# HG changeset patch # User Marcin Kuzminski # Date 2017-02-27 10:45:30 # Node ID 9f5f9c338607f382c6bb41e91d009d25a28f6497 # Parent 93b1bbd9faac5ebd41a2409cdcf7a4dac1f87cba auth-tokens: disable authenticating by builtin token. diff --git a/rhodecode/api/__init__.py b/rhodecode/api/__init__.py --- a/rhodecode/api/__init__.py +++ b/rhodecode/api/__init__.py @@ -211,7 +211,7 @@ def request_view(request): # now check if token is valid for API auth_token = request.rpc_api_key token_match = api_user.authenticate_by_token( - auth_token, roles=[UserApiKeys.ROLE_API], include_builtin_token=True) + auth_token, roles=[UserApiKeys.ROLE_API]) invalid_token = not token_match log.debug('Checking if API KEY is valid with proper role') diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py --- a/rhodecode/lib/auth.py +++ b/rhodecode/lib/auth.py @@ -1218,7 +1218,7 @@ class LoginRequired(object): else: roles = [UserApiKeys.ROLE_HTTP] token_match = db_user.authenticate_by_token( - _auth_token, roles=roles, include_builtin_token=True) + _auth_token, roles=roles) else: log.debug('Unable to fetch db instance for auth user: %s', user) token_match = False diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -603,8 +603,7 @@ class User(Base, BaseModel): UserApiKeys.role == UserApiKeys.ROLE_ALL)) return tokens.all() - def authenticate_by_token(self, auth_token, roles=None, - include_builtin_token=False): + def authenticate_by_token(self, auth_token, roles=None): from rhodecode.lib import auth log.debug('Trying to authenticate user: %s via auth-token, ' @@ -623,14 +622,10 @@ class User(Base, BaseModel): tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles)) - maybe_builtin = [] - if include_builtin_token: - maybe_builtin = [AttributeDict({'api_key': self.api_key})] - plain_tokens = [] hash_tokens = [] - for token in tokens_q.all() + maybe_builtin: + for token in tokens_q.all(): if token.api_key.startswith(crypto_backend.ENC_PREF): hash_tokens.append(token.api_key) else: diff --git a/rhodecode/tests/lib/test_auth.py b/rhodecode/tests/lib/test_auth.py --- a/rhodecode/tests/lib/test_auth.py +++ b/rhodecode/tests/lib/test_auth.py @@ -605,4 +605,4 @@ def test_auth_by_token(test_token, test_ new_token.api_key = token # inject known name for testing... assert auth_result == user.authenticate_by_token( - test_token, roles=test_roles, include_builtin_token=True) + test_token, roles=test_roles)