Module: Msf::DBManager::User

Included in:
Msf::DBManager
Defined in:
lib/msf/core/db_manager/user.rb

Constant Summary collapse

MIN_TOKEN_LENGTH =
20

Instance Method Summary collapse

Instance Method Details

#authenticate_user(opts) ⇒ Boolean

Authenticates the user.

Parameters:

  • opts (:ids)
    Integer

    ID of the user to authenticate.

  • opts (:password)
    String

    The user’s password.

Returns:

  • (Boolean)

    True if the user is successfully authenticated; otherwise, false.

Raises:

  • (ArgumentError)


114
115
116
117
118
119
120
121
122
123
124
# File 'lib/msf/core/db_manager/user.rb', line 114

def authenticate_user(opts)
  raise ArgumentError.new("The following options are required: :id") if opts[:id].nil?
  raise ArgumentError.new("The following options are required: :password") if opts[:password].nil?

  user = Mdm::User.find(opts[:id])
  begin
    !user.nil? && BCrypt::Password.new(user.crypted_password) == opts[:password]
  rescue BCrypt::Errors::InvalidHash
    false
  end
end

#create_new_user_token(opts) ⇒ String

Creates a new API token for the user.

The opts parameter MUST contain: The opts parameter can contain:

Parameters:

  • opts (:ids)
    Integer

    ID for the user.

  • opts (:token_length)
    Integer

    Token length.

Returns:

  • (String)

    The new API token.

Raises:

  • (ArgumentError)


135
136
137
138
139
140
141
142
143
# File 'lib/msf/core/db_manager/user.rb', line 135

def create_new_user_token(opts)
  raise ArgumentError.new("The following options are required: :id") if opts[:id].nil?

  token_length = opts[:token_length] || MIN_TOKEN_LENGTH
  # NOTE: repurposing persistence_token in the database as the API token
  user = Mdm::User.find(opts[:id])
  user.update!({persistence_token: SecureRandom.hex(token_length)})
  user.persistence_token
end

#delete_user(opts) ⇒ Array

Deletes user entries based on the IDs passed in.

Parameters:

  • opts (:ids)
    Array

    Array containing Integers corresponding to the IDs of the user entries to delete.

Returns:

  • (Array)

    Array containing the Mdm::User objects that were successfully deleted.

Raises:

  • (ArgumentError)


90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/msf/core/db_manager/user.rb', line 90

def delete_user(opts)
  raise ArgumentError.new("The following options are required: :ids") if opts[:ids].nil?

  ::ApplicationRecord.connection_pool.with_connection {
    deleted = []
    opts[:ids].each do |user_id|
      user = Mdm::User.find(user_id)
      begin
        deleted << user.destroy
      rescue # refs suck
        elog("Forcibly deleting #{user}")
        deleted << user.delete
      end
    end

    return deleted
  }
end

#report_user(opts) ⇒ Mdm::User

Report a user’s attributes.

The opts parameter MUST contain:

:username

– the username

:password

– the users’s cleartext password

The opts parameter can contain:

:fullname

– the users’s fullname

:email

– the users’s email

:phone

– the users’s phone

:email

– the users’s email

:company

– the users’s company

:prefs

– [Hash] the users’s preferences

:admin

– [Boolean] True if the user is an admin; otherwise, false.

Returns:

  • (Mdm::User)

    The reported Mdm::User object.

Raises:

  • (ArgumentError)


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/msf/core/db_manager/user.rb', line 40

def report_user(opts)
  return unless active
  raise ArgumentError.new("Missing required option :username") if opts[:username].nil?
  raise ArgumentError.new("Missing required option :password") if opts[:password].nil?

  ::ApplicationRecord.connection_pool.with_connection {

    conditions = {username: opts[:username]}
    user = Mdm::User.where(conditions).first_or_initialize

    opts.each do |k,v|
      if user.attribute_names.include?(k.to_s)
        user[k] = v
      elsif !v.blank?
        dlog("Unknown attribute for ::Mdm::User: #{k}")
      end
    end

    user.crypted_password = BCrypt::Password.create(opts[:password])
    user.admin = false if opts[:admin].nil?

    # Finalize
    if user.changed?
      msf_assign_timestamps(opts, user)
      user.save!
    end

    user
  }
end

#update_user(opts) ⇒ Mdm::User

Update the attributes of a user entry with the values in opts. The values in opts should match the attributes to update.

Parameters:

  • opts (Hash)

    Hash containing the updated values. Key should match the attribute to update. Must contain :id of record to update.

Returns:

  • (Mdm::User)

    The updated Mdm::User object.



76
77
78
79
80
81
82
83
84
# File 'lib/msf/core/db_manager/user.rb', line 76

def update_user(opts)
  ::ApplicationRecord.connection_pool.with_connection {
    opts = opts.clone() # protect the original caller's opts
    id = opts.delete(:id)
    user = Mdm::User.find(id)
    user.update!(opts)
    return user
  }
end

#users(opts) ⇒ Object

Returns a list of all users in the database



9
10
11
12
13
14
15
16
17
18
19
20
21
# File 'lib/msf/core/db_manager/user.rb', line 9

def users(opts)
  ::ApplicationRecord.connection_pool.with_connection {

    opts = opts.clone() # protect the original caller's opts
    search_term = opts.delete(:search_term)
    if search_term && !search_term.empty?
      column_search_conditions = Msf::Util::DBManager.create_all_column_search_conditions(Mdm::User, search_term)
      Mdm::User.where(opts).where(column_search_conditions)
    else
      Mdm::User.where(opts)
    end
  }
end