rhodecode-enterprise-ce Commit - r1820:0c30378e

my-account: use audit logs for email and token actions.

marcink -

r1820:0c30378e default

parent child

rhodecode/apps/my_account/tests/test_my_account_auth_tokens.py

0 +1 -1

                     response = self.app.post(
                         route_path('my_account_auth_tokens_delete'),
-                        {'del_auth_token': keys[0].api_key, 'csrf_token': self.csrf_token})
+                        {'del_auth_token': keys[0].user_api_key_id, 'csrf_token': self.csrf_token})
                     assert_session_flash(response, 'Auth token successfully deleted')
                     user = User.get(user_id)

rhodecode/apps/my_account/views.py

0 +26 -4

             from rhodecode.apps._base import BaseAppView
             from rhodecode import forms
             from rhodecode.lib import helpers as h
+            from rhodecode.lib import audit_logger
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import LoginRequired, NotAnonymous, CSRFRequired
             from rhodecode.lib.channelstream import channelstream_request, \
             from rhodecode.lib.utils2 import safe_int, md5
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.db import (
-                Repository, PullRequest, UserEmailMap, User, UserFollowing, joinedload)
+                Repository, UserEmailMap, UserApiKeys, UserFollowing, joinedload)
             from rhodecode.model.meta import Session
             from rhodecode.model.scm import RepoList
             from rhodecode.model.user import UserModel
                     token = AuthTokenModel().create(
                         c.user.user_id, description, lifetime, role)
+                    token_data = token.get_api_data()
                     self.maybe_attach_token_scope(token)
+                    audit_logger.store(
+                        action='user.edit.token.add',
+                        action_data={'data': {'token': token_data}},
+                        user=self._rhodecode_user, )
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
+                        token = UserApiKeys.get_or_404(del_auth_token, pyramid_exc=True)
+                        token_data = token.get_api_data()
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
+                        audit_logger.store(
+                            action='user.edit.token.delete',
+                            action_data={'data': {'token': token_data}},
+                            user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     try:
                         UserModel().add_extra_email(c.user.user_id, email)
+                        audit_logger.store(
+                            action='user.edit.email.add',
+                            action_data={'data': {'email': email}},
+                            user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     del_email_id = self.request.POST.get('del_email_id')
                     if del_email_id:
+                        email = UserEmailMap.get_or_404(del_email_id, pyramid_exc=True).email
-                        UserModel().delete_extra_email(
+                        UserModel().delete_extra_email(c.user.user_id, del_email_id)
-                            c.user.user_id, del_email_id)
+                        audit_logger.store(
+                            action='user.edit.email.delete',
+                            action_data={'data': {'email': email}},
+                            user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Email successfully deleted"),
                                 category='success')

rhodecode/model/auth_token.py

0 +6 -6

                     return new_auth_token
-                def delete(self, api_key, user=None):
+                def delete(self, auth_token_id, user=None):
                     """
                     Deletes given api_key, if user is set it also filters the object for
                     deletion by given user.
                     """
-                    api_key = UserApiKeys.query().filter(UserApiKeys.api_key == api_key)
+                    auth_token = UserApiKeys.query().filter(
+                        UserApiKeys.user_api_key_id == auth_token_id)
                     if user:
                         user = self._get_user(user)
-                        api_key = api_key.filter(UserApiKeys.user_id == user.user_id)
+                        auth_token = auth_token.filter(UserApiKeys.user_id == user.user_id)
+                        auth_token = auth_token.scalar()
-                    api_key = api_key.scalar()
                     try:
-                        Session().delete(api_key)
+                        Session().delete(auth_token)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise

rhodecode/model/db.py

0 +13 0

                     }
                     return data
+                def get_api_data(self, include_secrets=False):
+                    data = self.__json__()
+                    if include_secrets:
+                        return data
+                    else:
+                        data['auth_token'] = self.token_obfuscated
+                        return data
                 @property
                 def expired(self):
                     if self.expires == -1:
                 def scope_humanized(self):
                     return self._get_scope()
+                @property
+                def token_obfuscated(self):
+                    if self.api_key:
+                        return self.api_key[:4] + "****"
             class UserEmailMap(Base, BaseModel):
                 __tablename__ = 'user_email_map'

rhodecode/templates/admin/my_account/my_account_auth_tokens.mako

0 +2 -2

                             </td>
                             <td class="td-action">
                                 ${h.secure_form(h.route_path('my_account_auth_tokens_delete'), method='post')}
-                                    ${h.hidden('del_auth_token',auth_token.api_key)}
+                                    ${h.hidden('del_auth_token', auth_token.user_api_key_id)}
                                     <button class="btn btn-link btn-danger" type="submit"
-                                            onclick="return confirm('${_('Confirm to remove this auth token: %s') % auth_token.api_key}');">
+                                            onclick="return confirm('${_('Confirm to remove this auth token: %s') % auth_token.token_obfuscated}');">
                                         ${_('Delete')}
                                     </button>
                                 ${h.end_form()}

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages