Merge pull request #919 from dfir-iris/api_v2_code_uniformization

Api v2 code uniformization

Author: whikernel

e2e/tests/api.js

@@ -8,7 +8,7 @@ const createCase = async (rest) => {
         data: {
             case_name: caseName,
             case_description: 'Case description',
-            case_customer: 1,
+            case_customer_id: 1,
             case_soc_id: ''
         }
     });

source/app/blueprints/graphql/cases.py

@@ -35,8 +35,14 @@
 from app.business.cases import cases_create
 from app.business.cases import cases_delete
 from app.business.cases import cases_update
+from app.business.cases import cases_get_by_identifier
+from app.business.errors import BusinessProcessingError
 from app.blueprints.graphql.permissions import permissions_check_current_user_has_some_permission
 from app.blueprints.graphql.permissions import permissions_check_current_user_has_some_case_access
+from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
+from app.schema.marshables import CaseSchema
+from app.iris_engine.access_control.iris_user import iris_current_user
+from app.datamgmt.manage.manage_access_control_db import user_has_client_access
 
 from app.blueprints.graphql.iocs import IOCConnection
 
@@ -104,8 +110,13 @@ def mutate(root, info, name, description, client_id, soc_id=None, classification
             request['case_soc_id'] = soc_id
         if classification_id:
             request['classification_id'] = classification_id
-        case = cases_create(request)
-        return CaseCreate(case=case)
+
+        request_data = call_deprecated_on_preload_modules_hook('case_create', request, None)
+        schema = CaseSchema()
+        case = schema.load(request_data)
+        case_template_id = request_data.pop('case_template_id', None)
+        result = cases_create(case, case_template_id)
+        return CaseCreate(case=result)
 
 
 class CaseDelete(Mutation):
@@ -170,5 +181,22 @@ def mutate(root, info, case_id, name=None, soc_id=None, classification_id=None,
         permissions_check_current_user_has_some_permission([Permissions.standard_user])
         permissions_check_current_user_has_some_case_access(case_id, [CaseAccessLevel.full_access])
 
-        case, _ = cases_update(case_id, request)
+        case = cases_get_by_identifier(case_id)
+
+        # If user tries to update the customer, check if the user has access to the new customer
+        if request.get('case_customer') and request.get('case_customer') != case.client_id:
+            if not user_has_client_access(iris_current_user.id, request.get('case_customer')):
+                raise BusinessProcessingError('Invalid customer ID. Permission denied.')
+
+        if 'case_name' in request:
+            short_case_name = request.get('case_name').replace(f'#{case.case_id} - ', '')
+            request['case_name'] = f'#{case.case_id} - {short_case_name}'
+        request['case_customer'] = case.client_id if not request.get('case_customer') else request.get('case_customer')
+        request['reviewer_id'] = None if request.get('reviewer_id') == '' else request.get('reviewer_id')
+
+        add_case_schema = CaseSchema()
+        updated_case = add_case_schema.load(request, instance=case, partial=True)
+        protagonists = request.get('protagonists')
+        tags = request.get('case_tags')
+        case = cases_update(case, updated_case, protagonists, tags)
         return CaseUpdate(case=case)

source/app/blueprints/graphql/iocs.py

@@ -32,6 +32,8 @@
 from app.business.iocs import iocs_get
 from app.business.iocs import iocs_update
 from app.business.iocs import iocs_delete
+from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
+from app.schema.marshables import IocSchema
 
 from graphene.relay import Connection
 
@@ -78,7 +80,11 @@ def mutate(root, info, case_id, type_id, tlp_id, value, description=None, tags=N
         }
         permissions_check_current_user_has_some_case_access(case_id, [CaseAccessLevel.full_access])
 
-        ioc, _ = iocs_create(request, case_id)
+        request_data = call_deprecated_on_preload_modules_hook('ioc_create', request, case_id)
+        request_data['case_id'] = case_id
+        add_ioc_schema = IocSchema()
+        ioc = add_ioc_schema.load(request_data)
+        ioc = iocs_create(ioc)
         return IOCCreate(ioc=ioc)
 
 
@@ -124,7 +130,15 @@ def mutate(root, info, ioc_id, type_id=None, tlp_id=None, value=None, descriptio
         if modification_history:
             request['modification_history'] = modification_history
         ioc = iocs_get(ioc_id)
-        ioc, _ = iocs_update(ioc, request)
+
+        request_data = call_deprecated_on_preload_modules_hook('ioc_update', request, ioc.case_id)
+
+        # validate before saving
+        ioc_schema = IocSchema()
+        request_data['ioc_id'] = ioc.ioc_id
+        request_data['case_id'] = ioc.case_id
+        ioc_sc = ioc_schema.load(request_data, instance=ioc, partial=True)
+        ioc = iocs_update(ioc, ioc_sc)
         return IOCCreate(ioc=ioc)
 
 

source/app/blueprints/pages/login/login_routes.py

@@ -48,6 +48,8 @@
 from app.iris_engine.access_control.iris_user import iris_current_user
 from app.iris_engine.utils.tracker import track_activity
 from app.datamgmt.manage.manage_groups_db import get_groups_list
+from app.business.auth import generate_auth_tokens
+from app.schema.marshables import UserSchema
 
 login_blueprint = Blueprint(
     'login',
@@ -89,7 +91,13 @@ def _authenticate_ldap(form, username, password, local_fallback=True):
         if user is None:
             return _render_template_login(form, 'Wrong credentials. Please try again.')
 
-        return wrap_login_user(user)
+        user_data = UserSchema(exclude=['user_password', 'mfa_secrets', 'webauthn_credentials']).dump(user)
+
+        # Generate auth tokens for API access
+        tokens = generate_auth_tokens(user)
+        user_data.update({'tokens': tokens})
+
+        return wrap_login_user(user_data)
 
     except Exception as e:
         log.error(e.__str__())

source/app/blueprints/pages/manage/manage_cases_routes.py

@@ -122,7 +122,7 @@ def add_case_modal(caseid: int, url_redir: bool):
                                   is_server_administrator=ac_current_user_has_permission(
                                       Permissions.server_administrator))
 
-    form.case_customer.choices = [(c['customer_id'], c['customer_name']) for c in client_list]
+    form.case_customer_id.choices = [(c['customer_id'], c['customer_name']) for c in client_list]
 
     form.classification_id.choices = [(clc['id'], clc['name_expanded']) for clc in get_case_classifications_list()]
     form.case_template_id.choices = [(ctp['id'], ctp['display_name']) for ctp in get_case_templates_list()]

source/app/blueprints/pages/manage/templates/modal_add_case.html

@@ -16,7 +16,7 @@ <h4>Create a new case</h4>
 
                     <div class="mt-4">
                         <div class="input-group mb-4">
-                            {{ form.case_customer(class="selectpicker form-control") }}
+                            {{ form.case_customer_id(class="selectpicker form-control") }}
                         </div>
                         <div class="input-group mb-4">
                             <div class="input-group-prepend">

source/app/blueprints/rest/case/case_evidences_routes.py

@@ -18,7 +18,7 @@
 
 from datetime import datetime
 
-import marshmallow
+from marshmallow import ValidationError
 from flask import Blueprint
 from flask import request
 
@@ -46,6 +46,7 @@
 from app.business.evidences import evidences_delete
 from app.business.evidences import evidences_update
 from app.business.errors import BusinessProcessingError
+from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
 
 
 case_evidences_rest_blueprint = Blueprint('case_evidences_rest', __name__)
@@ -81,11 +82,16 @@ def case_rfiles_state(caseid):
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def case_add_rfile(caseid):
+    evidence_schema = CaseEvidenceSchema()
     try:
-        evidence = evidences_create(caseid, request.get_json())
-        evidence_schema = CaseEvidenceSchema()
+        request_data = call_deprecated_on_preload_modules_hook('evidence_create', request.get_json(), caseid)
+        evidence = evidence_schema.load(request_data)
+
+        evidence = evidences_create(caseid, evidence)
         return response_success('Evidence added', data=evidence_schema.dump(evidence))
 
+    except ValidationError as e:
+        return response_error('Data error', data=e.messages)
     except BusinessProcessingError as e:
         return response_error(e.get_message(), data=e.get_data())
 
@@ -108,18 +114,22 @@ def case_get_evidence(cur_id, caseid):
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def case_edit_rfile(cur_id, caseid):
+    evidence_schema = CaseEvidenceSchema()
     try:
         crf = get_rfile(cur_id)
         if not crf:
             return response_error('Invalid evidence ID for this case')
 
-        evd = evidences_update(crf, request.get_json())
+        request_data = call_deprecated_on_preload_modules_hook('evidence_update', request.get_json(), crf.case_id)
+        request_data['id'] = crf.id
+        evidence = evidence_schema.load(request_data, instance=crf, partial=True)
+
+        evd = evidences_update(evidence)
 
-        evidence_schema = CaseEvidenceSchema()
         return response_success(f'Evidence {evd.filename} updated', data=evidence_schema.dump(evd))
 
-    except marshmallow.exceptions.ValidationError as e:
-        return response_error(msg="Data error", data=e.messages)
+    except ValidationError as e:
+        return response_error(msg='Data error', data=e.messages)
 
     except BusinessProcessingError as e:
         return response_error(e.get_message(), data=e.get_data())
@@ -184,7 +194,7 @@ def case_comment_evidence_add(cur_id, caseid):
         track_activity(f"evidence \"{evidence.filename}\" commented", caseid=caseid)
         return response_success("Evidence commented", data=comment_schema.dump(comment))
 
-    except marshmallow.exceptions.ValidationError as e:
+    except ValidationError as e:
         return response_error(msg="Data error", data=e.normalized_messages())
 
 

source/app/blueprints/rest/case/case_ioc_routes.py

@@ -23,6 +23,7 @@
 import marshmallow
 from flask import Blueprint
 from flask import request
+from marshmallow import ValidationError
 
 from app import db
 from app.blueprints.rest.case_comments import case_comment_update
@@ -56,6 +57,7 @@
 from app.blueprints.access_controls import ac_api_return_access_denied
 from app.blueprints.responses import response_error
 from app.blueprints.responses import response_success
+from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
 
 case_ioc_rest_blueprint = Blueprint('case_ioc_rest', __name__)
 
@@ -104,8 +106,13 @@ def deprecated_case_add_ioc(caseid):
     ioc_schema = IocSchema()
 
     try:
-        ioc, msg = iocs_create(request.get_json(), caseid)
-        return response_success(msg, data=ioc_schema.dump(ioc))
+        request_data = call_deprecated_on_preload_modules_hook('ioc_create', request.get_json(), caseid)
+        request_data['case_id'] = caseid
+        ioc = ioc_schema.load(request_data)
+        ioc = iocs_create(ioc)
+        return response_success('IOC added', data=ioc_schema.dump(ioc))
+    except ValidationError as e:
+        return response_error('Data error', e.messages)
     except BusinessProcessingError as e:
         return response_error(e.get_message(), data=e.get_data())
 
@@ -240,8 +247,19 @@ def case_update_ioc(cur_id, caseid):
 
     try:
         ioc = iocs_get(cur_id)
-        ioc, msg = iocs_update(ioc, request.get_json())
-        return response_success(msg, data=ioc_schema.dump(ioc))
+
+        request_data = call_deprecated_on_preload_modules_hook('ioc_update', request.get_json(), ioc.case_id)
+
+        # validate before saving
+        request_data['ioc_id'] = ioc.ioc_id
+        request_data['case_id'] = ioc.case_id
+        ioc_sc = ioc_schema.load(request_data, instance=ioc, partial=True)
+        ioc = iocs_update(ioc, ioc_sc)
+        return response_success(f'Updated ioc "{ioc.ioc_value}"', data=ioc_schema.dump(ioc))
+
+    except ValidationError as e:
+        return response_error('Data error', e.messages)
+
     except BusinessProcessingError as e:
         return response_error(e.get_message(), data=e.get_data())
 

source/app/blueprints/rest/case/case_tasks_routes.py

@@ -18,7 +18,7 @@
 
 from datetime import datetime
 
-import marshmallow
+from marshmallow import ValidationError
 from flask import Blueprint
 from flask import request
 
@@ -49,6 +49,7 @@
 from app.blueprints.access_controls import ac_api_requires
 from app.blueprints.responses import response_error
 from app.blueprints.responses import response_success
+from app.iris_engine.module_handler.module_handler import call_deprecated_on_preload_modules_hook
 
 case_tasks_rest_blueprint = Blueprint('case_tasks_rest', __name__)
 
@@ -110,9 +111,22 @@ def case_task_status_update(cur_id: int, caseid: int):
 def deprecated_case_add_task(caseid: int):
     task_schema = CaseTaskSchema()
     try:
-        msg, task = tasks_create(case_identifier=caseid,
-                                 request_json=request.get_json())
-        return response_success(msg, data=task_schema.dump(task))
+        request_data = call_deprecated_on_preload_modules_hook('task_create', request.get_json(), caseid)
+
+        if 'task_assignee_id' in request_data or 'task_assignees_id' not in request_data:
+            raise BusinessProcessingError('task_assignee_id is not valid anymore since v1.5.0')
+
+        task_assignee_list = request_data['task_assignees_id']
+        del request_data['task_assignees_id']
+
+        task = task_schema.load(request_data)
+        task.task_case_id = caseid
+        task = tasks_create(task, task_assignee_list)
+        return response_success(f'Task "{task.task_title}" added', data=task_schema.dump(task))
+
+    except ValidationError as e:
+        return response_error('Data error', e.messages)
+
     except BusinessProcessingError as e:
         return response_error(e.get_message(), data=e.get_data())
 
@@ -136,18 +150,29 @@ def deprecated_case_task_view(cur_id: int, caseid: int):
 @ac_requires_case_identifier(CaseAccessLevel.full_access)
 @ac_api_requires()
 def deprecated_case_edit_task(cur_id: int, caseid: int):
+    task_schema = CaseTaskSchema()
     try:
         task = get_task(task_id=cur_id)
         if not task:
             return response_error(msg='Invalid task ID for this case')
 
-        task = tasks_update(task, request.get_json())
-        task_schema = CaseTaskSchema()
+        case_identifier = task.task_case_id
+        request_data = call_deprecated_on_preload_modules_hook('task_update', request.get_json(), case_identifier)
 
-        return response_success(msg='Task updated', data=task_schema.dump(task))
+        if 'task_assignee_id' in request_data or 'task_assignees_id' not in request_data:
+            return response_error('task_assignee_id is not valid anymore since v1.5.0')
+
+        task_assignee_list = request_data['task_assignees_id']
+        del request_data['task_assignees_id']
+
+        request_data['id'] = task.id
+        task = task_schema.load(request_data, instance=task)
 
-    except marshmallow.exceptions.ValidationError as e:
-        return response_error(msg='Data error', data=e.messages)
+        task = tasks_update(task, task_assignee_list)
+
+        return response_success(msg='Task updated', data=task_schema.dump(task))
+    except ValidationError as e:
+        return response_error('Data error', data=e.messages)
 
 
 @case_tasks_rest_blueprint.route('/case/tasks/delete/<int:cur_id>', methods=['POST'])
@@ -160,7 +185,7 @@ def deprecated_case_delete_task(cur_id: int, caseid: int):
         tasks_delete(task)
         return response_success('Task deleted')
     except BusinessProcessingError as e:
-        return response_error(msg=e.get_message(), data=e.get_data())
+        return response_error(e.get_message(), data=e.get_data())
 
 
 @case_tasks_rest_blueprint.route('/case/tasks/<int:cur_id>/comments/list', methods=['GET'])
@@ -210,7 +235,7 @@ def case_comment_task_add(cur_id: int, caseid: int):
         track_activity(f"task \"{task.task_title}\" commented", caseid=caseid)
         return response_success("Task commented", data=comment_schema.dump(comment))
 
-    except marshmallow.exceptions.ValidationError as e:
+    except ValidationError as e:
         return response_error(msg="Data error", data=e.normalized_messages())