Module: Msf::DBManager::User

Included in:

Msf::DBManager

Defined in:

lib/msf/core/db_manager/user.rb

Constant Summary

MIN_TOKEN_LENGTH =

20

Instance Method Summary

• #authenticate_user(opts) ⇒ Boolean

  Authenticates the user.

• #create_new_user_token(opts) ⇒ String

  Creates a new API token for the user.

• #delete_user(opts) ⇒ Array

  Deletes user entries based on the IDs passed in.

• #report_user(opts) ⇒ Mdm::User

  Report a user’s attributes.

• #update_user(opts) ⇒ Mdm::User

  Update the attributes of a user entry with the values in opts.

• #users(opts) ⇒ Object

  Returns a list of all users in the database.

Instance Method Details

#authenticate_user(opts) ⇒ Boolean

Authenticates the user.

Parameters:

• opts (:ids) —

  Integer

  ID of the user to authenticate.

• opts (:password) —

  String

  The user’s password.

Returns:

• (Boolean) —

  True if the user is successfully authenticated; otherwise, false.

Raises:

• (ArgumentError)

# File 'lib/msf/core/db_manager/user.rb', line 114

def authenticate_user(opts)
  raise ArgumentError.new("The following options are required: :id") if opts[:id].nil?
  raise ArgumentError.new("The following options are required: :password") if opts[:password].nil?

  user = Mdm::User.find(opts[:id])
  begin
    !user.nil? && BCrypt::Password.new(user.crypted_password) == opts[:password]
  rescue BCrypt::Errors::InvalidHash
    false
  end
end

#create_new_user_token(opts) ⇒ String

Creates a new API token for the user.

The opts parameter MUST contain: The opts parameter can contain:

Parameters:

• opts (:ids) —

  Integer

  ID for the user.

• opts (:token_length) —

  Integer

  Token length.

Returns:

• (String) —

  The new API token.

Raises:

• (ArgumentError)

# File 'lib/msf/core/db_manager/user.rb', line 135

def create_new_user_token(opts)
  raise ArgumentError.new("The following options are required: :id") if opts[:id].nil?

  token_length = opts[:token_length] || MIN_TOKEN_LENGTH
  # NOTE: repurposing persistence_token in the database as the API token
  user = Mdm::User.find(opts[:id])
  user.update!({persistence_token: SecureRandom.hex(token_length)})
  user.persistence_token
end

#delete_user(opts) ⇒ Array

Deletes user entries based on the IDs passed in.

Parameters:

• opts (:ids) —

  Array

  Array containing Integers corresponding to the IDs of the user entries to delete.

Returns:

• (Array) —

  Array containing the Mdm::User objects that were successfully deleted.

Raises:

• (ArgumentError)

# File 'lib/msf/core/db_manager/user.rb', line 90

def delete_user(opts)
  raise ArgumentError.new("The following options are required: :ids") if opts[:ids].nil?

  ::ApplicationRecord.connection_pool.with_connection {
    deleted = []
    opts[:ids].each do |user_id|
      user = Mdm::User.find(user_id)
      begin
        deleted << user.destroy
      rescue # refs suck
        elog("Forcibly deleting #{user}")
        deleted << user.delete
      end
    end

    return deleted
  }
end

#report_user(opts) ⇒ Mdm::User

Report a user’s attributes.

The opts parameter MUST contain:

:username

– the username

:password

– the users’s cleartext password

The opts parameter can contain:

:fullname

– the users’s fullname

:email

– the users’s email

:phone

– the users’s phone

:email

– the users’s email

:company

– the users’s company

:prefs

– [Hash] the users’s preferences

:admin

– [Boolean] True if the user is an admin; otherwise, false.

Returns:

• (Mdm::User) —

  The reported Mdm::User object.

Raises:

• (ArgumentError)

# File 'lib/msf/core/db_manager/user.rb', line 40

def report_user(opts)
  return unless active
  raise ArgumentError.new("Missing required option :username") if opts[:username].nil?
  raise ArgumentError.new("Missing required option :password") if opts[:password].nil?

  ::ApplicationRecord.connection_pool.with_connection {

    conditions = {username: opts[:username]}
    user = Mdm::User.where(conditions).first_or_initialize

    opts.each do |k,v|
      if user.attribute_names.include?(k.to_s)
        user[k] = v
      elsif !v.blank?
        dlog("Unknown attribute for ::Mdm::User: #{k}")
      end
    end

    user.crypted_password = BCrypt::Password.create(opts[:password])
    user.admin = false if opts[:admin].nil?

    # Finalize
    if user.changed?
      msf_assign_timestamps(opts, user)
      user.save!
    end

    user
  }
end

#update_user(opts) ⇒ Mdm::User

Update the attributes of a user entry with the values in opts. The values in opts should match the attributes to update.

Parameters:

• opts (Hash) —

  Hash containing the updated values. Key should match the attribute to update. Must contain :id of record to update.

Returns:

• (Mdm::User) —

  The updated Mdm::User object.

# File 'lib/msf/core/db_manager/user.rb', line 76

def update_user(opts)
  ::ApplicationRecord.connection_pool.with_connection {
    opts = opts.clone() # protect the original caller's opts
    id = opts.delete(:id)
    user = Mdm::User.find(id)
    user.update!(opts)
    return user
  }
end

#users(opts) ⇒ Object

Returns a list of all users in the database

# File 'lib/msf/core/db_manager/user.rb', line 9

def users(opts)
  ::ApplicationRecord.connection_pool.with_connection {

    opts = opts.clone() # protect the original caller's opts
    search_term = opts.delete(:search_term)
    if search_term && !search_term.empty?
      column_search_conditions = Msf::Util::DBManager.create_all_column_search_conditions(Mdm::User, search_term)
      Mdm::User.where(opts).where(column_search_conditions)
    else
      Mdm::User.where(opts)
    end
  }
end