##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
feat(configs): deprecared old hooks protocol and ssh wrapper....
feat(configs): deprecared old hooks protocol and ssh wrapper. New defaults are now set on v2 keys, so previous installation are automatically set to new keys. Fallback mode is still available.
super-admin - - Load All Authors

File last commit:

r5096:a0018795 default
r5496:cab50adf default
Show More
auth_token.py
122 lines | 4.2 KiB | text/x-python | PythonLexer
/ rhodecode / model / auth_token.py
History | Source | Raw |Copy content |Copy permalink
super-admin
copyrights: updated for 2023
 r5088 # Copyright (C) 2013-2023 RhodeCode GmbH
marcink
project: added all source files and assets
 r1 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
"""
authentication tokens model for RhodeCode
"""
import time
import logging
import traceback
from sqlalchemy import or_
from rhodecode.model import BaseModel
from rhodecode.model.db import UserApiKeys
from rhodecode.model.meta import Session
log = logging.getLogger(__name__)
class AuthTokenModel(BaseModel):
cls = UserApiKeys
marcink
auth-tokens: allow specifing custom expiration date manually....
 r2083 @classmethod
def get_lifetime_values(cls, translator):
from rhodecode.lib import helpers as h
_ = translator
def date_after_min(mins):
after = time.time() + (60 * mins)
return h.format_date(h.time_to_datetime(after))
return [
(str(-1),
_('forever')),
(str(5),
_('5 minutes {end_date}').format(end_date=date_after_min(5))),
(str(60),
_('1 hour {end_date}').format(end_date=date_after_min(60))),
(str(60 * 24),
_('1 day {end_date}').format(end_date=date_after_min(60 * 24))),
(str(60 * 24 * 30),
_('1 month {end_date}').format(end_date=date_after_min(60 * 24 * 30))),
]
marcink
project: added all source files and assets
 r1 def create(self, user, description, lifetime=-1, role=UserApiKeys.ROLE_ALL):
"""
:param user: user or user_id
:param description: description of ApiKey
marcink
password-reset: strengthten security on password reset logic....
 r1471 :param lifetime: expiration time in minutes
marcink
project: added all source files and assets
 r1 :param role: role for the apikey
"""
from rhodecode.lib.auth import generate_auth_token
user = self._get_user(user)
new_auth_token = UserApiKeys()
new_auth_token.api_key = generate_auth_token(user.username)
new_auth_token.user_id = user.user_id
new_auth_token.description = description
new_auth_token.role = role
marcink
auth-tokens: add scope and show consitent token UI for my account and admin.
 r1480 new_auth_token.expires = time.time() + (lifetime * 60) \
if lifetime != -1 else -1
marcink
project: added all source files and assets
 r1 Session().add(new_auth_token)
return new_auth_token
marcink
my-account: use audit logs for email and token actions.
 r1820 def delete(self, auth_token_id, user=None):
marcink
project: added all source files and assets
 r1 """
Deletes given api_key, if user is set it also filters the object for
deletion by given user.
"""
marcink
my-account: use audit logs for email and token actions.
 r1820 auth_token = UserApiKeys.query().filter(
UserApiKeys.user_api_key_id == auth_token_id)
marcink
project: added all source files and assets
 r1
if user:
user = self._get_user(user)
marcink
my-account: use audit logs for email and token actions.
 r1820 auth_token = auth_token.filter(UserApiKeys.user_id == user.user_id)
auth_token = auth_token.scalar()
marcink
auth-token: only delete token if it exists.
 r1839
if auth_token:
try:
Session().delete(auth_token)
except Exception:
log.error(traceback.format_exc())
raise
marcink
project: added all source files and assets
 r1
def get_auth_tokens(self, user, show_expired=True):
user = self._get_user(user)
user_auth_tokens = UserApiKeys.query()\
.filter(UserApiKeys.user_id == user.user_id)
if not show_expired:
user_auth_tokens = user_auth_tokens\
.filter(or_(UserApiKeys.expires == -1,
UserApiKeys.expires >= time.time()))
marcink
auth-tokens: order tokens by creation id.
 r1508 user_auth_tokens = user_auth_tokens.order_by(
UserApiKeys.user_api_key_id)
marcink
project: added all source files and assets
 r1 return user_auth_tokens
marcink
password-reset: strengthten security on password reset logic....
 r1471
def get_auth_token(self, auth_token):
auth_token = UserApiKeys.query().filter(
UserApiKeys.api_key == auth_token)
auth_token = auth_token \
.filter(or_(UserApiKeys.expires == -1,
UserApiKeys.expires >= time.time()))\
.first()
return auth_token