def patch(self, audit_uuid):
"""Update the specified audit"""
audit = AuditResource.get_by_id(audit_uuid=audit_uuid,
withContacts=False,
withScans=False)
schema = AuditUpdateSchema(only=[
"name",
"description",
"contacts",
"password",
"ip_restriction",
"password_protection",
"slack_default_webhook_url",
])
params, errors = schema.load(request.json)
if errors:
abort(400, errors)
if params.get(
"password_protection") == True and "password" not in params:
abort(400, "Password must be provided when enforcing protection")
if "password" in params:
params["password"] = Utils.get_password_hash(params["password"])
if params.get("password_protection") == False:
params["password"] = ""
contacts = []
if "contacts" in params:
contacts = params["contacts"]
params.pop("contacts")
with db.database.atomic():
if params != {}:
AuditTable.update(params).where(
AuditTable.id == audit["id"]).execute()
if len(contacts) > 0:
for contact in contacts:
contact["audit_id"] = audit["id"]
ContactTable.delete().where(
ContactTable.audit_id == audit["id"]).execute()
ContactTable.insert_many(contacts).execute()
return AuditResource.get_by_id(audit_uuid=audit["uuid"],
withContacts=True,
withScans=True)
def post(self, audit_uuid):
"""Publish an API token for the specified audit"""
audit = AuditResource.get_by_id(audit_uuid=audit_uuid,
withContacts=False,
withScans=False)
if audit["ip_restriction"] == True:
if Utils.is_source_ip_permitted(request.access_route[0]) == False:
abort(403, "Not allowed to access from your IP address")
if audit["password_protection"] == True:
params, errors = AuditTokenInputSchema().load(request.json)
if errors:
abort(400, errors)
if Utils.get_password_hash(
params["password"]) != audit["password"]:
abort(401, "Invalid password")
token = create_access_token(identity={
"scope": audit_uuid,
"restricted": False
})
return {"token": token}, 200
