Ejemplo n.º 1
0
def can_api_key_access_build(param_name):
    """Determines if the current API key can access the build in the request.

    Args:
        param_name: Parameter name to use for getting the build ID from the
            request. Will fetch from GET or POST requests.

    Returns:
        (api_key, build) The API Key and the Build it has access to.
    """
    build_id = (request.args.get(param_name, type=int)
                or request.form.get(param_name, type=int)
                or request.json[param_name])
    utils.jsonify_assert(build_id, 'build_id required')

    if app.config.get('IGNORE_AUTH'):
        api_key = models.ApiKey(id='anonymous_superuser',
                                secret='',
                                superuser=True)
        build = models.Build.query.get(build_id)
        utils.jsonify_assert(build is not None, 'build must exist', 404)
    else:
        ops = _get_api_key_ops()
        api_key, build = ops.can_access_build(build_id)

    return api_key, build
Ejemplo n.º 2
0
def current_api_key():
    """Determines the API key for the current request.

    Returns:
        The API key.
    """
    if app.config.get('IGNORE_AUTH'):
        return models.ApiKey(id='anonymous_superuser',
                             secret='',
                             superuser=True)

    auth_header = request.authorization
    if not auth_header:
        logging.debug('API request lacks authorization header')
        abort(
            flask.Response(
                'API key required', 401,
                {'WWW-Authenticate': 'Basic realm="API key required"'}))

    api_key = models.ApiKey.query.get(auth_header.username)
    utils.jsonify_assert(api_key, 'API key must exist', 403)
    utils.jsonify_assert(api_key.active, 'API key must be active', 403)
    utils.jsonify_assert(api_key.secret == auth_header.password,
                         'Must have good credentials', 403)

    logging.debug('Authenticated as API key=%r', api_key.id)

    return api_key
Ejemplo n.º 3
0
def current_api_key():
    """Determines the API key for the current request.

    Returns:
        The ApiKey instance.
    """
    if app.config.get('IGNORE_AUTH'):
        return models.ApiKey(id='anonymous_superuser',
                             secret='',
                             superuser=True)

    ops = _get_api_key_ops()
    api_key = ops.get()
    logging.debug('Authenticated as API key=%r', api_key.id)

    return api_key
Ejemplo n.º 4
0
def manage_api_keys():
    """Page for viewing and creating API keys."""
    build = g.build
    create_form = forms.CreateApiKeyForm()
    if create_form.validate_on_submit():
        api_key = models.ApiKey()
        create_form.populate_obj(api_key)
        api_key.id = utils.human_uuid()
        api_key.secret = utils.password_uuid()

        save_admin_log(build, created_api_key=True, message=api_key.id)

        db.session.add(api_key)
        db.session.commit()

        logging.info('Created API key=%r for build_id=%r',
                     api_key.id, build.id)
        return redirect(url_for('manage_api_keys', build_id=build.id))

    create_form.build_id.data = build.id

    api_key_query = (
        models.ApiKey.query
        .filter_by(build_id=build.id)
        .order_by(models.ApiKey.created.desc())
        .limit(1000))

    revoke_form_list = []
    for api_key in api_key_query:
        form = forms.RevokeApiKeyForm()
        form.id.data = api_key.id
        form.build_id.data = build.id
        form.revoke.data = True
        revoke_form_list.append((api_key, form))

    return render_template(
        'view_api_keys.html',
        build=build,
        create_form=create_form,
        revoke_form_list=revoke_form_list)
Ejemplo n.º 5
0
from dpxdt.server import models
from dpxdt.server import utils

parser = argparse.ArgumentParser(description="Configure startup behaviour")
parser.add_argument('-d','--dbexists', help='does db exist already',required=False)
args = parser.parse_args()
print "Argument --dbexists=%s" % args.dbexists

#See if we need to initialize the database
if args.dbexists == "false" or args.dbexists == None:
    db.create_all()

    build = models.Build(name='Primary build')
    db.session.add(build)
    db.session.commit()

    api_key = models.ApiKey(
        id=utils.human_uuid(),
        secret=utils.password_uuid(),
        purpose='Local workers',
        superuser=True,
        build_id=build.id)
    db.session.add(api_key)
    db.session.commit()

    db.session.flush()

    with open('flags.cfg', 'a') as f:
        f.write('--release_client_id=%s\n' % api_key.id)
        f.write('--release_client_secret=%s\n' % api_key.secret)