Fix misc. bugs.

computablefacts · Sep 6, 2024 · a3d0d7d · a3d0d7d
1 parent 16e1a4f
commit a3d0d7d
Show file tree

Hide file tree

Showing 25 changed files with 176 additions and 35 deletions.
diff --git a/app/Helpers/AdversaryMeter.php b/app/Helpers/AdversaryMeter.php
@@ -19,11 +19,13 @@ public static function redirectUrl()
 
     public static function addAsset(string $team, User $user, string $asset): array
     {
+        // TODO : sink the CreateAsset event
         return self::addAsset2(self::apiKey(), $team, $user->email, $asset);
     }
 
     public static function removeAsset(string $team, User $user, string $asset): array
     {
+        // TODO : sink the DeleteAsset event
         return self::removeAsset2(self::apiKey(), $team, $user->email, $asset);
     }
 
@@ -140,6 +142,14 @@ private static function findAnyAdversaryMeterApiToken(User $user): ?string
                 return $userTmp->am_api_token;
             }
         }
-        return null;
+
+        $token = $user->createToken('adversarymeter', ['']);
+        $plainTextToken = $token->plainTextToken;
+        $token = $token?->accessToken;
+
+        $user->am_api_token = $plainTextToken;
+        $user->save();
+
+        return $plainTextToken;
     }
 }
diff --git a/app/Modules/AdversaryMeter/Events/CreateAsset.php b/app/Modules/AdversaryMeter/Events/CreateAsset.php
@@ -2,6 +2,7 @@
 
 namespace App\Modules\AdversaryMeter\Events;
 
+use App\User;
 use Illuminate\Broadcasting\InteractsWithSockets;
 use Illuminate\Broadcasting\PrivateChannel;
 use Illuminate\Foundation\Events\Dispatchable;
@@ -11,10 +12,12 @@ class CreateAsset
 {
     use Dispatchable, InteractsWithSockets, SerializesModels;
 
+    public User $user;
     public string $asset;
 
-    public function __construct(string $asset)
+    public function __construct(User $user, string $asset)
     {
+        $this->user = $user;
         $this->asset = $asset;
     }
 

diff --git a/app/Modules/AdversaryMeter/Events/DeleteAsset.php b/app/Modules/AdversaryMeter/Events/DeleteAsset.php
@@ -2,6 +2,7 @@
 
 namespace App\Modules\AdversaryMeter\Events;
 
+use App\User;
 use Illuminate\Broadcasting\InteractsWithSockets;
 use Illuminate\Broadcasting\PrivateChannel;
 use Illuminate\Foundation\Events\Dispatchable;
@@ -11,10 +12,12 @@ class DeleteAsset
 {
     use Dispatchable, InteractsWithSockets, SerializesModels;
 
+    public User $user;
     public string $asset;
 
-    public function __construct(string $asset)
+    public function __construct(User $user, string $asset)
     {
+        $this->user = $user;
         $this->asset = $asset;
     }
 

diff --git a/app/Modules/AdversaryMeter/Http/Controllers/AssetController.php b/app/Modules/AdversaryMeter/Http/Controllers/AssetController.php
@@ -5,6 +5,7 @@
 use App\Modules\AdversaryMeter\Events\BeginPortsScan;
 use App\Modules\AdversaryMeter\Helpers\ApiUtils;
 use App\Modules\AdversaryMeter\Listeners\CreateAssetListener;
+use App\Modules\AdversaryMeter\Listeners\DeleteAssetListener;
 use App\Modules\AdversaryMeter\Models\Alert;
 use App\Modules\AdversaryMeter\Models\Asset;
 use App\Modules\AdversaryMeter\Models\AssetTag;
@@ -73,7 +74,7 @@ public function saveAsset(Request $request): array
 
         /** @var User $user */
         $user = Auth::user();
-        $obj = CreateAssetListener::execute($asset);
+        $obj = CreateAssetListener::execute($user, $asset);
 
         if (!$obj) {
             abort(500, "The asset could not be created : {$asset}");
@@ -340,7 +341,10 @@ public function deleteAsset(Asset $asset): void
         if ($asset->is_monitored) {
             abort(500, 'Deletion not allowed, asset is monitored.');
         }
-        $asset->delete();
+
+        /** @var User $user */
+        $user = Auth::user();
+        DeleteAssetListener::execute($user, $asset);
     }
 
     public function restartScan(Asset $asset): array

diff --git a/app/Modules/AdversaryMeter/Http/Controllers/HoneypotController.php b/app/Modules/AdversaryMeter/Http/Controllers/HoneypotController.php
@@ -123,7 +123,7 @@ public function getVulnerabilitiesWithAssetInfo(?int $attackerId = null): array
         return Alert::select('alerts.*', 'assets.id AS asset_id')
             ->join('ports', 'ports.id', '=', 'alerts.port_id')
             ->join('scans', 'scans.id', '=', 'ports.scan_id')
-            ->join('assets', 'assets.cur_scan_id', '=', 'ports.ports_scan_id')
+            ->join('assets', 'assets.cur_scan_id', '=', 'scans.ports_scan_id')
             ->get()
             ->map(function (Alert $alert) use ($attackerId) {
                 return [
@@ -207,14 +207,14 @@ public function attackerStats(Attacker $attacker): array
     public function getMostRecentEvent(?int $attackerId = null): array
     {
         if ($attackerId) {
-            return HoneypotEvent::query()
+            return Attacker::find($attackerId)
+                ->events()
                 ->orderBy('timestamp', 'desc')
                 ->limit(3)
                 ->get()
                 ->toArray();
         }
-        return Attacker::find($attackerId)
-            ->events()
+        return HoneypotEvent::query()
             ->orderBy('timestamp', 'desc')
             ->limit(3)
             ->get()
@@ -298,7 +298,7 @@ public function honeypotsStatus(): array
         }, 'dns_setup');
 
         return [
-            'current_user' => 'unknown',
+            'current_user' => Auth::user()->name,
             'honeypots' => $honeypots,
             'integration_status' => $honeypots->count() ? $leastAdvancedStatus : 'inactive'
         ];
@@ -386,7 +386,7 @@ public function getHashes(): array
         return AssetTagHash::all()->toArray();
     }
 
-    public function createHash(Request $request): array
+    public function createHash(Request $request): AssetTagHash
     {
         $tag = $request->validate([
             'tag' => 'string|required',
@@ -398,9 +398,8 @@ public function createHash(Request $request): array
         ]);
     }
 
-    public function deleteHash(string $hash): JsonResponse
+    public function deleteHash(AssetTagHash $hash): JsonResponse
     {
-        $hash = AssetTagHash::where('hash', $hash)->firstOrFail();
         $hash->delete();
         return response()->json(['message' => 'Hash successfully deleted']);
     }

diff --git a/app/Modules/AdversaryMeter/Listeners/CreateAssetListener.php b/app/Modules/AdversaryMeter/Listeners/CreateAssetListener.php
@@ -9,11 +9,13 @@
 use App\Modules\AdversaryMeter\Rules\IsValidAsset;
 use App\Modules\AdversaryMeter\Rules\IsValidDomain;
 use App\Modules\AdversaryMeter\Rules\IsValidIpAddress;
+use App\User;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 
 class CreateAssetListener extends AbstractListener
 {
-    public static function execute(string $asset): ?Asset
+    public static function execute(User $user, string $asset): ?Asset
     {
         if (!IsValidAsset::test($asset)) {
             Log::error("Invalid asset : {$asset}");
@@ -26,6 +28,7 @@ public static function execute(string $asset): ?Asset
         } else {
             $assetType = AssetTypesEnum::RANGE;
         }
+        Auth::login($user); // otherwise the tenant will not be properly set
         return Asset::updateOrCreate(
             [
                 'asset' => $asset,
@@ -42,6 +45,6 @@ protected function handle2($event)
         if (!($event instanceof CreateAsset)) {
             throw new \Exception('Invalid event type!');
         }
-        self::execute($event->asset);
+        self::execute($event->user, $event->asset);
     }
 }
diff --git a/app/Modules/AdversaryMeter/Listeners/DeleteAssetListener.php b/app/Modules/AdversaryMeter/Listeners/DeleteAssetListener.php
@@ -9,11 +9,13 @@
 use App\Modules\AdversaryMeter\Rules\IsValidAsset;
 use App\Modules\AdversaryMeter\Rules\IsValidDomain;
 use App\Modules\AdversaryMeter\Rules\IsValidIpAddress;
+use App\User;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 
 class DeleteAssetListener extends AbstractListener
 {
-    public static function execute(string $asset): bool
+    public static function execute(User $user, string $asset): bool
     {
         if (!IsValidAsset::test($asset)) {
             Log::error("Invalid asset : {$asset}");
@@ -27,6 +29,7 @@ public static function execute(string $asset): bool
             $assetType = AssetTypesEnum::RANGE;
         }
 
+        Auth::login($user); // otherwise the tenant will not be properly set
         Asset::where('asset', $asset)->where('type', $assetType)->delete();
         return true;
     }
@@ -36,6 +39,6 @@ protected function handle2($event)
         if (!($event instanceof DeleteAsset)) {
             throw new \Exception('Invalid event type!');
         }
-        self::execute($event->asset);
+        self::execute($event->user, $event->asset);
     }
 }
diff --git a/app/Modules/AdversaryMeter/Models/Asset.php b/app/Modules/AdversaryMeter/Models/Asset.php
@@ -3,7 +3,7 @@
 namespace App\Modules\AdversaryMeter\Models;
 
 use App\Modules\AdversaryMeter\Enums\AssetTypesEnum;
-use App\Traits\HasTenant;
+use App\Modules\AdversaryMeter\Traits\HasTenant;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;

diff --git a/app/Modules/AdversaryMeter/Models/AssetTag.php b/app/Modules/AdversaryMeter/Models/AssetTag.php
@@ -2,7 +2,7 @@
 
 namespace App\Modules\AdversaryMeter\Models;
 
-use App\Traits\HasTenant;
+use App\Modules\AdversaryMeter\Traits\HasTenant;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 

diff --git a/app/Modules/AdversaryMeter/Models/AssetTagHash.php b/app/Modules/AdversaryMeter/Models/AssetTagHash.php
@@ -2,7 +2,7 @@
 
 namespace App\Modules\AdversaryMeter\Models;
 
-use App\Traits\HasTenant;
+use App\Modules\AdversaryMeter\Traits\HasTenant;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 

diff --git a/app/Modules/AdversaryMeter/Models/HiddenAlert.php b/app/Modules/AdversaryMeter/Models/HiddenAlert.php
@@ -2,12 +2,13 @@
 
 namespace App\Modules\AdversaryMeter\Models;
 
+use App\Modules\AdversaryMeter\Traits\HasTenant;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 
 class HiddenAlert extends Model
 {
-    use HasFactory;
+    use HasFactory, HasTenant;
 
     protected $table = 'hidden_alerts';
     protected $connection = 'mysql_am';

diff --git a/app/Modules/AdversaryMeter/Models/Honeypot.php b/app/Modules/AdversaryMeter/Models/Honeypot.php
@@ -5,7 +5,7 @@
 use App\Modules\AdversaryMeter\Enums\HoneypotCloudProvidersEnum;
 use App\Modules\AdversaryMeter\Enums\HoneypotCloudSensorsEnum;
 use App\Modules\AdversaryMeter\Enums\HoneypotStatusesEnum;
-use App\Traits\HasTenant;
+use App\Modules\AdversaryMeter\Traits\HasTenant;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\HasMany;

diff --git a/app/Modules/AdversaryMeter/Observers/AssetObserver.php b/app/Modules/AdversaryMeter/Observers/AssetObserver.php
@@ -2,7 +2,7 @@
 
 namespace App\Modules\AdversaryMeter\Observers;
 
-use App\Traits\IsTenantAware;
+use App\Modules\AdversaryMeter\Traits\IsTenantAware;
 
 class AssetObserver
 {

diff --git a/app/Modules/AdversaryMeter/Observers/AssetTagHashObserver.php b/app/Modules/AdversaryMeter/Observers/AssetTagHashObserver.php
@@ -2,7 +2,7 @@
 
 namespace App\Modules\AdversaryMeter\Observers;
 
-use App\Traits\IsTenantAware;
+use App\Modules\AdversaryMeter\Traits\IsTenantAware;
 
 class AssetTagHashObserver
 {

diff --git a/app/Modules/AdversaryMeter/Observers/AssetTagObserver.php b/app/Modules/AdversaryMeter/Observers/AssetTagObserver.php
@@ -2,7 +2,7 @@
 
 namespace App\Modules\AdversaryMeter\Observers;
 
-use App\Traits\IsTenantAware;
+use App\Modules\AdversaryMeter\Traits\IsTenantAware;
 
 class AssetTagObserver
 {

diff --git a/app/Modules/AdversaryMeter/Observers/HiddenAlert.php b/app/Modules/AdversaryMeter/Observers/HiddenAlert.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Modules\AdversaryMeter\Observers;
+
+use App\Modules\AdversaryMeter\Traits\IsTenantAware;
+
+class HiddenAlert
+{
+    use IsTenantAware;
+}
diff --git a/app/Modules/AdversaryMeter/Observers/HoneypotObserver.php b/app/Modules/AdversaryMeter/Observers/HoneypotObserver.php
@@ -2,7 +2,7 @@
 
 namespace App\Modules\AdversaryMeter\Observers;
 
-use App\Traits\IsTenantAware;
+use App\Modules\AdversaryMeter\Traits\IsTenantAware;
 
 class HoneypotObserver
 {

diff --git a/app/Modules/AdversaryMeter/Traits/HasTenant.php b/app/Modules/AdversaryMeter/Traits/HasTenant.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Modules\AdversaryMeter\Traits;
+
+use App\Models\Tenant;
+use App\User;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Facades\Auth;
+
+/**
+ * This trait scopes a query using the `created_by` field of the model it is added to.
+ */
+trait HasTenant
+{
+    protected static function booted()
+    {
+        parent::booted();
+        static::addGlobalScope('tenant_scope_am', function (Builder $builder) {
+
+            $user = Auth::user();
+            $tenantId = $user?->tenant_id;
+
+            if ($tenantId) {
+
+                $customerId = $user->customer_id;
+
+                if ($customerId) {
+                    $users = User::select('id')
+                        ->whereRaw("(tenant_id IS NULL OR tenant_id = {$tenantId})")
+                        ->whereRaw("(customer_id IS NULL OR customer_id = {$customerId})")
+                        ->get();
+                } else {
+                    $users = User::select('id')
+                        ->whereRaw("(tenant_id IS NULL OR tenant_id = {$tenantId})")
+                        ->get();
+                }
+
+                $builder->whereNull('created_by')
+                    ->orWhereIn('created_by', $users);
+            }
+        });
+    }
+
+    public function createdBy(): User
+    {
+        return User::where('id', $this->created_by)->firstOrFail();
+    }
+
+    public function tenant(): ?Tenant
+    {
+        return $this->createdBy()->tenant();
+    }
+}