##// END OF EJS Templates
auth-token: only delete token if it exists.
marcink -
r1839:b52a5a91 default
parent child Browse files
Show More
@@ -1,100 +1,102 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2013-2017 RhodeCode GmbH
3 # Copyright (C) 2013-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 authentication tokens model for RhodeCode
22 authentication tokens model for RhodeCode
23 """
23 """
24
24
25 import time
25 import time
26 import logging
26 import logging
27 import traceback
27 import traceback
28 from sqlalchemy import or_
28 from sqlalchemy import or_
29
29
30 from rhodecode.model import BaseModel
30 from rhodecode.model import BaseModel
31 from rhodecode.model.db import UserApiKeys
31 from rhodecode.model.db import UserApiKeys
32 from rhodecode.model.meta import Session
32 from rhodecode.model.meta import Session
33
33
34 log = logging.getLogger(__name__)
34 log = logging.getLogger(__name__)
35
35
36
36
37 class AuthTokenModel(BaseModel):
37 class AuthTokenModel(BaseModel):
38 cls = UserApiKeys
38 cls = UserApiKeys
39
39
40 def create(self, user, description, lifetime=-1, role=UserApiKeys.ROLE_ALL):
40 def create(self, user, description, lifetime=-1, role=UserApiKeys.ROLE_ALL):
41 """
41 """
42 :param user: user or user_id
42 :param user: user or user_id
43 :param description: description of ApiKey
43 :param description: description of ApiKey
44 :param lifetime: expiration time in minutes
44 :param lifetime: expiration time in minutes
45 :param role: role for the apikey
45 :param role: role for the apikey
46 """
46 """
47 from rhodecode.lib.auth import generate_auth_token
47 from rhodecode.lib.auth import generate_auth_token
48
48
49 user = self._get_user(user)
49 user = self._get_user(user)
50
50
51 new_auth_token = UserApiKeys()
51 new_auth_token = UserApiKeys()
52 new_auth_token.api_key = generate_auth_token(user.username)
52 new_auth_token.api_key = generate_auth_token(user.username)
53 new_auth_token.user_id = user.user_id
53 new_auth_token.user_id = user.user_id
54 new_auth_token.description = description
54 new_auth_token.description = description
55 new_auth_token.role = role
55 new_auth_token.role = role
56 new_auth_token.expires = time.time() + (lifetime * 60) \
56 new_auth_token.expires = time.time() + (lifetime * 60) \
57 if lifetime != -1 else -1
57 if lifetime != -1 else -1
58 Session().add(new_auth_token)
58 Session().add(new_auth_token)
59
59
60 return new_auth_token
60 return new_auth_token
61
61
62 def delete(self, auth_token_id, user=None):
62 def delete(self, auth_token_id, user=None):
63 """
63 """
64 Deletes given api_key, if user is set it also filters the object for
64 Deletes given api_key, if user is set it also filters the object for
65 deletion by given user.
65 deletion by given user.
66 """
66 """
67 auth_token = UserApiKeys.query().filter(
67 auth_token = UserApiKeys.query().filter(
68 UserApiKeys.user_api_key_id == auth_token_id)
68 UserApiKeys.user_api_key_id == auth_token_id)
69
69
70 if user:
70 if user:
71 user = self._get_user(user)
71 user = self._get_user(user)
72 auth_token = auth_token.filter(UserApiKeys.user_id == user.user_id)
72 auth_token = auth_token.filter(UserApiKeys.user_id == user.user_id)
73 auth_token = auth_token.scalar()
73 auth_token = auth_token.scalar()
74
75 if auth_token:
74 try:
76 try:
75 Session().delete(auth_token)
77 Session().delete(auth_token)
76 except Exception:
78 except Exception:
77 log.error(traceback.format_exc())
79 log.error(traceback.format_exc())
78 raise
80 raise
79
81
80 def get_auth_tokens(self, user, show_expired=True):
82 def get_auth_tokens(self, user, show_expired=True):
81 user = self._get_user(user)
83 user = self._get_user(user)
82 user_auth_tokens = UserApiKeys.query()\
84 user_auth_tokens = UserApiKeys.query()\
83 .filter(UserApiKeys.user_id == user.user_id)
85 .filter(UserApiKeys.user_id == user.user_id)
84 if not show_expired:
86 if not show_expired:
85 user_auth_tokens = user_auth_tokens\
87 user_auth_tokens = user_auth_tokens\
86 .filter(or_(UserApiKeys.expires == -1,
88 .filter(or_(UserApiKeys.expires == -1,
87 UserApiKeys.expires >= time.time()))
89 UserApiKeys.expires >= time.time()))
88 user_auth_tokens = user_auth_tokens.order_by(
90 user_auth_tokens = user_auth_tokens.order_by(
89 UserApiKeys.user_api_key_id)
91 UserApiKeys.user_api_key_id)
90 return user_auth_tokens
92 return user_auth_tokens
91
93
92 def get_auth_token(self, auth_token):
94 def get_auth_token(self, auth_token):
93 auth_token = UserApiKeys.query().filter(
95 auth_token = UserApiKeys.query().filter(
94 UserApiKeys.api_key == auth_token)
96 UserApiKeys.api_key == auth_token)
95 auth_token = auth_token \
97 auth_token = auth_token \
96 .filter(or_(UserApiKeys.expires == -1,
98 .filter(or_(UserApiKeys.expires == -1,
97 UserApiKeys.expires >= time.time()))\
99 UserApiKeys.expires >= time.time()))\
98 .first()
100 .first()
99
101
100 return auth_token
102 return auth_token
General Comments 0
You need to be logged in to leave comments. Login now