##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
added some more logging for token auth
marcink -
r3059:f4a398a8 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -739,13 +739,18 b' class User(Base, BaseModel):'
739 739 plain_tokens = []
740 740 hash_tokens = []
741 741
742 for token in tokens_q.all():
743 # verify scope first
742 user_tokens = tokens_q.all()
743 log.debug('Found %s user tokens to check for authentication', len(user_tokens))
744 for token in user_tokens:
745 log.debug('AUTH_TOKEN: checking if user token with id `%s` matches',
746 token.user_api_key_id)
747 # verify scope first, since it's way faster than hash calculation of
748 # encrypted tokens
744 749 if token.repo_id:
745 750 # token has a scope, we need to verify it
746 751 if scope_repo_id != token.repo_id:
747 752 log.debug(
748 'Scope mismatch: token has a set repo scope: %s, '
753 'AUTH_TOKEN: scope mismatch, token has a set repo scope: %s, '
749 754 'and calling scope is:%s, skipping further checks',
750 755 token.repo, scope_repo_id)
751 756 # token has a scope, and it doesn't match, skip token
@@ -761,7 +766,7 b' class User(Base, BaseModel):'
761 766 return True
762 767
763 768 for hashed in hash_tokens:
764 # TODO(marcink): this is expensive to calculate, but most secure
769 # NOTE(marcink): this is expensive to calculate, but most secure
765 770 match = crypto_backend.hash_check(auth_token, hashed)
766 771 if match:
767 772 return True
General Comments 0
You need to be logged in to leave comments. Login now