##// END OF EJS Templates
api-events: fix a case events were called from API and we couldn't fetch registered user....
marcink -
r1431:0b87835b stable
parent child Browse files
Show More
@@ -158,20 +158,20 b' def request_view(request):'
158 158 # search not expired tokens only
159 159
160 160 try:
161 u = User.get_by_auth_token(request.rpc_api_key)
161 api_user = User.get_by_auth_token(request.rpc_api_key)
162 162
163 if u is None:
163 if api_user is None:
164 164 return jsonrpc_error(
165 165 request, retid=request.rpc_id, message='Invalid API KEY')
166 166
167 if not u.active:
167 if not api_user.active:
168 168 return jsonrpc_error(
169 169 request, retid=request.rpc_id,
170 170 message='Request from this user not allowed')
171 171
172 172 # check if we are allowed to use this IP
173 173 auth_u = AuthUser(
174 u.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
174 api_user.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
175 175 if not auth_u.ip_allowed:
176 176 return jsonrpc_error(
177 177 request, retid=request.rpc_id,
@@ -180,11 +180,14 b' def request_view(request):'
180 180 else:
181 181 log.info('Access for IP:%s allowed' % (request.rpc_ip_addr,))
182 182
183 # register our auth-user
184 request.rpc_user = auth_u
185
183 186 # now check if token is valid for API
184 187 role = UserApiKeys.ROLE_API
185 188 extra_auth_tokens = [
186 x.api_key for x in User.extra_valid_auth_tokens(u, role=role)]
187 active_tokens = [u.api_key] + extra_auth_tokens
189 x.api_key for x in User.extra_valid_auth_tokens(api_user, role=role)]
190 active_tokens = [api_user.api_key] + extra_auth_tokens
188 191
189 192 log.debug('Checking if API key has proper role')
190 193 if request.rpc_api_key not in active_tokens:
@@ -38,15 +38,30 b' class RhodecodeEvent(object):'
38 38 self.utc_timestamp = datetime.utcnow()
39 39
40 40 @property
41 def auth_user(self):
42 if not self.request:
43 return
44
45 user = getattr(self.request, 'user', None)
46 if user:
47 return user
48
49 api_user = getattr(self.request, 'rpc_user', None)
50 if api_user:
51 return api_user
52
53 @property
41 54 def actor(self):
42 if self.request:
43 return self.request.user.get_instance()
55 auth_user = self.auth_user
56 if auth_user:
57 return auth_user.get_instance()
44 58 return SYSTEM_USER
45 59
46 60 @property
47 61 def actor_ip(self):
48 if self.request:
49 return self.request.user.ip_addr
62 auth_user = self.auth_user
63 if auth_user:
64 return auth_user.ip_addr
50 65 return '<no ip available>'
51 66
52 67 @property
General Comments 0
You need to be logged in to leave comments. Login now