##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
auth-token: only delete token if it exists.
marcink -
r1839:b52a5a91 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,100 +1,102 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2013-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 authentication tokens model for RhodeCode
23 23 """
24 24
25 25 import time
26 26 import logging
27 27 import traceback
28 28 from sqlalchemy import or_
29 29
30 30 from rhodecode.model import BaseModel
31 31 from rhodecode.model.db import UserApiKeys
32 32 from rhodecode.model.meta import Session
33 33
34 34 log = logging.getLogger(__name__)
35 35
36 36
37 37 class AuthTokenModel(BaseModel):
38 38 cls = UserApiKeys
39 39
40 40 def create(self, user, description, lifetime=-1, role=UserApiKeys.ROLE_ALL):
41 41 """
42 42 :param user: user or user_id
43 43 :param description: description of ApiKey
44 44 :param lifetime: expiration time in minutes
45 45 :param role: role for the apikey
46 46 """
47 47 from rhodecode.lib.auth import generate_auth_token
48 48
49 49 user = self._get_user(user)
50 50
51 51 new_auth_token = UserApiKeys()
52 52 new_auth_token.api_key = generate_auth_token(user.username)
53 53 new_auth_token.user_id = user.user_id
54 54 new_auth_token.description = description
55 55 new_auth_token.role = role
56 56 new_auth_token.expires = time.time() + (lifetime * 60) \
57 57 if lifetime != -1 else -1
58 58 Session().add(new_auth_token)
59 59
60 60 return new_auth_token
61 61
62 62 def delete(self, auth_token_id, user=None):
63 63 """
64 64 Deletes given api_key, if user is set it also filters the object for
65 65 deletion by given user.
66 66 """
67 67 auth_token = UserApiKeys.query().filter(
68 68 UserApiKeys.user_api_key_id == auth_token_id)
69 69
70 70 if user:
71 71 user = self._get_user(user)
72 72 auth_token = auth_token.filter(UserApiKeys.user_id == user.user_id)
73 73 auth_token = auth_token.scalar()
74 try:
75 Session().delete(auth_token)
76 except Exception:
77 log.error(traceback.format_exc())
78 raise
74
75 if auth_token:
76 try:
77 Session().delete(auth_token)
78 except Exception:
79 log.error(traceback.format_exc())
80 raise
79 81
80 82 def get_auth_tokens(self, user, show_expired=True):
81 83 user = self._get_user(user)
82 84 user_auth_tokens = UserApiKeys.query()\
83 85 .filter(UserApiKeys.user_id == user.user_id)
84 86 if not show_expired:
85 87 user_auth_tokens = user_auth_tokens\
86 88 .filter(or_(UserApiKeys.expires == -1,
87 89 UserApiKeys.expires >= time.time()))
88 90 user_auth_tokens = user_auth_tokens.order_by(
89 91 UserApiKeys.user_api_key_id)
90 92 return user_auth_tokens
91 93
92 94 def get_auth_token(self, auth_token):
93 95 auth_token = UserApiKeys.query().filter(
94 96 UserApiKeys.api_key == auth_token)
95 97 auth_token = auth_token \
96 98 .filter(or_(UserApiKeys.expires == -1,
97 99 UserApiKeys.expires >= time.time()))\
98 100 .first()
99 101
100 102 return auth_token
General Comments 0
You need to be logged in to leave comments. Login now