github-starred/burp-ui
2
0
Fork 0
mirror of https://github.com/ziirish/burp-ui.git synced 2026-05-15 14:16:08 -06:00
Code Issues 1 Projects Packages Wiki Activity Actions

WIP: add authorizations page

Browse source
This commit is contained in:
ziirish 2018-03-22 17:55:44 +01:00
parent 598c98e39a
commit 2deb87c968
No known key found for this signature in database
GPG key ID: 72DB229A64B54E46
13 changed files with 561 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -13,6 +13,7 @@ dist
_build
.tags
celerybeat-schedule
Pipfile*
pkgs/burp-ui-sql/burpui_sql/VERSION
pkgs/burp-ui-extra/burpui_extra/VERSION
pkgs/burp-ui-agent/burpui_agent

16
burpui/routes.py
View file

@ -151,14 +151,24 @@ def admin_authentication(user):
return render_template('admin/authentication.html', admin=True, authentication=True, user=user, backend=backend, ng_controller='AdminCtrl')
@view.route('/admin')
@view.route('/admin/authorizations')
@login_required
def admin():
def admin_authorizations():
# Only the admin can access this page
if not current_user.is_anonymous and not current_user.acl.is_admin() and \
not current_user.acl.is_moderator():
abort(403)
return render_template('admin.html', admin=True, ng_controller='AdminCtrl')
return render_template('admin-authorizations.html', admin=True, authorizations=True, ng_controller='AdminCtrl')
@view.route('/admin/authentications')
@login_required
def admin_authentications():
# Only the admin can access this page
if not current_user.is_anonymous and not current_user.acl.is_admin() and \
not current_user.acl.is_moderator():
abort(403)
return render_template('admin-authentications.html', admin=True, authentications=True, ng_controller='AdminCtrl')
@view.route('/me')

15
burpui/templates/admin.html → burpui/templates/admin-authentications.html
View file

@ -35,11 +35,11 @@
</fieldset>
</form>
</div>
<br />
<h3>{{ _('Users list') }}</h3>
<hr />
</div>
<div class="form-container">
<legend>{{ _('Users list') }}</legend>
<div id="waiting-user-container" class="row">
<i class="fa fa-spin fa-fw fa-refresh" aria-hidden="true"></i>{{ _('Loading, Please wait...') }}
<i class="fa fa-spin fa-fw fa-refresh" aria-hidden="true"></i>&nbsp;{{ _('Loading, Please wait...') }}
<br />
<div class="progress progress-striped active">
<div class="progress-bar progress-bar-info" style="width: 100%"></div>
@ -61,16 +61,13 @@
</table>
</div>
</div>
<div class="form-container">
<legend id="authorization">{{ _('Authorization') }}</legend>
</div>
</div>
<div id="delete-user-modal" class="modal fade">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title">Confirmation</h4>
<h4 class="modal-title">{{ _('Confirmation') }}</h4>
</div>
<div class="modal-body">
<div class="alert alert-warning">
@ -96,7 +93,7 @@
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title">Confirmation</h4>
<h4 class="modal-title">{{ _('Confirmation') }}</h4>
</div>
<div class="modal-body">
<form class="form-horizontal">

111
burpui/templates/admin-authorizations.html Normal file
View file

@ -0,0 +1,111 @@
{% extends "layout.html" %}
{% block body %}
{% include "notifications.html" %}
<div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
{% include "small_topbar.html" %}
<ul class="breadcrumb" style="margin-bottom: 5px;">
<li><a href="{{ url_for('view.home') }}">{{ _('Home') }}</a></li>
<li class="active">{{ _('Administration') }}</li>
</ul>
<br />
<div class="form-container">
<legend id="authentication">{{ _('Authentication') }}</legend>
<div class="row well">
<form action="{{ url_for('api.auth_users') }}" method="PUT" class="form-inline" name="pctrl.userAdd" ng-submit="addUser($event)">
<fieldset>
<Legend>{{ _('Create new User') }}</Legend>
<div class="form-group" ng-class="{'has-error': pctrl.userAdd.auth_username.$touched && !pctrl.userAdd.auth_username.$valid}">
<label class="sr-only" for="auth_username">{{ _('Username') }}</label>
<input class="form-control" type="text" id="auth_username" name="auth_username" placeholder="{{ _('Username') }}" ng-model="auth_username" required>
</div>
<div class="form-group" ng-class="{'has-error': pctrl.userAdd.auth_password.$touched && !pctrl.userAdd.auth_password.$valid}">
<label class="sr-only" for="auth_password">{{ _('Password') }}</label>
<input class="form-control" type="password" id="auth_password" name="auth_password" placeholder="{{ _('Password') }}" ng-model="auth_password" required>
</div>
<div class="form-group">
<label class="sr-only" for="auth_backend">{{ _('Backend') }}</label>
<select class="form-control" name="auth_backend" id="auth_backend" ng-model="auth_backend" ng-change="checkSelect()" required>
<option selected disabled value="placeholder">{{ _('Authentication Backend') }}</option>
{% raw -%}
<option ng-repeat="back in auth_backends" ng-disabled="!back.add" value="{{ back.name }}">{{ back.name }}</option>
{% endraw -%}
</select>
</div>
<button class="btn btn-success" type="submit" ng-disabled="!pctrl.userAdd.$valid"><i class="fa fa-plus" aria-hidden="true"></i>&nbsp;{{ _('Create') }}</button>
</fieldset>
</form>
</div>
</div>
<div class="form-container">
<legend>{{ _('Users list') }}</legend>
<div id="waiting-user-container" class="row">
<i class="fa fa-spin fa-fw fa-refresh" aria-hidden="true"></i>&nbsp;{{ _('Loading, Please wait...') }}
<br />
<div class="progress progress-striped active">
<div class="progress-bar progress-bar-info" style="width: 100%"></div>
</div>
</div>
<div class="table-responsive" id="table-users-container" style="display: none;">
<table class="table table-striped table-hover nowrap" id="table-users" width="100%">
<thead>
<tr>
<th>{{ _('Username') }}</th>
<th>{{ _('Authentication Backend') }}</th>
<th>{{ _('Role') }}</th>
<th>{{ _('Groups') }}</th>
<th>{{ _('Controls') }}</th>
</tr>
</thead>
<tbody>
</tbody>
</table>
</div>
</div>
</div>
<div id="delete-user-modal" class="modal fade">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title">{{ _('Confirmation') }}</h4>
</div>
<div class="modal-body">
<div class="alert alert-warning">
<i class="fa fa-fw fa-2x fa-question-circle"></i>{{ _('You are about to delete a user, are you sure?') }}
</div>
<form class="form-horizontal" id="delete-user-form">
<fieldset id="delete-details">
</fieldset>
</form>
<div class="alert alert-danger" id="delete-confirm" style="display:none;">
<strong><i class="fa fa-fw fa-2x fa-exclamation-circle"></i>{{ _('Warning!') }}</strong> {{ _('You are about to remove your <strong>current</strong> user.') }}
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">{{ _('Cancel') }}</button>
<button type="button" class="btn btn-info" data-dismiss="modal" id="perform-delete">{{ _('Confirm') }}</button>
</div>
</div>
</div>
</div>
<div id="edit-user-modal" class="modal fade">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title">{{ _('Confirmation') }}</h4>
</div>
<div class="modal-body">
<form class="form-horizontal">
<fieldset id="edit-details">
</fieldset>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">{{ _('Cancel') }}</button>
<button type="button" class="btn btn-info" data-dismiss="modal" id="perform-edit">{{ _('Edit') }}</button>
</div>
</div>
</div>
</div>
{% endblock %}

2
burpui/templates/admin/authentication.html
View file

@ -5,7 +5,7 @@
{% include "small_topbar.html" %}
<ul class="breadcrumb" style="margin-bottom: 5px;">
<li><a href="{{ url_for('view.home') }}">{{ _('Home') }}</a></li>
<li><a href="{{ url_for('view.admin') }}">{{ _('Administration') }}</a></li>
<li><a href="{{ url_for('view.admin_authentications') }}">{{ _('Administration') }}</a></li>
<li class="active">{{ _('Authentication user %(backend)s/%(user)s', backend=backend, user=user) }}</li>
</ul>
<br />

2
burpui/templates/admin/sessions.html
View file

@ -5,7 +5,7 @@
{% include "small_topbar.html" %}
<ul class="breadcrumb" style="margin-bottom: 5px;">
<li><a href="{{ url_for('view.home') }}">{{ _('Home') }}</a></li>
<li><a href="{{ url_for('view.admin') }}">{{ _('Administration') }}</a></li>
<li><a href="{{ url_for('view.admin_authentications') }}">{{ _('Administration') }}</a></li>
<li class="active">{{ _('%(user)s\'s sessions', user=user) }}</li>
</ul>
<br />

6
burpui/templates/gerard.js
View file

@ -365,8 +365,10 @@ $('#input-client').typeahead({
{% include "js/admin/authorization.js" %}
{% elif sessions -%}
{% include "js/admin/sessions.js" %}
{% else -%}
{% include "js/admin.js" %}
{% elif authorizations -%}
{% include "js/admin-authorizations.js" %}
{% elif authentications -%}
{% include "js/admin-authentications.js" %}
{% endif -%}
{% endif -%}

4
burpui/templates/js/admin.js → burpui/templates/js/admin-authentications.js
View file

@ -1,4 +1,3 @@
/***
* The Settings Panel is managed with AngularJS.
* Following is the AngularJS Application and Controller.
@ -412,9 +411,6 @@ $('#perform-edit').on('click', function(e) {
location = "{{ url_for('view.admin_authentication', user='') }}"+$('#edit_backend').data('id')+'?backend='+$('#edit_backend option:selected').text();
});
/* Add user */
/* user sessions */
$( document ).on('click', '.btn-sessions-user', function(e) {
var user_id = $(this).data('member');

418
burpui/templates/js/admin-authorizations.js Normal file
View file

@ -0,0 +1,418 @@
/***
* The Settings Panel is managed with AngularJS.
* Following is the AngularJS Application and Controller.
* Our $scope is initialized with a $http request that retrieves a JSON like that:
* {
* "boolean": [
* "key",
* ...
* ],
* "defaults": {
* "key1": "default",
* "key2": false,
* "key3": [
* 4,
* 2,
* ],
* ...
* },
* "integer": [
* "key",
* ],
* "multi": [
* "key",
* ],
* "placeholders": {
* "key": "placeholder",
* ...
* },
* "results": {
* "boolean": [
* {
* "name": "key",
* "value": true
* },
* ...
* ],
* "clients": [
* {
* "name": "clientname",
* "value": "/etc/burp/clientconfdir/clientname"
* },
* ...
* ],
* "common": [
* {
* "name": "key",
* "value": "val"
* },
* ...
* ],
* "integer": [
* {
* "name": "key",
* "value": 42
* },
* ...
* ],
* "multi": [
* {
* "name": "key",
* "value": [
* "value1",
* "value2",
* ...
* ]
* },
* ...
* ],
* "includes": [
* "glob",
* "example*.conf",
* ...
* ],
* "includes_ext": [
* "glob",
* "example1.conf",
* "example_toto.conf",
* ...
* ]
* },
* "server_doc": {
* "key": "documentations of the specified key from the manpage",
* ...
* },
* "string": [
* "key",
* ...
* ],
* "suggest": {
* "key": [
* "value1",
* "value2",
* ],
* [...]
* }
* }
* The JSON is then split-ed out into several dict/arrays to build our form.
*/
{% import 'macros.html' as macros %}
var _cache_id = _EXTRA;
var _me = undefined;
var _users = {};
var _auth_backends = {};
var _users_array = [];
var __promises = [];
var __globals_promises = [];
var app = angular.module('MainApp', ['ngSanitize', 'ui.select', 'mgcrea.ngStrap', 'datatables']);
app.config(function(uiSelectConfig) {
uiSelectConfig.theme = 'bootstrap';
});
app.controller('AdminCtrl', ['$scope', '$http', '$scrollspy', 'DTOptionsBuilder', 'DTColumnDefBuilder', function($scope, $http, $scrollspy, DTOptionsBuilder, DTColumnDefBuilder) {
var vm = this;
$scope.auth_backends = [];
$http.get('{{ url_for("api.auth_backends") }}', { headers: { 'X-From-UI': true } })
.then(function (response) {
$scope.auth_backends = [];
_auth_backends = {};
angular.forEach(response.data, function(back, i) {
_auth_backends[back.name] = back;
$scope.auth_backends.push(back);
});
$scope.auth_backend = "placeholder";
vm.userAdd.auth_backend.$setValidity('valid', false);
vm.userAdd.$setPristine();
});
$scope.checkSelect = function() {
vm.userAdd.auth_backend.$setValidity('valid', ($scope.auth_backend != "placeholder"));
};
$scope.addUser = function(e) {
e.preventDefault();
var form = $(e.target);
submit = form.find('button[type="submit"]');
sav = submit.html();
submit.html('<i class="fa fa-fw fa-spinner fa-pulse" aria-hidden="true"></i>&nbsp;{{ _("Creating...") }}');
submit.attr('disabled', true);
$http({
url: form.attr('action'),
method: form.attr('method'),
params: {
username: $scope.auth_username,
password: $scope.auth_password,
backend: $scope.auth_backend,
},
headers: { 'X-From-UI': true },
})
.catch(myFail)
.then(function(response) {
notifAll(response.data);
$scope.auth_username = null;
$scope.auth_password = null;
$scope.auth_backend = "placeholder";
vm.userAdd.auth_backend.$setValidity('valid', false);
vm.userAdd.auth_username.$setUntouched();
vm.userAdd.auth_password.$setUntouched();
vm.userAdd.auth_password.$setPristine();
vm.userAdd.$setPristine();
_authentication();
})
.finally(function() {
submit.html(sav);
submit.attr('disabled', false);
});
};
}]);
var _users_table = $('#table-users').DataTable( {
{{ macros.translate_datatable() }}
{{ macros.get_page_length() }}
responsive: true,
processing: true,
fixedHeader: true,
select: {
style: 'os',
},
data: [],
rowId: 'id',
rowCallback: function( row, data, index ) {
var classes = row.className.split(' ');
_.each(classes, function(cl) {
if (_.indexOf(['odd', 'even'], cl) != -1) {
row.className = cl;
return;
}
});
_.each(data.raw, function(raw) {
if (raw.name === _me.name && raw.backend == _me.backend) {
row.className += ' success';
return;
}
});
},
columns: [
{
data: null,
render: function ( data, type, row ) {
return data.id;
}
},
{
data: null,
render: function ( data, type, row ) {
var ret = '';
$.each(data.backends, function(i, back) {
ret += '<span class="label label-default">'+back+'</span>&nbsp;';
});
return ret;
}
},
{
data: null,
render: function ( data, type, row ) {
var ret = '';
$.each(data.roles, function(i, role) {
ret += '<span class="label label-warning">'+role+'</span>&nbsp;';
});
return ret;
}
},
{
data: null,
render: function ( data, type, row ) {
var ret = '';
$.each(data.groups, function(i, group) {
ret += '<span class="label label-primary">'+group+'</span>&nbsp;';
});
return ret;
}
},
{
data: null,
render: function ( data, type, row ) {
return '<button data-member="'+data.id+'" class="btn btn-xs btn-danger btn-delete-user" title="{{ _("Remove") }}"><i class="fa fa-trash" aria-hidden="true"></i></button>&nbsp;<button data-member="'+data.id+'" class="btn btn-xs btn-info btn-edit-user" title="{{ _("Edit") }}"><i class="fa fa-pencil" aria-hidden="true"></i></button>&nbsp;<button data-member="'+data.id+'" class="btn btn-xs btn-warning btn-sessions-user" title="{{ _("Sessions") }}"><i class="fa fa-list-alt" aria-hidden="true"></i></button>';
}
},
],
});
var g = $.getJSON('{{ url_for("api.admin_me") }}').done(function (data) {
_me = data;
});
__globals_promises.push(g);
var _authentication = function() {
$('#waiting-user-container').show();
$('#table-users-container').hide();
var __usernames = [];
$.getJSON('{{ url_for("api.auth_users") }}').done(function (users) {
__promises = [];
$.each(users, function(i, user) {
__usernames.push(user.name);
if (_users[user.name]) {
if (_users[user.name]['backends'].indexOf(user.backend) === -1) {
_users[user.name]['backends'].push(user.backend);
}
if (_users[user.name]['raw'].indexOf(user) === -1) {
_users[user.name]['raw'].push(user);
}
} else {
_users[user.name] = {
id: user.name,
backends: [user.backend],
roles: [],
groups: [],
raw: [user],
};
var p = $.getJSON('{{ url_for("api.acl_groups_of", member="") }}'+user.name).done(function (data) {
_users[user.name]['groups'] = data.groups;
});
__promises.push(p);
p = $.getJSON('{{ url_for("api.acl_is_admin", member="") }}'+user.name).done(function (data) {
if (data.admin) {
_users[user.name]['roles'].push('admin');
}
});
__promises.push(p);
p = $.getJSON('{{ url_for("api.acl_is_moderator", member="") }}'+user.name).done(function (data) {
if (data.moderator) {
_users[user.name]['roles'].push('moderator');
}
});
__promises.push(p);
}
});
var redraw = false;
_users_array = [];
$.each(_users, function(key, value) {
if (__usernames.indexOf(key) == -1) {
delete _users[key];
redraw = true;
} else {
_users_array.push(value);
}
});
if (redraw) {
_users_table.clear();
_users_table.rows.add(_users_array).draw();
$('#waiting-user-container').hide();
$('#table-users-container').show();
}
$.when.apply( $, __promises ).done(function() {
_users_array = [];
$.each(_users, function(key, value) {
_users_array.push(value);
});
_users_table.clear();
_users_table.rows.add(_users_array).draw();
$('#waiting-user-container').hide();
$('#table-users-container').show();
});
});
};
var _admin = function() {
_authentication();
};
{{ macros.page_length('#table-list-clients') }}
{{ macros.page_length('#table-list-templates') }}
$( document ).ready(function () {
$('#config-nav a').click(function (e) {
e.preventDefault();
$(this).tab('show');
});
});
/* Delete user */
var _remove_selected = 0;
$( document ).on('click', '.btn-delete-user', function(e) {
var user_id = $(this).data('member');
var user = _users[user_id];
var content = '<legend>{{ _("Please select the backend(s) from which to remove the user:") }}</legend>';
$.each(user['backends'], function(i, back) {
var disabled_legend = '{{ _("The backend does not support user removal") }}';
var disabled = 'disabled title="'+disabled_legend+'"';
var is_enabled = _auth_backends[back]['del'];
content += '<div class="checkbox"><label><input type="checkbox" name="user_backend" data-id="'+user_id+'" data-backend="'+back+'" '+(is_enabled?'':disabled)+'>'+back+(is_enabled?'':' <em>('+disabled_legend+')</em>')+'</label></div>';
});
/* disable submit button while we did not select a backend */
$('#perform-delete').prop('disabled', true);
$('#delete-details').html(content);
$('#delete-user-modal').modal('toggle');
});
$( document ).on('change', 'input[name=user_backend]', function(e) {
var user_id = $(this).data('id');
var backend = $(this).data('backend');
if (user_id == _me.id && backend == _me.backend) {
if ($(this).is(':checked')) {
$('#delete-confirm').show();
} else {
$('#delete-confirm').hide();
}
}
if ($(this).is(':checked')) {
_remove_selected++;
} else {
_remove_selected--;
}
if (_remove_selected > 0) {
$('#perform-delete').prop('disabled', false);
} else {
$('#perform-delete').prop('disabled', true);
}
});
$('#perform-delete').on('click', function(e) {
$.each($('input[name=user_backend]'), function(i, elmt) {
var e = $(elmt);
if (e.is(':checked')) {
$.ajax({
url: "{{ url_for('api.auth_users', name='') }}"+$(e).data('id')+"?backend="+$(e).data('backend'),
type: 'DELETE',
headers: { 'X-From-UI': true },
}).done(function(data) {
notifAll(data);
_authentication();
}).fail(myFail);
}
});
});
/* Edit user */
$( document ).on('click', '.btn-edit-user', function(e) {
var user_id = $(this).data('member');
var user = _users[user_id];
var content = '<legend>{{ _("Please select the backend from which to edit the user from:") }}</legend>';
content += '<div class="form-group"><label for="edit_backend" class="col-lg-2 control-label">Backend</label>';
content += '<div class="col-lg-10"><select class="form-control" id="edit_backend" name="edit_backend" data-id="'+user_id+'"><option disabled selected value="placeholder">'+'{{ _("Please select a backend") }}'+'</option>';
$.each(user['backends'], function(i, back) {
is_enabled = _auth_backends[back]['mod'];
content += '<option'+(is_enabled?'':' disabled')+'>'+back+'</option>';
});
content += '</select></div></div>';
$('#perform-edit').prop('disabled', true);
$('#edit-details').html(content);
$('#edit-user-modal').modal('toggle');
});
$( document ).on('change', '#edit_backend', function(e) {
if ($('#edit_backend option:selected').val() != 'placeholder') {
$('#perform-edit').prop('disabled', false);
}
});
$('#perform-edit').on('click', function(e) {
location = "{{ url_for('view.admin_authentication', user='') }}"+$('#edit_backend').data('id')+'?backend='+$('#edit_backend option:selected').text();
});
/* user sessions */
$( document ).on('click', '.btn-sessions-user', function(e) {
var user_id = $(this).data('member');
location = "{{ url_for('view.admin_sessions', user='') }}"+user_id;
});

2
burpui/templates/settings.html
View file

@ -66,7 +66,7 @@
<div id="config-tab-content" class="tab-content">
<div class="tab-pane fade active in" id="config">
<div id="waiting-container" class="row">
<i class="fa fa-fw fa-spin fa-refresh" aria-hidden="true"></i>{{ _('Loading, Please wait...') }}
<i class="fa fa-fw fa-spin fa-refresh" aria-hidden="true"></i>&nbsp;{{ _('Loading, Please wait...') }}
<br />
<div class="progress progress-striped active">
<div class="progress-bar progress-bar-info" style="width: 100%"></div>

7
burpui/templates/sideadmin.html
View file

@ -1,9 +1,8 @@
<div id="navbar-config">
<h4>{{ _('Administration navigation') }}</h4>
<ul class="nav nav-sidebar bui-scrollspy">
<li class="active" data-target="#authentication"><a class="scroll" href="#authentication">{{ _('Authentication') }}</a></li>
<!-- <li data-target="#settings"><a class="scroll" href="#settings">{{ _('Settings') }}</a></li> -->
<li data-target="#authorization"><a class="scroll" href="#acl">{{ _('Authorization') }}</a></li>
<ul class="nav nav-sidebar">
<li class="active"><a href="{{ url_for('view.admin_authentications') }}">{{ _('Authentication') }}</a></li>
<li><a href="{{ url_for('view.admin_authorizations') }}">{{ _('Authorization') }}</a></li>
</ul>
</div>

2
burpui/templates/topbar.html
View file

@ -54,7 +54,7 @@
{% if current_user and current_user.is_authenticated -%}
{% if current_user.is_admin or current_user.is_moderator -%}
<li class="detail {% if admin %}active{% endif %}">
<a href="{{ url_for('view.admin') }}">
<a href="{{ url_for('view.admin_authentications') }}">
<i class="fa fa-cogs" aria-hidden="true"></i><span class="dtl">&nbsp;{{ _('Administration') }}</span>
</a>
</li>

2
burpui/templates/user.html
View file

@ -106,7 +106,7 @@
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title">Confirmation</h4>
<h4 class="modal-title">{{ _('Confirmation') }}</h4>
</div>
<div class="modal-body">
<div class="alert alert-warning">