rapid7/metasploit_data_models

View on GitHub
app/models/mdm/user.rb

Summary

Maintainability
A
0 mins
Test Coverage
# A user of metasploit-framework or metasploit-pro.
class Mdm::User < ApplicationRecord
  extend MetasploitDataModels::SerializedPrefs
  
  #
  # Associations
  #

  # Automatic exploitation runs started by this user.
  has_many :automatic_exploitation_runs,
           class_name: 'MetasploitDataModels::AutomaticExploitation::Run',
           inverse_of: :user

  # Automatic exploitation match sets created by this user for {#automatic_exploitation_runs}.
  has_many :automatic_exploitation_match_sets,
           class_name: 'MetasploitDataModels::AutomaticExploitation::MatchSet',
           inverse_of: :user

  # {Mdm::Workspace Workspaces} owned by this user.  Owned workspaces allow user complete permissions without the need
  # or the user to be an {#admin administrator}.
  has_many :owned_workspaces,
           class_name: 'Mdm::Workspace',
           foreign_key: 'owner_id',
           inverse_of: :owner

  # Runs of Metasploit Modules by this user.
  has_many :module_runs,
           class_name: 'MetasploitDataModels::ModuleRun',
           inverse_of: :user

  # Tags created by the user.
  has_many :tags,
           class_name: 'Mdm::Tag',
           inverse_of: :user

  # {Mdm::Workspace Workspace} where this user has access.  If a user is an {#admin administrator} they have access
  # to all workspaces even if they are not a member of that workspace.
  has_and_belongs_to_many :workspaces,
                          -> { distinct },
                          class_name: 'Mdm::Workspace',
                          join_table: 'workspace_members'

  #
  # Attributes
  #

  # @!attribute admin
  #   Whether this user is an administrator.  Administrator permissions are only enforced in metasploit-pro through the
  #   controllers.
  #
  #   @return [false] if this is a normal user that must be added to each workspace.
  #   @return [true] if this user is an administrator and have access to all workspaces without being added to the
  #     workspace explicitly.  User is also allowed to add other users to workspaces or make other users admins.

  # @!attribute company
  #   Company at which user works.
  #
  #   @return [String, nil]

  # @!attribute created_at
  #   When the user was created.
  #
  #   @return [DateTime]

  # @!attribute crypted_password
  #   Hashed password (salted with {#password_salt}) by Authlogic in metasploit-pro.
  #
  #   @return [String]

  # @!attribute email
  #   The user's email address.
  #
  #   @return [String, nil]

  # @!attribute fullname
  #   The user's normal human name.
  #
  #   @return [String, nil]

  # @!attribute password_salt
  #   Salt used when hashing password into {#crypted_password} by Authlogic in metasploit-pro.
  #
  #   @return [String]

  # @!attribute persistence_token
  #   Token used for session and cookie when user is logged using Authlogic in metasploit-pro.
  #
  #   @return [String]

  # @!attribute phone
  #   Phone number for user.
  #
  #   @return [String, nil]

  # @!attribute updated_at
  #   When the user was last updated.
  #
  #   @return [DateTime]

  # @!attribute username
  #   Username for this user.  Used to log into metasploit-pro.
  #
  #   @return [String]

  #
  # Serialziations
  #

  # Hash of user preferences
  #
  # @return [Hash]
  serialize :prefs, coder: MetasploitDataModels::Base64Serializer.new

  # @!attribute time_zone
  #   User's preferred time zone.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :time_zone

  #
  #  @!group Duplicate Login Monitoring
  #

  # @!attribute last_login_address
  #   @note specifically NOT last_login_ip to prevent confusion with AuthLogic magic columns (which dont work for
  #     serialized fields)
  #
  #   Last IP address from which this user logged in.  Used to report currently active user session's IP when the user
  #   is logged off because theire `session[:session_id]` does not match {#session_key}.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :last_login_address

  # @!attribute session_key
  #   Holds `session[:session_id]` so user can only be logged in once.  Only enforced in metasploit-pro.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :session_key

  #
  # @!endgroup
  #

  #
  # @!group HTTP Proxy
  #

  # @!attribute http_proxy_host
  #   Proxy host.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :http_proxy_host

  # @!attribute http_proxy_pass
  #   Password used to login as {#http_proxy_user} to proxy.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :http_proxy_pass

  # @!attribute http_proxy_port
  #   Port on which proxy run on {#http_proxy_host}.
  #
  #   @return [String, Integer, nil]
  serialized_prefs_attr_accessor :http_proxy_port

  # @!attribute http_proxy_user
  #   User used to log into proxy.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :http_proxy_user

  #
  # @!endgroup
  #

  #
  # @!group Nexpose
  #

  # @!attribute nexpose_host
  #   Host name for server running Nexpose.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :nexpose_host

  # @!attribute nexpose_pass
  #   Password to log into Nexpose.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :nexpose_pass

  # @!attribute nexpose_port
  #   Port on {#nexpose_host} on which Nexpose is running.
  #
  #   @return [String, Integer. nil]
  serialized_prefs_attr_accessor :nexpose_port

  # @!attribute nexpose_user
  #   User used to log into Nexpose.
  #
  #   @return [String, nil]
  serialized_prefs_attr_accessor :nexpose_user

  #
  # @!endgroup
  #

  #
  # @!group Nexpose Authenticated Scan Credentials
  #

  # @!attribute nexpose_creds_pass
  #   @return [String, nil]
  serialized_prefs_attr_accessor :nexpose_creds_pass

  # @!attribute nexpose_creds_type
  #   @return [String, nil]
  serialized_prefs_attr_accessor :nexpose_creds_type

  # @!attribute nexpose_creds_user
  #   @return [String, nil]
  serialized_prefs_attr_accessor :nexpose_creds_user

  #
  # @!endgroup
  #

  Metasploit::Concern.run(self)
end