def gc_expired_tokens(expiration_window): """ Deletes all expired tokens outside of the expiration window. """ (AppSpecificAuthToken.delete().where( AppSpecificAuthToken.expiration < (datetime.now() - expiration_window)).execute())
def create_token(user, title, expiration=_default_expiration_duration_opt): """ Creates and returns an app specific token for the given user. If no expiration is specified (including `None`), then the default from config is used. """ if expiration == _default_expiration_duration_opt: duration = _default_expiration_duration() expiration = duration + datetime.now() if duration else None token_code = random_string_generator(TOKEN_NAME_PREFIX_LENGTH + MINIMUM_TOKEN_SUFFIX_LENGTH)() token_name = token_code[:TOKEN_NAME_PREFIX_LENGTH] token_secret = token_code[TOKEN_NAME_PREFIX_LENGTH:] assert token_name assert token_secret # TODO(remove-unenc): Remove legacy handling. old_token_code = (token_code if ActiveDataMigration.has_flag( ERTMigrationFlags.WRITE_OLD_FIELDS) else None) return AppSpecificAuthToken.create( user=user, title=title, expiration=expiration, token_name=token_name, token_secret=DecryptedValue(token_secret), token_code=old_token_code, )
def create_token(user, title, expiration=_default_expiration_duration_opt): """ Creates and returns an app specific token for the given user. If no expiration is specified (including `None`), then the default from config is used. """ if expiration == _default_expiration_duration_opt: duration = _default_expiration_duration() expiration = duration + datetime.now() if duration else None token_code = random_string_generator(TOKEN_NAME_PREFIX_LENGTH + MINIMUM_TOKEN_SUFFIX_LENGTH)() token_name = token_code[:TOKEN_NAME_PREFIX_LENGTH] token_secret = token_code[TOKEN_NAME_PREFIX_LENGTH:] assert token_name assert token_secret return AppSpecificAuthToken.create( user=user, title=title, expiration=expiration, token_name=token_name, token_secret=DecryptedValue(token_secret), )
def access_valid_token(token_code): """ Looks up an unexpired app specific token with the given token code. If found, the token's last_accessed field is set to now and the token is returned. If not found, returns None. """ token_code = remove_unicode(token_code) prefix = token_code[:TOKEN_NAME_PREFIX_LENGTH] if len(prefix) != TOKEN_NAME_PREFIX_LENGTH: return None suffix = token_code[TOKEN_NAME_PREFIX_LENGTH:] # Lookup the token by its prefix. try: token = (AppSpecificAuthToken.select( AppSpecificAuthToken, User).join(User).where( AppSpecificAuthToken.token_name == prefix, ((AppSpecificAuthToken.expiration > datetime.now()) | (AppSpecificAuthToken.expiration >> None)), ).get()) if not token.token_secret.matches(suffix): return None assert len(prefix) == TOKEN_NAME_PREFIX_LENGTH assert len(suffix) >= MINIMUM_TOKEN_SUFFIX_LENGTH update_last_accessed(token) return token except AppSpecificAuthToken.DoesNotExist: pass return None
def revoke_token_by_uuid(uuid, owner): """ Revokes an app specific token by deleting it. """ try: token = AppSpecificAuthToken.get(uuid=uuid, user=owner) except AppSpecificAuthToken.DoesNotExist: return None revoke_token(token) return token
def get_expiring_tokens(user, soon): """ Returns all tokens owned by the given user that will be expiring "soon", where soon is defined by the soon parameter (a timedelta from now). """ soon_datetime = datetime.now() + soon return (AppSpecificAuthToken.select().where( AppSpecificAuthToken.user == user, AppSpecificAuthToken.expiration <= soon_datetime, AppSpecificAuthToken.expiration > datetime.now()))
def get_token_by_uuid(uuid, owner=None): """ Looks up an unexpired app specific token with the given uuid. Returns it if found or None if none. If owner is specified, only tokens owned by the owner user will be returned. """ try: query = (AppSpecificAuthToken.select().where( AppSpecificAuthToken.uuid == uuid, ((AppSpecificAuthToken.expiration > datetime.now()) | (AppSpecificAuthToken.expiration >> None)))) if owner is not None: query = query.where(AppSpecificAuthToken.user == owner) return query.get() except AppSpecificAuthToken.DoesNotExist: return None
def list_tokens(user): """ Lists all tokens for the given user. """ return AppSpecificAuthToken.select().where( AppSpecificAuthToken.user == user)
def get_app_specific_token(): return AppSpecificAuthToken.get()