Exemplo n.º 1
0
    def _authenticateApiKey(self, username, password):
        if not Setting().get(SettingKey.API_KEYS):
            logger.warn('API key functionality is disabled')
            return False

        token_user, token = ApiKeyModel().createToken(password[4:], days=7)
        user = self._getUser(username)
        return token_user.get('_id', 'no_token') == user['_id']
Exemplo n.º 2
0
 def createKey(self, name, scope, tokenDuration, active):
     if Setting().get(SettingKey.API_KEYS):
         return ApiKeyModel().createApiKey(user=self.getCurrentUser(),
                                           name=name,
                                           scope=scope,
                                           days=tokenDuration,
                                           active=active)
     else:
         raise RestException(
             'API key functionality is disabled on this instance.')
Exemplo n.º 3
0
    def updateKey(self, apiKey, name, scope, tokenDuration, active):
        if active is not None:
            apiKey['active'] = active
        if name is not None:
            apiKey['name'] = name
        if tokenDuration is not None:
            apiKey['tokenDuration'] = tokenDuration
        if scope != ():
            apiKey['scope'] = scope

        return ApiKeyModel().save(apiKey)
Exemplo n.º 4
0
    def listKeys(self, userId, limit, offset, sort):
        user = self.getCurrentUser()

        if userId not in {None, str(user['_id'])}:
            self.requireAdmin(user)
            user = User().load(userId, force=True, exc=True)

        return list(ApiKeyModel().list(user,
                                       offset=offset,
                                       limit=limit,
                                       sort=sort))
Exemplo n.º 5
0
    def createToken(self, key, duration):
        user, token = ApiKeyModel().createToken(key, days=duration)

        self.sendAuthTokenCookie(token=token, days=duration)

        # Return the same structure as a normal user login, except do not
        # include the full user document since the key may not authorize
        # reading user information.
        return {
            'user': {
                '_id': user['_id']
            },
            'authToken': {
                'token': token['_id'],
                'expires': token['expires'],
                'scope': token['scope']
            }
        }
Exemplo n.º 6
0
    def createToken(self, key, duration):
        if not Setting().get(SettingKey.API_KEYS):
            raise RestException(
                'API key functionality is disabled on this instance.')

        user, token = ApiKeyModel().createToken(key, days=duration)

        # Return the same structure as a normal user login, except do not
        # include the full user document since the key may not authorize
        # reading user information. We also intentionally do not set the cookie
        # as we would during a normal login, in case someone is using this via swagger.
        return {
            'user': {
                '_id': user['_id']
            },
            'authToken': {
                'token': token['_id'],
                'expires': token['expires'],
                'scope': token['scope']
            }
        }
Exemplo n.º 7
0
    def createToken(self, key, duration):
        if not Setting().get(SettingKey.API_KEYS):
            raise RestException(
                'API key functionality is disabled on this instance.')

        user, token = ApiKeyModel().createToken(key, days=duration)

        self.sendAuthTokenCookie(token=token, days=duration)

        # Return the same structure as a normal user login, except do not
        # include the full user document since the key may not authorize
        # reading user information.
        return {
            'user': {
                '_id': user['_id']
            },
            'authToken': {
                'token': token['_id'],
                'expires': token['expires'],
                'scope': token['scope']
            }
        }
Exemplo n.º 8
0
 def deleteKey(self, apiKey):
     ApiKeyModel().remove(apiKey)
     return {'message': 'Deleted API key %s.' % apiKey['name']}
Exemplo n.º 9
0
 def createKey(self, name, scope, tokenDuration, active):
     return ApiKeyModel().createApiKey(user=self.getCurrentUser(),
                                       name=name,
                                       scope=scope,
                                       days=tokenDuration,
                                       active=active)