Add forms and views

Author: kevthehermit

volgui/urls.py

@@ -28,5 +28,7 @@
     url(r'^ajaxhandler/(?P<command>.+)/$', views.ajax_handler),
     url(r'addfiles', views.addfiles),
     url(r'^admin/', admin.site.urls),
+    url(r'^login/', views.login_page),
+    url(r'^logout/', views.logout_page)
 
 ]

web/templates/base.html

@@ -38,6 +38,7 @@
       </ul>
 
       <ul class="nav navbar-nav navbar-right">
+          <li><a href="/logout/">Logout</a></li>
         <li><a href="#" data-toggle="modal" data-target="#pluginModal">Add Plugins</a></li>
         <li><a href="#" data-toggle="modal" data-target="#aboutModal">About</a></li>
         <li class="dropdown">

web/templates/index.html

@@ -6,6 +6,29 @@
 
 {% block content %}
 
+    {% if reqauth %}
+
+    <div class="panel panel-default">
+    <div class="panel-heading">
+        <h3 class="panel-title">Authentication Required.</h3>
+    </div>
+
+    <div class="panel-body">
+        <p>The Administrator of the platform has enabled authentication.</p>
+            <form class="form-inline center-block" action="/login/" method="post">
+              <div class="form-group">
+                <input type="text" class="form-control" id="username" name="username" placeholder="UserName">
+              </div>
+              <div class="form-group">
+                <input type="password" class="form-control" id="password" name="password" placeholder="Password">
+              </div>
+              <button type="submit" class="btn btn-default">Sign in</button>
+              {% csrf_token %}
+            </form>
+    </div>
+    </div>
+
+    {%  else %}
 
     <!-- Search All -->
     <div class="panel panel-default">
@@ -99,4 +122,7 @@ <h3 class="panel-title">Showing {{ session_counts.1 }} to {{ session_counts.0 }}
 <script type="text/javascript">
   setTimeout(function () { location.reload(true); }, 30000);
 </script>
+
+    {% endif %}
+
 {% endblock %}

web/views.py

@@ -16,6 +16,7 @@
 from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
 from django.views.decorators.csrf import csrf_exempt
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth import authenticate, login, logout
 
 try:
     import yara
@@ -150,6 +151,35 @@ def session_creation(request, mem_image, session_id):
 ##
 # Page Views
 ##
+# Login Page
+def login_page(request):
+    try:
+        user_name = request.POST['username']
+        password = request.POST['password']
+        if user_name and password:
+            user = authenticate(username=user_name, password=password)
+            if user is not None:
+                if user.is_active:
+                    login(request, user)
+                    return redirect('/')
+                else:
+                    message = "This account is currently disabled. Please check with your admin."
+                    return main_page(request, error_line=message)
+            else:
+                message = "User does not exist or incorrect password."
+                return main_page(request, error_line=message)
+    except Exception as error:
+        logger.error(error)
+        message = "Unable to login to the Web Panel"
+        return main_page(request, error_line=message)
+
+
+# Logout Page
+def logout_page(request):
+    logout(request)
+    return redirect('/')
+
+
 def main_page(request, error_line=None):
     """
     Returns the main vol page
@@ -169,7 +199,9 @@ def main_page(request, error_line=None):
 
 
     if config['auth']['enable'].lower() == 'true' and not request.user.is_authenticated:
-        return HttpResponse('Auth Required.')
+        return render(request, 'index.html', {'reqauth': True,
+                                              'error_line': error_line
+                                              })
 
 
     # Set Pagination
@@ -208,7 +240,8 @@ def main_page(request, error_line=None):
                                           'session_counts': [session_count, first_session, last_session],
                                           'profile_list': profile_list,
                                           'plugin_dirs': plugin_dirs,
-                                          'error_line': error_line
+                                          'error_line': error_line,
+                                          'reqauth': False
                                           })
 
 def session_page(request, session_id):