##// END OF EJS Templates
auth-tokens: abstracted adding token for users into UserModel method for easier usage in scripts, and in future in API.
marcink -
r2951:93db3089 default
parent child Browse files
Show More
@@ -734,11 +734,12 b' class UsersView(UserAppView):'
734 734 description = self.request.POST.get('description')
735 735 role = self.request.POST.get('role')
736 736
737 token = AuthTokenModel().create(
738 c.user.user_id, description, lifetime, role)
737 token = UserModel().add_auth_token(
738 user=c.user.user_id,
739 lifetime_minutes=lifetime, role=role, description=description,
740 scope_callback=self.maybe_attach_token_scope)
739 741 token_data = token.get_api_data()
740 742
741 self.maybe_attach_token_scope(token)
742 743 audit_logger.store_web(
743 744 'user.edit.token.add', action_data={
744 745 'data': {'token': token_data, 'user': user_data}},
@@ -379,13 +379,14 b' class LoginView(BaseAppView):'
379 379 # Generate reset URL and send mail.
380 380 user = User.get_by_email(user_email)
381 381
382 # generate password reset token that expires in 10minutes
383 desc = 'Generated token for password reset from {}'.format(
382 # generate password reset token that expires in 10 minutes
383 description = u'Generated token for password reset from {}'.format(
384 384 datetime.datetime.now().isoformat())
385 reset_token = AuthTokenModel().create(
386 user, lifetime=10,
387 description=desc,
388 role=UserApiKeys.ROLE_PASSWORD_RESET)
385
386 reset_token = UserModel().add_auth_token(
387 user=user, lifetime_minutes=10,
388 role=UserModel.auth_token_role.ROLE_PASSWORD_RESET,
389 description=description)
389 390 Session().commit()
390 391
391 392 log.debug('Successfully created password recovery token')
@@ -180,11 +180,12 b' class MyAccountView(BaseAppView, DataGri'
180 180 description = self.request.POST.get('description')
181 181 role = self.request.POST.get('role')
182 182
183 token = AuthTokenModel().create(
184 c.user.user_id, description, lifetime, role)
183 token = UserModel().add_auth_token(
184 user=c.user.user_id,
185 lifetime_minutes=lifetime, role=role, description=description,
186 scope_callback=self.maybe_attach_token_scope)
185 187 token_data = token.get_api_data()
186 188
187 self.maybe_attach_token_scope(token)
188 189 audit_logger.store_web(
189 190 'user.edit.token.add', action_data={
190 191 'data': {'token': token_data, 'user': 'self'}},
@@ -573,17 +573,18 b' class DbManage(object):'
573 573
574 574 def create_user(self, username, password, email='', admin=False,
575 575 strict_creation_check=True, api_key=None):
576 log.info('creating user %s' % username)
576 log.info('creating user `%s`' % username)
577 577 user = UserModel().create_or_update(
578 578 username, password, email, firstname=u'RhodeCode', lastname=u'Admin',
579 579 active=True, admin=admin, extern_type="rhodecode",
580 580 strict_creation_check=strict_creation_check)
581 581
582 582 if api_key:
583 log.info('setting a provided api key for the user %s', username)
584 from rhodecode.model.auth_token import AuthTokenModel
585 AuthTokenModel().create(
586 user=user, description=u'BUILTIN TOKEN')
583 log.info('setting a new default auth token for user `%s`', username)
584 UserModel().add_auth_token(
585 user=user, lifetime_minutes=-1,
586 role=UserModel.auth_token_role.ROLE_ALL,
587 description=u'BUILTIN TOKEN')
587 588
588 589 def create_default_user(self):
589 590 log.info('creating default user')
@@ -594,7 +595,7 b' class DbManage(object):'
594 595 firstname=u'Anonymous',
595 596 lastname=u'User',
596 597 strict_creation_check=False)
597 # based on configuration options activate/deactive this user which
598 # based on configuration options activate/de-activate this user which
598 599 # controlls anonymous access
599 600 if self.cli_args.get('public_access') is False:
600 601 log.info('Public access disabled')
@@ -377,9 +377,11 b' class UserModel(BaseModel):'
377 377
378 378 if not edit:
379 379 # add the RSS token
380 AuthTokenModel().create(username,
381 description=u'Generated feed token',
382 role=AuthTokenModel.cls.ROLE_FEED)
380 self.add_auth_token(
381 user=username, lifetime_minutes=-1,
382 role=self.auth_token_role.ROLE_FEED,
383 description=u'Generated feed token')
384
383 385 kwargs = new_user.get_dict()
384 386 # backward compat, require api_keys present
385 387 kwargs['api_keys'] = kwargs['auth_tokens']
@@ -830,6 +832,26 b' class UserModel(BaseModel):'
830 832 self.sa.add(obj)
831 833 return obj
832 834
835 auth_token_role = AuthTokenModel.cls
836
837 def add_auth_token(self, user, lifetime_minutes, role, description=u'',
838 scope_callback=None):
839 """
840 Add AuthToken for user.
841
842 :param user: username/user_id
843 :param lifetime_minutes: in minutes the lifetime for token, -1 equals no limit
844 :param role: one of AuthTokenModel.cls.ROLE_*
845 :param description: optional string description
846 """
847
848 token = AuthTokenModel().create(
849 user, description, lifetime_minutes, role)
850 if scope_callback and callable(scope_callback):
851 # call the callback if we provide, used to attach scope for EE edition
852 scope_callback(token)
853 return token
854
833 855 def delete_extra_ip(self, user, ip_id):
834 856 """
835 857 Removes ip address from UserIpMap
General Comments 0
You need to be logged in to leave comments. Login now