def put(self, user_id, access_token_id, body): """Update an access token for the given user. :param user_id: The user ID of the user. :param access_token_id: The ID of the access token. :param body: The access token. :return: The created access token. """ target_token = token_api.user_token_get(access_token_id) self._assert_can_access(user_id, body) self._assert_can_access(user_id, target_token) if not target_token: abort(404, _("Token %s not found.") % access_token_id) # We only allow updating the expiration date. target_token.expires_in = body.expires_in token_dict = target_token.as_dict() if "refresh_token" in token_dict: del token_dict["refresh_token"] result_token = token_api.user_token_update(access_token_id, token_dict) return self._from_db_model(result_token)
def delete(self, user_id, access_token_id): """Deletes an access token with assigned refresh token for the given user. :param user_id: The user ID of the user. :param access_token_id: The ID of the access token. :return: Empty body, or error response. """ access_token = token_api.user_token_get(access_token_id) self._assert_can_access(user_id, access_token) if not access_token: abort(404, _("Token %s not found.") % access_token_id) token_api.user_token_delete(access_token_id)
def get(self, user_id, access_token_id): """Returns a specific access token with assigned refresh token for the given user. :param user_id: The ID of the user. :param access_token_id: The ID of the access token. :return: The requested access token. """ access_token = token_api.user_token_get(access_token_id) self._assert_can_access(user_id, access_token) if not access_token: abort(404, _("Token %s not found.") % access_token_id) return self._from_db_model(access_token)
def get_all(self, user_id, marker=None, limit=None, sort_field='id', sort_dir='asc'): """Returns all the access tokens with matching refresh tokens for the provided user. Example:: curl https://my.example.org/api/v1/users/21/tokens \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param user_id: The ID of the user. :param marker: The marker record at which to start the page. :param limit: The number of records to return. :param sort_field: The field on which to sort. :param sort_dir: The direction to sort. :return: A list of access tokens for the given user. """ self._assert_can_access(user_id) # Boundary check on limit. if limit is not None: limit = max(0, limit) # Resolve the marker record. marker_token = token_api.user_token_get(marker) tokens = token_api.user_token_get_all(marker=marker_token, limit=limit, user_id=user_id, filter_non_public=True, sort_field=sort_field, sort_dir=sort_dir) token_count = token_api.user_token_get_count(user_id=user_id) # Apply the query response headers. if limit: response.headers['X-Limit'] = str(limit) response.headers['X-Total'] = str(token_count) if marker_token: response.headers['X-Marker'] = str(marker_token.id) return [self._from_db_model(t) for t in tokens]
def delete(self, user_id, access_token_id): """Deletes an access token with assigned refresh token for the given user. Admin users can delete any access tokens, regular users can only delete their own. Example:: curl https://my.example.org/api/v1/users/2/tokens/1764 -X DELETE \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param user_id: The user ID of the user. :param access_token_id: The ID of the access token. :return: Empty body, or error response. """ access_token = token_api.user_token_get(access_token_id) self._assert_can_access(user_id, access_token) if not access_token: abort(404, _("Token %s not found.") % access_token_id) token_api.user_token_delete(access_token_id)
def get(self, user_id, access_token_id): """Returns a specific access token with assigned refresh token for the given user. Admin users can specify any user id, regular users can only use their own. Example:: curl https://my.example.org/api/v1/users/2/tokens \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param user_id: The ID of the user. :param access_token_id: The ID of the access token. :return: The requested access token. """ access_token = token_api.user_token_get(access_token_id) self._assert_can_access(user_id, access_token) if not access_token: abort(404, _("Token %s not found.") % access_token_id) return self._from_db_model(access_token)
def put(self, user_id, access_token_id, body): """Update an access token for the given user. Admin users can edit any token, regular users can only edit their own. Example:: curl https://my.example.org/api/v1/users/2/tokens/1764 \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' \\ -H 'Content-Type: application/json;charset=UTF-8' \\ --data-binary '{"expires_in": 7200, "user_id": 2}' :param user_id: The user ID of the user. :param access_token_id: The ID of the access token. :param body: The access token. :return: The created access token. """ target_token = token_api.user_token_get(access_token_id) self._assert_can_access(user_id, body) self._assert_can_access(user_id, target_token) if not target_token: abort(404, _("Token %s not found.") % access_token_id) # We only allow updating the expiration date. target_token.expires_in = body.expires_in token_dict = target_token.as_dict() if "refresh_token" in token_dict: del token_dict["refresh_token"] result_token = token_api.user_token_update(access_token_id, token_dict) return self._from_db_model(result_token)