Ejemplo n.º 1
0
    def put(self, user_id, access_token_id, body):
        """Update an access token for the given user.

        :param user_id: The user ID of the user.
        :param access_token_id: The ID of the access token.
        :param body: The access token.
        :return: The created access token.
        """

        target_token = token_api.user_token_get(access_token_id)

        self._assert_can_access(user_id, body)
        self._assert_can_access(user_id, target_token)

        if not target_token:
            abort(404, _("Token %s not found.") % access_token_id)

        # We only allow updating the expiration date.
        target_token.expires_in = body.expires_in

        token_dict = target_token.as_dict()

        if "refresh_token" in token_dict:
            del token_dict["refresh_token"]

        result_token = token_api.user_token_update(access_token_id, token_dict)

        return self._from_db_model(result_token)
Ejemplo n.º 2
0
    def put(self, user_id, access_token_id, body):
        """Update an access token for the given user.

        :param user_id: The user ID of the user.
        :param access_token_id: The ID of the access token.
        :param body: The access token.
        :return: The created access token.
        """

        target_token = token_api.user_token_get(access_token_id)

        self._assert_can_access(user_id, body)
        self._assert_can_access(user_id, target_token)

        if not target_token:
            abort(404, _("Token %s not found.") % access_token_id)

        # We only allow updating the expiration date.
        target_token.expires_in = body.expires_in

        token_dict = target_token.as_dict()

        if "refresh_token" in token_dict:
            del token_dict["refresh_token"]

        result_token = token_api.user_token_update(access_token_id,
                                                   token_dict)

        return self._from_db_model(result_token)
Ejemplo n.º 3
0
    def delete(self, user_id, access_token_id):
        """Deletes an access token with assigned refresh token for the given
        user.

        :param user_id: The user ID of the user.
        :param access_token_id: The ID of the access token.
        :return: Empty body, or error response.
        """
        access_token = token_api.user_token_get(access_token_id)
        self._assert_can_access(user_id, access_token)

        if not access_token:
            abort(404, _("Token %s not found.") % access_token_id)

        token_api.user_token_delete(access_token_id)
Ejemplo n.º 4
0
    def get(self, user_id, access_token_id):
        """Returns a specific access token with assigned refresh token for the
        given user.

        :param user_id: The ID of the user.
        :param access_token_id: The ID of the access token.
        :return: The requested access token.
        """
        access_token = token_api.user_token_get(access_token_id)
        self._assert_can_access(user_id, access_token)

        if not access_token:
            abort(404, _("Token %s not found.") % access_token_id)

        return self._from_db_model(access_token)
Ejemplo n.º 5
0
    def delete(self, user_id, access_token_id):
        """Deletes an access token with assigned refresh token for the given
        user.

        :param user_id: The user ID of the user.
        :param access_token_id: The ID of the access token.
        :return: Empty body, or error response.
        """
        access_token = token_api.user_token_get(access_token_id)
        self._assert_can_access(user_id, access_token)

        if not access_token:
            abort(404, _("Token %s not found.") % access_token_id)

        token_api.user_token_delete(access_token_id)
Ejemplo n.º 6
0
    def get(self, user_id, access_token_id):
        """Returns a specific access token with assigned refresh token for the
        given user.

        :param user_id: The ID of the user.
        :param access_token_id: The ID of the access token.
        :return: The requested access token.
        """
        access_token = token_api.user_token_get(access_token_id)
        self._assert_can_access(user_id, access_token)

        if not access_token:
            abort(404, _("Token %s not found.") % access_token_id)

        return self._from_db_model(access_token)
Ejemplo n.º 7
0
    def get_all(self,
                user_id,
                marker=None,
                limit=None,
                sort_field='id',
                sort_dir='asc'):
        """Returns all the access tokens with matching refresh tokens for
        the provided user.

        Example::

          curl https://my.example.org/api/v1/users/21/tokens \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN'

        :param user_id: The ID of the user.
        :param marker: The marker record at which to start the page.
        :param limit: The number of records to return.
        :param sort_field: The field on which to sort.
        :param sort_dir: The direction to sort.
        :return: A list of access tokens for the given user.
        """
        self._assert_can_access(user_id)

        # Boundary check on limit.
        if limit is not None:
            limit = max(0, limit)

        # Resolve the marker record.
        marker_token = token_api.user_token_get(marker)

        tokens = token_api.user_token_get_all(marker=marker_token,
                                              limit=limit,
                                              user_id=user_id,
                                              filter_non_public=True,
                                              sort_field=sort_field,
                                              sort_dir=sort_dir)
        token_count = token_api.user_token_get_count(user_id=user_id)

        # Apply the query response headers.
        if limit:
            response.headers['X-Limit'] = str(limit)
        response.headers['X-Total'] = str(token_count)

        if marker_token:
            response.headers['X-Marker'] = str(marker_token.id)

        return [self._from_db_model(t) for t in tokens]
Ejemplo n.º 8
0
    def get_all(self, user_id, marker=None, limit=None, sort_field='id',
                sort_dir='asc'):
        """Returns all the access tokens with matching refresh tokens for
        the provided user.

        Example::

          curl https://my.example.org/api/v1/users/21/tokens \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN'

        :param user_id: The ID of the user.
        :param marker: The marker record at which to start the page.
        :param limit: The number of records to return.
        :param sort_field: The field on which to sort.
        :param sort_dir: The direction to sort.
        :return: A list of access tokens for the given user.
        """
        self._assert_can_access(user_id)

        # Boundary check on limit.
        if limit is not None:
            limit = max(0, limit)

        # Resolve the marker record.
        marker_token = token_api.user_token_get(marker)

        tokens = token_api.user_token_get_all(marker=marker_token,
                                              limit=limit,
                                              user_id=user_id,
                                              filter_non_public=True,
                                              sort_field=sort_field,
                                              sort_dir=sort_dir)
        token_count = token_api.user_token_get_count(user_id=user_id)

        # Apply the query response headers.
        if limit:
            response.headers['X-Limit'] = str(limit)
        response.headers['X-Total'] = str(token_count)

        if marker_token:
            response.headers['X-Marker'] = str(marker_token.id)

        return [self._from_db_model(t) for t in tokens]
Ejemplo n.º 9
0
    def delete(self, user_id, access_token_id):
        """Deletes an access token with assigned refresh token for the given
        user. Admin users can delete any access tokens, regular users can only
        delete their own.

        Example::

          curl https://my.example.org/api/v1/users/2/tokens/1764 -X DELETE \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN'

        :param user_id: The user ID of the user.
        :param access_token_id: The ID of the access token.
        :return: Empty body, or error response.
        """
        access_token = token_api.user_token_get(access_token_id)
        self._assert_can_access(user_id, access_token)

        if not access_token:
            abort(404, _("Token %s not found.") % access_token_id)

        token_api.user_token_delete(access_token_id)
Ejemplo n.º 10
0
    def get(self, user_id, access_token_id):
        """Returns a specific access token with assigned refresh token for the
        given user. Admin users can specify any user id, regular users can only
        use their own.

        Example::

          curl https://my.example.org/api/v1/users/2/tokens \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN'

        :param user_id: The ID of the user.
        :param access_token_id: The ID of the access token.
        :return: The requested access token.
        """
        access_token = token_api.user_token_get(access_token_id)
        self._assert_can_access(user_id, access_token)

        if not access_token:
            abort(404, _("Token %s not found.") % access_token_id)

        return self._from_db_model(access_token)
Ejemplo n.º 11
0
    def delete(self, user_id, access_token_id):
        """Deletes an access token with assigned refresh token for the given
        user. Admin users can delete any access tokens, regular users can only
        delete their own.

        Example::

          curl https://my.example.org/api/v1/users/2/tokens/1764 -X DELETE \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN'

        :param user_id: The user ID of the user.
        :param access_token_id: The ID of the access token.
        :return: Empty body, or error response.
        """
        access_token = token_api.user_token_get(access_token_id)
        self._assert_can_access(user_id, access_token)

        if not access_token:
            abort(404, _("Token %s not found.") % access_token_id)

        token_api.user_token_delete(access_token_id)
Ejemplo n.º 12
0
    def get(self, user_id, access_token_id):
        """Returns a specific access token with assigned refresh token for the
        given user. Admin users can specify any user id, regular users can only
        use their own.

        Example::

          curl https://my.example.org/api/v1/users/2/tokens \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN'

        :param user_id: The ID of the user.
        :param access_token_id: The ID of the access token.
        :return: The requested access token.
        """
        access_token = token_api.user_token_get(access_token_id)
        self._assert_can_access(user_id, access_token)

        if not access_token:
            abort(404, _("Token %s not found.") % access_token_id)

        return self._from_db_model(access_token)
Ejemplo n.º 13
0
    def put(self, user_id, access_token_id, body):
        """Update an access token for the given user. Admin users can edit
        any token, regular users can only edit their own.

        Example::

          curl https://my.example.org/api/v1/users/2/tokens/1764 \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
          -H 'Content-Type: application/json;charset=UTF-8' \\
          --data-binary '{"expires_in": 7200, "user_id": 2}'

        :param user_id: The user ID of the user.
        :param access_token_id: The ID of the access token.
        :param body: The access token.
        :return: The created access token.
        """

        target_token = token_api.user_token_get(access_token_id)

        self._assert_can_access(user_id, body)
        self._assert_can_access(user_id, target_token)

        if not target_token:
            abort(404, _("Token %s not found.") % access_token_id)

        # We only allow updating the expiration date.
        target_token.expires_in = body.expires_in

        token_dict = target_token.as_dict()

        if "refresh_token" in token_dict:
            del token_dict["refresh_token"]

        result_token = token_api.user_token_update(access_token_id,
                                                   token_dict)

        return self._from_db_model(result_token)
Ejemplo n.º 14
0
    def put(self, user_id, access_token_id, body):
        """Update an access token for the given user. Admin users can edit
        any token, regular users can only edit their own.

        Example::

          curl https://my.example.org/api/v1/users/2/tokens/1764 \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
          -H 'Content-Type: application/json;charset=UTF-8' \\
          --data-binary '{"expires_in": 7200, "user_id": 2}'

        :param user_id: The user ID of the user.
        :param access_token_id: The ID of the access token.
        :param body: The access token.
        :return: The created access token.
        """

        target_token = token_api.user_token_get(access_token_id)

        self._assert_can_access(user_id, body)
        self._assert_can_access(user_id, target_token)

        if not target_token:
            abort(404, _("Token %s not found.") % access_token_id)

        # We only allow updating the expiration date.
        target_token.expires_in = body.expires_in

        token_dict = target_token.as_dict()

        if "refresh_token" in token_dict:
            del token_dict["refresh_token"]

        result_token = token_api.user_token_update(access_token_id, token_dict)

        return self._from_db_model(result_token)