def user_apikey_route(user_id, action):
"""manage apikey for user"""
user = User.query.get(user_id)
form = ButtonForm()
if user and form.validate_on_submit():
if action == 'generate':
apikey = PWS.generate_apikey()
user.apikey = PWS.hash_simple(apikey)
db.session.commit()
return jsonify({
'title': 'Apikey operation',
'detail': 'New apikey generated: %s' % apikey
}), HTTPStatus.OK
if action == 'revoke':
user.apikey = None
db.session.commit()
return jsonify({
'title': 'Apikey operation',
'detail': 'Apikey revoked'
}), HTTPStatus.OK
return jsonify({
'title': 'Apikey operation',
'detail': 'Invalid request'
}), HTTPStatus.BAD_REQUEST
def job_delete_route(job_id):
"""delete job"""
form = ButtonForm()
if form.validate_on_submit():
job_delete(Job.query.get(job_id))
return redirect(url_for('scheduler.job_list_route'))
return render_template('button-delete.html', form=form)
def queue_delete_route(queue_id):
"""queue delete"""
form = ButtonForm()
if form.validate_on_submit():
queue_delete(Queue.query.get(queue_id))
return redirect(url_for('scheduler.queue_list_route'))
return render_template('button-delete.html', form=form)
def profile_webauthn_delete_route(webauthn_id):
"""delete registered credential"""
form = ButtonForm()
if form.validate_on_submit():
db.session.delete(
WebauthnCredential.query.filter(WebauthnCredential.user_id == current_user.id, WebauthnCredential.id == webauthn_id).one())
db.session.commit()
return redirect(url_for('auth.profile_route'))
return render_template('button-delete.html', form=form)
def excl_delete_route(excl_id):
"""delete exclusion"""
form = ButtonForm()
if form.validate_on_submit():
db.session.delete(Excl.query.get(excl_id))
db.session.commit()
return redirect(url_for('scheduler.excl_list_route'))
return render_template('button-delete.html', form=form)
def host_delete_route(host_id):
"""delete host"""
form = ButtonForm()
if form.validate_on_submit():
db.session.delete(Host.query.get(host_id))
db.session.commit()
return redirect(url_for('storage.host_list_route'))
return render_template('button-delete.html', form=form)
def job_repeat_route(job_id):
"""repeat job; requeues targets into same queue, used for rescheduling of failed jobs"""
form = ButtonForm()
if form.validate_on_submit():
job = Job.query.get(job_id)
queue_enqueue(job.queue, json.loads(job.assignment)['targets'])
return redirect(url_for('scheduler.job_list_route'))
return render_template('button-generic.html', form=form)
def note_delete_route(note_id):
"""delete note"""
form = ButtonForm()
if form.validate_on_submit():
note = Note.query.get(note_id)
db.session.delete(note)
db.session.commit()
return redirect(url_for('storage.host_view_route', host_id=note.host_id))
return render_template('button-delete.html', form=form)
def user_delete_route(user_id):
"""delete user"""
form = ButtonForm()
if form.validate_on_submit():
db.session.delete(User.query.get(user_id))
db.session.commit()
return redirect(url_for('auth.user_list_route'))
return render_template('button-delete.html', form=form)
def vuln_delete_route(vuln_id):
"""delete vuln"""
form = ButtonForm()
if form.validate_on_submit():
vuln = Vuln.query.get(vuln_id)
db.session.delete(vuln)
db.session.commit()
return redirect(
url_for('storage.host_view_route', host_id=vuln.host_id))
return render_template('button-delete.html', form=form)
def queue_flush_route(queue_id):
"""queue flush; flush all targets from queue"""
form = ButtonForm()
if form.validate_on_submit():
Target.query.filter(Target.queue_id == queue_id).delete()
db.session.commit()
return redirect(url_for('scheduler.queue_list_route'))
return render_template('button-generic.html',
form=form,
button_caption='Flush')
def queue_prune_route(queue_id):
"""queue prune; delete all queue jobs"""
form = ButtonForm()
if form.validate_on_submit():
for job in Queue.query.get(queue_id).jobs:
job_delete(job)
return redirect(url_for('scheduler.queue_list_route'))
return render_template('button-generic.html',
form=form,
button_caption='Prune')
def login_webauthn_pkcro_route():
"""login webauthn pkcro route"""
user = User.query.filter(
User.id == session.get('webauthn_login_user_id')).one_or_none()
form = ButtonForm()
if user and form.validate_on_submit():
pkcro, state = webauthn.authenticate_begin(webauthn_credentials(user))
session['webauthn_login_state'] = state
return Response(b64encode(cbor.encode(pkcro)).decode('utf-8'),
mimetype='text/plain')
return '', HTTPStatus.BAD_REQUEST
def host_view_route(host_id):
"""view host"""
host = Host.query.get(host_id)
return render_template('storage/host/view.html',
host=host,
button_form=ButtonForm())
def profile_webauthn_pkcco_route():
"""get publicKeyCredentialCreationOptions"""
form = ButtonForm()
if form.validate_on_submit():
user = User.query.get(current_user.id)
user_handle = random_string()
exclude_credentials = webauthn_credentials(user)
pkcco, state = webauthn.register_begin(
{'id': user_handle.encode('utf-8'), 'name': user.username, 'displayName': user.username},
exclude_credentials)
session['webauthn_register_user_handle'] = user_handle
session['webauthn_register_state'] = state
return Response(b64encode(cbor.encode(pkcco)).decode('utf-8'), mimetype='text/plain')
return '', HTTPStatus.BAD_REQUEST
def vuln_view_route(vuln_id):
"""view vuln"""
vuln = Vuln.query.get(vuln_id)
return render_template('storage/vuln/view.html',
vuln=vuln,
button_form=ButtonForm())
def note_view_route(note_id):
"""view note"""
note = Note.query.get(note_id)
return render_template('storage/note/view.html',
note=note,
button_form=ButtonForm())
