##// END OF EJS Templates
auth-tokens: abstracted adding token for users into UserModel method for easier usage in scripts, and in future in API.
marcink -
r2951:93db3089 default
parent child Browse files
Show More
@@ -734,11 +734,12 b' class UsersView(UserAppView):'
734 description = self.request.POST.get('description')
734 description = self.request.POST.get('description')
735 role = self.request.POST.get('role')
735 role = self.request.POST.get('role')
736
736
737 token = AuthTokenModel().create(
737 token = UserModel().add_auth_token(
738 c.user.user_id, description, lifetime, role)
738 user=c.user.user_id,
739 lifetime_minutes=lifetime, role=role, description=description,
740 scope_callback=self.maybe_attach_token_scope)
739 token_data = token.get_api_data()
741 token_data = token.get_api_data()
740
742
741 self.maybe_attach_token_scope(token)
742 audit_logger.store_web(
743 audit_logger.store_web(
743 'user.edit.token.add', action_data={
744 'user.edit.token.add', action_data={
744 'data': {'token': token_data, 'user': user_data}},
745 'data': {'token': token_data, 'user': user_data}},
@@ -380,12 +380,13 b' class LoginView(BaseAppView):'
380 user = User.get_by_email(user_email)
380 user = User.get_by_email(user_email)
381
381
382 # generate password reset token that expires in 10minutes
382 # generate password reset token that expires in 10 minutes
383 desc = 'Generated token for password reset from {}'.format(
383 description = u'Generated token for password reset from {}'.format(
384 datetime.datetime.now().isoformat())
384 datetime.datetime.now().isoformat())
385 reset_token = AuthTokenModel().create(
385
386 user, lifetime=10,
386 reset_token = UserModel().add_auth_token(
387 description=desc,
387 user=user, lifetime_minutes=10,
388 role=UserApiKeys.ROLE_PASSWORD_RESET)
388 role=UserModel.auth_token_role.ROLE_PASSWORD_RESET,
389 description=description)
389 Session().commit()
390 Session().commit()
390
391
391 log.debug('Successfully created password recovery token')
392 log.debug('Successfully created password recovery token')
@@ -180,11 +180,12 b' class MyAccountView(BaseAppView, DataGri'
180 description = self.request.POST.get('description')
180 description = self.request.POST.get('description')
181 role = self.request.POST.get('role')
181 role = self.request.POST.get('role')
182
182
183 token = AuthTokenModel().create(
183 token = UserModel().add_auth_token(
184 c.user.user_id, description, lifetime, role)
184 user=c.user.user_id,
185 lifetime_minutes=lifetime, role=role, description=description,
186 scope_callback=self.maybe_attach_token_scope)
185 token_data = token.get_api_data()
187 token_data = token.get_api_data()
186
188
187 self.maybe_attach_token_scope(token)
188 audit_logger.store_web(
189 audit_logger.store_web(
189 'user.edit.token.add', action_data={
190 'user.edit.token.add', action_data={
190 'data': {'token': token_data, 'user': 'self'}},
191 'data': {'token': token_data, 'user': 'self'}},
@@ -573,17 +573,18 b' class DbManage(object):'
573
573
574 def create_user(self, username, password, email='', admin=False,
574 def create_user(self, username, password, email='', admin=False,
575 strict_creation_check=True, api_key=None):
575 strict_creation_check=True, api_key=None):
576 log.info('creating user %s' % username)
576 log.info('creating user `%s`' % username)
577 user = UserModel().create_or_update(
577 user = UserModel().create_or_update(
578 username, password, email, firstname=u'RhodeCode', lastname=u'Admin',
578 username, password, email, firstname=u'RhodeCode', lastname=u'Admin',
579 active=True, admin=admin, extern_type="rhodecode",
579 active=True, admin=admin, extern_type="rhodecode",
580 strict_creation_check=strict_creation_check)
580 strict_creation_check=strict_creation_check)
581
581
582 if api_key:
582 if api_key:
583 log.info('setting a provided api key for the user %s', username)
583 log.info('setting a new default auth token for user `%s`', username)
584 from rhodecode.model.auth_token import AuthTokenModel
584 UserModel().add_auth_token(
585 AuthTokenModel().create(
585 user=user, lifetime_minutes=-1,
586 user=user, description=u'BUILTIN TOKEN')
586 role=UserModel.auth_token_role.ROLE_ALL,
587 description=u'BUILTIN TOKEN')
587
588
588 def create_default_user(self):
589 def create_default_user(self):
589 log.info('creating default user')
590 log.info('creating default user')
@@ -594,7 +595,7 b' class DbManage(object):'
594 firstname=u'Anonymous',
595 firstname=u'Anonymous',
595 lastname=u'User',
596 lastname=u'User',
596 strict_creation_check=False)
597 strict_creation_check=False)
597 # based on configuration options activate/deactive this user which
598 # based on configuration options activate/de-activate this user which
598 # controlls anonymous access
599 # controlls anonymous access
599 if self.cli_args.get('public_access') is False:
600 if self.cli_args.get('public_access') is False:
600 log.info('Public access disabled')
601 log.info('Public access disabled')
@@ -377,9 +377,11 b' class UserModel(BaseModel):'
377
377
378 if not edit:
378 if not edit:
379 # add the RSS token
379 # add the RSS token
380 AuthTokenModel().create(username,
380 self.add_auth_token(
381 description=u'Generated feed token',
381 user=username, lifetime_minutes=-1,
382 role=AuthTokenModel.cls.ROLE_FEED)
382 role=self.auth_token_role.ROLE_FEED,
383 description=u'Generated feed token')
384
383 kwargs = new_user.get_dict()
385 kwargs = new_user.get_dict()
384 # backward compat, require api_keys present
386 # backward compat, require api_keys present
385 kwargs['api_keys'] = kwargs['auth_tokens']
387 kwargs['api_keys'] = kwargs['auth_tokens']
@@ -830,6 +832,26 b' class UserModel(BaseModel):'
830 self.sa.add(obj)
832 self.sa.add(obj)
831 return obj
833 return obj
832
834
835 auth_token_role = AuthTokenModel.cls
836
837 def add_auth_token(self, user, lifetime_minutes, role, description=u'',
838 scope_callback=None):
839 """
840 Add AuthToken for user.
841
842 :param user: username/user_id
843 :param lifetime_minutes: in minutes the lifetime for token, -1 equals no limit
844 :param role: one of AuthTokenModel.cls.ROLE_*
845 :param description: optional string description
846 """
847
848 token = AuthTokenModel().create(
849 user, description, lifetime_minutes, role)
850 if scope_callback and callable(scope_callback):
851 # call the callback if we provide, used to attach scope for EE edition
852 scope_callback(token)
853 return token
854
833 def delete_extra_ip(self, user, ip_id):
855 def delete_extra_ip(self, user, ip_id):
834 """
856 """
835 Removes ip address from UserIpMap
857 Removes ip address from UserIpMap
General Comments 0
You need to be logged in to leave comments. Login now