Example #1
0
    def test_token_is_removed_on_second_use(self, app):
        user = factories.User()
        now = datetime.now()
        with freeze_time(now):
            data = helpers.call_action(
                u"api_token_create",
                context={
                    u"model": model,
                    u"user": user[u"name"]
                },
                user=user[u"name"],
                name=u"token-name",
                expires_in=20,
                unit=1,
            )

        decoded = api_token.decode(data["token"])
        id = decoded["jti"]
        assert model.ApiToken.get(id)

        url = url_for(u"user.api_tokens", id=user["id"])
        app.get(
            url,
            headers={u"authorization": six.ensure_str(data[u"token"])},
        )

        with freeze_time(now + timedelta(seconds=22)):
            app.get(
                url,
                headers={u"authorization": six.ensure_str(data[u"token"])},
                status=403,
            )
Example #2
0
def api_token_revoke(context, data_dict):
    """Delete API Token.

    :param string token: Token to remove(required if `jti` not specified).
    :param string jti: Id of the token to remove(overrides `token` if specified).

    .. versionadded:: 3.0
    """
    jti = data_dict.get(u'jti')
    if not jti:
        token = _get_or_bust(data_dict, u'token')
        decoders = plugins.PluginImplementations(plugins.IApiToken)
        for plugin in decoders:
            data = plugin.decode_api_token(token)
            if data:
                break
        else:
            data = api_token.decode(token)

        if data:
            jti = data.get(u'jti')

    _check_access(u'api_token_revoke', context, {u'jti': jti})
    model = context[u'model']
    model.ApiToken.revoke(jti)
Example #3
0
    def test_token_revoke(self):
        user = factories.User()
        token = helpers.call_action(u"api_token_create",
                                    context={
                                        u"model": model,
                                        u"user": user[u"name"]
                                    },
                                    user=user[u"name"],
                                    name="token-name")['token']
        token2 = helpers.call_action(u"api_token_create",
                                     context={
                                         u"model": model,
                                         u"user": user[u"name"]
                                     },
                                     user=user[u"name"],
                                     name="token-name-2")['token']

        tokens = helpers.call_action(u"api_token_list",
                                     context={
                                         u"model": model,
                                         u"user": user[u"name"]
                                     },
                                     user=user[u"name"])
        assert len(tokens) == 2

        helpers.call_action(u"api_token_revoke",
                            context={
                                u"model": model,
                                u"user": user[u"name"]
                            },
                            token=token)

        tokens = helpers.call_action(u"api_token_list",
                                     context={
                                         u"model": model,
                                         u"user": user[u"name"]
                                     },
                                     user=user[u"name"])
        assert len(tokens) == 1

        helpers.call_action(u"api_token_revoke",
                            context={
                                u"model": model,
                                u"user": user[u"name"]
                            },
                            jti=api_token.decode(token2)[u'jti'])

        tokens = helpers.call_action(u"api_token_list",
                                     context={
                                         u"model": model,
                                         u"user": user[u"name"]
                                     },
                                     user=user[u"name"])
        assert len(tokens) == 0
Example #4
0
 def test_token_created(self):
     from ckan.lib.api_token import decode
     user = factories.User()
     data = helpers.call_action(u"api_token_create", context={
         u"model": model,
         u"user": user[u"name"]
     }, user=user[u"name"], name=u"token-name")
     token = data[u'token']
     jti = decode(token)[u'jti']
     res = model.ApiToken.get(jti)
     assert res.user_id == user[u"id"]
     assert res.last_access is None
     assert res.id == jti
Example #5
0
def api_token_create(original_action, context, data_dict):
    result = original_action(context, data_dict)

    # Exit early, token create error.
    if not result.get('token', None):
        return result

    # Get api_token object.
    model = context['model']
    data = api_token.decode(result.get('token'))
    if not data or u"jti" not in data:
        return result

    token_obj = model.ApiToken.get(data[u"jti"])

    # Exit early, not able to get token object.
    if not token_obj:
        return result

    # You must be a sysadmin to create new activities. So we need to ignore auth check
    ignore_auth = context.get('ignore_auth', False)
    if ignore_auth == False:
        context['ignore_auth'] = True

    # Create activity.
    toolkit.get_action('activity_create')(context, {
        'user_id': token_obj.owner.id,
        'object_id': token_obj.owner.id,
        'activity_type': 'new API token',
        'data': {
            'token': dict(token_obj.as_dict()),
            'user': dict(token_obj.owner.as_dict())
        }
    })

    # If original ignore_auth value was set to false lets set it back to false to go down the chain
    if ignore_auth == False:
        context['ignore_auth'] = False

    return result