def post(self):
supplied_token = self.get_body_argument("token")
match = TokenValidate.validator.match(supplied_token)
if not match:
return self.error(((1, "Token format not recognized"), ))
sess = Session()
token_name = match.group("token_name")
token_secret = match.group("token_secret")
owner = User.get(sess, name=match.group("name"))
token = UserToken.get(sess, owner, token_name)
if token is None:
return self.error(((2, "Token specified does not exist"), ))
if not token.enabled:
return self.error(((3, "Token is disabled"), ))
if not token.check_secret(token_secret):
return self.error(((4, "Token secret mismatch"), ))
return self.success({
"owner": owner.username,
"identity": str(token),
"act_as_owner": True,
"valid": True,
})
def post(self):
supplied_token = self.get_body_argument("token")
match = TokenValidate.validator.match(supplied_token)
if not match:
return self.error(((1, "Token format not recognized"),))
sess = Session()
token_name = match.group("token_name")
token_secret = match.group("token_secret")
owner = User.get(sess, name=match.group("name"))
token = UserToken.get(sess, owner, token_name)
if token is None:
return self.error(((2, "Token specified does not exist"),))
if not token.enabled:
return self.error(((3, "Token is disabled"),))
if not token.check_secret(token_secret):
return self.error(((4, "Token secret mismatch"),))
return self.success({
"owner": owner.username,
"identity": str(token),
"act_as_owner": True,
"valid": True,
})
def get(self, user_id=None, name=None, token_id=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if (user.name != self.current_user.name) and not self.current_user.user_admin:
return self.forbidden()
token = UserToken.get(self.session, user=user, id=token_id)
return self.render("user-token-disable.html", user=user, token=token)
def get(self, user_id=None, name=None, token_id=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
token = UserToken.get(self.session, user=user, id=token_id)
return self.render("user-token-disable.html", user=user, token=token)
def get(self, *args: Any, **kwargs: Any) -> None:
name = self.get_path_argument("name")
token_id = int(self.get_path_argument("token_id"))
user = User.get(self.session, name=name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
token = UserToken.get(self.session, user=user, id=token_id)
return self.render("user-token-disable.html", user=user, token=token)
def test_usertokens(standard_graph, session, users, groups, permissions): # noqa: F811
user = users["*****@*****.**"]
assert len(user.tokens) == 0
tok, secret = add_new_user_token(session, UserToken(user=user, name="Foo"))
assert len(user.tokens) == 1
assert tok.check_secret(secret)
assert tok.check_secret("invalid") == False
assert tok.enabled == True
disable_user_token(session, tok)
assert tok.enabled == False
assert user.tokens[0].enabled == False
assert UserToken.get(session, name="Foo", user=user).enabled == False
assert tok.check_secret(secret) == False
def post(self, user_id=None, name=None, token_id=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if (user.name != self.current_user.name) and not self.current_user.user_admin:
return self.forbidden()
token = UserToken.get(self.session, user=user, id=token_id)
disable_user_token(self.session, token)
AuditLog.log(self.session, self.current_user.id, 'disable_token',
'Disabled token: {}'.format(token.name),
on_user_id=user.id)
self.session.commit()
return self.render("user-token-disabled.html", token=token)
def post(self, user_id=None, name=None, token_id=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
token = UserToken.get(self.session, user=user, id=token_id)
disable_user_token(self.session, token)
AuditLog.log(self.session, self.current_user.id, 'disable_token',
'Disabled token: {}'.format(token.name),
on_user_id=user.id)
self.session.commit()
return self.render("user-token-disabled.html", token=token)
def test_usertokens(standard_graph, session, users, groups, permissions): # noqa: F811
user = users["*****@*****.**"]
assert len(user.tokens) == 0
tok, secret = add_new_user_token(session, UserToken(user=user, name="Foo"))
assert len(user.tokens) == 1
assert tok.check_secret(secret)
assert tok.check_secret("invalid") == False
assert tok.enabled == True
disable_user_token(session, tok)
assert tok.enabled == False
assert user.tokens[0].enabled == False
assert UserToken.get(session, name="Foo", user=user).enabled == False
assert tok.check_secret(secret) == False
def post(self, user_id=None, name=None, token_id=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
token = UserToken.get(self.session, user=user, id=token_id)
disable_user_token(self.session, token)
AuditLog.log(
self.session,
self.current_user.id,
"disable_token",
"Disabled token: {}".format(token.name),
on_user_id=user.id,
)
self.session.commit()
return self.render("user-token-disabled.html", token=token)
def post(self, *args: Any, **kwargs: Any) -> None:
name = self.get_path_argument("name")
token_id = int(self.get_path_argument("token_id"))
user = User.get(self.session, name=name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
token = UserToken.get(self.session, user=user, id=token_id)
disable_user_token(self.session, token)
AuditLog.log(
self.session,
self.current_user.id,
"disable_token",
"Disabled token: {}".format(token.name),
on_user_id=user.id,
)
self.session.commit()
return self.render("user-token-disabled.html", token=token)
