def get(self, user_id=None, name=None, token_id=None): user = User.get(self.session, user_id, name) if not user: return self.notfound() if (user.name != self.current_user.name) and not self.current_user.user_admin: return self.forbidden() token = UserToken.get(self.session, user=user, id=token_id) return self.render("user-token-disable.html", user=user, token=token)
def test_usertokens(standard_graph, session, users, groups, permissions): # noqa user = users["*****@*****.**"] assert len(user.tokens) == 0 tok, secret = UserToken( user=user, name="Foo" ).add(session) assert len(user.tokens) == 1 assert tok.check_secret(secret) assert tok.check_secret("invalid") == False assert tok.enabled == True tok.disable() assert tok.enabled == False assert user.tokens[0].enabled == False assert UserToken.get(session, name="Foo", user=user).enabled == False assert tok.check_secret(secret) == False
def post(self, user_id=None, name=None, token_id=None): user = User.get(self.session, user_id, name) if not user: return self.notfound() if (user.name != self.current_user.name) and not self.current_user.user_admin: return self.forbidden() token = UserToken.get(self.session, user=user, id=token_id) token.disable() AuditLog.log( self.session, self.current_user.id, "disable_token", "Disabled token: {}".format(token.name), on_user_id=user.id, ) self.session.commit() return self.render("user-token-disabled.html", token=token)