Loading web/advanced_api.py +9 −9 Original line number Diff line number Diff line Loading @@ -56,18 +56,22 @@ class Advanced_API(API): ############# # Decorator # ############# def getAuth(): method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) # Adding and removing space to ensure decent split name, key = (':'+auth.strip()).rsplit(":", 1) name = name[1:] # Adding and removing colon to ensure decent split return method, name, key def authErrors(): # Check auth if not request.headers.get('Authorization'): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) # Adding and removing space to ensure decent split method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ['basic', 'token']: data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400) else: try: name, token = (':'+auth.strip()).rsplit(":", 1) name = name[1:] # Adding and removing colon to ensure decent split if method.lower() == 'basic': authenticator = AuthenticationHandler() if not authenticator.validateUser(name, token): data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) Loading Loading @@ -145,16 +149,12 @@ class Advanced_API(API): @token_required # Of course only the login credentials would work def api_admin_get_token(self): method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) name, token = (':'+auth.strip()).rsplit(":", 1) name = name[1:] method, name, key = Advanced_API.getAuth() return db.getToken(name) @token_required def api_admin_generate_token(self): method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) name, token = (':'+auth.strip()).rsplit(":", 1) name = name[1:] method, name, key = Advanced_API.getAuth() return db.generateToken(name) @token_required Loading web/templates/api.html +3 −2 Original line number Diff line number Diff line Loading @@ -98,10 +98,11 @@ <p> Some API calls require authentication. Authentication is done in one of two ways: <ul> <li>Username - Password (Not recommended)</li> <li>Username - Token </li> <li>basic <username>:<password> (Not recommended)</li> <li>token <username>:<token> </li> </ul> Authentication is done by adding the following header to the HTTP request: <br /> <pre>Authorization: basic user:password123</pre> or <pre>Authorization: token user:679c2955085b46e48155b84f4c878844</pre> <br /> <b>PLEASE NOTE: Neither the password nor the token are obfuscated, so it is <u>strongly</u> advised to use HTTPS</b> </p> Loading web/templates/documentation/api/blacklist_add +1 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ {% set id = "blacklist_add" %} {% set title = "/api/admin/blacklist/add" %} {% set method = "PUT" %} {% set headers = [('Content-Type', "This field is required to be set to:", "application/x-www-form-urlencoded")]%} {% set formdata = [('cpe', "CPE code in cpe2.2 or cpe2.3 format", "cpe:2.3:o:gnu:gcc#Comment"), ('type', "CPE type", "cpe, targetsoftware or targethardware")] %} Loading web/templates/documentation/api/blacklist_remove +1 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ {% set id = "blacklist_remove" %} {% set title = "/api/admin/blacklist/remove" %} {% set method = "PUT" %} {% set headers = [('Content-Type', "This field is required to be set to:", "application/x-www-form-urlencoded")]%} {% set formdata = [('cpe', "CPE code in cpe2.2 or cpe2.3 format", "cpe:2.3:o:gnu:gcc#Comment")] %} {% block desc %} Loading web/templates/documentation/api/whitelist_add +1 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ {% set id = "whitelist_add" %} {% set title = "/api/admin/whitelist/add" %} {% set method = "PUT" %} {% set headers = [('Content-Type', "This field is required to be set to:", "application/x-www-form-urlencoded")]%} {% set formdata = [('cpe', "CPE code in cpe2.2 or cpe2.3 format", "cpe:2.3:o:gnu:gcc#Comment"), ('type', "CPE type", "cpe, targetsoftware or targethardware")] %} Loading Loading
web/advanced_api.py +9 −9 Original line number Diff line number Diff line Loading @@ -56,18 +56,22 @@ class Advanced_API(API): ############# # Decorator # ############# def getAuth(): method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) # Adding and removing space to ensure decent split name, key = (':'+auth.strip()).rsplit(":", 1) name = name[1:] # Adding and removing colon to ensure decent split return method, name, key def authErrors(): # Check auth if not request.headers.get('Authorization'): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) # Adding and removing space to ensure decent split method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ['basic', 'token']: data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400) else: try: name, token = (':'+auth.strip()).rsplit(":", 1) name = name[1:] # Adding and removing colon to ensure decent split if method.lower() == 'basic': authenticator = AuthenticationHandler() if not authenticator.validateUser(name, token): data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) Loading Loading @@ -145,16 +149,12 @@ class Advanced_API(API): @token_required # Of course only the login credentials would work def api_admin_get_token(self): method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) name, token = (':'+auth.strip()).rsplit(":", 1) name = name[1:] method, name, key = Advanced_API.getAuth() return db.getToken(name) @token_required def api_admin_generate_token(self): method, auth = (request.headers.get('Authorization')+" ").split(" ", 1) name, token = (':'+auth.strip()).rsplit(":", 1) name = name[1:] method, name, key = Advanced_API.getAuth() return db.generateToken(name) @token_required Loading
web/templates/api.html +3 −2 Original line number Diff line number Diff line Loading @@ -98,10 +98,11 @@ <p> Some API calls require authentication. Authentication is done in one of two ways: <ul> <li>Username - Password (Not recommended)</li> <li>Username - Token </li> <li>basic <username>:<password> (Not recommended)</li> <li>token <username>:<token> </li> </ul> Authentication is done by adding the following header to the HTTP request: <br /> <pre>Authorization: basic user:password123</pre> or <pre>Authorization: token user:679c2955085b46e48155b84f4c878844</pre> <br /> <b>PLEASE NOTE: Neither the password nor the token are obfuscated, so it is <u>strongly</u> advised to use HTTPS</b> </p> Loading
web/templates/documentation/api/blacklist_add +1 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ {% set id = "blacklist_add" %} {% set title = "/api/admin/blacklist/add" %} {% set method = "PUT" %} {% set headers = [('Content-Type', "This field is required to be set to:", "application/x-www-form-urlencoded")]%} {% set formdata = [('cpe', "CPE code in cpe2.2 or cpe2.3 format", "cpe:2.3:o:gnu:gcc#Comment"), ('type', "CPE type", "cpe, targetsoftware or targethardware")] %} Loading
web/templates/documentation/api/blacklist_remove +1 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ {% set id = "blacklist_remove" %} {% set title = "/api/admin/blacklist/remove" %} {% set method = "PUT" %} {% set headers = [('Content-Type', "This field is required to be set to:", "application/x-www-form-urlencoded")]%} {% set formdata = [('cpe', "CPE code in cpe2.2 or cpe2.3 format", "cpe:2.3:o:gnu:gcc#Comment")] %} {% block desc %} Loading
web/templates/documentation/api/whitelist_add +1 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ {% set id = "whitelist_add" %} {% set title = "/api/admin/whitelist/add" %} {% set method = "PUT" %} {% set headers = [('Content-Type', "This field is required to be set to:", "application/x-www-form-urlencoded")]%} {% set formdata = [('cpe', "CPE code in cpe2.2 or cpe2.3 format", "cpe:2.3:o:gnu:gcc#Comment"), ('type', "CPE type", "cpe, targetsoftware or targethardware")] %} Loading
