Added a note about OSD on main page + updated TODOs in code

266a71cb · Václav Bartoš · 5ddb0912 · 266a71cb · 266a71cb · 266a71cb
Commit 266a71cb authored 2 years ago by Václav Bartoš
--- a/config.py
+++ b/config.py
@@ -19,10 +19,6 @@ CORTEX_API_KEY_FILE = os.path.join(SOCTOOLS_BASE, "secrets/tokens/cortex_secret_
 MGMT_USER_NAME = "soctools-user-mgmt"
 MGMT_USER_CERT_PATH = os.path.join(SOCTOOLS_BASE, "secrets/CA/issued/soctools-user-mgmt.crt")
 MGMT_USER_KEY_PATH = os.path.join(SOCTOOLS_BASE, "secrets/CA/private/soctools-user-mgmt.key")
-# TODO FIXME "SOC_Admin" used instead for initial testing
-# MGMT_USER_NAME = "SOC_Admin"
-# MGMT_USER_CERT_PATH = os.path.join(SOCTOOLS_BASE, "secrets/certificates/SOC_Admin.crt.pem")
-# MGMT_USER_KEY_PATH = os.path.join(SOCTOOLS_BASE, "secrets/certificates/SOC_Admin.key.pem")
 # Following parameters are set up dynamically by load_config() in main.py
 SOCTOOLSPROXY = None

--- a/main.py
+++ b/main.py
@@ -20,7 +20,7 @@ from thehive import *
 from cortex import *
 app = Flask(__name__)
-app.secret_key = "ASDF1234 - CHANGE ME!"
+app.secret_key = "ASDF1234 - CHANGE ME!" # TODO: set dynamically to something random
 @app.before_first_request
@@ -638,11 +638,9 @@ def _send_token(username: str, email: str) -> Tuple[bool, Optional[str]]:
 # TODO:
-#   (re)send cert-access token for existing user - DONE (on click in table)
+#  - revoke and delete certificate when user is deleted
-#   automatically create certificate when creating new user (optionally automatically send email with token) - DONE
+#  - send tokens via email
-#   revoke and delete certificate when user is deleted
+#  - authentication/authorization to this GUI
-#   make CN=username (so cert filename also matches the username (it's stored by CN)) - DONE
 # @app.route("/test_cert/<func>")
 # def test_cert_endpoint(func):
@@ -650,15 +648,6 @@ def _send_token(username: str, email: str) -> Tuple[bool, Optional[str]]:
 #     result = str(getattr(certificates, func)(**request.args))
 #     return make_response(result)
-# TODO other services (besides Keycloak)
-#  - NiFi - DONE
-#  - MISP - DONE
-#  - Kibana? - account doesn't need to be added, but it needs to add privileges
-#  - TheHive + Cortex
-# TODO authentication/authorization to this GUI
 # When the script is run directly, run the application on a local development server.
 # Optionally pass two parameters, 'host' (IP to listen on) and 'port',
 # e.g.: ./main.py 0.0.0.0 8080

--- a/templates/main.html
+++ b/templates/main.html
@@ -107,4 +107,8 @@ document.getElementById('show-internal').addEventListener('change', function(eve
 {% endfor %}
 </table>
+<h3>OpenSearch Dashboards</h3>
+OpenSearch Dashboards does not keep a list of users, it is currently configured to allow (full) access to any user authenticated by Keycloak (i.e. those listed in the first table).
 {% endblock %}
\ No newline at end of file