def create_macaroon(self):
if not self.request.user.has_primary_verified_email:
self.request.session.flash(
"Verify your email to create an API token.", queue="error"
)
return HTTPSeeOther(self.request.route_path("manage.account"))
form = CreateMacaroonForm(
**self.request.POST,
user_id=self.request.user.id,
macaroon_service=self.macaroon_service,
project_names=self.project_names,
)
response = {**self.default_response}
if form.validate():
serialized_macaroon, macaroon = self.macaroon_service.create_macaroon(
location=self.request.domain,
user_id=self.request.user.id,
description=form.description.data,
caveats={"permissions": form.validated_scope, "version": 1},
)
response.update(serialized_macaroon=serialized_macaroon, macaroon=macaroon)
return {**response, "create_macaroon_form": form}
def create_macaroon(self):
if not self.request.user.has_primary_verified_email:
self.request.session.flash(
"Verify your email to create an API token.", queue="error")
return HTTPSeeOther(self.request.route_path("manage.account"))
form = CreateMacaroonForm(
**self.request.POST,
user_id=self.request.user.id,
macaroon_service=self.macaroon_service,
project_names=self.project_names,
)
response = {**self.default_response}
if form.validate():
macaroon_caveats = {
"permissions": form.validated_scope,
"version": 1
}
serialized_macaroon, macaroon = self.macaroon_service.create_macaroon(
location=self.request.domain,
user_id=self.request.user.id,
description=form.description.data,
caveats=macaroon_caveats,
)
self.user_service.record_event(
self.request.user.id,
tag="account:api_token:added",
ip_address=self.request.remote_addr,
additional={
"description": form.description.data,
"caveats": macaroon_caveats,
},
)
if "projects" in form.validated_scope:
projects = [
project for project in self.request.user.projects if
project.normalized_name in form.validated_scope["projects"]
]
for project in projects:
# NOTE: We don't disclose the full caveats for this token
# to the project event log, since the token could also
# have access to projects that this project's owner
# isn't aware of.
project.record_event(
tag="project:api_token:added",
ip_address=self.request.remote_addr,
additional={
"description": form.description.data,
"user": self.request.user.username,
},
)
response.update(serialized_macaroon=serialized_macaroon,
macaroon=macaroon)
return {**response, "create_macaroon_form": form}
def default_response(self):
return {
"project_names": self.project_names,
"create_macaroon_form": CreateMacaroonForm(
user_id=self.request.user.id,
macaroon_service=self.macaroon_service,
project_names=self.project_names,
),
"delete_macaroon_form": DeleteMacaroonForm(
macaroon_service=self.macaroon_service
),
}