upstream/kallithea Commit - r1693:60249224

fix for api key lookup, reuse same function in user model

marcink -

r1693:60249224 beta

parent child

rhodecode/controllers/api/__init__.py

0 +4 -2

                          return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \
                                               % (e, urllib.unquote_plus(raw_body)))
-                     #check AUTH based on API KEY
+                     # check AUTH based on API KEY
                      try:
                          self._req_api_key = json_body['api_key']
                          self._req_method = json_body['method']
                      except KeyError, e:
                          return jsonrpc_error(message='Incorrect JSON query missing %s' % e)
-                     #check if we can find this session using api_key
+                     # check if we can find this session using api_key
                      try:
                          u = User.get_by_api_key(self._req_api_key)
+                         if u is None:
+                             return jsonrpc_error(message='Invalid API KEY')
                          auth_u = AuthUser(u.user_id, self._req_api_key)
                      except Exception, e:
                          return jsonrpc_error(message='Invalid API KEY')

rhodecode/model/db.py

0 +1 -1

                      if cache:
                          q = q.options(FromCache("sql_cache_short",
                                                  "get_api_key_%s" % api_key))
-                     q.one()
+                     return q.scalar()
                  def update_lastlogin(self):
                      """Update user lastlogin"""

rhodecode/model/user.py

0 +1 -7

                      return user.scalar()
                  def get_by_api_key(self, api_key, cache=False):
-                     user = self.sa.query(User)\
-                             .filter(User.api_key == api_key)
-                     if cache:
-                         user = user.options(FromCache("sql_cache_short",
-                                                       "get_user_%s" % api_key))
-                     return user.scalar()
+                     return User.get_by_api_key(api_key, cache)
                  def create(self, form_data):
                      try:

rhodecode/tests/functional/test_login.py

0 0 -1

                      # GOOD KEY
                      key = User.get_by_username(username).api_key
                      response = self.app.get(url(controller='login',
                                                  action='password_reset_confirmation',
                                                  key=key))

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages