chg: [conf] generate password if empty

MISP · Mar 5, 2024 · c218090 · c218090
1 parent 664c2f8
commit c218090
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 31 deletions.
diff --git a/.gitignore b/.gitignore
@@ -21,3 +21,4 @@ venv*
 #vscode
 .vscode*
 *.sqlite
+website/conf/config.cfg
diff --git a/website/README.md b/website/README.md
@@ -35,14 +35,20 @@ Edit `config.py`
 
 - `ADMIN_PASSWORD`: Password for Admin user if `ADMIN_USER` is True
 
+
+
+Rename `config.cfg.sample` to `config.cfg` then edit it:
+
+- `ADMIN_USER`: If True, config page will not be accessible
+
+- `ADMIN_PASSWORD`: Password for Admin user if `ADMIN_USER` is True
+
 ## Launch
 
 ```bash
 ./launch.sh -l
 ```
 
-
-
 ## Admin user
 
 If admin user is active, type `/login` in url to access a login page and type the password wrote in `config.py` in `ADMIN_PASSOWRD`.
diff --git a/website/app.py b/website/app.py
@@ -7,6 +7,7 @@
 import signal
 import sys
 import subprocess
+from app.utils.utils import gen_admin_password
 
 def signal_handler(sig, frame):
     path = os.path.join(os.getcwd(), "launch.sh")
@@ -47,4 +48,5 @@ def error_page_not_found(e):
     with app.app_context():
         create_modules_db()
 else:
+    gen_admin_password()
     app.run(host=app.config.get("FLASK_URL"), port=app.config.get("FLASK_PORT"))
diff --git a/website/app/__init__.py b/website/app/__init__.py
@@ -5,7 +5,7 @@
 from flask_session import Session
 from flask_login import LoginManager
 
-from config import config as Config
+from conf.config import config as Config
 import os
 
 

diff --git a/website/app/home.py b/website/app/home.py
@@ -15,7 +15,7 @@
 
 @home_blueprint.route("/")
 def home():
-    sess["admin_user"] = admin_user_active()
+    sess["admin_user"] = bool(admin_user_active())
     if "query" in request.args:
         return render_template("home.html", query=request.args.get("query"))
     return render_template("home.html")
@@ -168,46 +168,60 @@ def download(sid):
 def modules_config():
     """List all modules for configuration"""
     sess["admin_user"] = admin_user_active()
+    flag = True
     if sess.get("admin_user"):
-        if current_user.is_authenticated:
-            return render_template("modules_config.html")
+        if not current_user.is_authenticated:
+            flag = False
+    if flag:
+        return render_template("modules_config.html")
     return render_template("404.html")
-
+
+
 @home_blueprint.route("/modules_config_data")
 def modules_config_data():
     """List all modules for configuration"""
     sess["admin_user"] = admin_user_active()
+    flag = True
     if sess.get("admin_user"):
-        if current_user.is_authenticated:
-            modules_config = HomeModel.get_modules_config()
-            return modules_config, 200
+        if not current_user.is_authenticated:
+            flag = False
+    if flag:
+        modules_config = HomeModel.get_modules_config()
+        return modules_config, 200
     return {"message": "Permission denied"}, 403
-
+    
 
 @home_blueprint.route("/change_config", methods=["POST"])
 def change_config():
     """Change configuation for a module"""
     sess["admin_user"] = admin_user_active()
+    flag = True
     if sess.get("admin_user"):
-        if current_user.is_authenticated:
-            if "module_name" in request.json["result_dict"]:
-                res = HomeModel.change_config_core(request.json["result_dict"])
-                if res:
-                    return {'message': 'Config changed', 'toast_class': "success-subtle"}, 200
-                return {'message': 'Something went wrong', 'toast_class': "danger-subtle"}, 400
-            return {'message': 'Need to pass "module_name"', 'toast_class': "warning-subtle"}, 400
+        if not current_user.is_authenticated:
+            flag = False  
+    if flag:
+        if "module_name" in request.json["result_dict"]:
+            res = HomeModel.change_config_core(request.json["result_dict"])
+            if res:
+                return {'message': 'Config changed', 'toast_class': "success-subtle"}, 200
+            return {'message': 'Something went wrong', 'toast_class': "danger-subtle"}, 400
+        return {'message': 'Need to pass "module_name"', 'toast_class': "warning-subtle"}, 400
     return {'message': 'Permission denied', 'toast_class': "danger-subtle"}, 403
 
 @home_blueprint.route("/change_status", methods=["GET"])
 def change_status():
     """Change the status of a module, active or unactive"""
     sess["admin_user"] = admin_user_active()
+    flag = True
     if sess.get("admin_user"):
-        if current_user.is_authenticated:
-            if "module_id" in request.args:
-                res = HomeModel.change_status_core(request.args.get("module_id"))
-                if res:
-                    return {'message': 'Module status changed', 'toast_class': "success-subtle"}, 200
-                return {'message': 'Something went wrong', 'toast_class': "danger-subtle"}, 400
-            return {'message': 'Need to pass "module_id"', 'toast_class': "warning-subtle"}, 400
+        if not current_user.is_authenticated:
+            flag = False
+    # if admin is active and user is logon or if admin is not active
+    if flag:
+        if "module_id" in request.args:
+            res = HomeModel.change_status_core(request.args.get("module_id"))
+            if res:
+                return {'message': 'Module status changed', 'toast_class': "success-subtle"}, 200
+            return {'message': 'Something went wrong', 'toast_class': "danger-subtle"}, 400
+        return {'message': 'Need to pass "module_id"', 'toast_class': "warning-subtle"}, 400
     return {'message': 'Permission denied', 'toast_class': "danger-subtle"}, 403
diff --git a/website/app/utils/utils.py b/website/app/utils/utils.py
@@ -1,10 +1,15 @@
 import os
+import random
 import uuid
 import json
 import requests
 # import jsonschema
-from config import Config
+from conf.config import Config
 from pathlib import Path
+import configparser
+config = configparser.ConfigParser()
+CONF_PATH = os.path.join(os.getcwd(), "conf", "config.cfg")
+config.read(CONF_PATH)
 
 MODULES = []
 
@@ -51,9 +56,19 @@ def get_object(obj_name):
 
 
 def admin_user_active():
-    return Config.ADMIN_USER
+    config.read(CONF_PATH)
+    return config.getboolean("ADMIN", "ADMIN_USER")
 
 def admin_password():
-    return Config.ADMIN_PASSWORD
-
+    return config["ADMIN"]["ADMIN_PASSWORD"]
 
+def gen_admin_password():
+    if not admin_password():
+        chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%#[]+-:;_&*().,?0123456789'
+        password = ''
+        for _ in range(20):
+            password += random.choice(chars)
+        print(f"##########################\n##    Admin password    ##\n## {password} ##\n##########################")
+        config["ADMIN"]["ADMIN_PASSWORD"] = password
+        with open(CONF_PATH, "w") as conffile:
+            config.write(conffile)
diff --git a/website/conf/config.cfg.sample b/website/conf/config.cfg.sample
@@ -0,0 +1,4 @@
+[ADMIN]
+admin_user = False
+admin_password = 
+
diff --git a/website/config.py → website/conf/config.py b/website/config.py → website/conf/config.py
@@ -4,8 +4,6 @@ class Config:
     FLASK_URL = '127.0.0.1'
     FLASK_PORT = 7008
     MISP_MODULE = '127.0.0.1:6666'
-    ADMIN_USER = False
-    ADMIN_PASSWORD = "Password1234"
 
 class DevelopmentConfig(Config):
     DEBUG = True