rhodecode-enterprise-ce Commit - r1477:9f5f9c33

auth-tokens: disable authenticating by builtin token.

marcink -

r1477:9f5f9c33 default

parent child

rhodecode/api/__init__.py

0 +1 -1

                      # now check if token is valid for API
                      auth_token = request.rpc_api_key
                      token_match = api_user.authenticate_by_token(
-                         auth_token, roles=[UserApiKeys.ROLE_API], include_builtin_token=True)
+                         auth_token, roles=[UserApiKeys.ROLE_API])
                      invalid_token = not token_match
                      log.debug('Checking if API KEY is valid with proper role')

rhodecode/lib/auth.py

0 +1 -1

                              else:
                                  roles = [UserApiKeys.ROLE_HTTP]
                              token_match = db_user.authenticate_by_token(
-                                 _auth_token, roles=roles, include_builtin_token=True)
+                                 _auth_token, roles=roles)
                          else:
                              log.debug('Unable to fetch db instance for auth user: %s', user)
                              token_match = False

rhodecode/model/db.py

0 +2 -7

                                                     UserApiKeys.role == UserApiKeys.ROLE_ALL))
                      return tokens.all()
-                 def authenticate_by_token(self, auth_token, roles=None,
-                                           include_builtin_token=False):
+                 def authenticate_by_token(self, auth_token, roles=None):
                      from rhodecode.lib import auth
                      log.debug('Trying to authenticate user: %s via auth-token, '
                      tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
-                     maybe_builtin = []
-                     if include_builtin_token:
-                         maybe_builtin = [AttributeDict({'api_key': self.api_key})]
                      plain_tokens = []
                      hash_tokens = []
-                     for token in tokens_q.all() + maybe_builtin:
+                     for token in tokens_q.all():
                          if token.api_key.startswith(crypto_backend.ENC_PREF):
                              hash_tokens.append(token.api_key)
                          else:

rhodecode/tests/lib/test_auth.py

0 +1 -1

                      new_token.api_key = token  # inject known name for testing...
                  assert auth_result == user.authenticate_by_token(
-                     test_token, roles=test_roles, include_builtin_token=True)
+                     test_token, roles=test_roles)

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages