def put(self, user_id, access_token_id, body):
"""Update an access token for the given user.
:param user_id: The user ID of the user.
:param access_token_id: The ID of the access token.
:param body: The access token.
:return: The created access token.
"""
target_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, body)
self._assert_can_access(user_id, target_token)
if not target_token:
abort(404, _("Token %s not found.") % access_token_id)
# We only allow updating the expiration date.
target_token.expires_in = body.expires_in
token_dict = target_token.as_dict()
if "refresh_token" in token_dict:
del token_dict["refresh_token"]
result_token = token_api.user_token_update(access_token_id, token_dict)
return self._from_db_model(result_token)
def put(self, user_id, access_token_id, body):
"""Update an access token for the given user.
:param user_id: The user ID of the user.
:param access_token_id: The ID of the access token.
:param body: The access token.
:return: The created access token.
"""
target_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, body)
self._assert_can_access(user_id, target_token)
if not target_token:
abort(404, _("Token %s not found.") % access_token_id)
# We only allow updating the expiration date.
target_token.expires_in = body.expires_in
token_dict = target_token.as_dict()
if "refresh_token" in token_dict:
del token_dict["refresh_token"]
result_token = token_api.user_token_update(access_token_id,
token_dict)
return self._from_db_model(result_token)
def delete(self, user_id, access_token_id):
"""Deletes an access token with assigned refresh token for the given
user.
:param user_id: The user ID of the user.
:param access_token_id: The ID of the access token.
:return: Empty body, or error response.
"""
access_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, access_token)
if not access_token:
abort(404, _("Token %s not found.") % access_token_id)
token_api.user_token_delete(access_token_id)
def get(self, user_id, access_token_id):
"""Returns a specific access token with assigned refresh token for the
given user.
:param user_id: The ID of the user.
:param access_token_id: The ID of the access token.
:return: The requested access token.
"""
access_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, access_token)
if not access_token:
abort(404, _("Token %s not found.") % access_token_id)
return self._from_db_model(access_token)
def delete(self, user_id, access_token_id):
"""Deletes an access token with assigned refresh token for the given
user.
:param user_id: The user ID of the user.
:param access_token_id: The ID of the access token.
:return: Empty body, or error response.
"""
access_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, access_token)
if not access_token:
abort(404, _("Token %s not found.") % access_token_id)
token_api.user_token_delete(access_token_id)
def get(self, user_id, access_token_id):
"""Returns a specific access token with assigned refresh token for the
given user.
:param user_id: The ID of the user.
:param access_token_id: The ID of the access token.
:return: The requested access token.
"""
access_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, access_token)
if not access_token:
abort(404, _("Token %s not found.") % access_token_id)
return self._from_db_model(access_token)
def get_all(self,
user_id,
marker=None,
limit=None,
sort_field='id',
sort_dir='asc'):
"""Returns all the access tokens with matching refresh tokens for
the provided user.
Example::
curl https://my.example.org/api/v1/users/21/tokens \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN'
:param user_id: The ID of the user.
:param marker: The marker record at which to start the page.
:param limit: The number of records to return.
:param sort_field: The field on which to sort.
:param sort_dir: The direction to sort.
:return: A list of access tokens for the given user.
"""
self._assert_can_access(user_id)
# Boundary check on limit.
if limit is not None:
limit = max(0, limit)
# Resolve the marker record.
marker_token = token_api.user_token_get(marker)
tokens = token_api.user_token_get_all(marker=marker_token,
limit=limit,
user_id=user_id,
filter_non_public=True,
sort_field=sort_field,
sort_dir=sort_dir)
token_count = token_api.user_token_get_count(user_id=user_id)
# Apply the query response headers.
if limit:
response.headers['X-Limit'] = str(limit)
response.headers['X-Total'] = str(token_count)
if marker_token:
response.headers['X-Marker'] = str(marker_token.id)
return [self._from_db_model(t) for t in tokens]
def get_all(self, user_id, marker=None, limit=None, sort_field='id',
sort_dir='asc'):
"""Returns all the access tokens with matching refresh tokens for
the provided user.
Example::
curl https://my.example.org/api/v1/users/21/tokens \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN'
:param user_id: The ID of the user.
:param marker: The marker record at which to start the page.
:param limit: The number of records to return.
:param sort_field: The field on which to sort.
:param sort_dir: The direction to sort.
:return: A list of access tokens for the given user.
"""
self._assert_can_access(user_id)
# Boundary check on limit.
if limit is not None:
limit = max(0, limit)
# Resolve the marker record.
marker_token = token_api.user_token_get(marker)
tokens = token_api.user_token_get_all(marker=marker_token,
limit=limit,
user_id=user_id,
filter_non_public=True,
sort_field=sort_field,
sort_dir=sort_dir)
token_count = token_api.user_token_get_count(user_id=user_id)
# Apply the query response headers.
if limit:
response.headers['X-Limit'] = str(limit)
response.headers['X-Total'] = str(token_count)
if marker_token:
response.headers['X-Marker'] = str(marker_token.id)
return [self._from_db_model(t) for t in tokens]
def delete(self, user_id, access_token_id):
"""Deletes an access token with assigned refresh token for the given
user. Admin users can delete any access tokens, regular users can only
delete their own.
Example::
curl https://my.example.org/api/v1/users/2/tokens/1764 -X DELETE \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN'
:param user_id: The user ID of the user.
:param access_token_id: The ID of the access token.
:return: Empty body, or error response.
"""
access_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, access_token)
if not access_token:
abort(404, _("Token %s not found.") % access_token_id)
token_api.user_token_delete(access_token_id)
def get(self, user_id, access_token_id):
"""Returns a specific access token with assigned refresh token for the
given user. Admin users can specify any user id, regular users can only
use their own.
Example::
curl https://my.example.org/api/v1/users/2/tokens \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN'
:param user_id: The ID of the user.
:param access_token_id: The ID of the access token.
:return: The requested access token.
"""
access_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, access_token)
if not access_token:
abort(404, _("Token %s not found.") % access_token_id)
return self._from_db_model(access_token)
def delete(self, user_id, access_token_id):
"""Deletes an access token with assigned refresh token for the given
user. Admin users can delete any access tokens, regular users can only
delete their own.
Example::
curl https://my.example.org/api/v1/users/2/tokens/1764 -X DELETE \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN'
:param user_id: The user ID of the user.
:param access_token_id: The ID of the access token.
:return: Empty body, or error response.
"""
access_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, access_token)
if not access_token:
abort(404, _("Token %s not found.") % access_token_id)
token_api.user_token_delete(access_token_id)
def get(self, user_id, access_token_id):
"""Returns a specific access token with assigned refresh token for the
given user. Admin users can specify any user id, regular users can only
use their own.
Example::
curl https://my.example.org/api/v1/users/2/tokens \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN'
:param user_id: The ID of the user.
:param access_token_id: The ID of the access token.
:return: The requested access token.
"""
access_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, access_token)
if not access_token:
abort(404, _("Token %s not found.") % access_token_id)
return self._from_db_model(access_token)
def put(self, user_id, access_token_id, body):
"""Update an access token for the given user. Admin users can edit
any token, regular users can only edit their own.
Example::
curl https://my.example.org/api/v1/users/2/tokens/1764 \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
-H 'Content-Type: application/json;charset=UTF-8' \\
--data-binary '{"expires_in": 7200, "user_id": 2}'
:param user_id: The user ID of the user.
:param access_token_id: The ID of the access token.
:param body: The access token.
:return: The created access token.
"""
target_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, body)
self._assert_can_access(user_id, target_token)
if not target_token:
abort(404, _("Token %s not found.") % access_token_id)
# We only allow updating the expiration date.
target_token.expires_in = body.expires_in
token_dict = target_token.as_dict()
if "refresh_token" in token_dict:
del token_dict["refresh_token"]
result_token = token_api.user_token_update(access_token_id,
token_dict)
return self._from_db_model(result_token)
def put(self, user_id, access_token_id, body):
"""Update an access token for the given user. Admin users can edit
any token, regular users can only edit their own.
Example::
curl https://my.example.org/api/v1/users/2/tokens/1764 \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
-H 'Content-Type: application/json;charset=UTF-8' \\
--data-binary '{"expires_in": 7200, "user_id": 2}'
:param user_id: The user ID of the user.
:param access_token_id: The ID of the access token.
:param body: The access token.
:return: The created access token.
"""
target_token = token_api.user_token_get(access_token_id)
self._assert_can_access(user_id, body)
self._assert_can_access(user_id, target_token)
if not target_token:
abort(404, _("Token %s not found.") % access_token_id)
# We only allow updating the expiration date.
target_token.expires_in = body.expires_in
token_dict = target_token.as_dict()
if "refresh_token" in token_dict:
del token_dict["refresh_token"]
result_token = token_api.user_token_update(access_token_id, token_dict)
return self._from_db_model(result_token)