def post(self): """Publish an API token for administrators""" if Utils.is_source_ip_permitted(request.access_route[0]) == False: abort(403, "Not allowed to access from your IP address") params, errors = AuthInputSchema().load(request.json) if errors: abort(400, errors) if params["password"] != app.config["ADMIN_PASSWORD"]: abort(401, "Invalid password") token = create_access_token(identity={"scope": "*", "restricted": False}) return {"token": token}, 200
def post(self, audit_uuid): """Publish an API token for the specified audit""" audit = AuditResource.get_by_id(audit_uuid=audit_uuid, withContacts=False, withScans=False) if audit["ip_restriction"] == True: if Utils.is_source_ip_permitted(request.access_route[0]) == False: abort(403, "Not allowed to access from your IP address") if audit["password_protection"] == True: params, errors = AuditTokenInputSchema().load(request.json) if errors: abort(400, errors) if Utils.get_password_hash( params["password"]) != audit["password"]: abort(401, "Invalid password") token = create_access_token(identity={ "scope": audit_uuid, "restricted": False }) return {"token": token}, 200