##// END OF EJS Templates
api-events: fix a case events were called from API and we couldn't fetch registered user....
marcink -
r1420:20a1b221 default
parent child Browse files
Show More
@@ -183,20 +183,20 b' def request_view(request):'
183 183 # search not expired tokens only
184 184
185 185 try:
186 u = User.get_by_auth_token(request.rpc_api_key)
186 api_user = User.get_by_auth_token(request.rpc_api_key)
187 187
188 if u is None:
188 if api_user is None:
189 189 return jsonrpc_error(
190 190 request, retid=request.rpc_id, message='Invalid API KEY')
191 191
192 if not u.active:
192 if not api_user.active:
193 193 return jsonrpc_error(
194 194 request, retid=request.rpc_id,
195 195 message='Request from this user not allowed')
196 196
197 197 # check if we are allowed to use this IP
198 198 auth_u = AuthUser(
199 u.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
199 api_user.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
200 200 if not auth_u.ip_allowed:
201 201 return jsonrpc_error(
202 202 request, retid=request.rpc_id,
@@ -205,11 +205,14 b' def request_view(request):'
205 205 else:
206 206 log.info('Access for IP:%s allowed' % (request.rpc_ip_addr,))
207 207
208 # register our auth-user
209 request.rpc_user = auth_u
210
208 211 # now check if token is valid for API
209 212 role = UserApiKeys.ROLE_API
210 213 extra_auth_tokens = [
211 x.api_key for x in User.extra_valid_auth_tokens(u, role=role)]
212 active_tokens = [u.api_key] + extra_auth_tokens
214 x.api_key for x in User.extra_valid_auth_tokens(api_user, role=role)]
215 active_tokens = [api_user.api_key] + extra_auth_tokens
213 216
214 217 log.debug('Checking if API key has proper role')
215 218 if request.rpc_api_key not in active_tokens:
@@ -38,15 +38,30 b' class RhodecodeEvent(object):'
38 38 self.utc_timestamp = datetime.utcnow()
39 39
40 40 @property
41 def auth_user(self):
42 if not self.request:
43 return
44
45 user = getattr(self.request, 'user', None)
46 if user:
47 return user
48
49 api_user = getattr(self.request, 'rpc_user', None)
50 if api_user:
51 return api_user
52
53 @property
41 54 def actor(self):
42 if self.request:
43 return self.request.user.get_instance()
55 auth_user = self.auth_user
56 if auth_user:
57 return auth_user.get_instance()
44 58 return SYSTEM_USER
45 59
46 60 @property
47 61 def actor_ip(self):
48 if self.request:
49 return self.request.user.ip_addr
62 auth_user = self.auth_user
63 if auth_user:
64 return auth_user.ip_addr
50 65 return '<no ip available>'
51 66
52 67 @property
General Comments 0
You need to be logged in to leave comments. Login now