def api_key_create():
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["email", "password", "device_name"])
if err_response:
return err_response
email, password, device_name = params
if not email:
return bad_request(web_utils.INVALID_EMAIL)
email = email.lower()
user = User.from_email(db.session, email)
if not user:
time.sleep(5)
return bad_request(web_utils.AUTH_FAILED)
if not flask_security.verify_password(password, user.password):
time.sleep(5)
return bad_request(web_utils.AUTH_FAILED)
api_key = ApiKey(user, device_name)
for name in Permission.PERMS_ALL:
perm = Permission.from_name(db.session, name)
api_key.permissions.append(perm)
db.session.add(api_key)
db.session.commit()
return jsonify(
dict(token=api_key.token,
secret=api_key.secret,
device_name=api_key.device_name,
expiry=api_key.expiry))
def api_key_confirm(token=None, secret=None):
req = ApiKeyRequest.from_token(db.session, token)
if not req:
time.sleep(5)
flash('Email login request not found.', 'danger')
return redirect('/')
if req.secret != secret:
flash('Email login code invalid.', 'danger')
return redirect('/')
now = datetime.datetime.now()
if now > req.expiry:
time.sleep(5)
flash('Email login request expired.', 'danger')
return redirect('/')
if request.method == 'POST':
confirm = request.form.get('confirm') == 'true'
if not confirm:
db.session.delete(req)
db.session.commit()
flash('Email login cancelled.', 'success')
return redirect('/')
perms = request.form.getlist('perms')
api_key = ApiKey(req.user, req.device_name)
for name in perms:
perm = Permission.from_name(db.session, name)
api_key.permissions.append(perm)
req.created_api_key = api_key
db.session.add(req)
db.session.add(api_key)
db.session.commit()
flash('Email login confirmed.', 'success')
return redirect('/')
return render_template('paydb/api_key_confirm.html',
req=req,
perms=Permission.PERMS_ALL)
def add_key(form):
try:
new_key = ApiKey(developer=current_user,
occupation=form.occupation.data,
application=form.application.data,
usage=html2text(form.usage.data),
api_key=generate_new_key())
except AttributeError:
return abort(400)
db.session.add(new_key)
db.session.commit()
def create_api_key(request):
if request.method == 'POST':
form = ApiKeyForm(request.POST)
if form.is_valid():
db_api_key = ApiKey()
db_api_key.user = request.user
db_api_key.description = form.cleaned_data['description']
db_api_key.name = form.cleaned_data['name']
db_api_key.url = form.cleaned_data['url']
db_api_key.accepted_tos = form.cleaned_data['accepted_tos']
db_api_key.save()
form = ApiKeyForm()
else:
form = ApiKeyForm()
return render_to_response('api/apply_key.html', {
'user': request.user,
'form': form
},
context_instance=RequestContext(request))