def actions(self):
token_actions = [actions.get(actionstr)
for actionstr in self._actions.split(',')]
# silently ignore any nonexistent actions; this allows us to remove unused
# actions without causing tokens permitting those actions to fail
# completely
return [a for a in token_actions if a]
def issue_token():
"""Issue a new authentication token. The POST body must contain JSON with keys
'actions', a list of allowed actions; and description, a description of the token."""
requested_actions = [actions.get(a) for a in request.json['actions']]
# ensure the request is for a subset of the actions the user can perform
if None in requested_actions or not set(requested_actions) <= g.identity.provides:
raise BadRequest("bad actions")
if 'description' not in request.json:
raise BadRequest("no description")
session = g.db.session('relengapi')
token_row = Token(
description=request.json['description'],
actions=requested_actions)
session.add(token_row)
session.commit()
token = current_app.tokenauth_serializer.dumps(
{'v': TOKENAUTH_VERSION, 'id': token_row.id})
return {'token': token}
