def test_token_is_removed_on_second_use(self, app): user = factories.User() now = datetime.now() with freeze_time(now): data = helpers.call_action( u"api_token_create", context={ u"model": model, u"user": user[u"name"] }, user=user[u"name"], name=u"token-name", expires_in=20, unit=1, ) decoded = api_token.decode(data["token"]) id = decoded["jti"] assert model.ApiToken.get(id) url = url_for(u"user.api_tokens", id=user["id"]) app.get( url, headers={u"authorization": six.ensure_str(data[u"token"])}, ) with freeze_time(now + timedelta(seconds=22)): app.get( url, headers={u"authorization": six.ensure_str(data[u"token"])}, status=403, )
def api_token_revoke(context, data_dict): """Delete API Token. :param string token: Token to remove(required if `jti` not specified). :param string jti: Id of the token to remove(overrides `token` if specified). .. versionadded:: 3.0 """ jti = data_dict.get(u'jti') if not jti: token = _get_or_bust(data_dict, u'token') decoders = plugins.PluginImplementations(plugins.IApiToken) for plugin in decoders: data = plugin.decode_api_token(token) if data: break else: data = api_token.decode(token) if data: jti = data.get(u'jti') _check_access(u'api_token_revoke', context, {u'jti': jti}) model = context[u'model'] model.ApiToken.revoke(jti)
def test_token_revoke(self): user = factories.User() token = helpers.call_action(u"api_token_create", context={ u"model": model, u"user": user[u"name"] }, user=user[u"name"], name="token-name")['token'] token2 = helpers.call_action(u"api_token_create", context={ u"model": model, u"user": user[u"name"] }, user=user[u"name"], name="token-name-2")['token'] tokens = helpers.call_action(u"api_token_list", context={ u"model": model, u"user": user[u"name"] }, user=user[u"name"]) assert len(tokens) == 2 helpers.call_action(u"api_token_revoke", context={ u"model": model, u"user": user[u"name"] }, token=token) tokens = helpers.call_action(u"api_token_list", context={ u"model": model, u"user": user[u"name"] }, user=user[u"name"]) assert len(tokens) == 1 helpers.call_action(u"api_token_revoke", context={ u"model": model, u"user": user[u"name"] }, jti=api_token.decode(token2)[u'jti']) tokens = helpers.call_action(u"api_token_list", context={ u"model": model, u"user": user[u"name"] }, user=user[u"name"]) assert len(tokens) == 0
def test_token_created(self): from ckan.lib.api_token import decode user = factories.User() data = helpers.call_action(u"api_token_create", context={ u"model": model, u"user": user[u"name"] }, user=user[u"name"], name=u"token-name") token = data[u'token'] jti = decode(token)[u'jti'] res = model.ApiToken.get(jti) assert res.user_id == user[u"id"] assert res.last_access is None assert res.id == jti
def api_token_create(original_action, context, data_dict): result = original_action(context, data_dict) # Exit early, token create error. if not result.get('token', None): return result # Get api_token object. model = context['model'] data = api_token.decode(result.get('token')) if not data or u"jti" not in data: return result token_obj = model.ApiToken.get(data[u"jti"]) # Exit early, not able to get token object. if not token_obj: return result # You must be a sysadmin to create new activities. So we need to ignore auth check ignore_auth = context.get('ignore_auth', False) if ignore_auth == False: context['ignore_auth'] = True # Create activity. toolkit.get_action('activity_create')(context, { 'user_id': token_obj.owner.id, 'object_id': token_obj.owner.id, 'activity_type': 'new API token', 'data': { 'token': dict(token_obj.as_dict()), 'user': dict(token_obj.owner.as_dict()) } }) # If original ignore_auth value was set to false lets set it back to false to go down the chain if ignore_auth == False: context['ignore_auth'] = False return result