Example #1
0
def user_apikey_route(user_id, action):
    """manage apikey for user"""

    user = User.query.get(user_id)
    form = ButtonForm()
    if user and form.validate_on_submit():

        if action == 'generate':
            apikey = PWS.generate_apikey()
            user.apikey = apikey
            db.session.commit()
            return jsonify({
                'title': 'Apikey operation',
                'detail': 'New apikey generated: %s' % apikey
            }), HTTPStatus.OK

        if action == 'revoke':
            user.apikey = None
            db.session.commit()
            return jsonify({
                'title': 'Apikey operation',
                'detail': 'Apikey revoked'
            }), HTTPStatus.OK

    return jsonify({
        'title': 'Apikey operation',
        'detail': 'Invalid request'
    }), HTTPStatus.BAD_REQUEST
Example #2
0
def job_delete_route(job_id):
    """delete job"""

    form = ButtonForm()

    if form.validate_on_submit():
        job_delete(Job.query.get(job_id))
        return redirect(url_for('scheduler.job_list_route'))

    return render_template('button-delete.html', form=form)
Example #3
0
def queue_delete_route(queue_id):
    """queue delete"""

    form = ButtonForm()

    if form.validate_on_submit():
        queue_delete(Queue.query.get(queue_id))
        return redirect(url_for('scheduler.queue_list_route'))

    return render_template('button-delete.html', form=form)
Example #4
0
def user_delete_route(user_id):
    """delete user"""

    form = ButtonForm()

    if form.validate_on_submit():
        db.session.delete(User.query.get(user_id))
        db.session.commit()
        return redirect(url_for('auth.user_list_route'))

    return render_template('button-delete.html', form=form)
Example #5
0
def host_delete_route(host_id):
    """delete host"""

    form = ButtonForm()

    if form.validate_on_submit():
        db.session.delete(Host.query.get(host_id))
        db.session.commit()
        return redirect(url_for('storage.host_list_route'))

    return render_template('button-delete.html', form=form)
Example #6
0
def excl_delete_route(excl_id):
    """delete exclusion"""

    form = ButtonForm()

    if form.validate_on_submit():
        db.session.delete(Excl.query.get(excl_id))
        db.session.commit()
        return redirect(url_for('scheduler.excl_list_route'))

    return render_template('button-delete.html', form=form)
Example #7
0
def vuln_delete_route(vuln_id):
    """delete vuln"""

    form = ButtonForm()
    if form.validate_on_submit():
        vuln = Vuln.query.get(vuln_id)
        db.session.delete(vuln)
        db.session.commit()
        return redirect(
            url_for('storage.host_view_route', host_id=vuln.host_id))

    return render_template('button-delete.html', form=form)
Example #8
0
def note_delete_route(note_id):
    """delete note"""

    form = ButtonForm()
    if form.validate_on_submit():
        note = Note.query.get(note_id)
        db.session.delete(note)
        db.session.commit()
        return redirect(
            url_for('storage.host_view_route', host_id=note.host_id))

    return render_template('button-delete.html', form=form)
Example #9
0
def login_webauthn_pkcro_route():
    """login webauthn pkcro route"""

    user = User.query.filter(
        User.id == session.get('webauthn_login_user_id')).one_or_none()
    form = ButtonForm()
    if user and form.validate_on_submit():
        pkcro, state = webauthn.authenticate_begin(webauthn_credentials(user))
        session['webauthn_login_state'] = state
        return Response(b64encode(cbor.encode(pkcro)).decode('utf-8'),
                        mimetype='text/plain')

    return '', HTTPStatus.BAD_REQUEST
Example #10
0
def profile_webauthn_delete_route(webauthn_id):
    """delete registered credential"""

    form = ButtonForm()
    if form.validate_on_submit():
        db.session.delete(
            WebauthnCredential.query.filter(
                WebauthnCredential.user_id == current_user.id,
                WebauthnCredential.id == webauthn_id).one())
        db.session.commit()
        return redirect(url_for('auth.profile_route'))

    return render_template('button-delete.html', form=form)
Example #11
0
def queue_prune_route(queue_id):
    """queue prune; delete all queue jobs"""

    form = ButtonForm()

    if form.validate_on_submit():
        for job in Queue.query.get(queue_id).jobs:
            job_delete(job)
        return redirect(url_for('scheduler.queue_list_route'))

    return render_template('button-generic.html',
                           form=form,
                           button_caption='Prune')
Example #12
0
def queue_flush_route(queue_id):
    """queue flush; flush all targets from queue"""

    form = ButtonForm()

    if form.validate_on_submit():
        db.session.query(Target).filter(Target.queue_id == queue_id).delete()
        db.session.commit()
        return redirect(url_for('scheduler.queue_list_route'))

    return render_template('button-generic.html',
                           form=form,
                           button_caption='Flush')
Example #13
0
def vuln_view_route(vuln_id):
    """view vuln"""

    vuln = Vuln.query.get(vuln_id)
    return render_template('storage/vuln/view.html',
                           vuln=vuln,
                           button_form=ButtonForm())
Example #14
0
def host_view_route(host_id):
    """view host"""

    host = Host.query.get(host_id)
    return render_template('storage/host/view.html',
                           host=host,
                           button_form=ButtonForm())
Example #15
0
def note_view_route(note_id):
    """view note"""

    note = Note.query.get(note_id)
    return render_template('storage/note/view.html',
                           note=note,
                           button_form=ButtonForm())
Example #16
0
def profile_webauthn_pkcco_route():
    """get publicKeyCredentialCreationOptions"""

    form = ButtonForm()
    if form.validate_on_submit():
        user = User.query.get(current_user.id)
        user_handle = random_string()
        exclude_credentials = webauthn_credentials(user)
        pkcco, state = webauthn.register_begin(
            {
                'id': user_handle.encode('utf-8'),
                'name': user.username,
                'displayName': user.username
            }, exclude_credentials)
        session['webauthn_register_user_handle'] = user_handle
        session['webauthn_register_state'] = state
        return Response(b64encode(cbor.encode(pkcco)).decode('utf-8'),
                        mimetype='text/plain')

    return '', HTTPStatus.BAD_REQUEST