put hackerone handle inside user pref enable bug bounty mode

yogeshojha · Sep 6, 2024 · 8bcdfa1 · 8bcdfa1
1 parent 9beca84
commit 8bcdfa1
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/web/targetApp/templates/target/add.html b/web/targetApp/templates/target/add.html
@@ -80,6 +80,7 @@
                 <label for="targetDescription" class="form-label">Target Description (Optional)</label>
                 <input type="text" class="form-control form-control-lg" id="targetDescription" placeholder="Interesting Target" name="targetDescription">
               </div>
+              {% if user_preferences.bug_bounty_mode %}
               <div class="col-12 mt-3">
                 <label for="domainDescription" class="form-label">HackerOne Target Team Handle
                   <br>
@@ -88,6 +89,7 @@
                 <input type="text" class="form-control form-control-lg" id="targetH1TeamHandle" placeholder="team_handle" name="targetH1TeamHandle">
                 <button class="btn btn-primary submit-fn mt-2 float-end" disabled type="submit" name="add-ip-target" id="add-ip-target" value="submit"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-plus"><line x1="12" y1="5" x2="12" y2="19"></line><line x1="5" y1="12" x2="19" y2="12"></line></svg> <span id="add_ip_target_btn">Add Target</span></button>
               </div>
+              {% endif %}
             </form>
           </div>
         </div>
@@ -103,13 +105,15 @@
                 <label for="targetDescription">Target Description (Optional)</label>
                 <input type="text" class="form-control form-control-lg" id="targetDescription" placeholder="Interesting Target" name="targetDescription">
               </div>
+              {% if user_preferences.bug_bounty_mode %}
               <div class="col-12 mt-3">
                 <label for="domainDescription" class="form-label">HackerOne Target Team Handle
                   <br>
                   This is used to send vulnerability reports to the HackerOne Program automatically. Team handle can be found from the program URL, <a href="https://hackerone.com/team_handle">https://hackerone.com/team_handle</a>
                 </label>
                 <input type="text" class="form-control form-control-lg" id="targetH1TeamHandle" placeholder="team_handle" name="targetH1TeamHandle">
               </div>
+              {% endif %}
               <div class="col-12 mt-3">
                 <label for="targetDescription">Target Organization (Optional)</label>
                 <input type="text" class="form-control form-control-lg" id="targetOrganization" placeholder="Example Org" name="targetOrganization">

diff --git a/web/targetApp/templates/target/update.html b/web/targetApp/templates/target/update.html
@@ -38,13 +38,15 @@ <h4 class="header-title">Update Target</h4>
               {{ form.description }}
             </div>
           </div>
+          {% if user_preferences.bug_bounty_mode %}
           <div class="col-12">
             <label for="domainDescription" class="form-label">HackerOne Target Team Handle
               <br>
               This is used to send vulnerability reports to the HackerOne Program automatically. Team handle can be found from the program URL, hackerone.com/team_handle.
             </label>
             {{ form.h1_team_handle }}
           </div>
+          {% endif %}
           <button class="btn btn-primary submit-fn mt-2 float-end" type="submit">Update Target</button>
         </form>
       </div>

diff --git a/web/targetApp/views.py b/web/targetApp/views.py
@@ -50,7 +50,7 @@ def add_target(request, slug):
                 bulk_targets = [t.rstrip() for t in request.POST['addTargets'].split('\n') if t]
                 logger.info(f'Adding multiple targets: {bulk_targets}')
                 description = request.POST.get('targetDescription', '')
-                h1_team_handle = request.POST.get('targetH1TeamHandle')
+                h1_team_handle = request.POST.get('targetH1TeamHandle', '')
                 organization_name = request.POST.get('targetOrganization')
                 for target in bulk_targets:
                     target = target.rstrip('\n')
@@ -242,7 +242,7 @@ def add_target(request, slug):
                     is_domain = bool(validators.domain(ip))
                     is_ip = bool(validators.ipv4(ip)) or bool(validators.ipv6(ip))
                     description = request.POST.get('targetDescription', '')
-                    h1_team_handle = request.POST.get('targetH1TeamHandle')
+                    h1_team_handle = request.POST.get('targetH1TeamHandle', '')
                     if not Domain.objects.filter(name=ip).exists():
                         domain, created = Domain.objects.get_or_create(
                             name=ip,