diff --git a/rhodecode/apps/admin/views/users.py b/rhodecode/apps/admin/views/users.py --- a/rhodecode/apps/admin/views/users.py +++ b/rhodecode/apps/admin/views/users.py @@ -734,11 +734,12 @@ class UsersView(UserAppView): description = self.request.POST.get('description') role = self.request.POST.get('role') - token = AuthTokenModel().create( - c.user.user_id, description, lifetime, role) + token = UserModel().add_auth_token( + user=c.user.user_id, + lifetime_minutes=lifetime, role=role, description=description, + scope_callback=self.maybe_attach_token_scope) token_data = token.get_api_data() - self.maybe_attach_token_scope(token) audit_logger.store_web( 'user.edit.token.add', action_data={ 'data': {'token': token_data, 'user': user_data}}, diff --git a/rhodecode/apps/login/views.py b/rhodecode/apps/login/views.py --- a/rhodecode/apps/login/views.py +++ b/rhodecode/apps/login/views.py @@ -379,13 +379,14 @@ class LoginView(BaseAppView): # Generate reset URL and send mail. user = User.get_by_email(user_email) - # generate password reset token that expires in 10minutes - desc = 'Generated token for password reset from {}'.format( + # generate password reset token that expires in 10 minutes + description = u'Generated token for password reset from {}'.format( datetime.datetime.now().isoformat()) - reset_token = AuthTokenModel().create( - user, lifetime=10, - description=desc, - role=UserApiKeys.ROLE_PASSWORD_RESET) + + reset_token = UserModel().add_auth_token( + user=user, lifetime_minutes=10, + role=UserModel.auth_token_role.ROLE_PASSWORD_RESET, + description=description) Session().commit() log.debug('Successfully created password recovery token') diff --git a/rhodecode/apps/my_account/views/my_account.py b/rhodecode/apps/my_account/views/my_account.py --- a/rhodecode/apps/my_account/views/my_account.py +++ b/rhodecode/apps/my_account/views/my_account.py @@ -180,11 +180,12 @@ class MyAccountView(BaseAppView, DataGri description = self.request.POST.get('description') role = self.request.POST.get('role') - token = AuthTokenModel().create( - c.user.user_id, description, lifetime, role) + token = UserModel().add_auth_token( + user=c.user.user_id, + lifetime_minutes=lifetime, role=role, description=description, + scope_callback=self.maybe_attach_token_scope) token_data = token.get_api_data() - self.maybe_attach_token_scope(token) audit_logger.store_web( 'user.edit.token.add', action_data={ 'data': {'token': token_data, 'user': 'self'}}, diff --git a/rhodecode/lib/db_manage.py b/rhodecode/lib/db_manage.py --- a/rhodecode/lib/db_manage.py +++ b/rhodecode/lib/db_manage.py @@ -573,17 +573,18 @@ class DbManage(object): def create_user(self, username, password, email='', admin=False, strict_creation_check=True, api_key=None): - log.info('creating user %s' % username) + log.info('creating user `%s`' % username) user = UserModel().create_or_update( username, password, email, firstname=u'RhodeCode', lastname=u'Admin', active=True, admin=admin, extern_type="rhodecode", strict_creation_check=strict_creation_check) if api_key: - log.info('setting a provided api key for the user %s', username) - from rhodecode.model.auth_token import AuthTokenModel - AuthTokenModel().create( - user=user, description=u'BUILTIN TOKEN') + log.info('setting a new default auth token for user `%s`', username) + UserModel().add_auth_token( + user=user, lifetime_minutes=-1, + role=UserModel.auth_token_role.ROLE_ALL, + description=u'BUILTIN TOKEN') def create_default_user(self): log.info('creating default user') @@ -594,7 +595,7 @@ class DbManage(object): firstname=u'Anonymous', lastname=u'User', strict_creation_check=False) - # based on configuration options activate/deactive this user which + # based on configuration options activate/de-activate this user which # controlls anonymous access if self.cli_args.get('public_access') is False: log.info('Public access disabled') diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py --- a/rhodecode/model/user.py +++ b/rhodecode/model/user.py @@ -377,9 +377,11 @@ class UserModel(BaseModel): if not edit: # add the RSS token - AuthTokenModel().create(username, - description=u'Generated feed token', - role=AuthTokenModel.cls.ROLE_FEED) + self.add_auth_token( + user=username, lifetime_minutes=-1, + role=self.auth_token_role.ROLE_FEED, + description=u'Generated feed token') + kwargs = new_user.get_dict() # backward compat, require api_keys present kwargs['api_keys'] = kwargs['auth_tokens'] @@ -830,6 +832,26 @@ class UserModel(BaseModel): self.sa.add(obj) return obj + auth_token_role = AuthTokenModel.cls + + def add_auth_token(self, user, lifetime_minutes, role, description=u'', + scope_callback=None): + """ + Add AuthToken for user. + + :param user: username/user_id + :param lifetime_minutes: in minutes the lifetime for token, -1 equals no limit + :param role: one of AuthTokenModel.cls.ROLE_* + :param description: optional string description + """ + + token = AuthTokenModel().create( + user, description, lifetime_minutes, role) + if scope_callback and callable(scope_callback): + # call the callback if we provide, used to attach scope for EE edition + scope_callback(token) + return token + def delete_extra_ip(self, user, ip_id): """ Removes ip address from UserIpMap