rhodecode-enterprise-ce Commit - r1820:0c30378e

my-account: use audit logs for email and token actions.

marcink -

r1820:0c30378e default

parent child

rhodecode/apps/my_account/tests/test_my_account_auth_tokens.py

0 +1 -1

                      response = self.app.post(
                          route_path('my_account_auth_tokens_delete'),
-                         {'del_auth_token': keys[0].api_key, 'csrf_token': self.csrf_token})
+                         {'del_auth_token': keys[0].user_api_key_id, 'csrf_token': self.csrf_token})
                      assert_session_flash(response, 'Auth token successfully deleted')
                      user = User.get(user_id)

rhodecode/apps/my_account/views.py

0 +26 -4

              from rhodecode.apps._base import BaseAppView
              from rhodecode import forms
              from rhodecode.lib import helpers as h
+             from rhodecode.lib import audit_logger
              from rhodecode.lib.ext_json import json
              from rhodecode.lib.auth import LoginRequired, NotAnonymous, CSRFRequired
              from rhodecode.lib.channelstream import channelstream_request, \
              from rhodecode.lib.utils2 import safe_int, md5
              from rhodecode.model.auth_token import AuthTokenModel
              from rhodecode.model.db import (
-                 Repository, PullRequest, UserEmailMap, User, UserFollowing, joinedload)
+                 Repository, UserEmailMap, UserApiKeys, UserFollowing, joinedload)
              from rhodecode.model.meta import Session
              from rhodecode.model.scm import RepoList
              from rhodecode.model.user import UserModel
                      token = AuthTokenModel().create(
                          c.user.user_id, description, lifetime, role)
+                     token_data = token.get_api_data()
                      self.maybe_attach_token_scope(token)
+                     audit_logger.store(
+                         action='user.edit.token.add',
+                         action_data={'data': {'token': token_data}},
+                         user=self._rhodecode_user, )
                      Session().commit()
                      h.flash(_("Auth token successfully created"), category='success')
                      del_auth_token = self.request.POST.get('del_auth_token')
                      if del_auth_token:
+                         token = UserApiKeys.get_or_404(del_auth_token, pyramid_exc=True)
+                         token_data = token.get_api_data()
                          AuthTokenModel().delete(del_auth_token, c.user.user_id)
+                         audit_logger.store(
+                             action='user.edit.token.delete',
+                             action_data={'data': {'token': token_data}},
+                             user=self._rhodecode_user,)
                          Session().commit()
                          h.flash(_("Auth token successfully deleted"), category='success')
                      try:
                          UserModel().add_extra_email(c.user.user_id, email)
+                         audit_logger.store(
+                             action='user.edit.email.add',
+                             action_data={'data': {'email': email}},
+                             user=self._rhodecode_user,)
                          Session().commit()
                          h.flash(_("Added new email address `%s` for user account") % email,
                                  category='success')
                      del_email_id = self.request.POST.get('del_email_id')
                      if del_email_id:
-                         UserModel().delete_extra_email(
-                             c.user.user_id, del_email_id)
+                         email = UserEmailMap.get_or_404(del_email_id, pyramid_exc=True).email
+                         UserModel().delete_extra_email(c.user.user_id, del_email_id)
+                         audit_logger.store(
+                             action='user.edit.email.delete',
+                             action_data={'data': {'email': email}},
+                             user=self._rhodecode_user,)
                          Session().commit()
                          h.flash(_("Email successfully deleted"),
                                  category='success')

rhodecode/model/auth_token.py

0 +6 -6

                      return new_auth_token
-                 def delete(self, api_key, user=None):
+                 def delete(self, auth_token_id, user=None):
                      """
                      Deletes given api_key, if user is set it also filters the object for
                      deletion by given user.
                      """
-                     api_key = UserApiKeys.query().filter(UserApiKeys.api_key == api_key)
+                     auth_token = UserApiKeys.query().filter(
+                         UserApiKeys.user_api_key_id == auth_token_id)
                      if user:
                          user = self._get_user(user)
-                         api_key = api_key.filter(UserApiKeys.user_id == user.user_id)
-                     api_key = api_key.scalar()
+                         auth_token = auth_token.filter(UserApiKeys.user_id == user.user_id)
+                         auth_token = auth_token.scalar()
                      try:
-                         Session().delete(api_key)
+                         Session().delete(auth_token)
                      except Exception:
                          log.error(traceback.format_exc())
                          raise

rhodecode/model/db.py

0 +13 0

-                     }
-                     return data
+                 def get_api_data(self, include_secrets=False):
+                     data = self.__json__()
+                     if include_secrets:
+                         return data
+                     else:
+                         data['auth_token'] = self.token_obfuscated
+                         return data
-                 @property
-                 def expired(self):
-                     if self.expires == -1:
-                 def scope_humanized(self):
-                     return self._get_scope()
+                 @property
+                 def token_obfuscated(self):
+                     if self.api_key:
+                         return self.api_key[:4] + "****"
-             class UserEmailMap(Base, BaseModel):
-                 __tablename__ = 'user_email_map'

rhodecode/templates/admin/my_account/my_account_auth_tokens.mako

0 +2 -2

                              </td>
                              <td class="td-action">
                                  ${h.secure_form(h.route_path('my_account_auth_tokens_delete'), method='post')}
-                                     ${h.hidden('del_auth_token',auth_token.api_key)}
+                                     ${h.hidden('del_auth_token', auth_token.user_api_key_id)}
                                      <button class="btn btn-link btn-danger" type="submit"
-                                             onclick="return confirm('${_('Confirm to remove this auth token: %s') % auth_token.api_key}');">
+                                             onclick="return confirm('${_('Confirm to remove this auth token: %s') % auth_token.token_obfuscated}');">
                                          ${_('Delete')}
                                      </button>
                                  ${h.end_form()}

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages