##// END OF EJS Templates
added some more logging for token auth
marcink -
r3059:f4a398a8 default
parent child Browse files
Show More
@@ -739,13 +739,18 b' class User(Base, BaseModel):'
739 plain_tokens = []
739 plain_tokens = []
740 hash_tokens = []
740 hash_tokens = []
741
741
742 for token in tokens_q.all():
742 user_tokens = tokens_q.all()
743 # verify scope first
743 log.debug('Found %s user tokens to check for authentication', len(user_tokens))
744 for token in user_tokens:
745 log.debug('AUTH_TOKEN: checking if user token with id `%s` matches',
746 token.user_api_key_id)
747 # verify scope first, since it's way faster than hash calculation of
748 # encrypted tokens
744 if token.repo_id:
749 if token.repo_id:
745 # token has a scope, we need to verify it
750 # token has a scope, we need to verify it
746 if scope_repo_id != token.repo_id:
751 if scope_repo_id != token.repo_id:
747 log.debug(
752 log.debug(
748 'Scope mismatch: token has a set repo scope: %s, '
753 'AUTH_TOKEN: scope mismatch, token has a set repo scope: %s, '
749 'and calling scope is:%s, skipping further checks',
754 'and calling scope is:%s, skipping further checks',
750 token.repo, scope_repo_id)
755 token.repo, scope_repo_id)
751 # token has a scope, and it doesn't match, skip token
756 # token has a scope, and it doesn't match, skip token
@@ -761,7 +766,7 b' class User(Base, BaseModel):'
761 return True
766 return True
762
767
763 for hashed in hash_tokens:
768 for hashed in hash_tokens:
764 # TODO(marcink): this is expensive to calculate, but most secure
769 # NOTE(marcink): this is expensive to calculate, but most secure
765 match = crypto_backend.hash_check(auth_token, hashed)
770 match = crypto_backend.hash_check(auth_token, hashed)
766 if match:
771 if match:
767 return True
772 return True
General Comments 0
You need to be logged in to leave comments. Login now