def _authenticateApiKey(self, username, password):
if not Setting().get(SettingKey.API_KEYS):
logger.warn('API key functionality is disabled')
return False
token_user, token = ApiKeyModel().createToken(password[4:], days=7)
user = self._getUser(username)
return token_user.get('_id', 'no_token') == user['_id']
def createKey(self, name, scope, tokenDuration, active):
if Setting().get(SettingKey.API_KEYS):
return ApiKeyModel().createApiKey(user=self.getCurrentUser(),
name=name,
scope=scope,
days=tokenDuration,
active=active)
else:
raise RestException(
'API key functionality is disabled on this instance.')
def updateKey(self, apiKey, name, scope, tokenDuration, active):
if active is not None:
apiKey['active'] = active
if name is not None:
apiKey['name'] = name
if tokenDuration is not None:
apiKey['tokenDuration'] = tokenDuration
if scope != ():
apiKey['scope'] = scope
return ApiKeyModel().save(apiKey)
def listKeys(self, userId, limit, offset, sort):
user = self.getCurrentUser()
if userId not in {None, str(user['_id'])}:
self.requireAdmin(user)
user = User().load(userId, force=True, exc=True)
return list(ApiKeyModel().list(user,
offset=offset,
limit=limit,
sort=sort))
def createToken(self, key, duration):
user, token = ApiKeyModel().createToken(key, days=duration)
self.sendAuthTokenCookie(token=token, days=duration)
# Return the same structure as a normal user login, except do not
# include the full user document since the key may not authorize
# reading user information.
return {
'user': {
'_id': user['_id']
},
'authToken': {
'token': token['_id'],
'expires': token['expires'],
'scope': token['scope']
}
}
def createToken(self, key, duration):
if not Setting().get(SettingKey.API_KEYS):
raise RestException(
'API key functionality is disabled on this instance.')
user, token = ApiKeyModel().createToken(key, days=duration)
# Return the same structure as a normal user login, except do not
# include the full user document since the key may not authorize
# reading user information. We also intentionally do not set the cookie
# as we would during a normal login, in case someone is using this via swagger.
return {
'user': {
'_id': user['_id']
},
'authToken': {
'token': token['_id'],
'expires': token['expires'],
'scope': token['scope']
}
}
def createToken(self, key, duration):
if not Setting().get(SettingKey.API_KEYS):
raise RestException(
'API key functionality is disabled on this instance.')
user, token = ApiKeyModel().createToken(key, days=duration)
self.sendAuthTokenCookie(token=token, days=duration)
# Return the same structure as a normal user login, except do not
# include the full user document since the key may not authorize
# reading user information.
return {
'user': {
'_id': user['_id']
},
'authToken': {
'token': token['_id'],
'expires': token['expires'],
'scope': token['scope']
}
}
def deleteKey(self, apiKey):
ApiKeyModel().remove(apiKey)
return {'message': 'Deleted API key %s.' % apiKey['name']}
def createKey(self, name, scope, tokenDuration, active):
return ApiKeyModel().createApiKey(user=self.getCurrentUser(),
name=name,
scope=scope,
days=tokenDuration,
active=active)