def newToken(self, description):
"""
Generate a new personal access token with the given description.
"""
self.__require_privilaged_access()
with DBSession(self.__config_db) as session:
token = generate_session_token()
user = self.getLoggedInUser()
session_token = Session(token, user, None, description, False)
session.add(session_token)
session.commit()
return SessionTokenData(token, description,
str(session_token.last_access))
def newToken(self, description):
"""
Generate a new personal access token with the given description.
"""
self.__require_privilaged_access()
with DBSession(self.__config_db) as session:
token = generate_session_token()
user = self.getLoggedInUser()
groups = ';'.join(self.__auth_session.groups)
session_token = Session(token, user, groups, description, False)
session.add(session_token)
session.commit()
LOG.info("New personal access token '%s...' has been generated "
"by '%s'.", token[:5], self.getLoggedInUser())
return SessionTokenData(token,
description,
str(session_token.last_access))
def create_or_get_session(self, auth_string):
"""
Creates a new session for the given auth-string.
If an existing, valid session is found for the auth_string, that will
be used instead. Otherwise, a brand new token cookie will be generated.
"""
if not self.__auth_config['enabled']:
return None
# Perform cleanup of session memory, if neccessary.
self.__logins_since_prune += 1
if self.__logins_since_prune >= \
self.__auth_config['logins_until_cleanup']:
self.__cleanup_sessions()
# Try authenticate user with personal access token.
auth_token = self.__try_auth_token(auth_string)
if auth_token:
local_session = self.__get_local_session_from_db(auth_token.token)
local_session.revalidate()
self.__sessions.append(local_session)
return local_session
# Try to authenticate user with different authentication methods.
validation = self.__handle_validation(auth_string)
if not validation:
return False
# If the session is still valid and credentials are present,
# return old token. This is fetched either locally or from the db.
user_name = validation['username']
tokens = self.get_db_auth_session_tokens(user_name)
token = tokens[0].token if len(tokens) else generate_session_token()
local_session = self.get_session(token)
if local_session and local_session.is_alive:
# The token is still valid, re-validate it.
local_session.revalidate()
else:
# Invalidate the token because it has been expired.
self.invalidate(token)
groups = validation.get('groups', [])
is_root = validation.get('root', False)
local_session = self.__create_local_session(
token, user_name, groups, is_root)
self.__sessions.append(local_session)
transaction = None
if self.__database_connection:
try:
transaction = self.__database_connection()
record = SessionRecord(token, user_name, ';'.join(groups))
transaction.add(record)
transaction.commit()
except Exception as e:
LOG.error("Couldn't store or update login record in "
"database:")
LOG.error(str(e))
finally:
if transaction:
transaction.close()
return local_session