# HG changeset patch # User Marcin Kuzminski # Date 2011-11-17 16:52:48 # Node ID 60249224be044165b9947d52fe01c17cf88b2e55 # Parent b76bb93db070ff70016cb9001445b5e61dbae01c fix for api key lookup, reuse same function in user model diff --git a/rhodecode/controllers/api/__init__.py b/rhodecode/controllers/api/__init__.py --- a/rhodecode/controllers/api/__init__.py +++ b/rhodecode/controllers/api/__init__.py @@ -114,7 +114,7 @@ class JSONRPCController(WSGIController): return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \ % (e, urllib.unquote_plus(raw_body))) - #check AUTH based on API KEY + # check AUTH based on API KEY try: self._req_api_key = json_body['api_key'] self._req_method = json_body['method'] @@ -125,9 +125,11 @@ class JSONRPCController(WSGIController): except KeyError, e: return jsonrpc_error(message='Incorrect JSON query missing %s' % e) - #check if we can find this session using api_key + # check if we can find this session using api_key try: u = User.get_by_api_key(self._req_api_key) + if u is None: + return jsonrpc_error(message='Invalid API KEY') auth_u = AuthUser(u.user_id, self._req_api_key) except Exception, e: return jsonrpc_error(message='Invalid API KEY') diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -324,7 +324,7 @@ class User(Base, BaseModel): if cache: q = q.options(FromCache("sql_cache_short", "get_api_key_%s" % api_key)) - q.one() + return q.scalar() def update_lastlogin(self): """Update user lastlogin""" diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py --- a/rhodecode/model/user.py +++ b/rhodecode/model/user.py @@ -70,13 +70,7 @@ class UserModel(BaseModel): return user.scalar() def get_by_api_key(self, api_key, cache=False): - - user = self.sa.query(User)\ - .filter(User.api_key == api_key) - if cache: - user = user.options(FromCache("sql_cache_short", - "get_user_%s" % api_key)) - return user.scalar() + return User.get_by_api_key(api_key, cache) def create(self, form_data): try: diff --git a/rhodecode/tests/functional/test_login.py b/rhodecode/tests/functional/test_login.py --- a/rhodecode/tests/functional/test_login.py +++ b/rhodecode/tests/functional/test_login.py @@ -247,7 +247,6 @@ class TestLoginController(TestController # GOOD KEY key = User.get_by_username(username).api_key - response = self.app.get(url(controller='login', action='password_reset_confirmation', key=key))