예제 #1
0
파일: views.py 프로젝트: thousandeyes/lemur
    def post(self, data=None):
        """
        .. http:post:: /keys

           Creates an API Key.

           **Example request**:

           .. sourcecode:: http

              POST /keys HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                "name": "my custom name",
                "user_id": 1,
                "ttl": -1
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {

                "jwt": ""
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        if not ApiKeyCreatorPermission().can():
            if data["user"]["id"] != g.current_user.id:
                return (
                    dict(
                        message="You are not authorized to create tokens for: {0}".format(
                            data["user"]["username"]
                        )
                    ),
                    403,
                )

        access_token = service.create(
            name=data["name"],
            user_id=data["user"]["id"],
            ttl=data["ttl"],
            revoked=False,
            issued_at=int(datetime.utcnow().timestamp()),
        )
        return dict(
            jwt=create_token(access_token.user_id, access_token.id, access_token.ttl)
        )
예제 #2
0
파일: views.py 프로젝트: yiluzhu/lemur
    def put(self, uid, aid, data=None):
        """
        .. http:put:: /users/1/keys/1

           update one api key

           **Example request**:

           .. sourcecode:: http

              PUT /users/1/keys/1 HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript
              Content-Type: application/json;charset=UTF-8

              {
                  "name": "new_name",
                  "revoked": false,
                  "ttl": -1
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                  "jwt": ""
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        if uid != g.current_user.id:
            if not ApiKeyCreatorPermission().can():
                return dict(
                    message="You are not authorized to view this token!"), 403

        access_key = service.get(aid)
        if access_key is None:
            return dict(message="This token does not exist!"), 404

        if access_key.user_id != uid:
            return dict(
                message="You are not authorized to update this token!"), 403

        service.update(access_key,
                       name=data["name"],
                       revoked=data["revoked"],
                       ttl=data["ttl"])
        return dict(jwt=create_token(access_key.user_id, access_key.id,
                                     access_key.ttl))
예제 #3
0
파일: views.py 프로젝트: yiluzhu/lemur
    def get(self):
        """
        .. http:get:: /keys

           The current list of api keys, that you can see.

           **Example request**:

           .. sourcecode:: http

              GET /keys HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                "items": [
                    {
                      "id": 1,
                      "name": "custom name",
                      "user_id": 1,
                      "ttl": -1,
                      "issued_at": 12,
                      "revoked": false
                    }
                ],
                "total": 1
              }

           :query sortBy: field to sort on
           :query sortDir: asc or desc
           :query page: int default is 1
           :query count: count number. default is 10
           :query user_id: a user to filter by.
           :query id: an access key to filter by.
           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        parser = paginated_parser.copy()
        args = parser.parse_args()
        args["has_permission"] = ApiKeyCreatorPermission().can()
        args["requesting_user_id"] = g.current_user.id
        return service.render(args)
예제 #4
0
파일: views.py 프로젝트: yiluzhu/lemur
    def get(self, uid, aid):
        """
        .. http:get:: /users/1/keys/1

           Fetch one api key

           **Example request**:

           .. sourcecode:: http

              GET /users/1/api_keys/1 HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                  "jwt": ""
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        if uid != g.current_user.id:
            if not ApiKeyCreatorPermission().can():
                return dict(
                    message="You are not authorized to view this token!"), 403

        access_key = service.get(aid)

        if access_key is None:
            return dict(message="This token does not exist!"), 404

        if access_key.user_id != uid:
            return dict(
                message="You are not authorized to view this token!"), 403

        return dict(jwt=create_token(access_key.user_id, access_key.id,
                                     access_key.ttl))
예제 #5
0
파일: views.py 프로젝트: yiluzhu/lemur
    def get(self, aid):
        """
        .. http:get:: /keys/1/described

           Fetch one api key

           **Example request**:

           .. sourcecode:: http

              GET /keys/1 HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                  "id": 2,
                  "name": "hoi",
                  "user_id": 2,
                  "ttl": -1,
                  "issued_at": 1222222,
                  "revoked": false
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        access_key = service.get(aid)
        if access_key is None:
            return dict(message="This token does not exist!"), 404

        if access_key.user_id != g.current_user.id:
            if not ApiKeyCreatorPermission().can():
                return dict(
                    message="You are not authorized to view this token!"), 403

        return access_key
예제 #6
0
파일: views.py 프로젝트: x-lhan/lemur
    def delete(self, uid, aid):
        """
        .. http:delete:: /users/1/keys/1

           deletes one api key

           **Example request**:

           .. sourcecode:: http

              DELETE /users/1/keys/1 HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                  "result": true
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        if uid != g.current_user.id:
            if not ApiKeyCreatorPermission().can():
                return dict(message="You are not authorized to view this token!"), 403

        access_key = service.get(aid)
        if access_key is None:
            return dict(message="This token does not exist!"), 404

        if access_key.user_id != uid:
            return dict(message="You are not authorized to delete this token!"), 403

        service.delete(access_key)
        return {'result': True}