##// END OF EJS Templates
auth-tokens: disable authenticating by builtin token.
marcink -
r1477:9f5f9c33 default
parent child Browse files
Show More
@@ -211,7 +211,7 b' def request_view(request):'
211 # now check if token is valid for API
211 # now check if token is valid for API
212 auth_token = request.rpc_api_key
212 auth_token = request.rpc_api_key
213 token_match = api_user.authenticate_by_token(
213 token_match = api_user.authenticate_by_token(
214 auth_token, roles=[UserApiKeys.ROLE_API], include_builtin_token=True)
214 auth_token, roles=[UserApiKeys.ROLE_API])
215 invalid_token = not token_match
215 invalid_token = not token_match
216
216
217 log.debug('Checking if API KEY is valid with proper role')
217 log.debug('Checking if API KEY is valid with proper role')
@@ -1218,7 +1218,7 b' class LoginRequired(object):'
1218 else:
1218 else:
1219 roles = [UserApiKeys.ROLE_HTTP]
1219 roles = [UserApiKeys.ROLE_HTTP]
1220 token_match = db_user.authenticate_by_token(
1220 token_match = db_user.authenticate_by_token(
1221 _auth_token, roles=roles, include_builtin_token=True)
1221 _auth_token, roles=roles)
1222 else:
1222 else:
1223 log.debug('Unable to fetch db instance for auth user: %s', user)
1223 log.debug('Unable to fetch db instance for auth user: %s', user)
1224 token_match = False
1224 token_match = False
@@ -603,8 +603,7 b' class User(Base, BaseModel):'
603 UserApiKeys.role == UserApiKeys.ROLE_ALL))
603 UserApiKeys.role == UserApiKeys.ROLE_ALL))
604 return tokens.all()
604 return tokens.all()
605
605
606 def authenticate_by_token(self, auth_token, roles=None,
606 def authenticate_by_token(self, auth_token, roles=None):
607 include_builtin_token=False):
608 from rhodecode.lib import auth
607 from rhodecode.lib import auth
609
608
610 log.debug('Trying to authenticate user: %s via auth-token, '
609 log.debug('Trying to authenticate user: %s via auth-token, '
@@ -623,14 +622,10 b' class User(Base, BaseModel):'
623
622
624 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
623 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
625
624
626 maybe_builtin = []
627 if include_builtin_token:
628 maybe_builtin = [AttributeDict({'api_key': self.api_key})]
629
630 plain_tokens = []
625 plain_tokens = []
631 hash_tokens = []
626 hash_tokens = []
632
627
633 for token in tokens_q.all() + maybe_builtin:
628 for token in tokens_q.all():
634 if token.api_key.startswith(crypto_backend.ENC_PREF):
629 if token.api_key.startswith(crypto_backend.ENC_PREF):
635 hash_tokens.append(token.api_key)
630 hash_tokens.append(token.api_key)
636 else:
631 else:
@@ -605,4 +605,4 b' def test_auth_by_token(test_token, test_'
605 new_token.api_key = token # inject known name for testing...
605 new_token.api_key = token # inject known name for testing...
606
606
607 assert auth_result == user.authenticate_by_token(
607 assert auth_result == user.authenticate_by_token(
608 test_token, roles=test_roles, include_builtin_token=True)
608 test_token, roles=test_roles)
General Comments 0
You need to be logged in to leave comments. Login now