def patch(self, audit_uuid): """Update the specified audit""" audit = AuditResource.get_by_id(audit_uuid=audit_uuid, withContacts=False, withScans=False) schema = AuditUpdateSchema(only=[ "name", "description", "contacts", "password", "ip_restriction", "password_protection", "slack_default_webhook_url", ]) params, errors = schema.load(request.json) if errors: abort(400, errors) if params.get( "password_protection") == True and "password" not in params: abort(400, "Password must be provided when enforcing protection") if "password" in params: params["password"] = Utils.get_password_hash(params["password"]) if params.get("password_protection") == False: params["password"] = "" contacts = [] if "contacts" in params: contacts = params["contacts"] params.pop("contacts") with db.database.atomic(): if params != {}: AuditTable.update(params).where( AuditTable.id == audit["id"]).execute() if len(contacts) > 0: for contact in contacts: contact["audit_id"] = audit["id"] ContactTable.delete().where( ContactTable.audit_id == audit["id"]).execute() ContactTable.insert_many(contacts).execute() return AuditResource.get_by_id(audit_uuid=audit["uuid"], withContacts=True, withScans=True)
def post(self, audit_uuid): """Publish an API token for the specified audit""" audit = AuditResource.get_by_id(audit_uuid=audit_uuid, withContacts=False, withScans=False) if audit["ip_restriction"] == True: if Utils.is_source_ip_permitted(request.access_route[0]) == False: abort(403, "Not allowed to access from your IP address") if audit["password_protection"] == True: params, errors = AuditTokenInputSchema().load(request.json) if errors: abort(400, errors) if Utils.get_password_hash( params["password"]) != audit["password"]: abort(401, "Invalid password") token = create_access_token(identity={ "scope": audit_uuid, "restricted": False }) return {"token": token}, 200