From cc2941ea0c8cae8d2f15d24d802f96940145bd77 Mon Sep 17 00:00:00 2001 From: csavelief Date: Fri, 9 Aug 2024 10:35:21 +0200 Subject: [PATCH] Closes #54 --- app/Helpers/AdversaryMeter.php | 61 ++++++++++++++++++++++++++++------ app/Models/YnhServer.php | 14 ++++---- 2 files changed, 58 insertions(+), 17 deletions(-) diff --git a/app/Helpers/AdversaryMeter.php b/app/Helpers/AdversaryMeter.php index f458b86..93587b3 100644 --- a/app/Helpers/AdversaryMeter.php +++ b/app/Helpers/AdversaryMeter.php @@ -6,29 +6,30 @@ use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Http; use Illuminate\Support\Facades\Log; +use Illuminate\Support\Str; class AdversaryMeter { public static function redirectUrl() { - $apiToken = Auth::user()->am_api_token; // TODO : throw an error if not set ? + $apiToken = self::findAnyAdversaryMeterApiToken(Auth::user()); // TODO : throw an error if not set ? $apiUrl = self::url(); return asset('adversary_meter') . "/src/index.html?api_token={$apiToken}&api_url={$apiUrl}"; } - public static function addAsset(string $client, User $user, string $asset): array + public static function addAsset(string $team, User $user, string $asset): array { - return self::addAsset2(self::apiKey(), $client, $user->email, $asset); + return self::addAsset2(self::apiKey(), $team, $user->email, $asset); } - public static function removeAsset(string $client, User $user, string $asset): array + public static function removeAsset(string $team, User $user, string $asset): array { - return self::removeAsset2(self::apiKey(), $client, $user->email, $asset); + return self::removeAsset2(self::apiKey(), $team, $user->email, $asset); } - public static function switchTeam(string $client, User $user): array + public static function switchTeam(string $team, User $user): array { - return self::switchTeam2($user->am_api_token, $client, $user->email); + return self::switchTeam2($user->am_api_token, $team, $user->email); } private static function addAsset2(string $apiKey, string $team, string $user, string $asset): array @@ -38,7 +39,7 @@ private static function addAsset2(string $apiKey, string $team, string $user, st 'Authorization' => 'Bearer ' . $apiKey, 'Accept' => 'application/json', ])->post($endpointUrl, [ - 'team' => $team, + 'team' => self::normalizeTeamName($team), 'username' => $user, 'asset' => $asset, ]); @@ -59,7 +60,7 @@ private static function removeAsset2(string $apiKey, string $team, string $user, 'Accept' => 'application/json', 'Content-Type' => 'application/json', ])->delete($endpoint, [ - 'team' => $team, + 'team' => self::normalizeTeamName($team), 'username' => $user, 'asset' => $asset, ]); @@ -80,7 +81,7 @@ private static function switchTeam2(string $apiKey, string $team, string $user) 'Accept' => 'application/json', 'Content-Type' => 'application/json', ])->post($endpoint, [ - 'team' => $team, + 'team' => self::normalizeTeamName($team), 'username' => $user, ]); if ($response->successful()) { @@ -101,4 +102,44 @@ private static function apiKey(): string { return config('towerify.adversarymeter.api_key'); } + + private static function normalizeTeamName(string $team): string + { + return Str::replace(' ', '', Str::lower($team)); + } + + private static function findAnyAdversaryMeterApiToken(User $user): ?string + { + if ($user->am_api_token) { + return $user->am_api_token; + } + + $tenantId = $user->tenant_id; + $customerId = $user->customer_id; + + if ($customerId) { + + // Find the first user of this customer with an API token + $userTmp = User::where('customer_id', $customerId) + ->where('tenant_id', $tenantId) + ->whereNotNull('am_api_token') + ->first(); + + if ($userTmp) { + return $userTmp->am_api_token; + } + } + if ($tenantId) { + + // Find the first user of this tenant with an API token + $userTmp = User::where('tenant_id', $tenantId) + ->whereNotNull('am_api_token') + ->first(); + + if ($userTmp) { + return $userTmp->am_api_token; + } + } + return null; + } } \ No newline at end of file diff --git a/app/Models/YnhServer.php b/app/Models/YnhServer.php index f144371..6cc39cd 100644 --- a/app/Models/YnhServer.php +++ b/app/Models/YnhServer.php @@ -313,13 +313,13 @@ public function latestTraces(): Collection public function startMonitoringAsset(User $user, string $domainOrIpAddress): bool { - $tenant = $user->tenant(); + $team = $user->customer?->company_name; - if (!$tenant || !$user) { + if (!$team) { return false; } - $json = AdversaryMeter::addAsset($tenant->name, $user, $domainOrIpAddress); + $json = AdversaryMeter::addAsset($team, $user, $domainOrIpAddress); if (count($json) === 0) { return false; @@ -331,19 +331,19 @@ public function startMonitoringAsset(User $user, string $domainOrIpAddress): boo // TODO : check that $user->am_api_token is equal to $json['api_token'] ? } - AdversaryMeter::switchTeam($tenant->name, $user); + AdversaryMeter::switchTeam($team, $user); return true; } public function stopMonitoringAsset(User $user, string $domainOrIpAddress): bool { - $tenant = $user->tenant(); + $team = $user->customer?->company_name; - if (!$tenant || !$user) { + if (!$team) { return false; } - $json = AdversaryMeter::removeAsset($tenant->name, $user, $domainOrIpAddress); + $json = AdversaryMeter::removeAsset($team, $user, $domainOrIpAddress); if (count($json) === 0) { return false;