def post(self):
"""Publish an API token for administrators"""
if Utils.is_source_ip_permitted(request.access_route[0]) == False:
abort(403, "Not allowed to access from your IP address")
params, errors = AuthInputSchema().load(request.json)
if errors:
abort(400, errors)
if params["password"] != app.config["ADMIN_PASSWORD"]:
abort(401, "Invalid password")
token = create_access_token(identity={"scope": "*", "restricted": False})
return {"token": token}, 200
def post(self, audit_uuid):
"""Publish an API token for the specified audit"""
audit = AuditResource.get_by_id(audit_uuid=audit_uuid,
withContacts=False,
withScans=False)
if audit["ip_restriction"] == True:
if Utils.is_source_ip_permitted(request.access_route[0]) == False:
abort(403, "Not allowed to access from your IP address")
if audit["password_protection"] == True:
params, errors = AuditTokenInputSchema().load(request.json)
if errors:
abort(400, errors)
if Utils.get_password_hash(
params["password"]) != audit["password"]:
abort(401, "Invalid password")
token = create_access_token(identity={
"scope": audit_uuid,
"restricted": False
})
return {"token": token}, 200
