def user_apikey_route(user_id, action): """manage apikey for user""" user = User.query.get(user_id) form = ButtonForm() if user and form.validate_on_submit(): if action == 'generate': apikey = PWS.generate_apikey() user.apikey = apikey db.session.commit() return jsonify({ 'title': 'Apikey operation', 'detail': 'New apikey generated: %s' % apikey }), HTTPStatus.OK if action == 'revoke': user.apikey = None db.session.commit() return jsonify({ 'title': 'Apikey operation', 'detail': 'Apikey revoked' }), HTTPStatus.OK return jsonify({ 'title': 'Apikey operation', 'detail': 'Invalid request' }), HTTPStatus.BAD_REQUEST
def job_delete_route(job_id): """delete job""" form = ButtonForm() if form.validate_on_submit(): job_delete(Job.query.get(job_id)) return redirect(url_for('scheduler.job_list_route')) return render_template('button-delete.html', form=form)
def queue_delete_route(queue_id): """queue delete""" form = ButtonForm() if form.validate_on_submit(): queue_delete(Queue.query.get(queue_id)) return redirect(url_for('scheduler.queue_list_route')) return render_template('button-delete.html', form=form)
def user_delete_route(user_id): """delete user""" form = ButtonForm() if form.validate_on_submit(): db.session.delete(User.query.get(user_id)) db.session.commit() return redirect(url_for('auth.user_list_route')) return render_template('button-delete.html', form=form)
def host_delete_route(host_id): """delete host""" form = ButtonForm() if form.validate_on_submit(): db.session.delete(Host.query.get(host_id)) db.session.commit() return redirect(url_for('storage.host_list_route')) return render_template('button-delete.html', form=form)
def excl_delete_route(excl_id): """delete exclusion""" form = ButtonForm() if form.validate_on_submit(): db.session.delete(Excl.query.get(excl_id)) db.session.commit() return redirect(url_for('scheduler.excl_list_route')) return render_template('button-delete.html', form=form)
def vuln_delete_route(vuln_id): """delete vuln""" form = ButtonForm() if form.validate_on_submit(): vuln = Vuln.query.get(vuln_id) db.session.delete(vuln) db.session.commit() return redirect( url_for('storage.host_view_route', host_id=vuln.host_id)) return render_template('button-delete.html', form=form)
def note_delete_route(note_id): """delete note""" form = ButtonForm() if form.validate_on_submit(): note = Note.query.get(note_id) db.session.delete(note) db.session.commit() return redirect( url_for('storage.host_view_route', host_id=note.host_id)) return render_template('button-delete.html', form=form)
def login_webauthn_pkcro_route(): """login webauthn pkcro route""" user = User.query.filter( User.id == session.get('webauthn_login_user_id')).one_or_none() form = ButtonForm() if user and form.validate_on_submit(): pkcro, state = webauthn.authenticate_begin(webauthn_credentials(user)) session['webauthn_login_state'] = state return Response(b64encode(cbor.encode(pkcro)).decode('utf-8'), mimetype='text/plain') return '', HTTPStatus.BAD_REQUEST
def profile_webauthn_delete_route(webauthn_id): """delete registered credential""" form = ButtonForm() if form.validate_on_submit(): db.session.delete( WebauthnCredential.query.filter( WebauthnCredential.user_id == current_user.id, WebauthnCredential.id == webauthn_id).one()) db.session.commit() return redirect(url_for('auth.profile_route')) return render_template('button-delete.html', form=form)
def queue_prune_route(queue_id): """queue prune; delete all queue jobs""" form = ButtonForm() if form.validate_on_submit(): for job in Queue.query.get(queue_id).jobs: job_delete(job) return redirect(url_for('scheduler.queue_list_route')) return render_template('button-generic.html', form=form, button_caption='Prune')
def queue_flush_route(queue_id): """queue flush; flush all targets from queue""" form = ButtonForm() if form.validate_on_submit(): db.session.query(Target).filter(Target.queue_id == queue_id).delete() db.session.commit() return redirect(url_for('scheduler.queue_list_route')) return render_template('button-generic.html', form=form, button_caption='Flush')
def vuln_view_route(vuln_id): """view vuln""" vuln = Vuln.query.get(vuln_id) return render_template('storage/vuln/view.html', vuln=vuln, button_form=ButtonForm())
def host_view_route(host_id): """view host""" host = Host.query.get(host_id) return render_template('storage/host/view.html', host=host, button_form=ButtonForm())
def note_view_route(note_id): """view note""" note = Note.query.get(note_id) return render_template('storage/note/view.html', note=note, button_form=ButtonForm())
def profile_webauthn_pkcco_route(): """get publicKeyCredentialCreationOptions""" form = ButtonForm() if form.validate_on_submit(): user = User.query.get(current_user.id) user_handle = random_string() exclude_credentials = webauthn_credentials(user) pkcco, state = webauthn.register_begin( { 'id': user_handle.encode('utf-8'), 'name': user.username, 'displayName': user.username }, exclude_credentials) session['webauthn_register_user_handle'] = user_handle session['webauthn_register_state'] = state return Response(b64encode(cbor.encode(pkcco)).decode('utf-8'), mimetype='text/plain') return '', HTTPStatus.BAD_REQUEST