move logic to model and remove potential harmful code (void useing del)

2024-11-16 18:08:11 +01:00 · 2024-11-16 18:08:11 +01:00 · 2813a095de
parent b7d7b9041d
commit 2813a095de
2 changed files with 36 additions and 34 deletions
--- a/device/models.py
+++ b/device/models.py
@ -1,3 +1,4 @@
+import json
 from django.db import models, connection

 from utils.constants import ALGOS
@ -305,3 +306,32 @@ class Device:
        if not self.last_evidence:
            self.get_last_evidence()
        return self.last_evidence.get_components()
+
+    def get_components_data(self, is_user_authenticated):
+        if is_user_authenticated:
+            return self.components
+
+        public_components = json.loads(json.dumps(self.components))
+        self.remove_sensitive_data_from(public_components)
+        return public_components
+
+    def remove_sensitive_data_from(self, components):
+        for component in components:
+            component.pop('SerialNumber', None)
+            component.pop('serial_number', None)
+
+    def get_device_data(self, should_include_sensitive_fields):
+        data = {
+            'id': self.id,
+            'shortid': self.shortid,
+            'uuids': self.uuids,
+            'hids': self.hids,
+            'components': self.get_components_data(should_include_sensitive_fields),
+        }
+
+        if should_include_sensitive_fields:
+            data.update({
+                'serial_number': self.serial_number,
+            })
+
+        return data
--- a/device/views.py
+++ b/device/views.py
@ -115,14 +115,15 @@ class PublicDeviceWebView(TemplateView):
    template_name = "device_web.html"

    def get(self, request, *args, **kwargs):
-        self.pk = kwargs['pk']
-        self.object = Device(id=self.pk)
+        self.object = Device(id=kwargs['pk'])

        if not self.object.last_evidence:
            raise Http404

        if self.request.headers.get('Accept') == 'application/json':
-            return self.get_json_response()
+            json_response = self.create_json_response(
+                self.request.user.is_authenticated)
+            return json_response
        return super().get(request, *args, **kwargs)

    def get_context_data(self, **kwargs):
@ -133,37 +134,8 @@ class PublicDeviceWebView(TemplateView):
        })
        return context

-    @property
-    def public_fields(self):
-        return {
-            'id': self.object.id,
-            'shortid': self.object.shortid,
-            'uuids': self.object.uuids,
-            'hids': self.object.hids,
-            'components': self.remove_serial_number_from(self.object.components),
-        }
-
-    @property
-    def authenticated_fields(self):
-        return {
-            'serial_number': self.object.serial_number,
-            'components': self.object.components,
-        }
-
-    def remove_serial_number_from(self, components):
-        for component in components:
-            if 'serial_number' in component:
-                del component['SerialNumber']
-        return components
-
-    def get_device_data(self):
-        data = self.public_fields
-        if self.request.user.is_authenticated:
-            data.update(self.authenticated_fields)
-        return data
-
-    def get_json_response(self):
-        device_data = self.get_device_data()
+    def create_json_response(self, is_user_authenticated):
+        device_data = self.object.get_device_data(is_user_authenticated)
        return JsonResponse(device_data)