(room=room) - emit('join', {'message': f"{current_user.user} just joined", 'is_error': False}, room=room, + emit('join', {'message': f"{iris_current_user.user} just joined", 'is_error': False}, room=room, namespace='/server-updates') diff --git a/source/app/business/alerts.py b/source/app/business/alerts.py index a605353e9..8469c2ee4 100644 --- a/source/app/business/alerts.py +++ b/source/app/business/alerts.py @@ -15,7 +15,6 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user import json from datetime import datetime @@ -23,6 +22,7 @@ from app import db from app import socket_io +from app.business.auth import iris_current_user from app.models.alerts import Alert from app.datamgmt.alerts.alerts_db import cache_similar_alert from app.datamgmt.manage.manage_access_control_db import user_has_client_access @@ -56,7 +56,7 @@ def alerts_create(request_data) -> Alert: alert = _load(request_data) - if not user_has_client_access(current_user.id, alert.alert_customer_id): + if not user_has_client_access(iris_current_user.id, alert.alert_customer_id): raise BusinessProcessingError('User not entitled to create alerts for the client') alert.alert_creation_time = datetime.utcnow() diff --git a/source/app/business/assets.py b/source/app/business/assets.py index 2842c66e2..2bd6548ce 100644 --- a/source/app/business/assets.py +++ b/source/app/business/assets.py @@ -16,11 +16,11 @@ # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from marshmallow.exceptions import ValidationError from flask_sqlalchemy.pagination import Pagination from app import db +from app.business.auth import iris_current_user from app.business.errors import BusinessProcessingError from app.business.errors import ObjectNotFoundError from app.business.cases import cases_exists @@ -55,7 +55,7 @@ def assets_create(case_identifier, request_json): if case_assets_db_exists(asset): raise BusinessProcessingError('Asset with same value and type already exists') - asset = create_asset(asset=asset, caseid=case_identifier, user_id=current_user.id) + asset = create_asset(asset=asset, caseid=case_identifier, user_id=iris_current_user.id) # TODO should the custom attributes be set? if request_data.get('ioc_links'): errors, _ = set_ioc_links(request_data.get('ioc_links'), asset.asset_id) diff --git a/source/app/business/case_comments.py b/source/app/business/case_comments.py index 2e788f1c0..2c5fdfbde 100644 --- a/source/app/business/case_comments.py +++ b/source/app/business/case_comments.py @@ -18,9 +18,8 @@ from datetime import datetime -from flask_login import current_user - from app import db +from app.business.auth import iris_current_user from app.datamgmt.case.case_comments import get_case_comment from app.iris_engine.module_handler.module_handler import call_modules_hook from app.iris_engine.utils.tracker import track_activity @@ -32,8 +31,8 @@ def case_comments_update(comment_text, comment_id, object_type, caseid): if not comment: raise BusinessProcessingError('Invalid comment ID') - if hasattr(current_user, 'id') and current_user.id is not None: - if comment.comment_user_id != current_user.id: + if hasattr(iris_current_user, 'id') and iris_current_user.id is not None: + if comment.comment_user_id != iris_current_user.id: raise BusinessProcessingError('Permission denied') comment.comment_text = comment_text diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 4a5e9a5f9..5fb9500d3 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -18,10 +18,10 @@ import datetime import traceback -from flask_login import current_user from marshmallow.exceptions import ValidationError from app import db +from app.business.auth import iris_current_user from app.logger import logger from app.util import add_obj_history_entry from app.schema.marshables import CaseSchema @@ -78,7 +78,7 @@ def cases_create(request_data): case = _load(request_data) - case.owner_id = current_user.id + case.owner_id = iris_current_user.id case.severity_id = 4 case_template_id = request_data.pop('case_template_id', None) @@ -145,7 +145,7 @@ def cases_update(case_identifier, request_data): # If user tries to update the customer, check if the user has access to the new customer if request_data.get('case_customer') and request_data.get('case_customer') != case_i.client_id: - if not user_has_client_access(current_user.id, request_data.get('case_customer')): + if not user_has_client_access(iris_current_user.id, request_data.get('case_customer')): raise BusinessProcessingError('Invalid customer ID. Permission denied.') if 'case_name' in request_data: diff --git a/source/app/business/events.py b/source/app/business/events.py index 8f3337a37..f3bab96ee 100644 --- a/source/app/business/events.py +++ b/source/app/business/events.py @@ -18,9 +18,8 @@ from datetime import datetime -from flask_login import current_user - from app import db +from app.business.auth import iris_current_user from app.models.cases import CasesEvent from app.business.errors import ObjectNotFoundError from app.util import add_obj_history_entry @@ -40,7 +39,7 @@ def events_create(case_identifier, event: CasesEvent, event_category_id, event_a event.case_id = case_identifier event.event_added = datetime.utcnow() - event.user_id = current_user.id + event.user_id = iris_current_user.id add_obj_history_entry(event, 'created') diff --git a/source/app/business/evidences.py b/source/app/business/evidences.py index 707179963..bd9f36689 100644 --- a/source/app/business/evidences.py +++ b/source/app/business/evidences.py @@ -16,10 +16,10 @@ # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from marshmallow.exceptions import ValidationError from flask_sqlalchemy.pagination import Pagination +from app.business.auth import iris_current_user from app.business.errors import BusinessProcessingError from app.business.errors import ObjectNotFoundError from app.iris_engine.module_handler.module_handler import call_modules_hook @@ -47,7 +47,7 @@ def evidences_create(case_identifier, request_json) -> CaseReceivedFile: evidence = _load(request_data) - crf = add_rfile(evidence=evidence, user_id=current_user.id, caseid=case_identifier) + crf = add_rfile(evidence=evidence, user_id=iris_current_user.id, caseid=case_identifier) crf = call_modules_hook('on_postload_evidence_create', data=crf, caseid=case_identifier) if not crf: @@ -68,7 +68,7 @@ def evidences_update(evidence: CaseReceivedFile, request_json: dict) -> CaseRece request_data = call_modules_hook('on_preload_evidence_update', data=request_json, caseid=evidence.case_id) request_data['id'] = evidence.id evidence = _load(request_data, instance=evidence, partial=True) - evidence = update_rfile(evidence=evidence, user_id=current_user.id, caseid=evidence.case_id) + evidence = update_rfile(evidence=evidence, user_id=iris_current_user.id, caseid=evidence.case_id) evidence = call_modules_hook('on_postload_evidence_update', data=evidence, caseid=evidence.case_id) if not evidence: raise BusinessProcessingError('Unable to update task for internal reasons') diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py index 6830de0f2..58ad8f2a3 100644 --- a/source/app/business/iocs.py +++ b/source/app/business/iocs.py @@ -16,10 +16,10 @@ # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from marshmallow.exceptions import ValidationError from app import db +from app.business.auth import iris_current_user from app.models.models import Ioc from app.datamgmt.case.case_iocs_db import add_ioc from app.datamgmt.case.case_iocs_db import case_iocs_db_exists @@ -66,7 +66,7 @@ def iocs_create(request_json, case_identifier): if case_iocs_db_exists(ioc): raise BusinessProcessingError('IOC with same value and type already exists') - add_ioc(ioc, current_user.id, case_identifier) + add_ioc(ioc, iris_current_user.id, case_identifier) ioc = call_modules_hook('on_postload_ioc_create', data=ioc, caseid=case_identifier) @@ -94,7 +94,7 @@ def iocs_update(ioc: Ioc, request_json: dict) -> (Ioc, str): request_data['ioc_id'] = ioc.ioc_id request_data['case_id'] = ioc.case_id ioc_sc = ioc_schema.load(request_data, instance=ioc, partial=True) - ioc_sc.user_id = current_user.id + ioc_sc.user_id = iris_current_user.id if not check_ioc_type_id(type_id=ioc_sc.ioc_type_id): raise BusinessProcessingError('Not a valid IOC type') diff --git a/source/app/business/notes.py b/source/app/business/notes.py index 7c46cc712..ece480dd7 100644 --- a/source/app/business/notes.py +++ b/source/app/business/notes.py @@ -17,10 +17,10 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. from datetime import datetime -from flask_login import current_user from marshmallow import ValidationError from app import db +from app.business.auth import iris_current_user from app.logger import logger from app.business.errors import BusinessProcessingError from app.business.errors import UnhandledBusinessError @@ -60,7 +60,7 @@ def notes_create(request_json, case_identifier): note.note_creationdate = datetime.utcnow() note.note_lastupdate = datetime.utcnow() - note.note_user = current_user.id + note.note_user = iris_current_user.id note.note_case_id = case_identifier db.session.add(note) @@ -125,7 +125,7 @@ def notes_update(note: Notes, request_json: dict): revision_number=revision_number, note_title=note.note_title, note_content=note.note_content, - note_user=current_user.id, + note_user=iris_current_user.id, revision_timestamp=datetime.utcnow() ) db.session.add(note_version) @@ -134,7 +134,7 @@ def notes_update(note: Notes, request_json: dict): request_data['note_id'] = note.note_id addnote_schema.load(request_data, partial=True, instance=note) note.update_date = datetime.utcnow() - note.user_id = current_user.id + note.user_id = iris_current_user.id add_obj_history_entry(note, 'updated note', commit=True) note = call_modules_hook('on_postload_note_update', data=note, caseid=note.note_case_id) diff --git a/source/app/business/tasks.py b/source/app/business/tasks.py index a4ccded93..e8f6b08b3 100644 --- a/source/app/business/tasks.py +++ b/source/app/business/tasks.py @@ -19,9 +19,9 @@ from datetime import datetime from flask_sqlalchemy.pagination import Pagination -from flask_login import current_user from app import db +from app.business.auth import iris_current_user from app.datamgmt.case.case_tasks_db import delete_task from app.datamgmt.case.case_tasks_db import add_task from app.datamgmt.case.case_tasks_db import update_task_assignees @@ -68,7 +68,7 @@ def tasks_create(case_identifier: int, request_json: dict) -> (str, CaseTasks): ctask = add_task(task=task, assignee_id_list=task_assignee_list, - user_id=current_user.id, + user_id=iris_current_user.id, caseid=case_identifier ) @@ -104,7 +104,7 @@ def tasks_update(task: CaseTasks, request_json): request_data['id'] = task.id task = _load(request_data, instance=task) - task.task_userid_update = current_user.id + task.task_userid_update = iris_current_user.id task.task_last_update = datetime.utcnow() update_task_assignees(task.id, task_assignee_list, case_identifier) diff --git a/source/app/datamgmt/alerts/alerts_db.py b/source/app/datamgmt/alerts/alerts_db.py index 602d0bcc6..d85a14764 100644 --- a/source/app/datamgmt/alerts/alerts_db.py +++ b/source/app/datamgmt/alerts/alerts_db.py @@ -19,7 +19,6 @@ import json from datetime import datetime, timedelta -from flask_login import current_user from sqlalchemy import desc, asc, func, tuple_, or_, not_, and_ from sqlalchemy.orm import aliased, make_transient, selectinload from typing import List, Tuple @@ -363,11 +362,11 @@ def create_case_from_alerts(alerts: List[Alert], iocs_list: List[str], assets_li name=f"[ALERT]{case_template_title_prefix} " f"Merge of alerts {', '.join([str(alert.alert_id) for alert in alerts])}" if not case_title else f"{case_template_title_prefix} {case_title}", - description=f"*Alerts escalated by {current_user.name}*\n\n{escalation_note}" + description=f"*Alerts escalated by {iris_current_user.name}*\n\n{escalation_note}" f"[Alerts link](/alerts?alert_ids={','.join([str(alert.alert_id) for alert in alerts])})", soc_id='', client_id=alerts[0].alert_customer_id, - user=current_user, + user=iris_current_user, classification_id=alerts[0].alert_classification_id, state_id=get_case_state_by_name('Open').state_id ) @@ -393,7 +392,7 @@ def create_case_from_alerts(alerts: List[Alert], iocs_list: List[str], assets_li for alert_ioc in alert.iocs: if str(alert_ioc.ioc_uuid) == ioc_uuid: - add_ioc(alert_ioc, current_user.id, case.case_id) + add_ioc(alert_ioc, iris_current_user.id, case.case_id) ioc_links.append(alert_ioc.ioc_id) # Add the assets to the case @@ -404,7 +403,7 @@ def create_case_from_alerts(alerts: List[Alert], iocs_list: List[str], assets_li asset = create_asset(asset=alert_asset, caseid=case.case_id, - user_id=current_user.id + user_id=iris_current_user.id ) asset.asset_uuid = alert_asset.asset_uuid @@ -431,7 +430,7 @@ def create_case_from_alerts(alerts: List[Alert], iocs_list: List[str], assets_li }, session=db.session) event.case_id = case.case_id - event.user_id = current_user.id + event.user_id = iris_current_user.id event.event_added = datetime.utcnow() add_obj_history_entry(event, 'created') @@ -488,13 +487,13 @@ def create_case_from_alert(alert: Alert, iocs_list: List[str], assets_list: List # Create the case case = Cases( name=f"[ALERT]{case_template_title_prefix} {alert.alert_title}" if not case_title else f"{case_template_title_prefix} {case_title}", - description=f"*Alert escalated by {current_user.name}*\n\n{escalation_note}" + description=f"*Alert escalated by {iris_current_user.name}*\n\n{escalation_note}" f"### Alert description\n\n{alert.alert_description}" f"\n\n### IRIS alert link\n\n" f"[ #{alert.alert_id}](/alerts?alert_ids={alert.alert_id})", soc_id=alert.alert_id, client_id=alert.alert_customer_id, - user=current_user, + user=iris_current_user, classification_id=alert.alert_classification_id, state_id=get_case_state_by_name('Open').state_id ) @@ -541,7 +540,7 @@ def create_case_from_alert(alert: Alert, iocs_list: List[str], assets_list: List new_alert_ioc.ioc_id = None new_alert_ioc.ioc_uuid = ioc_uuid - new_alert_ioc.user_id = current_user.id + new_alert_ioc.user_id = iris_current_user.id new_alert_ioc.case_id = case.case_id db.session.add(new_alert_ioc) @@ -549,7 +548,7 @@ def create_case_from_alert(alert: Alert, iocs_list: List[str], assets_list: List alert_ioc = new_alert_ioc - add_ioc(alert_ioc, current_user.id, case.case_id) + add_ioc(alert_ioc, iris_current_user.id, case.case_id) ioc_links.append(alert_ioc.ioc_id) # Add the assets to the case @@ -574,7 +573,7 @@ def create_case_from_alert(alert: Alert, iocs_list: List[str], assets_list: List asset = create_asset(asset=alert_asset, caseid=case.case_id, - user_id=current_user.id + user_id=iris_current_user.id ) asset.asset_uuid = alert_asset.asset_uuid @@ -603,7 +602,7 @@ def create_case_from_alert(alert: Alert, iocs_list: List[str], assets_list: List }, session=db.session) event.case_id = case.case_id - event.user_id = current_user.id + event.user_id = iris_current_user.id event.event_added = datetime.utcnow() add_obj_history_entry(event, 'created') @@ -649,7 +648,7 @@ def merge_alert_in_case(alert: Alert, case: Cases, iocs_list: List[str], if note: escalation_note = f"\n\n### Escalation note\n\n{note}\n\n" - case.description += f"\n\n*Alert [#{alert.alert_id}](/alerts?alert_ids={alert.alert_id}) escalated by {current_user.name}*\n\n{escalation_note}" + case.description += f"\n\n*Alert [#{alert.alert_id}](/alerts?alert_ids={alert.alert_id}) escalated by {iris_current_user.name}*\n\n{escalation_note}" for tag in case_tags.split(',') if case_tags else []: tag = Tags(tag_title=tag).save() @@ -675,7 +674,7 @@ def merge_alert_in_case(alert: Alert, case: Cases, iocs_list: List[str], if tmp_ioc: alert_ioc = tmp_ioc - add_ioc(alert_ioc, current_user.id, case.case_id) + add_ioc(alert_ioc, iris_current_user.id, case.case_id) ioc_links.append(alert_ioc.ioc_id) # Add the assets to the case @@ -698,7 +697,7 @@ def merge_alert_in_case(alert: Alert, case: Cases, iocs_list: List[str], else: asset = create_asset(asset=alert_asset, caseid=case.case_id, - user_id=current_user.id + user_id=iris_current_user.id ) set_ioc_links(ioc_links, asset.asset_id) @@ -727,7 +726,7 @@ def merge_alert_in_case(alert: Alert, case: Cases, iocs_list: List[str], }, session=db.session) event.case_id = case.case_id - event.user_id = current_user.id + event.user_id = iris_current_user.id event.event_added = datetime.utcnow() add_obj_history_entry(event, 'created') @@ -1131,7 +1130,7 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al 'color': alert_color, 'weight': "bold" }, - 'font': "12px verdana white" if current_user.in_dark_mode else '' + 'font': "12px verdana white" if iris_current_user.in_dark_mode else '' }) for asset_info in alert_info['assets']: @@ -1144,7 +1143,7 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al 'group': 'asset', 'shape': 'image', 'image': '/static/assets/img/graph/' + asset_info['icon'], - 'font': "12px verdana white" if current_user.in_dark_mode else '' + 'font': "12px verdana white" if iris_current_user.in_dark_mode else '' }) added_assets.add(asset_id) @@ -1163,10 +1162,10 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al 'icon': { 'face': 'FontAwesome', 'code': '\ue4a8', - 'color': 'white' if current_user.in_dark_mode else '', + 'color': 'white' if iris_current_user.in_dark_mode else '', 'weight': "bold" }, - 'font': "12px verdana white" if current_user.in_dark_mode else '' + 'font': "12px verdana white" if iris_current_user.in_dark_mode else '' }) added_iocs.add(ioc_value) @@ -1309,7 +1308,7 @@ def delete_alert_comment(comment_id: int, alert_id: int) -> Tuple[bool, str]: """ comment = Comments.query.filter( Comments.comment_id == comment_id, - Comments.comment_user_id == current_user.id, + Comments.comment_user_id == iris_current_user.id, Comments.comment_alert_id == alert_id ).first() if not comment: diff --git a/source/app/datamgmt/case/case_assets_db.py b/source/app/datamgmt/case/case_assets_db.py index 981b0b8ef..93be80cc9 100644 --- a/source/app/datamgmt/case/case_assets_db.py +++ b/source/app/datamgmt/case/case_assets_db.py @@ -18,12 +18,12 @@ import datetime -from flask_login import current_user from sqlalchemy import and_ from sqlalchemy import func from flask_sqlalchemy.pagination import Pagination from app import db, app +from app.business.auth import iris_current_user from app.datamgmt.filtering import get_filtered_data from app.datamgmt.states import update_assets_state from app.models.models import AnalysisStatus @@ -385,7 +385,7 @@ def get_case_asset_comment(asset_id, comment_id): def delete_asset_comment(asset_id, comment_id, case_id): comment = Comments.query.filter( Comments.comment_id == comment_id, - Comments.comment_user_id == current_user.id + Comments.comment_user_id == iris_current_user.id ).first() if not comment: return False, "You are not allowed to delete this comment" diff --git a/source/app/datamgmt/case/case_events_db.py b/source/app/datamgmt/case/case_events_db.py index 145068698..ec36ba283 100644 --- a/source/app/datamgmt/case/case_events_db.py +++ b/source/app/datamgmt/case/case_events_db.py @@ -15,10 +15,10 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from sqlalchemy import and_ from app import db +from app.business.auth import iris_current_user from app.datamgmt.states import update_timeline_state from app.models.models import AssetsType from app.models.models import CaseAssets @@ -158,7 +158,7 @@ def get_case_event_comment(event_id, comment_id): def delete_event_comment(event_id, comment_id): comment = Comments.query.filter( Comments.comment_id == comment_id, - Comments.comment_user_id == current_user.id + Comments.comment_user_id == iris_current_user.id ).first() if not comment: return False, "You are not allowed to delete this comment" diff --git a/source/app/datamgmt/case/case_iocs_db.py b/source/app/datamgmt/case/case_iocs_db.py index a375bfb11..03da51471 100644 --- a/source/app/datamgmt/case/case_iocs_db.py +++ b/source/app/datamgmt/case/case_iocs_db.py @@ -15,11 +15,11 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from sqlalchemy import and_ from app import db from app import app +from app.business.auth import iris_current_user from app.datamgmt.filtering import get_filtered_data from app.datamgmt.states import update_ioc_state from app.iris_engine.access_control.utils import ac_get_fast_user_cases_access @@ -124,7 +124,7 @@ def get_detailed_iocs(caseid): def get_ioc_links(ioc_id): search_condition = and_(Cases.case_id.in_([])) - user_search_limitations = ac_get_fast_user_cases_access(current_user.id) + user_search_limitations = ac_get_fast_user_cases_access(iris_current_user.id) if user_search_limitations: search_condition = and_(Cases.case_id.in_(user_search_limitations)) @@ -268,7 +268,7 @@ def get_case_ioc_comment(ioc_id, comment_id): def delete_ioc_comment(ioc_id, comment_id): comment = Comments.query.filter( Comments.comment_id == comment_id, - Comments.comment_user_id == current_user.id + Comments.comment_user_id == iris_current_user.id ).first() if not comment: return False, "You are not allowed to delete this comment" diff --git a/source/app/datamgmt/case/case_notes_db.py b/source/app/datamgmt/case/case_notes_db.py index 0266fa21e..685ccf4fc 100644 --- a/source/app/datamgmt/case/case_notes_db.py +++ b/source/app/datamgmt/case/case_notes_db.py @@ -15,10 +15,10 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from sqlalchemy import and_ from app import db +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes from app.datamgmt.states import update_notes_state from app.models.models import Comments @@ -368,7 +368,7 @@ def get_case_note_comment(note_id, comment_id): def delete_note_comment(note_id, comment_id): comment = Comments.query.filter( Comments.comment_id == comment_id, - Comments.comment_user_id == current_user.id + Comments.comment_user_id == iris_current_user.id ).first() if not comment: return False, "You are not allowed to delete this comment" diff --git a/source/app/datamgmt/case/case_rfiles_db.py b/source/app/datamgmt/case/case_rfiles_db.py index 098535865..576740d48 100644 --- a/source/app/datamgmt/case/case_rfiles_db.py +++ b/source/app/datamgmt/case/case_rfiles_db.py @@ -17,11 +17,11 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. import datetime -from flask_login import current_user from sqlalchemy import desc from flask_sqlalchemy.pagination import Pagination from app import db +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes from app.datamgmt.states import update_evidences_state from app.models.models import CaseReceivedFile @@ -164,7 +164,7 @@ def get_case_evidence_comment(evidence_id, comment_id): def delete_evidence_comment(evidence_id, comment_id): comment = Comments.query.filter( Comments.comment_id == comment_id, - Comments.comment_user_id == current_user.id + Comments.comment_user_id == iris_current_user.id ).first() if not comment: return False, "You are not allowed to delete this comment" diff --git a/source/app/datamgmt/case/case_tasks_db.py b/source/app/datamgmt/case/case_tasks_db.py index aa8c5f76b..75bac173d 100644 --- a/source/app/datamgmt/case/case_tasks_db.py +++ b/source/app/datamgmt/case/case_tasks_db.py @@ -17,11 +17,11 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. from datetime import datetime -from flask_login import current_user from sqlalchemy import desc from sqlalchemy import and_ from app import db +from app.business.auth import iris_current_user from app.datamgmt.conversions import convert_sort_direction from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes from app.datamgmt.manage.manage_users_db import get_users_list_restricted_from_case @@ -300,7 +300,7 @@ def delete_task(task_id): def delete_task_comment(task_id, comment_id): comment = Comments.query.filter( Comments.comment_id == comment_id, - Comments.comment_user_id == current_user.id + Comments.comment_user_id == iris_current_user.id ).first() if not comment: return False, "You are not allowed to delete this comment" diff --git a/source/app/datamgmt/dashboard/dashboard_db.py b/source/app/datamgmt/dashboard/dashboard_db.py index 20c213e46..f053eef35 100644 --- a/source/app/datamgmt/dashboard/dashboard_db.py +++ b/source/app/datamgmt/dashboard/dashboard_db.py @@ -15,11 +15,11 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from sqlalchemy import and_ from sqlalchemy import desc from app import db +from app.business.auth import iris_current_user from app.models.models import CaseTasks from app.models.models import TaskAssignee from app.models.models import ReviewStatus @@ -92,7 +92,7 @@ def list_user_reviews(): ).join( Cases.review_status ).filter( - Cases.reviewer_id == current_user.id, + Cases.reviewer_id == iris_current_user.id, ReviewStatus.status_name != 'Reviewed', ReviewStatus.status_name != 'Not reviewed' ).all() @@ -123,7 +123,7 @@ def list_user_tasks(): CaseTasks.status, ).filter(and_( TaskAssignee.task_id == CaseTasks.id, - TaskAssignee.user_id == current_user.id + TaskAssignee.user_id == iris_current_user.id )).all() return ct @@ -175,11 +175,11 @@ def get_task_status(task_status_id): def list_user_cases(show_all=False): if show_all: return Cases.query.filter( - Cases.owner_id == current_user.id + Cases.owner_id == iris_current_user.id ).all() return Cases.query.filter( - Cases.owner_id == current_user.id, + Cases.owner_id == iris_current_user.id, Cases.close_date == None ).all() diff --git a/source/app/datamgmt/datastore/datastore_db.py b/source/app/datamgmt/datastore/datastore_db.py index 2f51717de..30144afeb 100644 --- a/source/app/datamgmt/datastore/datastore_db.py +++ b/source/app/datamgmt/datastore/datastore_db.py @@ -21,12 +21,12 @@ import datetime from pathlib import Path -from flask_login import current_user from sqlalchemy import and_ from sqlalchemy import func from app import app from app import db +from app.business.auth import iris_current_user from app.models.models import CaseReceivedFile from app.models.models import DataStoreFile from app.models.models import DataStorePath @@ -368,7 +368,7 @@ def datastore_add_file_as_ioc(dsf, caseid): ioc.ioc_type_id = ioc_type_id.type_id ioc.ioc_tlp_id = ioc_tlp_id.tlp_id ioc.ioc_tags = "datastore" - ioc.user_id = current_user.id + ioc.user_id = iris_current_user.id db.session.add(ioc) db.session.commit() @@ -387,7 +387,7 @@ def datastore_add_file_as_evidence(dsf, caseid): crf.date_added = datetime.datetime.now() crf.filename = dsf.file_original_name crf.file_size = dsf.file_size - crf.user_id = current_user.id + crf.user_id = iris_current_user.id db.session.add(crf) db.session.commit() diff --git a/source/app/datamgmt/filters/filters_db.py b/source/app/datamgmt/filters/filters_db.py index 3d64120cb..80da8e872 100644 --- a/source/app/datamgmt/filters/filters_db.py +++ b/source/app/datamgmt/filters/filters_db.py @@ -1,6 +1,6 @@ -from flask_login import current_user from sqlalchemy import and_ +from app.business.auth import iris_current_user from app.models.models import SavedFilter @@ -16,7 +16,7 @@ def get_filter_by_id(filter_id): """ saved_filter = SavedFilter.query.filter(SavedFilter.filter_id == filter_id).first() if saved_filter: - if saved_filter.filter_is_private and saved_filter.created_by != current_user.id: + if saved_filter.filter_is_private and saved_filter.created_by != iris_current_user.id: return None return saved_filter @@ -40,7 +40,7 @@ def list_filters_by_type(filter_type): private_filters_for_user = SavedFilter.query.filter( and_( SavedFilter.filter_is_private == True, - SavedFilter.created_by == current_user.id, + SavedFilter.created_by == iris_current_user.id, SavedFilter.filter_type == filter_type ) ) diff --git a/source/app/datamgmt/iris_engine/modules_db.py b/source/app/datamgmt/iris_engine/modules_db.py index 1abde96ae..4c5e91031 100644 --- a/source/app/datamgmt/iris_engine/modules_db.py +++ b/source/app/datamgmt/iris_engine/modules_db.py @@ -17,9 +17,9 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. import base64 import datetime -from flask_login import current_user from app import db, app +from app.business.auth import iris_current_user from app.models.models import IrisHook from app.models.models import IrisModule from app.models.models import IrisModuleHook @@ -51,7 +51,7 @@ def iris_module_add(module_name, module_human_name, module_description, im.has_pipeline = has_pipeline im.pipeline_args = pipeline_args im.module_config = module_config - im.added_by_id = current_user.id if current_user else User.query.first().id + im.added_by_id = iris_current_user.id if iris_current_user else User.query.first().id im.is_active = True im.module_type = module_type diff --git a/source/app/datamgmt/manage/manage_assets_db.py b/source/app/datamgmt/manage/manage_assets_db.py index a5575c855..f8aa80a4c 100644 --- a/source/app/datamgmt/manage/manage_assets_db.py +++ b/source/app/datamgmt/manage/manage_assets_db.py @@ -1,8 +1,8 @@ -from flask_login import current_user from sqlalchemy import and_ from functools import reduce import app +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_cases_db import user_list_cases_view from app.datamgmt.conversions import convert_sort_direction from app.models.cases import Cases @@ -49,7 +49,7 @@ def get_filtered_assets(case_id=None, if len(conditions) > 1: conditions = [reduce(and_, conditions)] - conditions.append(CaseAssets.case_id.in_(user_list_cases_view(current_user.id))) + conditions.append(CaseAssets.case_id.in_(user_list_cases_view(iris_current_user.id))) data = CaseAssets.query.filter(*conditions) diff --git a/source/app/datamgmt/manage/manage_groups_db.py b/source/app/datamgmt/manage/manage_groups_db.py index 3d3eedb21..416cc7029 100644 --- a/source/app/datamgmt/manage/manage_groups_db.py +++ b/source/app/datamgmt/manage/manage_groups_db.py @@ -14,10 +14,10 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -from flask_login import current_user from sqlalchemy import and_ from app import db +from app.business.auth import iris_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.manage.manage_cases_db import list_cases_id from app.iris_engine.access_control.utils import ac_access_level_mask_from_val_list, ac_ldp_group_removal @@ -177,7 +177,7 @@ def update_group_members(group, members): ac_auto_update_user_effective_access(uid) for uid in users_to_remove: - if current_user.id == uid and ac_ldp_group_removal(uid, group.group_id): + if iris_current_user.id == uid and ac_ldp_group_removal(uid, group.group_id): continue UserGroup.query.filter( diff --git a/source/app/datamgmt/manage/manage_users_db.py b/source/app/datamgmt/manage/manage_users_db.py index 099d18146..36fded3a6 100644 --- a/source/app/datamgmt/manage/manage_users_db.py +++ b/source/app/datamgmt/manage/manage_users_db.py @@ -19,9 +19,10 @@ from typing import List from functools import reduce -from flask_login import current_user, AnonymousUserMixin +from flask_login import AnonymousUserMixin from sqlalchemy import and_ +from app.business.auth import iris_current_user from app.logger import logger from app import bc from app import db @@ -122,7 +123,7 @@ def update_user_groups(user_id, groups): db.session.add(user_group) for group_id in groups_to_remove: - if (not isinstance(current_user, AnonymousUserMixin)) and current_user.id == user_id and ac_ldp_group_removal(user_id=user_id, group_id=group_id): + if (not isinstance(iris_current_user, AnonymousUserMixin)) and iris_current_user.id == user_id and ac_ldp_group_removal(user_id=user_id, group_id=group_id): continue UserGroup.query.filter( diff --git a/source/app/datamgmt/states.py b/source/app/datamgmt/states.py index 0015922f4..937f36e20 100644 --- a/source/app/datamgmt/states.py +++ b/source/app/datamgmt/states.py @@ -17,10 +17,10 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. from datetime import datetime -from flask_login import current_user from sqlalchemy import and_ from app import db +from app.business.auth import iris_current_user from app.models.models import ObjectState @@ -37,7 +37,7 @@ def _update_object_state(object_name, caseid, userid=None) -> ObjectState: ObjectState object """ if not userid: - userid = current_user.id + userid = iris_current_user.id os = ObjectState.query.filter(and_( ObjectState.object_name == object_name, diff --git a/source/app/iris_engine/access_control/utils.py b/source/app/iris_engine/access_control/utils.py index 879356864..e3ad07e3a 100644 --- a/source/app/iris_engine/access_control/utils.py +++ b/source/app/iris_engine/access_control/utils.py @@ -1,9 +1,9 @@ from flask import session -from flask_login import current_user from sqlalchemy import and_ import app from app import db +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_access_control_db import check_ua_case_client from app.models.cases import Cases from app.models.models import Client @@ -174,7 +174,7 @@ def ac_ldp_group_removal(user_id, group_id): """ Access control lockdown prevention on group removal """ - if current_user.id != user_id: + if iris_current_user.id != user_id: return False groups_perms = UserGroup.query.with_entities( @@ -206,7 +206,7 @@ def ac_ldp_group_update(user_id): """ Access control lockdown prevention on group update """ - if current_user.id != user_id: + if iris_current_user.id != user_id: return False groups_perms = UserGroup.query.with_entities( @@ -318,7 +318,7 @@ def ac_fast_check_user_has_case_access(user_id, cid, access_level: list[CaseAcce def ac_fast_check_current_user_has_case_access(cid, access_level): - return ac_fast_check_user_has_case_access(current_user.id, cid, access_level) + return ac_fast_check_user_has_case_access(iris_current_user.id, cid, access_level) def ac_recompute_effective_ac_from_users_list(users_list): @@ -411,8 +411,8 @@ def ac_set_new_case_access(org_members, case_id, customer_id = None): """ users = ac_apply_autofollow_groups_access(case_id) - if current_user.id in users: - del users[current_user.id] + if iris_current_user.id in users: + del users[iris_current_user.id] users_full = User.query.with_entities(User.id).all() users_full_access = list(set([u.id for u in users_full]) - set(users.keys())) @@ -423,17 +423,17 @@ def ac_set_new_case_access(org_members, case_id, customer_id = None): # Add specific right for the user creating the case UserCaseAccess.query.filter( UserCaseAccess.case_id == case_id, - UserCaseAccess.user_id == current_user.id + UserCaseAccess.user_id == iris_current_user.id ).delete() db.session.commit() uca = UserCaseAccess() uca.case_id = case_id - uca.user_id = current_user.id + uca.user_id = iris_current_user.id uca.access_level = CaseAccessLevel.full_access.value db.session.add(uca) db.session.commit() - ac_add_user_effective_access([current_user.id], case_id, CaseAccessLevel.full_access.value) + ac_add_user_effective_access([iris_current_user.id], case_id, CaseAccessLevel.full_access.value) # Add customer permissions for all users belonging to the customer if customer_id: @@ -565,7 +565,7 @@ def ac_set_case_access_for_users(users, case_id, access_level): for user in users: user_id = user.get('id') - if user_id == current_user.id: + if user_id == iris_current_user.id: logs = "It's done, but I excluded you from the list of users to update, Dave" ac_set_case_access_for_user(user.get('id'), case_id, access_level=CaseAccessLevel.full_access.value) continue diff --git a/source/app/iris_engine/demo_builder.py b/source/app/iris_engine/demo_builder.py index 5139d2ec7..846b4c175 100644 --- a/source/app/iris_engine/demo_builder.py +++ b/source/app/iris_engine/demo_builder.py @@ -18,11 +18,10 @@ import random import string -from flask_login import current_user - from app import app from app import bc from app import db +from app.business.auth import iris_current_user from app.datamgmt.manage.manage_groups_db import add_case_access_to_group from app.datamgmt.manage.manage_users_db import add_user_to_group from app.datamgmt.manage.manage_users_db import add_user_to_organisation @@ -44,7 +43,7 @@ def protect_demo_mode_user(user): users_p = [f'user_std_{i}' for i in range(1, int(app.config.get('DEMO_USERS_COUNT', 10)))] users_p += [f'adm_{i}' for i in range(1, int(app.config.get('DEMO_ADM_COUNT', 4)))] - if current_user.id != 1 and user.id == 1: + if iris_current_user.id != 1 and user.id == 1: return True if user.user in users_p: @@ -57,7 +56,7 @@ def protect_demo_mode_group(group): if app.config.get('DEMO_MODE_ENABLED') != 'True': return False - if current_user.id != 1 and group.group_id in [1, 2]: + if iris_current_user.id != 1 and group.group_id in [1, 2]: return True return False diff --git a/source/app/iris_engine/module_handler/module_handler.py b/source/app/iris_engine/module_handler/module_handler.py index 065e5e2cf..7fcb89fb6 100644 --- a/source/app/iris_engine/module_handler/module_handler.py +++ b/source/app/iris_engine/module_handler/module_handler.py @@ -21,7 +21,6 @@ import base64 import importlib -from flask_login import current_user from packaging import version from pickle import dumps from pickle import loads @@ -542,7 +541,7 @@ def call_modules_hook(hook_name: str, data: any, caseid: int = None, hook_ui_nam ser_data_auth = hmac_sign(ser_data) + b" " + ser_data task_hook_wrapper.delay(module_name=module.module_name, hook_name=hook_name, hook_ui_name=module.manual_hook_ui_name, data=ser_data_auth.decode("utf8"), - init_user=current_user.name, caseid=caseid) + init_user=iris_current_user.name, caseid=caseid) else: # Direct call. Should be fast diff --git a/source/app/iris_engine/reporter/reporter.py b/source/app/iris_engine/reporter/reporter.py index 5a99200dd..40f507f76 100644 --- a/source/app/iris_engine/reporter/reporter.py +++ b/source/app/iris_engine/reporter/reporter.py @@ -23,7 +23,6 @@ from datetime import datetime from docx_generator.docx_generator import DocxGenerator from docx_generator.exceptions import rendering_error -from flask_login import current_user from sqlalchemy import desc from app import app @@ -92,7 +91,7 @@ def _get_activity_info(self): 'auto_activities': auto_activities, 'manual_activities': manual_activities, 'date': datetime.utcnow(), - 'gen_user': current_user.name, + 'gen_user': iris_current_user.name, 'case': {'name': case_info_in['case'].get('name'), 'open_date': case_info_in['case'].get('open_date'), 'for_customer': case_info_in['case'].get('client').get('customer_name'), @@ -112,7 +111,7 @@ def _get_case_info(self): # Get customer, user and case title case_info['doc_id'] = IrisReportMaker.get_docid() - case_info['user'] = current_user.name + case_info['user'] = iris_current_user.name # Set date case_info['date'] = datetime.utcnow().strftime("%Y-%m-%d") @@ -335,7 +334,7 @@ def _get_activity_info(self): 'auto_activities': auto_activities, 'manual_activities': manual_activities, 'date': datetime.utcnow(), - 'gen_user': current_user.name, + 'gen_user': iris_current_user.name, 'case': {'name': case_info_in['case'].get('name'), 'open_date': case_info_in['case'].get('open_date'), 'for_customer': case_info_in['case'].get('for_customer'), @@ -355,7 +354,7 @@ def _get_case_info(self): # Get customer, user and case title case_info['doc_id'] = IrisMakeDocReport.get_docid() - case_info['user'] = current_user.name + case_info['user'] = iris_current_user.name # Set date case_info['date'] = datetime.utcnow().strftime("%Y-%m-%d") diff --git a/source/app/iris_engine/tasker/tasks.py b/source/app/iris_engine/tasker/tasks.py index 0a6cda4df..7e78d7d83 100644 --- a/source/app/iris_engine/tasker/tasks.py +++ b/source/app/iris_engine/tasker/tasks.py @@ -19,9 +19,9 @@ import os import urllib.parse from celery.signals import task_prerun -from flask_login import current_user from app import db +from app.business.auth import iris_current_user from app.datamgmt.case.case_db import get_case from app.iris_engine.module_handler.module_handler import pipeline_dispatcher from app.iris_engine.utils.common import build_upload_path @@ -59,8 +59,8 @@ def task_case_update(module, pipeline, pipeline_args, caseid): task_args = { "pipeline_args": pipeline_args, "db_name": '', - "user": current_user.name, - "user_id": current_user.id, + "user": iris_current_user.name, + "user_id": iris_current_user.id, "case_name": case.name, "case_id": case.case_id, "path": fpath, @@ -73,7 +73,7 @@ def task_case_update(module, pipeline, pipeline_args, caseid): hook_name=IrisPipelineTypes.pipeline_type_update, pipeline_type=IrisPipelineTypes.pipeline_type_update, pipeline_data=task_args, - init_user=current_user.name, + init_user=iris_current_user.name, caseid=caseid) return IStatus.I2Success('Pipeline task queued') diff --git a/source/app/models/cases.py b/source/app/models/cases.py index b956be8dd..1a8e1a7fa 100644 --- a/source/app/models/cases.py +++ b/source/app/models/cases.py @@ -18,7 +18,6 @@ import uuid from datetime import datetime -from flask_login import current_user from sqlalchemy import BigInteger from sqlalchemy import CheckConstraint from sqlalchemy import Boolean @@ -38,6 +37,7 @@ from sqlalchemy.orm import backref from app import db +from app.business.auth import iris_current_user from app.datamgmt.states import update_assets_state from app.datamgmt.states import update_evidences_state from app.datamgmt.states import update_ioc_state @@ -102,9 +102,9 @@ def __init__(self, self.soc_id = soc_id, self.client_id = client_id, self.description = description, - self.user_id = current_user.id if current_user else user.id + self.user_id = iris_current_user.id if iris_current_user else user.id self.owner_id = self.user_id - self.author = current_user.user if current_user else user.user + self.author = iris_current_user.user if iris_current_user else user.user self.description = description self.open_date = datetime.utcnow() self.close_date = None diff --git a/source/app/schema/marshables.py b/source/app/schema/marshables.py index e84470bfc..41523cc63 100644 --- a/source/app/schema/marshables.py +++ b/source/app/schema/marshables.py @@ -25,7 +25,6 @@ import shutil import string import tempfile -from flask_login import current_user from flask import current_app from marshmallow import EXCLUDE from marshmallow import fields @@ -47,6 +46,7 @@ from app import db from app import ma +from app.business.auth import iris_current_user from app.logger import logger from app.datamgmt.datastore.datastore_db import datastore_get_standard_path from app.datamgmt.manage.manage_attribute_db import merge_custom_attributes @@ -1354,7 +1354,7 @@ def ds_store_file_b64(self, filename: str, file_content: bytes, dsp: DataStorePa dsf.file_is_evidence = False dsf.file_case_id = cid dsf.file_date_added = datetime.datetime.now() - dsf.added_by_user_id = current_user.id + dsf.added_by_user_id = iris_current_user.id dsf.file_local_name = 'tmp_xc' dsf.file_parent_id = dsp.path_id dsf.file_sha256 = file_hash From e609d85b23a696dd748b7ecc96bbc6144223a585 Mon Sep 17 00:00:00 2001 From: whikernel Date: Tue, 22 Apr 2025 10:46:03 +0200 Subject: [PATCH 04/10] [UPD] Updated iris_current_user to LocalProxy --- source/app/blueprints/access_controls.py | 3 +- .../app/blueprints/graphql/graphql_route.py | 2 +- source/app/blueprints/graphql/permissions.py | 2 +- .../blueprints/pages/alerts/alerts_routes.py | 2 +- .../pages/case/case_tasks_routes.py | 2 +- .../pages/dashboard/dashboard_routes.py | 2 +- .../blueprints/pages/login/login_routes.py | 9 +++--- .../pages/manage/manage_cases_routes.py | 2 +- .../pages/manage/manage_groups_routes.py | 2 +- .../blueprints/pages/manage/manage_users.py | 2 +- source/app/blueprints/rest/alerts_routes.py | 2 +- .../rest/case/case_assets_routes.py | 2 +- .../rest/case/case_evidences_routes.py | 2 +- .../rest/case/case_graphs_routes.py | 2 +- .../blueprints/rest/case/case_ioc_routes.py | 2 +- .../blueprints/rest/case/case_notes_routes.py | 2 +- .../app/blueprints/rest/case/case_routes.py | 2 +- .../blueprints/rest/case/case_tasks_routes.py | 2 +- .../rest/case/case_timeline_routes.py | 2 +- source/app/blueprints/rest/context_routes.py | 2 +- .../app/blueprints/rest/dashboard_routes.py | 2 +- .../app/blueprints/rest/datastore_routes.py | 2 +- source/app/blueprints/rest/filters_routes.py | 2 +- .../manage/manage_case_templates_routes.py | 2 +- .../rest/manage/manage_cases_routes.py | 2 +- .../rest/manage/manage_customers_routes.py | 2 +- .../blueprints/rest/manage/manage_groups.py | 2 +- .../rest/manage/manage_templates_routes.py | 2 +- .../blueprints/rest/manage/manage_users.py | 2 +- source/app/blueprints/rest/overview_routes.py | 2 +- source/app/blueprints/rest/profile_routes.py | 2 +- source/app/blueprints/rest/v2/alerts.py | 2 +- source/app/blueprints/rest/v2/auth.py | 4 +-- source/app/blueprints/rest/v2/cases.py | 2 +- .../rest/v2/context/api_v2_context_routes.py | 2 +- .../case_event_handlers.py | 2 +- .../case_notes_event_handlers.py | 2 +- .../update_event_handlers.py | 2 +- source/app/business/alerts.py | 2 +- source/app/business/assets.py | 2 +- source/app/business/auth.py | 28 ++----------------- source/app/business/case_comments.py | 2 +- source/app/business/cases.py | 2 +- source/app/business/events.py | 2 +- source/app/business/evidences.py | 2 +- source/app/business/iocs.py | 2 +- source/app/business/notes.py | 2 +- source/app/business/tasks.py | 2 +- source/app/datamgmt/case/case_assets_db.py | 2 +- source/app/datamgmt/case/case_events_db.py | 2 +- source/app/datamgmt/case/case_iocs_db.py | 2 +- source/app/datamgmt/case/case_notes_db.py | 2 +- source/app/datamgmt/case/case_rfiles_db.py | 2 +- source/app/datamgmt/case/case_tasks_db.py | 2 +- source/app/datamgmt/dashboard/dashboard_db.py | 2 +- source/app/datamgmt/datastore/datastore_db.py | 2 +- source/app/datamgmt/filters/filters_db.py | 2 +- source/app/datamgmt/iris_engine/modules_db.py | 2 +- .../app/datamgmt/manage/manage_assets_db.py | 2 +- .../app/datamgmt/manage/manage_groups_db.py | 2 +- source/app/datamgmt/manage/manage_users_db.py | 2 +- source/app/datamgmt/states.py | 2 +- .../app/iris_engine/access_control/utils.py | 2 +- source/app/iris_engine/demo_builder.py | 2 +- source/app/iris_engine/tasker/tasks.py | 2 +- source/app/iris_engine/utils/tracker.py | 3 +- source/app/models/cases.py | 2 +- source/app/schema/marshables.py | 2 +- source/app/util.py | 2 +- 69 files changed, 75 insertions(+), 100 deletions(-) diff --git a/source/app/blueprints/access_controls.py b/source/app/blueprints/access_controls.py index e1635d3f3..94598017d 100644 --- a/source/app/blueprints/access_controls.py +++ b/source/app/blueprints/access_controls.py @@ -43,10 +43,11 @@ from app import app from app import db from app.blueprints.responses import response_error -from app.business.auth import validate_auth_token, iris_current_user +from app.business.auth import validate_auth_token from app.datamgmt.case.case_db import get_case from app.datamgmt.manage.manage_access_control_db import user_has_client_access from app.datamgmt.manage.manage_users_db import get_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.iris_engine.access_control.utils import ac_fast_check_user_has_case_access from app.iris_engine.access_control.utils import ac_get_effective_permissions_of_user from app.iris_engine.utils.tracker import track_activity diff --git a/source/app/blueprints/graphql/graphql_route.py b/source/app/blueprints/graphql/graphql_route.py index 37821b926..e6239553d 100644 --- a/source/app/blueprints/graphql/graphql_route.py +++ b/source/app/blueprints/graphql/graphql_route.py @@ -50,7 +50,7 @@ from app.business.cases import cases_get_by_identifier from app.business.iocs import iocs_get -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.blueprints.graphql.permissions import permissions_check_current_user_has_some_case_access import warnings diff --git a/source/app/blueprints/graphql/permissions.py b/source/app/blueprints/graphql/permissions.py index 77a87207c..b86dcb2cc 100644 --- a/source/app/blueprints/graphql/permissions.py +++ b/source/app/blueprints/graphql/permissions.py @@ -23,7 +23,7 @@ from flask import request from app.blueprints.access_controls import get_case_access_from_api -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.iris_engine.access_control.utils import ac_get_effective_permissions_of_user from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access diff --git a/source/app/blueprints/pages/alerts/alerts_routes.py b/source/app/blueprints/pages/alerts/alerts_routes.py index 4aee6b7bf..66a3f5411 100644 --- a/source/app/blueprints/pages/alerts/alerts_routes.py +++ b/source/app/blueprints/pages/alerts/alerts_routes.py @@ -29,7 +29,7 @@ from app.models.authorization import Permissions from app.blueprints.responses import response_error from app.blueprints.access_controls import ac_requires -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user alerts_blueprint = Blueprint( 'alerts', diff --git a/source/app/blueprints/pages/case/case_tasks_routes.py b/source/app/blueprints/pages/case/case_tasks_routes.py index 3aafa23c4..bb0bb1542 100644 --- a/source/app/blueprints/pages/case/case_tasks_routes.py +++ b/source/app/blueprints/pages/case/case_tasks_routes.py @@ -22,7 +22,7 @@ from flask import url_for from flask_wtf import FlaskForm -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.case.case_tasks_db import get_case_tasks_comments_count from app.datamgmt.case.case_tasks_db import get_task diff --git a/source/app/blueprints/pages/dashboard/dashboard_routes.py b/source/app/blueprints/pages/dashboard/dashboard_routes.py index ec111ac3e..f753bc37d 100644 --- a/source/app/blueprints/pages/dashboard/dashboard_routes.py +++ b/source/app/blueprints/pages/dashboard/dashboard_routes.py @@ -23,7 +23,7 @@ from flask_wtf import FlaskForm from app import app -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.dashboard.dashboard_db import get_tasks_status from app.forms import CaseGlobalTaskForm from app.iris_engine.access_control.utils import ac_get_user_case_counts diff --git a/source/app/blueprints/pages/login/login_routes.py b/source/app/blueprints/pages/login/login_routes.py index 8196af827..45276087b 100644 --- a/source/app/blueprints/pages/login/login_routes.py +++ b/source/app/blueprints/pages/login/login_routes.py @@ -39,12 +39,13 @@ from app.blueprints.access_controls import is_authentication_oidc from app.blueprints.access_controls import is_authentication_ldap from app.blueprints.responses import response_error -from app.business.auth import validate_ldap_login, get_current_user +from app.business.auth import validate_ldap_login from app.business.users import retrieve_user_by_username from app.business.auth import wrap_login_user from app.datamgmt.manage.manage_users_db import create_user, update_user_groups from app.datamgmt.manage.manage_users_db import get_user from app.forms import LoginForm, MFASetupForm +from app.iris_engine.access_control.iris_user import iris_current_user from app.iris_engine.utils.tracker import track_activity from app.datamgmt.manage.manage_groups_db import get_groups_list @@ -112,8 +113,7 @@ def _authenticate_password(form, username, password): if app.config.get("AUTHENTICATION_TYPE") in ["local", "ldap", "oidc"]: @login_blueprint.route('/login', methods=['GET', 'POST']) def login(): - current_user_wrap = get_current_user() - if current_user_wrap.is_authenticated: + if iris_current_user.is_authenticated: return redirect(url_for('index.index')) if is_authentication_oidc() and app.config.get('AUTHENTICATION_LOCAL_FALLBACK') is False: @@ -138,8 +138,7 @@ def login(): if is_authentication_oidc(): @login_blueprint.route('/oidc-login') def oidc_login(): - current_user_wrap = get_current_user() - if current_user_wrap.is_authenticated: + if iris_current_user.is_authenticated: return redirect(url_for('index.index')) session["oidc_state"] = rndstr() diff --git a/source/app/blueprints/pages/manage/manage_cases_routes.py b/source/app/blueprints/pages/manage/manage_cases_routes.py index 8ea64e573..7ca380dbf 100644 --- a/source/app/blueprints/pages/manage/manage_cases_routes.py +++ b/source/app/blueprints/pages/manage/manage_cases_routes.py @@ -24,7 +24,7 @@ from flask_wtf import FlaskForm from werkzeug import Response -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.client.client_db import get_client_list from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes diff --git a/source/app/blueprints/pages/manage/manage_groups_routes.py b/source/app/blueprints/pages/manage/manage_groups_routes.py index f526d4133..96769a702 100644 --- a/source/app/blueprints/pages/manage/manage_groups_routes.py +++ b/source/app/blueprints/pages/manage/manage_groups_routes.py @@ -19,7 +19,7 @@ from flask import url_for from werkzeug.utils import redirect -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_cases_db import list_cases_dict from app.datamgmt.manage.manage_groups_db import get_group_details from app.datamgmt.manage.manage_groups_db import get_group_with_members diff --git a/source/app/blueprints/pages/manage/manage_users.py b/source/app/blueprints/pages/manage/manage_users.py index 4b2f7dfe4..8d2ae905d 100644 --- a/source/app/blueprints/pages/manage/manage_users.py +++ b/source/app/blueprints/pages/manage/manage_users.py @@ -21,7 +21,7 @@ from flask import render_template from flask import url_for -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.client.client_db import get_client_list from app.datamgmt.manage.manage_cases_db import list_cases_dict from app.datamgmt.manage.manage_groups_db import get_groups_list diff --git a/source/app/blueprints/rest/alerts_routes.py b/source/app/blueprints/rest/alerts_routes.py index 2f9d1b8a5..41aef1cbb 100644 --- a/source/app/blueprints/rest/alerts_routes.py +++ b/source/app/blueprints/rest/alerts_routes.py @@ -28,7 +28,7 @@ from app.blueprints.rest.endpoints import endpoint_deprecated from app.blueprints.rest.parsing import parse_comma_separated_identifiers from app.blueprints.rest.case_comments import case_comment_update -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.alerts.alerts_db import get_filtered_alerts from app.datamgmt.alerts.alerts_db import get_alert_by_id from app.datamgmt.alerts.alerts_db import create_case_from_alert diff --git a/source/app/blueprints/rest/case/case_assets_routes.py b/source/app/blueprints/rest/case/case_assets_routes.py index 82b0c3ed8..38654bf83 100644 --- a/source/app/blueprints/rest/case/case_assets_routes.py +++ b/source/app/blueprints/rest/case/case_assets_routes.py @@ -30,7 +30,7 @@ from app.business.assets import assets_get_detailed from app.business.assets import assets_get from app.business.assets import assets_update -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.business.errors import BusinessProcessingError from app.datamgmt.case.case_assets_db import get_raw_assets from app.datamgmt.case.case_assets_db import add_comment_to_asset diff --git a/source/app/blueprints/rest/case/case_evidences_routes.py b/source/app/blueprints/rest/case/case_evidences_routes.py index 844550e65..c03c6bab5 100644 --- a/source/app/blueprints/rest/case/case_evidences_routes.py +++ b/source/app/blueprints/rest/case/case_evidences_routes.py @@ -25,7 +25,7 @@ from app import db from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_rfiles_db import add_comment_to_evidence from app.datamgmt.case.case_rfiles_db import delete_evidence_comment from app.datamgmt.case.case_rfiles_db import get_case_evidence_comment diff --git a/source/app/blueprints/rest/case/case_graphs_routes.py b/source/app/blueprints/rest/case/case_graphs_routes.py index 27d14dd58..2596c171a 100644 --- a/source/app/blueprints/rest/case/case_graphs_routes.py +++ b/source/app/blueprints/rest/case/case_graphs_routes.py @@ -20,7 +20,7 @@ from datetime import datetime from flask import Blueprint -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_events_db import get_case_events_assets_graph from app.datamgmt.case.case_events_db import get_case_events_ioc_graph from app.models.authorization import CaseAccessLevel diff --git a/source/app/blueprints/rest/case/case_ioc_routes.py b/source/app/blueprints/rest/case/case_ioc_routes.py index 041762953..1dfcc10be 100644 --- a/source/app/blueprints/rest/case/case_ioc_routes.py +++ b/source/app/blueprints/rest/case/case_ioc_routes.py @@ -27,7 +27,7 @@ from app import db from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.business.iocs import iocs_create from app.business.iocs import iocs_update from app.business.iocs import iocs_delete diff --git a/source/app/blueprints/rest/case/case_notes_routes.py b/source/app/blueprints/rest/case/case_notes_routes.py index dae160a8c..9d1ad26d4 100644 --- a/source/app/blueprints/rest/case/case_notes_routes.py +++ b/source/app/blueprints/rest/case/case_notes_routes.py @@ -27,7 +27,7 @@ from app import app from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.business.errors import BusinessProcessingError from app.business.notes import notes_create from app.business.notes import notes_list_revisions diff --git a/source/app/blueprints/rest/case/case_routes.py b/source/app/blueprints/rest/case/case_routes.py index f6bf7d6e8..bd180364e 100644 --- a/source/app/blueprints/rest/case/case_routes.py +++ b/source/app/blueprints/rest/case/case_routes.py @@ -29,7 +29,7 @@ from app import db from app import socket_io from app.blueprints.rest.endpoints import endpoint_deprecated -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.business.cases import cases_exists from app.datamgmt.case.case_db import get_review_id_from_name from app.datamgmt.case.case_db import case_get_desc_crc diff --git a/source/app/blueprints/rest/case/case_tasks_routes.py b/source/app/blueprints/rest/case/case_tasks_routes.py index dc24613a4..40037e14c 100644 --- a/source/app/blueprints/rest/case/case_tasks_routes.py +++ b/source/app/blueprints/rest/case/case_tasks_routes.py @@ -25,7 +25,7 @@ from app import db from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.business.errors import BusinessProcessingError from app.business.tasks import tasks_delete from app.business.tasks import tasks_create diff --git a/source/app/blueprints/rest/case/case_timeline_routes.py b/source/app/blueprints/rest/case/case_timeline_routes.py index 7cfa91aa1..9be8c856c 100644 --- a/source/app/blueprints/rest/case/case_timeline_routes.py +++ b/source/app/blueprints/rest/case/case_timeline_routes.py @@ -30,7 +30,7 @@ from app import app from app.blueprints.rest.case_comments import case_comment_update from app.blueprints.rest.endpoints import endpoint_deprecated -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_assets_db import get_asset_by_name from app.datamgmt.case.case_events_db import add_comment_to_event from app.datamgmt.case.case_events_db import get_category_by_name diff --git a/source/app/blueprints/rest/context_routes.py b/source/app/blueprints/rest/context_routes.py index f25d0e705..47eb68fc5 100644 --- a/source/app/blueprints/rest/context_routes.py +++ b/source/app/blueprints/rest/context_routes.py @@ -23,7 +23,7 @@ from app import app from app import cache from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.context.context_db import ctx_search_user_cases from app.models.authorization import Permissions from app.models.cases import Cases diff --git a/source/app/blueprints/rest/dashboard_routes.py b/source/app/blueprints/rest/dashboard_routes.py index 7b7f8b880..e938eef67 100644 --- a/source/app/blueprints/rest/dashboard_routes.py +++ b/source/app/blueprints/rest/dashboard_routes.py @@ -32,7 +32,7 @@ from app import oidc_client from app.blueprints.rest.endpoints import endpoint_deprecated -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.dashboard.dashboard_db import get_global_task, list_user_cases, list_user_reviews from app.datamgmt.dashboard.dashboard_db import get_tasks_status from app.datamgmt.dashboard.dashboard_db import list_global_tasks diff --git a/source/app/blueprints/rest/datastore_routes.py b/source/app/blueprints/rest/datastore_routes.py index 7d9acfb23..3e719babc 100644 --- a/source/app/blueprints/rest/datastore_routes.py +++ b/source/app/blueprints/rest/datastore_routes.py @@ -28,7 +28,7 @@ from pathlib import Path from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.datastore.datastore_db import datastore_add_child_node from app.datamgmt.datastore.datastore_db import datastore_add_file_as_evidence from app.datamgmt.datastore.datastore_db import datastore_add_file_as_ioc diff --git a/source/app/blueprints/rest/filters_routes.py b/source/app/blueprints/rest/filters_routes.py index 526fd1edc..792a3bdb5 100644 --- a/source/app/blueprints/rest/filters_routes.py +++ b/source/app/blueprints/rest/filters_routes.py @@ -20,7 +20,7 @@ from werkzeug import Response from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.filters.filters_db import get_filter_by_id from app.datamgmt.filters.filters_db import list_filters_by_type from app.iris_engine.utils.tracker import track_activity diff --git a/source/app/blueprints/rest/manage/manage_case_templates_routes.py b/source/app/blueprints/rest/manage/manage_case_templates_routes.py index fa655c9b4..845ecd283 100644 --- a/source/app/blueprints/rest/manage/manage_case_templates_routes.py +++ b/source/app/blueprints/rest/manage/manage_case_templates_routes.py @@ -22,7 +22,7 @@ from marshmallow import ValidationError from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_case_templates_db import get_case_templates_list from app.datamgmt.manage.manage_case_templates_db import get_case_template_by_id from app.datamgmt.manage.manage_case_templates_db import validate_case_template diff --git a/source/app/blueprints/rest/manage/manage_cases_routes.py b/source/app/blueprints/rest/manage/manage_cases_routes.py index c6128606b..ac13a5197 100644 --- a/source/app/blueprints/rest/manage/manage_cases_routes.py +++ b/source/app/blueprints/rest/manage/manage_cases_routes.py @@ -28,7 +28,7 @@ from app import db from app.blueprints.rest.parsing import parse_comma_separated_identifiers from app.blueprints.rest.endpoints import endpoint_deprecated -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.alerts.alerts_db import get_alert_status_by_name from app.datamgmt.case.case_db import get_case from app.datamgmt.iris_engine.modules_db import get_pipelines_args_from_name diff --git a/source/app/blueprints/rest/manage/manage_customers_routes.py b/source/app/blueprints/rest/manage/manage_customers_routes.py index 9fa7817e0..b2197f429 100644 --- a/source/app/blueprints/rest/manage/manage_customers_routes.py +++ b/source/app/blueprints/rest/manage/manage_customers_routes.py @@ -24,7 +24,7 @@ from app import ac_current_user_has_permission from app.blueprints.access_controls import ac_api_requires -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.client.client_db import create_client from app.datamgmt.client.client_db import create_contact from app.datamgmt.client.client_db import delete_client diff --git a/source/app/blueprints/rest/manage/manage_groups.py b/source/app/blueprints/rest/manage/manage_groups.py index 9de557bc3..e45455169 100644 --- a/source/app/blueprints/rest/manage/manage_groups.py +++ b/source/app/blueprints/rest/manage/manage_groups.py @@ -24,7 +24,7 @@ from app import db from app import app -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_groups_db import add_all_cases_access_to_group from app.datamgmt.manage.manage_groups_db import add_case_access_to_group from app.datamgmt.manage.manage_groups_db import delete_group diff --git a/source/app/blueprints/rest/manage/manage_templates_routes.py b/source/app/blueprints/rest/manage/manage_templates_routes.py index e9b83819a..9ed91667a 100644 --- a/source/app/blueprints/rest/manage/manage_templates_routes.py +++ b/source/app/blueprints/rest/manage/manage_templates_routes.py @@ -29,7 +29,7 @@ from app import app from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.iris_engine.utils.tracker import track_activity from app.models.authorization import Permissions from app.models.authorization import User diff --git a/source/app/blueprints/rest/manage/manage_users.py b/source/app/blueprints/rest/manage/manage_users.py index 9d2f5918e..5424570f3 100644 --- a/source/app/blueprints/rest/manage/manage_users.py +++ b/source/app/blueprints/rest/manage/manage_users.py @@ -25,7 +25,7 @@ from app import app from app import db from app.blueprints.rest.parsing import parse_comma_separated_identifiers -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_users_db import add_case_access_to_user from app.datamgmt.manage.manage_users_db import update_user_customers from app.datamgmt.manage.manage_users_db import get_filtered_users diff --git a/source/app/blueprints/rest/overview_routes.py b/source/app/blueprints/rest/overview_routes.py index 41404934a..7a7ce9bb7 100644 --- a/source/app/blueprints/rest/overview_routes.py +++ b/source/app/blueprints/rest/overview_routes.py @@ -19,7 +19,7 @@ from flask import Blueprint from flask import request -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.overview.overview_db import get_overview_db from app.blueprints.access_controls import ac_api_requires from app.blueprints.responses import response_success diff --git a/source/app/blueprints/rest/profile_routes.py b/source/app/blueprints/rest/profile_routes.py index 19b7dd8f0..f978f4640 100644 --- a/source/app/blueprints/rest/profile_routes.py +++ b/source/app/blueprints/rest/profile_routes.py @@ -23,7 +23,7 @@ from flask import session from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_users_db import get_user from app.datamgmt.manage.manage_users_db import get_user_primary_org from app.datamgmt.manage.manage_users_db import update_user diff --git a/source/app/blueprints/rest/v2/alerts.py b/source/app/blueprints/rest/v2/alerts.py index 1f646465f..7e722ef3b 100644 --- a/source/app/blueprints/rest/v2/alerts.py +++ b/source/app/blueprints/rest/v2/alerts.py @@ -25,7 +25,7 @@ from app.blueprints.rest.endpoints import response_api_error from app.blueprints.rest.endpoints import response_api_created from app.blueprints.rest.parsing import parse_comma_separated_identifiers -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.alerts.alerts_db import get_filtered_alerts from app.models.authorization import Permissions from app.schema.marshables import AlertSchema diff --git a/source/app/blueprints/rest/v2/auth.py b/source/app/blueprints/rest/v2/auth.py index 48e2450a1..672dcfbd2 100644 --- a/source/app/blueprints/rest/v2/auth.py +++ b/source/app/blueprints/rest/v2/auth.py @@ -26,14 +26,14 @@ from app import db from app import oidc_client from app.datamgmt.manage.manage_users_db import get_active_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.logger import logger from app.blueprints.access_controls import is_authentication_ldap from app.blueprints.access_controls import is_authentication_oidc from app.blueprints.access_controls import not_authenticated_redirection_url from app.blueprints.rest.endpoints import response_api_error, response_api_not_found from app.blueprints.rest.endpoints import response_api_success -from app.business.auth import validate_ldap_login, validate_local_login, return_authed_user_info, generate_auth_tokens, \ - iris_current_user +from app.business.auth import validate_ldap_login, validate_local_login, return_authed_user_info, generate_auth_tokens from app.iris_engine.utils.tracker import track_activity from app.schema.marshables import UserSchema diff --git a/source/app/blueprints/rest/v2/cases.py b/source/app/blueprints/rest/v2/cases.py index 070555f56..20ead8029 100644 --- a/source/app/blueprints/rest/v2/cases.py +++ b/source/app/blueprints/rest/v2/cases.py @@ -35,7 +35,7 @@ from app.blueprints.rest.v2.case_objects.tasks import case_tasks_blueprint from app.blueprints.rest.v2.case_objects.evidences import case_evidences_blueprint from app.blueprints.rest.v2.case_objects.events import case_events_blueprint -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.business.cases import cases_create from app.business.cases import cases_delete from app.datamgmt.case.case_db import get_case diff --git a/source/app/blueprints/rest/v2/context/api_v2_context_routes.py b/source/app/blueprints/rest/v2/context/api_v2_context_routes.py index f82e7e7f0..f137ef51c 100644 --- a/source/app/blueprints/rest/v2/context/api_v2_context_routes.py +++ b/source/app/blueprints/rest/v2/context/api_v2_context_routes.py @@ -21,7 +21,7 @@ from app import db, app from app.blueprints.access_controls import ac_api_requires from app.blueprints.rest.endpoints import response_api_success -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.context.context_db import ctx_search_user_cases from app.models.cases import Cases from app.models.models import Client diff --git a/source/app/blueprints/socket_io_event_handlers/case_event_handlers.py b/source/app/blueprints/socket_io_event_handlers/case_event_handlers.py index 6110c4fce..9c5ddcffc 100644 --- a/source/app/blueprints/socket_io_event_handlers/case_event_handlers.py +++ b/source/app/blueprints/socket_io_event_handlers/case_event_handlers.py @@ -22,7 +22,7 @@ from app import socket_io from app.blueprints.access_controls import ac_socket_requires -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.authorization import CaseAccessLevel diff --git a/source/app/blueprints/socket_io_event_handlers/case_notes_event_handlers.py b/source/app/blueprints/socket_io_event_handlers/case_notes_event_handlers.py index cffa77195..ba259ede7 100644 --- a/source/app/blueprints/socket_io_event_handlers/case_notes_event_handlers.py +++ b/source/app/blueprints/socket_io_event_handlers/case_notes_event_handlers.py @@ -22,7 +22,7 @@ from app import socket_io from app.blueprints.access_controls import ac_socket_requires -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.authorization import CaseAccessLevel diff --git a/source/app/blueprints/socket_io_event_handlers/update_event_handlers.py b/source/app/blueprints/socket_io_event_handlers/update_event_handlers.py index 954cbe657..0426d79b1 100644 --- a/source/app/blueprints/socket_io_event_handlers/update_event_handlers.py +++ b/source/app/blueprints/socket_io_event_handlers/update_event_handlers.py @@ -20,7 +20,7 @@ from app import socket_io from app import app -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user def get_message(data): diff --git a/source/app/business/alerts.py b/source/app/business/alerts.py index 8469c2ee4..ecd88896b 100644 --- a/source/app/business/alerts.py +++ b/source/app/business/alerts.py @@ -22,7 +22,7 @@ from app import db from app import socket_io -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.alerts import Alert from app.datamgmt.alerts.alerts_db import cache_similar_alert from app.datamgmt.manage.manage_access_control_db import user_has_client_access diff --git a/source/app/business/assets.py b/source/app/business/assets.py index 2bd6548ce..4f647d7f8 100644 --- a/source/app/business/assets.py +++ b/source/app/business/assets.py @@ -20,7 +20,7 @@ from flask_sqlalchemy.pagination import Pagination from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.business.errors import BusinessProcessingError from app.business.errors import ObjectNotFoundError from app.business.cases import cases_exists diff --git a/source/app/business/auth.py b/source/app/business/auth.py index d08fcbc6d..18c8546c7 100644 --- a/source/app/business/auth.py +++ b/source/app/business/auth.py @@ -18,11 +18,11 @@ from urllib.parse import urlparse, urljoin -from flask import session, g +from flask import session from flask import redirect from flask import url_for from flask import request -from flask_login import login_user, current_user +from flask_login import login_user from app import bc from app import app @@ -39,27 +39,6 @@ import datetime import jwt -from flask import jsonify - -class TokenUser: - """A class that mimics the Flask-Login current_user interface for token auth""" - def __init__(self, user_data): - self.id = user_data['user_id'] - self.user = user_data['username'] - self.is_authenticated = True - self.is_active = True - self.is_anonymous = False - - -def get_current_user(): - """ - Returns a compatible user object for both session and token auth - For token auth, uses data from g.auth_user - For session auth, returns Flask current_user - """ - if hasattr(g, 'auth_user'): - return TokenUser(g.auth_user) - return current_user def return_authed_user_info(user_id): @@ -262,6 +241,3 @@ def validate_auth_token(token): return None except jwt.InvalidTokenError: return None - - -iris_current_user = get_current_user() \ No newline at end of file diff --git a/source/app/business/case_comments.py b/source/app/business/case_comments.py index 2c5fdfbde..2bc71164d 100644 --- a/source/app/business/case_comments.py +++ b/source/app/business/case_comments.py @@ -19,7 +19,7 @@ from datetime import datetime from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_comments import get_case_comment from app.iris_engine.module_handler.module_handler import call_modules_hook from app.iris_engine.utils.tracker import track_activity diff --git a/source/app/business/cases.py b/source/app/business/cases.py index 5fb9500d3..6351d38ad 100644 --- a/source/app/business/cases.py +++ b/source/app/business/cases.py @@ -21,7 +21,7 @@ from marshmallow.exceptions import ValidationError from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.logger import logger from app.util import add_obj_history_entry from app.schema.marshables import CaseSchema diff --git a/source/app/business/events.py b/source/app/business/events.py index f3bab96ee..9d0ca3e6a 100644 --- a/source/app/business/events.py +++ b/source/app/business/events.py @@ -19,7 +19,7 @@ from datetime import datetime from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.cases import CasesEvent from app.business.errors import ObjectNotFoundError from app.util import add_obj_history_entry diff --git a/source/app/business/evidences.py b/source/app/business/evidences.py index bd9f36689..fc2415c7f 100644 --- a/source/app/business/evidences.py +++ b/source/app/business/evidences.py @@ -19,7 +19,7 @@ from marshmallow.exceptions import ValidationError from flask_sqlalchemy.pagination import Pagination -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.business.errors import BusinessProcessingError from app.business.errors import ObjectNotFoundError from app.iris_engine.module_handler.module_handler import call_modules_hook diff --git a/source/app/business/iocs.py b/source/app/business/iocs.py index 58ad8f2a3..359f08b5f 100644 --- a/source/app/business/iocs.py +++ b/source/app/business/iocs.py @@ -19,7 +19,7 @@ from marshmallow.exceptions import ValidationError from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.models import Ioc from app.datamgmt.case.case_iocs_db import add_ioc from app.datamgmt.case.case_iocs_db import case_iocs_db_exists diff --git a/source/app/business/notes.py b/source/app/business/notes.py index ece480dd7..4dec489b7 100644 --- a/source/app/business/notes.py +++ b/source/app/business/notes.py @@ -20,7 +20,7 @@ from marshmallow import ValidationError from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.logger import logger from app.business.errors import BusinessProcessingError from app.business.errors import UnhandledBusinessError diff --git a/source/app/business/tasks.py b/source/app/business/tasks.py index e8f6b08b3..fcff5f876 100644 --- a/source/app/business/tasks.py +++ b/source/app/business/tasks.py @@ -21,7 +21,7 @@ from flask_sqlalchemy.pagination import Pagination from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_tasks_db import delete_task from app.datamgmt.case.case_tasks_db import add_task from app.datamgmt.case.case_tasks_db import update_task_assignees diff --git a/source/app/datamgmt/case/case_assets_db.py b/source/app/datamgmt/case/case_assets_db.py index 93be80cc9..2e46c38d1 100644 --- a/source/app/datamgmt/case/case_assets_db.py +++ b/source/app/datamgmt/case/case_assets_db.py @@ -23,7 +23,7 @@ from flask_sqlalchemy.pagination import Pagination from app import db, app -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.filtering import get_filtered_data from app.datamgmt.states import update_assets_state from app.models.models import AnalysisStatus diff --git a/source/app/datamgmt/case/case_events_db.py b/source/app/datamgmt/case/case_events_db.py index ec36ba283..b5bea2ee7 100644 --- a/source/app/datamgmt/case/case_events_db.py +++ b/source/app/datamgmt/case/case_events_db.py @@ -18,7 +18,7 @@ from sqlalchemy import and_ from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.states import update_timeline_state from app.models.models import AssetsType from app.models.models import CaseAssets diff --git a/source/app/datamgmt/case/case_iocs_db.py b/source/app/datamgmt/case/case_iocs_db.py index 03da51471..117a349d9 100644 --- a/source/app/datamgmt/case/case_iocs_db.py +++ b/source/app/datamgmt/case/case_iocs_db.py @@ -19,7 +19,7 @@ from app import db from app import app -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.filtering import get_filtered_data from app.datamgmt.states import update_ioc_state from app.iris_engine.access_control.utils import ac_get_fast_user_cases_access diff --git a/source/app/datamgmt/case/case_notes_db.py b/source/app/datamgmt/case/case_notes_db.py index 685ccf4fc..f40af7166 100644 --- a/source/app/datamgmt/case/case_notes_db.py +++ b/source/app/datamgmt/case/case_notes_db.py @@ -18,7 +18,7 @@ from sqlalchemy import and_ from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes from app.datamgmt.states import update_notes_state from app.models.models import Comments diff --git a/source/app/datamgmt/case/case_rfiles_db.py b/source/app/datamgmt/case/case_rfiles_db.py index 576740d48..03b6183b7 100644 --- a/source/app/datamgmt/case/case_rfiles_db.py +++ b/source/app/datamgmt/case/case_rfiles_db.py @@ -21,7 +21,7 @@ from flask_sqlalchemy.pagination import Pagination from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes from app.datamgmt.states import update_evidences_state from app.models.models import CaseReceivedFile diff --git a/source/app/datamgmt/case/case_tasks_db.py b/source/app/datamgmt/case/case_tasks_db.py index 75bac173d..0e1f38b8f 100644 --- a/source/app/datamgmt/case/case_tasks_db.py +++ b/source/app/datamgmt/case/case_tasks_db.py @@ -21,7 +21,7 @@ from sqlalchemy import and_ from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.conversions import convert_sort_direction from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes from app.datamgmt.manage.manage_users_db import get_users_list_restricted_from_case diff --git a/source/app/datamgmt/dashboard/dashboard_db.py b/source/app/datamgmt/dashboard/dashboard_db.py index f053eef35..da66e7c50 100644 --- a/source/app/datamgmt/dashboard/dashboard_db.py +++ b/source/app/datamgmt/dashboard/dashboard_db.py @@ -19,7 +19,7 @@ from sqlalchemy import desc from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.models import CaseTasks from app.models.models import TaskAssignee from app.models.models import ReviewStatus diff --git a/source/app/datamgmt/datastore/datastore_db.py b/source/app/datamgmt/datastore/datastore_db.py index 30144afeb..bb9b45d3b 100644 --- a/source/app/datamgmt/datastore/datastore_db.py +++ b/source/app/datamgmt/datastore/datastore_db.py @@ -26,7 +26,7 @@ from app import app from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.models import CaseReceivedFile from app.models.models import DataStoreFile from app.models.models import DataStorePath diff --git a/source/app/datamgmt/filters/filters_db.py b/source/app/datamgmt/filters/filters_db.py index 80da8e872..cbfe7d874 100644 --- a/source/app/datamgmt/filters/filters_db.py +++ b/source/app/datamgmt/filters/filters_db.py @@ -1,6 +1,6 @@ from sqlalchemy import and_ -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.models import SavedFilter diff --git a/source/app/datamgmt/iris_engine/modules_db.py b/source/app/datamgmt/iris_engine/modules_db.py index 4c5e91031..88a69fdf2 100644 --- a/source/app/datamgmt/iris_engine/modules_db.py +++ b/source/app/datamgmt/iris_engine/modules_db.py @@ -19,7 +19,7 @@ import datetime from app import db, app -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.models import IrisHook from app.models.models import IrisModule from app.models.models import IrisModuleHook diff --git a/source/app/datamgmt/manage/manage_assets_db.py b/source/app/datamgmt/manage/manage_assets_db.py index f8aa80a4c..d1cb5f5d9 100644 --- a/source/app/datamgmt/manage/manage_assets_db.py +++ b/source/app/datamgmt/manage/manage_assets_db.py @@ -2,7 +2,7 @@ from functools import reduce import app -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_cases_db import user_list_cases_view from app.datamgmt.conversions import convert_sort_direction from app.models.cases import Cases diff --git a/source/app/datamgmt/manage/manage_groups_db.py b/source/app/datamgmt/manage/manage_groups_db.py index 416cc7029..4573f3afe 100644 --- a/source/app/datamgmt/manage/manage_groups_db.py +++ b/source/app/datamgmt/manage/manage_groups_db.py @@ -17,7 +17,7 @@ from sqlalchemy import and_ from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_db import get_case from app.datamgmt.manage.manage_cases_db import list_cases_id from app.iris_engine.access_control.utils import ac_access_level_mask_from_val_list, ac_ldp_group_removal diff --git a/source/app/datamgmt/manage/manage_users_db.py b/source/app/datamgmt/manage/manage_users_db.py index 36fded3a6..fbc158660 100644 --- a/source/app/datamgmt/manage/manage_users_db.py +++ b/source/app/datamgmt/manage/manage_users_db.py @@ -22,7 +22,7 @@ from flask_login import AnonymousUserMixin from sqlalchemy import and_ -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.logger import logger from app import bc from app import db diff --git a/source/app/datamgmt/states.py b/source/app/datamgmt/states.py index 937f36e20..66982db62 100644 --- a/source/app/datamgmt/states.py +++ b/source/app/datamgmt/states.py @@ -20,7 +20,7 @@ from sqlalchemy import and_ from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.models import ObjectState diff --git a/source/app/iris_engine/access_control/utils.py b/source/app/iris_engine/access_control/utils.py index e3ad07e3a..a7ad72d3d 100644 --- a/source/app/iris_engine/access_control/utils.py +++ b/source/app/iris_engine/access_control/utils.py @@ -3,7 +3,7 @@ import app from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_access_control_db import check_ua_case_client from app.models.cases import Cases from app.models.models import Client diff --git a/source/app/iris_engine/demo_builder.py b/source/app/iris_engine/demo_builder.py index 846b4c175..2de998e25 100644 --- a/source/app/iris_engine/demo_builder.py +++ b/source/app/iris_engine/demo_builder.py @@ -21,7 +21,7 @@ from app import app from app import bc from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.manage.manage_groups_db import add_case_access_to_group from app.datamgmt.manage.manage_users_db import add_user_to_group from app.datamgmt.manage.manage_users_db import add_user_to_organisation diff --git a/source/app/iris_engine/tasker/tasks.py b/source/app/iris_engine/tasker/tasks.py index 7e78d7d83..3e1f55366 100644 --- a/source/app/iris_engine/tasker/tasks.py +++ b/source/app/iris_engine/tasker/tasks.py @@ -21,7 +21,7 @@ from celery.signals import task_prerun from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.case.case_db import get_case from app.iris_engine.module_handler.module_handler import pipeline_dispatcher from app.iris_engine.utils.common import build_upload_path diff --git a/source/app/iris_engine/utils/tracker.py b/source/app/iris_engine/utils/tracker.py index f02b77c56..288242b9a 100644 --- a/source/app/iris_engine/utils/tracker.py +++ b/source/app/iris_engine/utils/tracker.py @@ -21,8 +21,7 @@ import app from app import db -from app.blueprints.access_controls import get_current_user -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.models.models import UserActivity log = app.app.logger diff --git a/source/app/models/cases.py b/source/app/models/cases.py index 1a8e1a7fa..33aa047f3 100644 --- a/source/app/models/cases.py +++ b/source/app/models/cases.py @@ -37,7 +37,7 @@ from sqlalchemy.orm import backref from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.states import update_assets_state from app.datamgmt.states import update_evidences_state from app.datamgmt.states import update_ioc_state diff --git a/source/app/schema/marshables.py b/source/app/schema/marshables.py index 41523cc63..aacb82576 100644 --- a/source/app/schema/marshables.py +++ b/source/app/schema/marshables.py @@ -46,7 +46,7 @@ from app import db from app import ma -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user from app.logger import logger from app.datamgmt.datastore.datastore_db import datastore_get_standard_path from app.datamgmt.manage.manage_attribute_db import merge_custom_attributes diff --git a/source/app/util.py b/source/app/util.py index 947620717..0dc5fa18e 100644 --- a/source/app/util.py +++ b/source/app/util.py @@ -30,7 +30,7 @@ from flask import current_app from app import db -from app.business.auth import iris_current_user +from app.iris_engine.access_control.iris_user import iris_current_user class FileRemover(object): From 2d67ec79fd15ffdb18458c12178c7c431b497b38 Mon Sep 17 00:00:00 2001 From: whikernel Date: Tue, 22 Apr 2025 10:46:28 +0200 Subject: [PATCH 05/10] [ADD] Dedicated iris user --- .../iris_engine/access_control/iris_user.py | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 source/app/iris_engine/access_control/iris_user.py diff --git a/source/app/iris_engine/access_control/iris_user.py b/source/app/iris_engine/access_control/iris_user.py new file mode 100644 index 000000000..6036f0009 --- /dev/null +++ b/source/app/iris_engine/access_control/iris_user.py @@ -0,0 +1,29 @@ +from flask import g +from flask_login import current_user +from werkzeug.local import LocalProxy + + +class TokenUser: + """A class that mimics the Flask-Login current_user interface for token auth""" + def __init__(self, user_data): + self.id = user_data['user_id'] + self.user = user_data['username'] + self.name = user_data['name'] + self.email = user_data['email'] + self.is_authenticated = True + self.is_active = True + self.is_anonymous = False + + +def get_current_user(): + """ + Returns a compatible user object for both session and token auth + For token auth, uses data from g.auth_user + For session auth, returns Flask current_user + """ + if hasattr(g, 'auth_user'): + return TokenUser(g.auth_user) + return current_user + + +iris_current_user = LocalProxy(lambda: get_current_user()) \ No newline at end of file From 7c7b069476a04fb5332e0a73edaaa9f7551b7c4c Mon Sep 17 00:00:00 2001 From: whikernel Date: Tue, 22 Apr 2025 15:19:19 +0200 Subject: [PATCH 06/10] [ADD] JWT payload --- source/app/blueprints/rest/v2/auth.py | 2 +- source/app/business/auth.py | 18 +++++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/source/app/blueprints/rest/v2/auth.py b/source/app/blueprints/rest/v2/auth.py index 672dcfbd2..6ac71ad9a 100644 --- a/source/app/blueprints/rest/v2/auth.py +++ b/source/app/blueprints/rest/v2/auth.py @@ -156,7 +156,7 @@ def refresh_token_endpoint(): return response_api_not_found() # Generate new tokens - new_tokens = generate_auth_tokens(user_id) + new_tokens = generate_auth_tokens(user) return response_api_success(data={ 'tokens': new_tokens diff --git a/source/app/business/auth.py b/source/app/business/auth.py index 18c8546c7..434205e64 100644 --- a/source/app/business/auth.py +++ b/source/app/business/auth.py @@ -80,7 +80,7 @@ def validate_ldap_login(username: str, password: str, local_fallback: bool = Tru user_data = UserSchema(exclude=['user_password', 'mfa_secrets', 'webauthn_credentials']).dump(user) # Generate auth tokens for API access - tokens = generate_auth_tokens(user.id) + tokens = generate_auth_tokens(user) user_data.update({'tokens': tokens}) return user_data @@ -108,7 +108,7 @@ def validate_local_login(username: str, password: str): user_data = UserSchema(exclude=['user_password', 'mfa_secrets', 'webauthn_credentials']).dump(user) # Generate auth tokens for API access - tokens = generate_auth_tokens(user.id) + tokens = generate_auth_tokens(user) user_data.update({'tokens': tokens}) return user_data @@ -175,7 +175,7 @@ def wrap_login_user(user, is_oidc=False): return redirect(next_url) -def generate_auth_tokens(user_id, username): +def generate_auth_tokens(user): """ Generate access and refresh tokens with essential user data @@ -193,8 +193,10 @@ def generate_auth_tokens(user_id, username): # Generate access token with user data access_token_payload = { - 'user_id': user_id, - 'username': username, + 'user_id': user.id, + 'username': user.name, + 'user_email': user.email, + 'user_login': user.user, 'exp': access_token_expiry } access_token = jwt.encode( @@ -205,8 +207,10 @@ def generate_auth_tokens(user_id, username): # Generate refresh token refresh_token_payload = { - 'user_id': user_id, - 'username': username, + 'user_id': user.id, + 'username': user.name, + 'user_email': user.email, + 'user_login': user.user, 'exp': refresh_token_expiry, 'type': 'refresh' } From feb80593650cf59f9882c833eadca411c1019b48 Mon Sep 17 00:00:00 2001 From: whikernel Date: Wed, 23 Apr 2025 07:09:46 +0200 Subject: [PATCH 07/10] [UPD] Updated csp in nginx --- docker/nginx/nginx-newui.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/nginx/nginx-newui.conf b/docker/nginx/nginx-newui.conf index 5ea384035..63fb519db 100644 --- a/docker/nginx/nginx-newui.conf +++ b/docker/nginx/nginx-newui.conf @@ -26,7 +26,7 @@ events { http { map $request_uri $csp_header { - default "default-src 'self' https://analytics.dfir-iris.org https://127.0.0.1; script-src 'self' 'unsafe-inline' https://analytics.dfir-iris.org; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"; + default "default-src 'self' https://analytics.dfir-iris.org https://127.0.0.1 http://app:8000; script-src 'self' 'unsafe-inline' https://analytics.dfir-iris.org; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"; } include /etc/nginx/mime.types; From 225d436fae73172d7eb24091ed5b65f3daa087d7 Mon Sep 17 00:00:00 2001 From: whikernel Date: Wed, 23 Apr 2025 07:23:57 +0200 Subject: [PATCH 08/10] [FIX] Params in dicstring --- source/app/business/auth.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/source/app/business/auth.py b/source/app/business/auth.py index 434205e64..30eb82789 100644 --- a/source/app/business/auth.py +++ b/source/app/business/auth.py @@ -61,7 +61,7 @@ def validate_ldap_login(username: str, password: str, local_fallback: bool = Tru :param username: Username :param password: Password - :param local_fallback: If True, will fallback to local authentication if LDAP fails. + :param local_fallback: If True, will fall back to local authentication if LDAP fails. :return: User object if successful, None otherwise """ try: @@ -179,8 +179,7 @@ def generate_auth_tokens(user): """ Generate access and refresh tokens with essential user data - :param user_id: The user ID - :param username: The username + :param user: User object :return: Dict containing tokens with expiry """ # Configure token expiration times From a1ac44d0d3255ae6364928c46d30b0014bc25bb6 Mon Sep 17 00:00:00 2001 From: whikernel Date: Wed, 23 Apr 2025 07:47:09 +0200 Subject: [PATCH 09/10] [FIX] Fixed all ruff --- source/app/blueprints/rest/alerts_routes.py | 1 - .../rest/case/case_assets_routes.py | 2 - source/app/blueprints/rest/overview_routes.py | 4 +- source/app/blueprints/rest/v2/auth.py | 3 +- source/app/datamgmt/alerts/alerts_db.py | 3 +- .../iris_engine/access_control/iris_user.py | 2 +- .../module_handler/module_handler.py | 1 + source/app/iris_engine/reporter/reporter.py | 2 + tests/tests_auth.py | 2 +- tests/tests_graphql.py | 50 +++++++++---------- tests/tests_rest_alerts.py | 24 ++++----- tests/tests_rest_iocs.py | 4 +- tests/tests_rest_permissions.py | 2 +- tests/tests_rest_tasks.py | 6 +-- upgrades/upgrade_to_2.0.0.py | 4 +- 15 files changed, 55 insertions(+), 55 deletions(-) diff --git a/source/app/blueprints/rest/alerts_routes.py b/source/app/blueprints/rest/alerts_routes.py index 41aef1cbb..9fe584d8b 100644 --- a/source/app/blueprints/rest/alerts_routes.py +++ b/source/app/blueprints/rest/alerts_routes.py @@ -129,7 +129,6 @@ def alerts_list_route() -> Response: else: fields = None - try: filtered_alerts = get_filtered_alerts( start_date=request.args.get('creation_start_date'), diff --git a/source/app/blueprints/rest/case/case_assets_routes.py b/source/app/blueprints/rest/case/case_assets_routes.py index 38654bf83..0e212f631 100644 --- a/source/app/blueprints/rest/case/case_assets_routes.py +++ b/source/app/blueprints/rest/case/case_assets_routes.py @@ -199,7 +199,6 @@ def case_upload_ioc(caseid): analysis_status = AnalysisStatus.query.filter(AnalysisStatus.name == 'Unspecified').first() analysis_status_id = analysis_status.id - index = 0 for row in csv_data: missing_field = False @@ -342,7 +341,6 @@ def case_comment_asset_add(cur_id, caseid): if not asset: return response_error('Invalid asset ID') - comment_schema = CommentSchema() comment = comment_schema.load(request.get_json()) diff --git a/source/app/blueprints/rest/overview_routes.py b/source/app/blueprints/rest/overview_routes.py index 7a7ce9bb7..1497f37cb 100644 --- a/source/app/blueprints/rest/overview_routes.py +++ b/source/app/blueprints/rest/overview_routes.py @@ -19,10 +19,10 @@ from flask import Blueprint from flask import request -from app.iris_engine.access_control.iris_user import iris_current_user from app.datamgmt.overview.overview_db import get_overview_db from app.blueprints.access_controls import ac_api_requires from app.blueprints.responses import response_success +from app.iris_engine.access_control.iris_user import iris_current_user overview_rest_blueprint = Blueprint('overview_rest', __name__) @@ -32,6 +32,6 @@ def get_overview_filter(): """Return an overview of the cases""" show_full = request.args.get('show_closed', 'false') == 'true' - overview = get_overview_db(current_user.id, show_full) + overview = get_overview_db(iris_current_user.id, show_full) return response_success('', data=overview) diff --git a/source/app/blueprints/rest/v2/auth.py b/source/app/blueprints/rest/v2/auth.py index 6ac71ad9a..ca581605b 100644 --- a/source/app/blueprints/rest/v2/auth.py +++ b/source/app/blueprints/rest/v2/auth.py @@ -131,7 +131,6 @@ def whoami(): ]).dump(iris_current_user)) - @auth_blueprint.post('/refresh-token') def refresh_token_endpoint(): """ @@ -165,4 +164,4 @@ def refresh_token_endpoint(): except jwt.ExpiredSignatureError: return response_api_error('Refresh token has expired') except jwt.InvalidTokenError: - return response_api_error('Invalid refresh token') \ No newline at end of file + return response_api_error('Invalid refresh token') diff --git a/source/app/datamgmt/alerts/alerts_db.py b/source/app/datamgmt/alerts/alerts_db.py index d85a14764..127a5ab92 100644 --- a/source/app/datamgmt/alerts/alerts_db.py +++ b/source/app/datamgmt/alerts/alerts_db.py @@ -37,6 +37,7 @@ from app.datamgmt.manage.manage_case_templates_db import get_case_template_by_id from app.datamgmt.manage.manage_case_templates_db import case_template_post_modifier from app.datamgmt.states import update_timeline_state +from app.iris_engine.access_control.iris_user import iris_current_user from app.iris_engine.access_control.utils import ac_current_user_has_permission from app.iris_engine.utils.common import parse_bf_date_format from app.models.cases import Cases @@ -1245,7 +1246,7 @@ def get_related_alerts_details(customer_id, assets, iocs, open_alerts, closed_al 'code': '\uf0b1', 'color': '#c95029' if cases_data[case_id].get('close_date') else '#4cba4f' }, - 'font': "12px verdana white" if current_user.in_dark_mode else '' + 'font': "12px verdana white" if iris_current_user.in_dark_mode else '' }) added_cases.add(case_id) diff --git a/source/app/iris_engine/access_control/iris_user.py b/source/app/iris_engine/access_control/iris_user.py index 6036f0009..95fdb8e9f 100644 --- a/source/app/iris_engine/access_control/iris_user.py +++ b/source/app/iris_engine/access_control/iris_user.py @@ -26,4 +26,4 @@ def get_current_user(): return current_user -iris_current_user = LocalProxy(lambda: get_current_user()) \ No newline at end of file +iris_current_user = LocalProxy(lambda: get_current_user()) diff --git a/source/app/iris_engine/module_handler/module_handler.py b/source/app/iris_engine/module_handler/module_handler.py index 7fcb89fb6..00419ee3b 100644 --- a/source/app/iris_engine/module_handler/module_handler.py +++ b/source/app/iris_engine/module_handler/module_handler.py @@ -27,6 +27,7 @@ from sqlalchemy import and_ from app import app +from app.iris_engine.access_control.iris_user import iris_current_user from app.logger import logger from app import celery from app import db diff --git a/source/app/iris_engine/reporter/reporter.py b/source/app/iris_engine/reporter/reporter.py index 40f507f76..d6170a502 100644 --- a/source/app/iris_engine/reporter/reporter.py +++ b/source/app/iris_engine/reporter/reporter.py @@ -21,6 +21,8 @@ import logging as log import os from datetime import datetime + +from app.iris_engine.access_control.iris_user import iris_current_user from docx_generator.docx_generator import DocxGenerator from docx_generator.exceptions import rendering_error from sqlalchemy import desc diff --git a/tests/tests_auth.py b/tests/tests_auth.py index 42236fb46..12374a302 100644 --- a/tests/tests_auth.py +++ b/tests/tests_auth.py @@ -92,4 +92,4 @@ def test_logout_should_forbid_later_requests_from_the_same_user(self): requests.get(url, cookies=cookies) url = parse.urljoin(API_URL, '/api/v2/cases') response = requests.get(url, cookies=cookies) - self.assertEqual(401, response.status_code) \ No newline at end of file + self.assertEqual(401, response.status_code) diff --git a/tests/tests_graphql.py b/tests/tests_graphql.py index 52d3d8fbf..8b9fc3000 100644 --- a/tests/tests_graphql.py +++ b/tests/tests_graphql.py @@ -259,7 +259,7 @@ def test_graphql_update_ioc_should_update_optional_parameter_description(self): description = 'Some description' payload = { 'query': f'''mutation {{ - iocUpdate(iocId: {ioc_identifier}, typeId: 1, tlpId: 2, value: "{ioc_value}", + iocUpdate(iocId: {ioc_identifier}, typeId: 1, tlpId: 2, value: "{ioc_value}", description: "{description}") {{ ioc {{ iocDescription }} }} @@ -283,7 +283,7 @@ def test_graphql_update_ioc_should_update_optional_parameter_tags(self): tags = 'tag1,tag2' payload = { 'query': f'''mutation {{ - iocUpdate(iocId: {ioc_identifier}, typeId: 1, tlpId: 2, value: "{ioc_value}", + iocUpdate(iocId: {ioc_identifier}, typeId: 1, tlpId: 2, value: "{ioc_value}", tags: "{tags}") {{ ioc {{ iocTags }} }} @@ -370,7 +370,7 @@ def test_graphql_update_case_fail_due_to_delete_case(self): 'query': '''mutation { caseCreate(name: "case2", description: "Some description", clientId: 1) { case { caseId } - } + } }''' } response = self._subject.execute_graphql_query(payload) @@ -387,7 +387,7 @@ def test_graphql_update_case_fail_due_to_delete_case(self): 'query': f'''mutation {{ caseUpdate(caseId: {case_identifier}, name: "test_delete_case") {{ case {{ name }} - }} + }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -426,10 +426,10 @@ def test_graphql_create_case_should_use_optionals_parameters(self): id_client = 1 payload = { 'query': f''' mutation {{ - caseCreate(name: "case2", description: "Some description", clientId: {id_client}, + caseCreate(name: "case2", description: "Some description", clientId: {id_client}, socId: "1", classificationId : 1) {{ case {{ clientId }} - }} + }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -454,7 +454,7 @@ def test_graphql_cases_should_return_newly_created_case(self): payload = { 'query': ''' mutation { caseCreate(name: "case2", description: "Some description", clientId: 1) { case { caseId } - } + } }''' } response = self._subject.execute_graphql_query(payload) @@ -495,7 +495,7 @@ def test_graphql_update_case_should_update_optional_parameter_socId(self): caseCreate(name: "case2", description: "Some description", clientId: 1, socId: "1", classificationId : 1) { case { caseId } - } + } }''' } body = self._subject.execute_graphql_query(payload) @@ -516,8 +516,8 @@ def test_graphql_update_case_should_update_optional_parameter_classificationId(s 'query': ''' mutation { caseCreate(name: "case2", description: "Some description", clientId: 1, socId: "1", classificationId : 1) { - case { caseId } - } + case { caseId } + } }''' } body = self._subject.execute_graphql_query(payload) @@ -725,14 +725,14 @@ def test_cursor_first_after(self): def test_graphql_cases_classificationId_should_not_fail(self): classification_id = 1 payload = { - 'query': f'''mutation {{ caseCreate(name: "case1", description: "Some description", clientId: 1, socId: "1", + 'query': f'''mutation {{ caseCreate(name: "case1", description: "Some description", clientId: 1, socId: "1", classificationId : {classification_id}) {{ case {{ caseId }} }}}}'''} self._subject.execute_graphql_query(payload) payload = { 'query': 'mutation { caseCreate(name: "case2", description: "Some description", clientId: 1, socId: "1", classificationId : 3) {case { caseId ' 'classificationId}}}'} self._subject.execute_graphql_query(payload) - payload = {'query': f'''mutation {{ caseCreate(name: "case3", description: "Some description", clientId: 1, socId: "1", classificationId : + payload = {'query': f'''mutation {{ caseCreate(name: "case3", description: "Some description", clientId: 1, socId: "1", classificationId : {classification_id}) {{ case {{ classificationId }} }} }}'''} self._subject.execute_graphql_query(payload) payload = { @@ -763,7 +763,7 @@ def test_graphql_cases_filter_stateId_should_not_fail(self): response = self._subject.execute_graphql_query(payload) state_id = response['data']['caseCreate']['case']['stateId'] payload = { - 'query': f'''query {{ cases(stateId: {state_id}) + 'query': f'''query {{ cases(stateId: {state_id}) {{ edges {{ node {{ stateId }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -777,7 +777,7 @@ def test_graphql_cases_filter_ownerId_should_not_fail(self): response = self._subject.execute_graphql_query(payload) owner_id = response['data']['caseCreate']['case']['ownerId'] payload = { - 'query': f'''query {{ cases(ownerId: {owner_id}) + 'query': f'''query {{ cases(ownerId: {owner_id}) {{ edges {{ node {{ ownerId }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -792,7 +792,7 @@ def test_graphql_cases_filter_openDate_should_not_fail(self): open_date = response['data']['caseCreate']['case']['openDate'] clientId = response['data']['caseCreate']['case']['clientId'] payload = { - 'query': f'''query {{ cases(openDate: "{open_date}") + 'query': f'''query {{ cases(openDate: "{open_date}") {{ edges {{ node {{ openDate clientId }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -806,7 +806,7 @@ def test_graphql_cases_filter_name_should_not_fail(self): response = self._subject.execute_graphql_query(payload) name = response['data']['caseCreate']['case']['name'] payload = { - 'query': f'''query {{ cases(name: "{name}") + 'query': f'''query {{ cases(name: "{name}") {{ edges {{ node {{ name }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -820,7 +820,7 @@ def test_graphql_cases_filter_socId_should_not_fail(self): response = self._subject.execute_graphql_query(payload) soc_id = response['data']['caseCreate']['case']['socId'] payload = { - 'query': f'''query {{ cases(socId: "{soc_id}") + 'query': f'''query {{ cases(socId: "{soc_id}") {{ edges {{ node {{ socId }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -834,7 +834,7 @@ def test_graphql_cases_filter_severityId_should_not_fail(self): response = self._subject.execute_graphql_query(payload) severity_id = response['data']['caseCreate']['case']['severityId'] payload = { - 'query': f'''query {{ cases(severityId: {severity_id}) + 'query': f'''query {{ cases(severityId: {severity_id}) {{ edges {{ node {{ severityId }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -912,7 +912,7 @@ def test_graphql_iocs_filter_iocValue_should_not_fail(self): payload = { 'query': f'''{{ case(caseId: {case_identifier}) {{ - iocs(iocValue: "{ioc_value}") {{ edges {{ node {{ iocValue iocId }} }} }} }} + iocs(iocValue: "{ioc_value}") {{ edges {{ node {{ iocValue iocId }} }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -931,7 +931,7 @@ def test_graphql_iocs_filter_first_should_not_fail(self): payload = { 'query': f'''{{ case(caseId: {case_identifier}) {{ - iocs(first: 1) {{ edges {{ node {{ iocValue iocId }} }} }} }} + iocs(first: 1) {{ edges {{ node {{ iocValue iocId }} }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -948,7 +948,7 @@ def test_graphql_iocs_filter_iocTypeId_should_not_fail(self): payload = { 'query': f'''{{ case(caseId: {case_identifier}) {{ - iocs(iocTypeId: {ioc_type_id}) {{ edges {{ node {{ iocTypeId }} }} }} }} + iocs(iocTypeId: {ioc_type_id}) {{ edges {{ node {{ iocTypeId }} }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -973,7 +973,7 @@ def test_graphql_iocs_filter_iocDescription_should_not_fail(self): payload = { 'query': f'''{{ case(caseId: {case_identifier}) {{ - iocs(iocDescription: "{description}") {{ edges {{ node {{ iocDescription }} }} }} }} + iocs(iocDescription: "{description}") {{ edges {{ node {{ iocDescription }} }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -1014,7 +1014,7 @@ def test_graphql_iocs_filter_iocTags_should_not_fail(self): payload = { 'query': f'''{{ case(caseId: {case_identifier}) {{ - iocs(iocTags: "{tags}") {{ edges {{ node {{ iocTags }} }} }} }} + iocs(iocTags: "{tags}") {{ edges {{ node {{ iocTags }} }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -1030,7 +1030,7 @@ def test_graphql_iocs_filter_iocMisp_should_not_fail(self): payload = { 'query': f'''{{ case(caseId: {case_identifier}) {{ - iocs(iocMisp: "{misp}") {{ edges {{ node {{ iocMisp }} }} }} }} + iocs(iocMisp: "{misp}") {{ edges {{ node {{ iocMisp }} }} }} }} }}''' } body = self._subject.execute_graphql_query(payload) @@ -1107,7 +1107,7 @@ def test_graphql_case_should_work_with_tags(self): 'query': f'''mutation {{ caseUpdate(caseId: {case_identifier}, tags: "test_case_number1") {{ case {{ name }} - }} + }} }}''' } self._subject.execute_graphql_query(payload) diff --git a/tests/tests_rest_alerts.py b/tests/tests_rest_alerts.py index af81b5adb..57ec3f15c 100644 --- a/tests/tests_rest_alerts.py +++ b/tests/tests_rest_alerts.py @@ -40,9 +40,9 @@ def test_create_alert_should_return_201(self): 'alert_status_id': 3, 'alert_customer_id': 1, } - response = self._subject.create(f'/api/v2/alerts', body) + response = self._subject.create('/api/v2/alerts', body) self.assertEqual(201, response.status_code) - + def test_create_alert_should_return_data_alert_title(self): body = { 'alert_title': 'title', @@ -50,9 +50,9 @@ def test_create_alert_should_return_data_alert_title(self): 'alert_status_id': 3, 'alert_customer_id': 1, } - response = self._subject.create(f'/api/v2/alerts', body).json() + response = self._subject.create('/api/v2/alerts', body).json() self.assertEqual('title', response['alert_title']) - + def test_create_alert_should_return_data_alert_severity_id(self): body = { 'alert_title': 'title', @@ -60,9 +60,9 @@ def test_create_alert_should_return_data_alert_severity_id(self): 'alert_status_id': 3, 'alert_customer_id': 1, } - response = self._subject.create(f'/api/v2/alerts', body).json() + response = self._subject.create('/api/v2/alerts', body).json() self.assertEqual(4, response['alert_severity_id']) - + def test_create_alert_should_return_data_alert_status_id(self): body = { 'alert_title': 'title', @@ -70,7 +70,7 @@ def test_create_alert_should_return_data_alert_status_id(self): 'alert_status_id': 3, 'alert_customer_id': 1, } - response = self._subject.create(f'/api/v2/alerts', body).json() + response = self._subject.create('/api/v2/alerts', body).json() self.assertEqual(3, response['alert_status_id']) def test_create_alert_should_return_data_alert_customer_id(self): @@ -80,7 +80,7 @@ def test_create_alert_should_return_data_alert_customer_id(self): 'alert_status_id': 3, 'alert_customer_id': 1, } - response = self._subject.create(f'/api/v2/alerts', body).json() + response = self._subject.create('/api/v2/alerts', body).json() self.assertEqual(1, response['alert_customer_id']) def test_create_alert_should_return_400_when_alert_customer_id_is_missing(self): @@ -89,9 +89,9 @@ def test_create_alert_should_return_400_when_alert_customer_id_is_missing(self): 'alert_severity_id': 4, 'alert_status_id': 3, } - response = self._subject.create(f'/api/v2/alerts', body) + response = self._subject.create('/api/v2/alerts', body) self.assertEqual(400, response.status_code) - + def test_create_alert_should_return_403_when_user_has_no_permission_to_alert(self): user = self._subject.create_dummy_user() body = { @@ -100,7 +100,7 @@ def test_create_alert_should_return_403_when_user_has_no_permission_to_alert(sel 'alert_status_id': 3, 'alert_customer_id': 1, } - response = user.create(f'/api/v2/alerts', body) + response = user.create('/api/v2/alerts', body) self.assertEqual(403, response.status_code) def test_create_alert_should_return_field_classification_id_null_when_not_provided(self): @@ -110,7 +110,7 @@ def test_create_alert_should_return_field_classification_id_null_when_not_provid 'alert_status_id': 3, 'alert_customer_id': 1, } - response = self._subject.create(f'/api/v2/alerts', body).json() + response = self._subject.create('/api/v2/alerts', body).json() self.assertIsNone(response['alert_classification_id']) def test_alerts_with_filter_alerts_assets_should_not_fail(self): diff --git a/tests/tests_rest_iocs.py b/tests/tests_rest_iocs.py index 026c6c7c1..9577f0106 100644 --- a/tests/tests_rest_iocs.py +++ b/tests/tests_rest_iocs.py @@ -101,7 +101,7 @@ def test_get_iocs_should_filter_and_return_ioc_type_identifier(self): 'custom_attributes': {} }).json() filters = {'ioc_value': 'test_get_iocs_should_filter_on_ioc_value'} - response = self._subject.get(f'/api/v2/cases/{case_identifier}/iocs', query_parameters=filters).json() + response = self._subject.get(f'/api/v2/cases/{case_identifier}/iocs', query_parameters=filters).json() identifiers = [] for ioc in response['data']: identifiers.append(ioc['ioc_type_id']) @@ -168,7 +168,7 @@ def test_delete_ioc_should_not_prevent_case_deletion(self): self._subject.delete(f'/api/v2/cases/{case_identifier}/iocs/{ioc_identifier}') response = self._subject.delete(f'/api/v2/cases/{case_identifier}') self.assertEqual(204, response.status_code) - + def test_update_ioc_should_return_200(self): case_identifier = self._subject.create_dummy_case() body = {'ioc_type_id': 1, 'ioc_tlp_id': 2, 'ioc_value': '8.8.8.8', 'ioc_description': 'rewrw', 'ioc_tags': ''} diff --git a/tests/tests_rest_permissions.py b/tests/tests_rest_permissions.py index 933644e8d..b30e0404c 100644 --- a/tests/tests_rest_permissions.py +++ b/tests/tests_rest_permissions.py @@ -149,7 +149,7 @@ def test_get_task_should_return_403_when_user_has_insufficient_rights(self): case_identifier = self._subject.create_dummy_case() user = self._subject.create_dummy_user() body = {'task_assignees_id': [1], 'task_description': '', 'task_status_id': 1, 'task_tags': '', 'task_title': 'dummy title', 'custom_attributes': {}} - response = self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body).json() + response = self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body).json() task_identifier = response['id'] body = { 'cases_list': [_INITIAL_DEMO_CASE_IDENTIFIER], diff --git a/tests/tests_rest_tasks.py b/tests/tests_rest_tasks.py index b0c56c329..b0cea3042 100644 --- a/tests/tests_rest_tasks.py +++ b/tests/tests_rest_tasks.py @@ -83,7 +83,7 @@ def test_delete_task_with_missing_task_identifier_should_return_404(self): case_identifier = self._subject.create_dummy_case() body = {'task_assignees_id': [], 'task_description': '', 'task_status_id': 1, 'task_tags': '', 'task_title': 'dummy title', 'custom_attributes': {}} - self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body) + self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body) test = self._subject.delete(f'/api/v2/cases/{case_identifier}/tasks/{_IDENTIFIER_FOR_NONEXISTENT_OBJECT}') self.assertEqual(404, test.status_code) @@ -92,7 +92,7 @@ def test_get_user_task_should_not_fail(self): user = self._subject.create_dummy_user() body = {'task_assignees_id': [user.get_identifier()], 'task_description': '', 'task_status_id': 1, 'task_tags': '', 'task_title': 'dummy title', 'custom_attributes': {}} - self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body) + self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body) response = user.get('/user/tasks/list') self.assertEqual(200, response.status_code) @@ -101,7 +101,7 @@ def test_get_user_task_should_contain_task_case_field(self): user = self._subject.create_dummy_user() body = {'task_assignees_id': [user.get_identifier()], 'task_description': '', 'task_status_id': 1, 'task_tags': '', 'task_title': 'dummy title', 'custom_attributes': {}} - self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body) + self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body) response = user.get('/user/tasks/list').json() self.assertEqual(f'#{case_identifier} - case name', response['data']['tasks'][0]['task_case']) diff --git a/upgrades/upgrade_to_2.0.0.py b/upgrades/upgrade_to_2.0.0.py index ecbe3dc8b..b49f86d47 100644 --- a/upgrades/upgrade_to_2.0.0.py +++ b/upgrades/upgrade_to_2.0.0.py @@ -81,7 +81,7 @@ def handle_env(self, dry_run=False): log.info('Would have added IRIS_AUTHENTICATION_METHOD to .env file') else: log.info('Adding IRIS_AUTHENTICATION_METHOD to .env file') - content += f"\n\n#IRIS Authentication\nIRIS_AUTHENTICATION_METHOD=local" + content += "\n\n#IRIS Authentication\nIRIS_AUTHENTICATION_METHOD=local" log.warning('IRIS v2.0.0 changed the default listening port from 4433 to 443.') log.info('Do you want to change the port? (y/n)') @@ -97,7 +97,7 @@ def handle_env(self, dry_run=False): organization_name = input() if "IRIS_ORGANIZATION_NAME=" in content: log.info("IRIS_ORGANIZATION_NAME already set. Replacing it.") - content = content.replace(f"IRIS_ORGANIZATION_NAME=", "#IRIS_ORGANIZATION_NAME=") + content = content.replace("IRIS_ORGANIZATION_NAME=", "#IRIS_ORGANIZATION_NAME=") content += f"\n\n#IRIS Organization\nIRIS_ORGANIZATION_NAME={organization_name}" From da0ca83d47b4537a118394fa569bc3215ce96797 Mon Sep 17 00:00:00 2001 From: whitekernel <74464599+whikernel@users.noreply.github.com> Date: Wed, 23 Apr 2025 08:51:57 +0200 Subject: [PATCH 10/10] Update source/app/blueprints/access_controls.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- source/app/blueprints/access_controls.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source/app/blueprints/access_controls.py b/source/app/blueprints/access_controls.py index 94598017d..e9675efbe 100644 --- a/source/app/blueprints/access_controls.py +++ b/source/app/blueprints/access_controls.py @@ -553,7 +553,11 @@ def _token_authentication_process(incoming_request: Request): if not auth_header.startswith('Bearer '): return False - token = auth_header.split(' ')[1] + parts = auth_header.split(' ') + if len(parts) < 2: + return False + + token = parts[1] user_data = validate_auth_token(token) if not user_data: