Release/0.1.0 beta/prod azure

src/run.py

@@ -4,10 +4,9 @@
 import datetime
 import os
 from vr.admin.oauth2 import config_oauth
-from config_engine import ENV, INSECURE_OAUTH
 
 
-if ENV == 'test' or INSECURE_OAUTH:
+if app.config['ENV'] == 'test' or app.config['INSECURE_OAUTH']:
     os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
 else:
     os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '0'

src/vr/__init__.py

@@ -1,8 +1,6 @@
 import datetime
 import requests
-from config_engine import ENV, PROD_DB_URI, AUTH_TYPE, APP_EXT_URL, LDAP_HOST, LDAP_PORT, LDAP_BASE_DN, \
-    LDAP_USER_DN, LDAP_GROUP_DN, LDAP_USER_RDN_ATTR, LDAP_USER_LOGIN_ATTR, LDAP_BIND_USER_DN, LDAP_BIND_USER_PASSWORD, \
-    AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, JENKINS_ENABLED
+from config_engine import getConfigs
 from flask import Flask
 from flask_bootstrap import Bootstrap
 from flask_login import LoginManager
@@ -11,8 +9,7 @@
 from flask_wtf.csrf import CSRFProtect
 from flaskext.markdown import Markdown
 from vr.db_models.setup import _init_db
-if AUTH_TYPE == 'ldap':
-    from flask_ldap3_login import LDAP3LoginManager
+
 import base64
 import logging
 import sys
@@ -31,48 +28,41 @@
 from requests.auth import HTTPBasicAuth
 from vr.db_models.updates import createNewTables
 
-if AUTH_TYPE == 'azuread':
+
+app = Flask(__name__)
+
+getConfigs(app.config)
+
+if app.config['AUTH_TYPE'] == 'azuread':
     from flask_session import Session
     import msal
     from flask import session, url_for
 
+if app.config['AUTH_TYPE'] == 'ldap':
+    from flask_ldap3_login import LDAP3LoginManager
 
-app = Flask(__name__)
 moment = Moment(app)
 Markdown(app)
 csrf = CSRFProtect(app)
 
-app.config['APP_EXT_URL'] = APP_EXT_URL
-
-app.config['RUNTIME_ENV'] = ENV
+app.config['RUNTIME_ENV'] = app.config['ENV']
 if app.config['RUNTIME_ENV'] == 'test':
     DB_URI = 'sqlite:///database.db'
     import sqlite3
 else:
-    DB_URI = PROD_DB_URI
+    DB_URI = app.config['PROD_DB_URI']
     import mysql.connector
 
 app.config['SQLALCHEMY_DATABASE_URI'] = DB_URI
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 
-if AUTH_TYPE == 'ldap':
-    # LDAP Configuration
-    app.config['LDAP_HOST'] = LDAP_HOST
-    app.config['LDAP_PORT'] = LDAP_PORT
-    app.config['LDAP_BASE_DN'] = LDAP_BASE_DN
-    app.config['LDAP_USER_DN'] = LDAP_USER_DN
-    app.config['LDAP_GROUP_DN'] = LDAP_GROUP_DN
-    app.config['LDAP_USER_RDN_ATTR'] = LDAP_USER_RDN_ATTR
-    app.config['LDAP_USER_LOGIN_ATTR'] = LDAP_USER_LOGIN_ATTR
-    app.config['LDAP_BIND_USER_DN'] = LDAP_BIND_USER_DN
-    app.config['LDAP_BIND_USER_PASSWORD'] = LDAP_BIND_USER_PASSWORD
-
+if app.config['AUTH_TYPE'] == 'ldap':
     # Flask-LDAP3-Login Manager
     ldap_manager = LDAP3LoginManager(app)
-elif AUTH_TYPE == 'azuread':
-    app.config['CLIENT_ID'] = AZAD_CLIENT_ID
-    app.config['CLIENT_SECRET'] = AZAD_CLIENT_SECRET
-    app.config['AUTHORITY'] = AZAD_AUTHORITY
+elif app.config['AUTH_TYPE'] == 'azuread':
+    app.config['CLIENT_ID'] = app.config['AZAD_CLIENT_ID']
+    app.config['CLIENT_SECRET'] = app.config['AZAD_CLIENT_SECRET']
+    app.config['AUTHORITY'] = app.config['AZAD_AUTHORITY']
     app.config['REDIRECT_PATH'] = "/getAToken"
     app.config['ENDPOINT'] = 'https://graph.microsoft.com/v1.0/me/memberOf'
     app.config['SCOPE'] = ["User.ReadBasic.All", "Group.Read.All", "Application.Read.All"]
@@ -151,7 +141,7 @@ def _get_token_from_cache(scope=None):
 app.register_blueprint(api)
 
 bootstrap = Bootstrap(app)
-if AUTH_TYPE == 'local' or AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'local' or app.config['AUTH_TYPE'] == 'azuread':
     login_manager.init_app(app)
     login_manager.login_view = 'admin.login'
 
@@ -162,9 +152,10 @@ def _get_token_from_cache(scope=None):
 app.logger.addHandler(stdout_handler)
 
 
+
 @app.template_filter('format_datetime')
 def format_datetime(value):
-    if ENV == 'test':
+    if app.config['ENV'] == 'test':
         try:
             formatted = datetime.datetime.strptime(value, "%Y-%m-%dT%H:%M:%S.%f")
         except:
@@ -185,6 +176,8 @@ def base64encode(value):
 createNewTables(app)
 
 ## Cronjob-like tasks section ##
+
+
 def train_model_every_six_hours():
     scheduler = BackgroundScheduler()
     scheduler.add_job(train_model, 'interval', hours=6)
@@ -220,6 +213,53 @@ def connect_to_db():
         cur = db.cursor()
         return cur, db
 
+def getPersistentConfig():
+    try:
+        cur, db = connect_to_db()
+        sql = 'SELECT * FROM AppConfig WHERE 1=1'
+        cur.execute(sql)
+        row = cur.fetchone()
+        if row[2]:
+            app.config['APP_EXT_URL'] = row[3]
+            app.config['AUTH_TYPE'] = row[4]
+            app.config['AZAD_AUTHORITY'] = row[5]
+            app.config['AZAD_CLIENT_ID'] = row[6]
+            app.config['AZAD_CLIENT_SECRET'] = row[7]
+            app.config['AZURE_KEYVAULT_NAME'] = row[8]
+            app.config['ENV'] = row[9]
+            app.config['INSECURE_OAUTH'] = row[10]
+            app.config['JENKINS_ENABLED'] = row[37]
+            app.config['JENKINS_HOST'] = row[11]
+            app.config['JENKINS_KEY'] = row[12]
+            app.config['JENKINS_PROJECT'] = row[13]
+            app.config['JENKINS_STAGING_PROJECT'] = row[14]
+            app.config['JENKINS_TOKEN'] = row[15]
+            app.config['JENKINS_USER'] = row[16]
+            app.config['LDAP_BASE_DN'] = row[17]
+            app.config['LDAP_BIND_USER_DN'] = row[18]
+            app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+            app.config['LDAP_GROUP_DN'] = row[20]
+            app.config['LDAP_HOST'] = row[21]
+            app.config['LDAP_PORT'] = row[22]
+            app.config['LDAP_USER_DN'] = row[23]
+            app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+            app.config['LDAP_USER_RDN_ATTR'] = row[25]
+            app.config['PROD_DB_URI'] = row[26]
+            app.config['SMTP_ADMIN_EMAIL'] = row[27]
+            app.config['SMTP_HOST'] = row[28]
+            app.config['SMTP_PASSWORD'] = row[29]
+            app.config['SMTP_USER'] = row[30]
+            app.config['SNOW_ENABLED'] = row[38]
+            app.config['SNOW_CLIENT_ID'] = row[31]
+            app.config['SNOW_CLIENT_SECRET'] = row[32]
+            app.config['SNOW_INSTANCE_NAME'] = row[33]
+            app.config['SNOW_PASSWORD'] = row[34]
+            app.config['SNOW_USERNAME'] = row[35]
+            app.config['VERSION'] = row[36]
+    except:
+        print('AppConfig Database table is either unreachable or not setup.')
+
+getPersistentConfig()
 
 def train_model():
     try:
@@ -337,7 +377,7 @@ def rsa_long_decrypt(priv_obj, msg, length=256):
 
 
 def get_jenkins_data():
-    user_check = JENKINS_USER
+    user_check = app.config['JENKINS_USER']
     if user_check != 'changeme':
         app.logger.info('Getting Jenkins Data')
         cur, db = connect_to_db()
@@ -452,5 +492,5 @@ def get_jenkins_data():
 
 # Call the Jobs Here #
 train_model_every_six_hours()
-if JENKINS_ENABLED == 'yes':
+if app.config['JENKINS_ENABLED'] == 'yes':
     get_jenkins_data_every_hour()

src/vr/admin/auth_functions.py

@@ -1,7 +1,7 @@
 import jwt
 from time import time
 from vr.functions.mysql_db import connect_to_db
-from config_engine import ENV
+from vr import app
 
 
 # Error handler
@@ -49,7 +49,7 @@ def create_api_key(user_id, otp_secret, expires_in=2592000):
 def verify_api_key(token):
     try:
         cur, db = connect_to_db()
-        if ENV == 'test':
+        if app.config['ENV'] == 'test':
             sql = 'SELECT oc.user_id, u.is_admin FROM oauth2_client oc JOIN oauth2_token ot ON oc.client_id=ot.client_id JOIN User u ON oc.user_id=u.id WHERE ot.id=?'
         else:
             sql = 'SELECT oc.user_id, u.is_admin FROM oauth2_client oc JOIN oauth2_token ot ON oc.client_id=ot.client_id JOIN User u ON oc.user_id=u.id WHERE ot.id=%s'

src/vr/admin/email_alerts.py

@@ -1,7 +1,7 @@
 import smtplib
 from email.mime import multipart
 from email.mime import text as mimetext
-from config_engine import SMTP_HOST, SMTP_USER, SMTP_PASSWORD, SMTP_ADMIN_EMAIL
+from vr import app
 
 
 def send_email(msg_fromaddr, msg_toaddr, msg_subject, msg_body):
@@ -11,9 +11,9 @@ def send_email(msg_fromaddr, msg_toaddr, msg_subject, msg_body):
     msg['To'] = msg_toaddr
     msg['Subject'] = msg_subject
     msg.attach(mimetext.MIMEText(message, 'html'))
-    server = smtplib.SMTP(SMTP_HOST)
+    server = smtplib.SMTP(app.config['SMTP_HOST'])
     server.starttls()
-    server.login(SMTP_USER, SMTP_PASSWORD)
+    server.login(app.config['SMTP_USER'], app.config['SMTP_PASSWORD'])
     server.ehlo()
     text = msg.as_string()
     server.sendmail(msg_fromaddr, msg_toaddr, text)
@@ -24,7 +24,7 @@ def send_registration_email(ext_url, username, first_name, last_name, token, ema
     msg_subject = "SecuSphere User Registration"
     msg_body = generate_registration_msg(ext_url, username, first_name, last_name, token)
     try:
-        send_email(SMTP_ADMIN_EMAIL, email_to, msg_subject, msg_body)
+        send_email(app.config['SMTP_ADMIN_EMAIL'], email_to, msg_subject, msg_body)
     except:
         return 'error'
 

src/vr/admin/models.py

@@ -3,7 +3,7 @@
 from flask_login import UserMixin
 from vr import db, app
 from vr.functions.mysql_db import connect_to_db
-from datetime import datetime, timedelta
+from datetime import datetime
 import jwt
 from vr.admin.helper_functions import hash_password,verify_password
 from vr.admin.functions import db_connection_handler
@@ -17,8 +17,7 @@
     OAuth2AuthorizationCodeMixin,
     OAuth2TokenMixin,
 )
-from config_engine import AUTH_TYPE
-if AUTH_TYPE == 'ldap':
+if app.config['AUTH_TYPE'] == 'ldap':
     from vr import ldap_manager
 
 if app.config['RUNTIME_ENV'] == 'test':
@@ -190,11 +189,11 @@ def verify_username_token(self, token, given_id):
         else:
             return
 
-if AUTH_TYPE == 'local' or AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'local' or app.config['AUTH_TYPE'] == 'azuread':
     @login_manager.user_loader
     def load_user(id):
         return User.query.get(int(id))
-elif AUTH_TYPE == 'ldap':
+elif app.config['AUTH_TYPE'] == 'ldap':
     # User Loader for LDAP
     @login_manager.user_loader
     def load_user(user_id):

src/vr/admin/routes/forgotpw.py

@@ -6,7 +6,6 @@
 from vr.admin.email_alerts import send_email, generate_evnt_msg
 from vr.functions.timefunctions import return_datetime_now
 from vr.admin.helper_functions import hash_password
-from config_engine import SMTP_ADMIN_EMAIL
 from vr.admin.functions import db_connection_handler
 
 
@@ -32,7 +31,7 @@ def forgotpw():
                 action_list = [action]
                 st = 'n'
                 msg_body = generate_evnt_msg(msg_subject, now, evt_list, action_list, st)
-                msg_fromaddr = SMTP_ADMIN_EMAIL
+                msg_fromaddr = app.config['SMTP_ADMIN_EMAIL']
                 try:
                     send_email(msg_fromaddr, email, msg_subject, msg_body)
                     warnmsg = ('pwresetemail', 'success')

src/vr/admin/routes/forgotun.py

@@ -5,7 +5,6 @@
 from vr.admin.models import User, LoginForm
 from vr.admin.email_alerts import send_email, generate_evnt_msg
 from vr.functions.timefunctions import return_datetime_now
-from config_engine import SMTP_ADMIN_EMAIL
 
 
 NAV_CAT= { "name": "Admin", "url": "admin.admin_dashboard"}
@@ -28,7 +27,7 @@ def forgotun():
                 action_list = [action]
                 st = 'n'
                 msg_body = generate_evnt_msg(msg_subject,now,evt_list,action_list,st)
-                msg_fromaddr = SMTP_ADMIN_EMAIL
+                msg_fromaddr = app.config['SMTP_ADMIN_EMAIL']
                 try:
                     send_email(msg_fromaddr, email, msg_subject, msg_body)
                     warnmsg = ('pwresetemail', 'success')

src/vr/admin/routes/login.py

@@ -8,10 +8,9 @@
 from vr.admin.models import User, LoginForm, AuthAttempts, AppConfig
 from vr.admin.functions import _auth_user, _entity_permissions_filter, _entity_page_permissions_filter, check_lockout, log_failed_attempt
 from vr.admin.functions import db_connection_handler
-from config_engine import AUTH_TYPE
-if AUTH_TYPE == 'ldap':
+if app.config['AUTH_TYPE'] == 'ldap':
     from flask_ldap3_login.forms import LDAPLoginForm
-elif AUTH_TYPE == 'azuread':
+elif app.config['AUTH_TYPE'] == 'azuread':
     import requests
     import msal
     from vr import _build_auth_code_flow, _load_cache, _save_cache, _build_msal_app, _get_token_from_cache
@@ -35,7 +34,7 @@ def login():
         return redirect(url_for('admin.register'))
     ad_auth_url = None
     warnmsg = ''
-    if AUTH_TYPE == 'local':
+    if app.config['AUTH_TYPE'] == 'local':
         if current_user.is_authenticated:
             flash('You are already logged in.', 'danger')
             return redirect(url_for('assets.all_applications'))
@@ -60,7 +59,7 @@ def login():
                 mfa_password = resp[2]
             # attempt to log the user in
             return _login_attempt(user, username, password, userid, form, mfa_password)
-    elif AUTH_TYPE == 'ldap':
+    elif app.config['AUTH_TYPE'] == 'ldap':
         form = LDAPLoginForm()
         if form.validate_on_submit():
             # Log the user in
@@ -71,15 +70,15 @@ def login():
             # Print the form errors
             print("Form validation failed with errors:", form.errors)
         return render_template(LDAP_LOGIN_TEMPLATE, form=form, errors=form.errors)
-    elif AUTH_TYPE == 'azuread':
+    elif app.config['AUTH_TYPE'] == 'azuread':
         form = LoginForm(request.form)
         session["flow"] = _build_auth_code_flow(scopes=app.config['SCOPE'])
         ad_auth_url = session["flow"]["auth_uri"]
     if form.errors:
         warnmsg = (form.errors, 'danger')
-    return render_template(LOGIN_TEMPLATE, form=form, warnmsg=warnmsg, auth_type=AUTH_TYPE, auth_url=ad_auth_url)
+    return render_template(LOGIN_TEMPLATE, form=form, warnmsg=warnmsg, auth_type=app.config['AUTH_TYPE'], auth_url=ad_auth_url)
 
-if AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'azuread':
     @app.route(app.config['REDIRECT_PATH'])  # Its absolute URL must match your app's redirect_uri set in AAD
     def authorized():
         try:

src/vr/admin/routes/logout.py

@@ -1,20 +1,20 @@
 from flask_login import logout_user, login_required
 from flask import session, redirect, url_for
 from vr.admin import admin
-from config_engine import AUTH_TYPE
+from vr import app
 
 
 NAV_CAT= { "name": "Admin", "url": "admin.admin_dashboard"}
 
 
-if AUTH_TYPE == 'local':
+if app.config['AUTH_TYPE'] == 'local':
     @admin.route('/logout')
     @login_required
     def logout():
         logout_user()
         del session['username']
         return redirect(url_for('admin.login'))
-elif AUTH_TYPE == 'azuread':
+elif app.config['AUTH_TYPE'] == 'azuread':
     @admin.route('/logout')
     def logout():
         logout_user()