def actions(self): token_actions = [actions.get(actionstr) for actionstr in self._actions.split(',')] # silently ignore any nonexistent actions; this allows us to remove unused # actions without causing tokens permitting those actions to fail # completely return [a for a in token_actions if a]
def issue_token(): """Issue a new authentication token. The POST body must contain JSON with keys 'actions', a list of allowed actions; and description, a description of the token.""" requested_actions = [actions.get(a) for a in request.json['actions']] # ensure the request is for a subset of the actions the user can perform if None in requested_actions or not set(requested_actions) <= g.identity.provides: raise BadRequest("bad actions") if 'description' not in request.json: raise BadRequest("no description") session = g.db.session('relengapi') token_row = Token( description=request.json['description'], actions=requested_actions) session.add(token_row) session.commit() token = current_app.tokenauth_serializer.dumps( {'v': TOKENAUTH_VERSION, 'id': token_row.id}) return {'token': token}