def api_key_confirm(token=None, secret=None): req = ApiKeyRequest.from_token(db.session, token) if not req: time.sleep(5) flash('Email login request not found.', 'danger') return redirect('/') if req.secret != secret: flash('Email login code invalid.', 'danger') return redirect('/') now = datetime.datetime.now() if now > req.expiry: time.sleep(5) flash('Email login request expired.', 'danger') return redirect('/') if request.method == 'POST': confirm = request.form.get('confirm') == 'true' if not confirm: db.session.delete(req) db.session.commit() flash('Email login cancelled.', 'success') return redirect('/') perms = request.form.getlist('perms') api_key = ApiKey(req.user, req.device_name) for name in perms: perm = Permission.from_name(db.session, name) api_key.permissions.append(perm) req.created_api_key = api_key db.session.add(req) db.session.add(api_key) db.session.commit() flash('Email login confirmed.', 'success') return redirect('/') return render_template('paydb/api_key_confirm.html', req=req, perms=Permission.PERMS_ALL)
def api_key_create(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["email", "password", "device_name"]) if err_response: return err_response email, password, device_name = params if not email: return bad_request(web_utils.INVALID_EMAIL) email = email.lower() user = User.from_email(db.session, email) if not user: time.sleep(5) return bad_request(web_utils.AUTH_FAILED) if not flask_security.verify_password(password, user.password): time.sleep(5) return bad_request(web_utils.AUTH_FAILED) api_key = ApiKey(user, device_name) for name in Permission.PERMS_ALL: perm = Permission.from_name(db.session, name) api_key.permissions.append(perm) db.session.add(api_key) db.session.commit() return jsonify( dict(token=api_key.token, secret=api_key.secret, device_name=api_key.device_name, expiry=api_key.expiry))
def your_keys(request): if request.method == 'POST': if 'create_key' in request.POST: purpose = request.POST.get('purpose', '') group, created = ApiKeyGroup.objects.get_or_create( name = 'default' ) key = ApiKey.create_for_user(request.user, group, purpose) return HttpResponseRedirect('/api/your-keys/') # Are they deleting a key? for k in request.POST.keys(): if k.startswith('delete_'): key = k.replace('delete_', '') try: api_key = ApiKey.objects.get( key = key, user = request.user ) api_key.delete() except ApiKey.DoesNotExist: pass return HttpResponseRedirect('/api/your-keys/') return render(request, 'api/your_keys.html', { 'keys': request.user.api_keys.select_related('group').order_by( 'created_at' ), })
def add_key(form): try: new_key = ApiKey(developer=current_user, occupation=form.occupation.data, application=form.application.data, usage=html2text(form.usage.data), api_key=generate_new_key()) except AttributeError: return abort(400) db.session.add(new_key) db.session.commit()
def transfer_tx_callback(api_keys, txn): txt = json.dumps(txn) print("transfer_tx_callback: tx %s" % txt) for api_key in api_keys: print("sending 'tx' event to room %s" % api_key) socketio.emit("tx", txt, json=True, room=api_key) if not TxNotification.exists(db.session, txn["id"]): print("adding to tx notification table") api_key = ApiKey.from_token(db.session, api_key) txnoti = TxNotification(api_key.user, txn["id"]) db.session.add(txnoti) db.session.commit()
def check_auth(api_key_token, nonce, sig, body): api_key = ApiKey.from_token(db.session, api_key_token) if not api_key: return False, "not found", None if not api_key.user.active: return False, "inactive account", None res, reason = check_hmac_auth(api_key, nonce, sig, body) if not res: return False, reason, None # update api key nonce db.session.commit() return True, "", api_key
def create_api_key(request): if request.method == 'POST': form = ApiKeyForm(request.POST) if form.is_valid(): db_api_key = ApiKey() db_api_key.user = request.user db_api_key.description = form.cleaned_data['description'] db_api_key.name = form.cleaned_data['name'] db_api_key.url = form.cleaned_data['url'] db_api_key.accepted_tos = form.cleaned_data['accepted_tos'] db_api_key.save() form = ApiKeyForm() else: form = ApiKeyForm() return render_to_response('api/apply_key.html', { 'user': request.user, 'form': form }, context_instance=RequestContext(request))
def check_auth(session, api_key_token, nonce, sig, body): # pylint: disable=import-outside-toplevel from models import ApiKey api_key = ApiKey.from_token(session, api_key_token) if not api_key: return False, AUTH_FAILED, None if not api_key.user.active: return False, AUTH_FAILED, None res, reason = check_hmac_auth(api_key, nonce, sig, body) if not res: return False, reason, None # update api key nonce session.commit() return True, "", api_key
def create_api_key(request): if request.method == 'POST': form = ApiKeyForm(request.POST) if form.is_valid(): db_api_key = ApiKey() db_api_key.user = request.user db_api_key.description = form.cleaned_data['description'] db_api_key.name = form.cleaned_data['name'] db_api_key.url = form.cleaned_data['url'] db_api_key.accepted_tos= form.cleaned_data['accepted_tos'] db_api_key.save() form = ApiKeyForm() else: form = ApiKeyForm() return render_to_response('api/apply_key.html', { 'user': request.user, 'form': form }, context_instance=RequestContext(request))
def has_write_access(cls, namespace, apikey): a = ApiKey.find(namespace, apikey) if a: return a.has_write