• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• arch-security-tracker-master
  • Makefile
  • config.py
  • .gitmodules
  • pacman
    • arch
      • x86_64
        • pacman.conf
    • .gitignore
  • LICENSE
  • test
    • util.py
    • test_todo.py
    • test_package.py
    • test_advisory.py
    • test_index.py
    • test_profile.py
    • __init__.py
    • test_group.py
    • test_stats.py
    • test_cve.py
    • test_admin.py
    • conftest.py
    • test_login.py
  • test-requirements.txt
  • CONTRIBUTING.md
  • config
    • 00-default.conf
    • .gitignore
  • tracker
    • util.py
    • pacman.py
    • symbol.py
    • cli
      • db.py
      • util.py
      • run.py
      • update.py
      • shell.py
      • setup.py
      • __init__.py
    • templates
      • stats.html
      • advisory.html
      • error.html
      • _formhelpers.html
      • feed.html
      • admin
        • user.html
        • form
          • delete_user.html
          • user.html
      • group.html
      • todo.html
      • advisories.html
      • log
        • cve_log.html
        • group_log_table.html
        • user_log.html
        • advisory_log.html
        • advisory_log_table.html
        • log.html
        • cve_log_table.html
        • group_log.html
      • form
        • advisory.html
        • profile.html
        • group.html
        • cve.html
        • delete_cve.html
        • delete_group.html
        • publish.html
        • delete_advisory.html
      • base.html
      • advisory.txt
      • cve.html
      • bug.txt
      • index.html
      • package.html
      • login.html
    • user.py
    • maintenance.py
    • form
      • user.py
      • cve.py
      • group.py
      • __init__.py
      • confirm.py
      • login.py
      • admin.py
      • validators.py
      • advisory.py
      • base.py
    • view
      • show.py
      • index.py
      • copy.py
      • edit.py
      • todo.py
      • add.py
      • user.py
      • blueprint.py
      • stats.py
      • __init__.py
      • login.py
      • admin.py
      • error.py
      • delete.py
      • advisory.py
    • __init__.py
    • model
      • package.py
      • cvegroupentry.py
      • user.py
      • cvegroup.py
      • cvegrouppackage.py
      • cve.py
      • __init__.py
      • advisory.py
      • enum.py
    • advisory.py
    • static
      • opensans.woff2
      • style.css
      • opensans.woff
      • favicon.ico
      • normalize.css
  • .travis.yml
  • README.md
  • migrations
    • env.py
    • versions
      • cf0c99c08578_.py
    • README
    • alembic.ini
    • script.py.mako
  • .external
    • normalize.css
  • .isort.cfg
  • requirements.txt
  • .gitignore
  • trackerctl

from base64 import b85encode
from functools import wraps
from os import urandom

from flask_login import current_user
from flask_login import login_required
from scrypt import hash as shash
from sqlalchemy.exc import IntegrityError

from config import TRACKER_PASSWORD_LENGTH_MIN
from tracker import db
from tracker import login_manager
from tracker.model.user import Guest
from tracker.model.user import User
from tracker.model.user import UserRole

login_manager.anonymous_user = Guest


def random_string(length=TRACKER_PASSWORD_LENGTH_MIN):
    salt = b85encode(urandom(length))
    return salt.decode()


def hash_password(password, salt):
    hashed = b85encode(shash(password, salt[:User.SALT_LENGTH]))
    return hashed.decode()[:User.PASSWORD_LENGTH]


@login_manager.user_loader
def load_user(session_token):
    if not session_token:
        return Guest()

    user = User.query.filter_by(token=session_token).first()
    if not user:
        return Guest()
    user.is_authenticated = True
    return user


def permission_required(permission):
    def decorator(func):
        @wraps(func)
        def decorated_view(*args, **kwargs):
            if not permission.fget(current_user.role):
                from tracker.view.error import forbidden
                return forbidden()
            return func(*args, **kwargs)
        return login_required(decorated_view)
    return decorator


def reporter_required(func):
    return permission_required(UserRole.is_reporter)(func)


def security_team_required(func):
    return permission_required(UserRole.is_security_team)(func)


def administrator_required(func):
    return permission_required(UserRole.is_administrator)(func)


def user_can_edit_issue(advisories=[]):
    role = current_user.role
    if not role.is_reporter:
        return False
    if role.is_security_team:
        return True
    return 0 == len(advisories)


def user_can_delete_issue(advisories=[]):
    role = current_user.role
    if not role.is_reporter:
        return False
    return 0 == len(advisories)


def user_can_edit_group(advisories=[]):
    return user_can_edit_issue(advisories)


def user_can_delete_group(advisories=[]):
    return user_can_delete_issue(advisories)


def user_can_handle_advisory():
    return current_user.role.is_security_team


def user_can_watch_log():
    return True


def user_can_watch_user_log():
    return current_user.role.is_reporter


def user_invalidate(user):
    user.token = None
    user.is_authenticated = False


def user_assign_new_token(user, max_tries=32):
    def assign_token(token):
        user.token = token
        return user
    return user_generate_new_token(assign_token, max_tries)


def user_generate_new_token(callback, max_tries=32):
    failed = 0
    while failed < max_tries:
        try:
            token = random_string(User.TOKEN_LENGTH)
            token_owners = User.query.filter_by(token=token).count()
            if 0 != token_owners:
                failed += 1
                continue
            user = callback(token)
            db.session.commit()
            return user
        except IntegrityError:
            db.session.rollback()
            failed += 1
    raise Exception('Failed to obtain unique token within {} tries'.format(max_tries))