def auth_context_from_auth_token(token):
user = token.get_user()
if user is None:
raise UserUnauthorizedError()
return AuthContext(user, token)
def create_token(request):
"""
Tags: api_tokens
---
Creates a new api token.
Used so that a user can send his credentials and produce a new api token.
The api token itself will be returned in a json document along with it's
id and it's name.
If user has used su then he should provide his own credentials.However, the
api token will authenticate the user he is impersonating.
If name is not sent then a random one with the format api_token_xyz where
xyz is a number will be produced.
If the user provides a name then there must be no other token for that user
with the same name.
If the user has a cookie or sends an api token in the request headers then
the username and password must belong to him.
Used by io to authenticate to core (when running separately. Io sends
user's email and password. We return an access token that will be used to
authenticate any further communications.
An anti-CSRF token is not needed to access this api call.
If user is coming from oauth then he will be able to create a new token
without a password provided he is authenticated somehow.
If you are using the /auth route please switch to /api_v1_tokens route. The
/auth route is deprecated.
---
email:
description: User's email
type: string
required: true
password:
description: User's password
type: string
required: true
name:
description: Api token name
type: string
ttl:
description: Time to live for the token
type: integer
org_id:
description: Org id if the token will be used in organizational context
type: string
"""
params = params_from_request(request)
email = params.get('email', '').lower()
password = params.get('password', '')
api_token_name = params.get('name', '')
org_id = params.get('org_id', '')
ttl = params.get('ttl', 60 * 60)
if isinstance(ttl, string_types) and not ttl.isdigit():
raise BadRequestError('Ttl must be a number greater than 0')
ttl = int(ttl)
if ttl < 0:
raise BadRequestError('Ttl must be greater or equal to zero')
if not password:
raise RequiredParameterMissingError('password')
try:
auth_context = auth_context_from_request(request)
user, org = auth_context.user, auth_context.org
except UserUnauthorizedError:
# The following should apply, but currently it can't due to tests.
# if not org_id:
# raise RequiredParameterMissingError("No org_id provided")
if not email:
raise RequiredParameterMissingError("No email provided")
org = None
if org_id:
try:
org = Organization.objects.get(id=org_id)
except Organization.DoesNotExist:
try:
org = Organization.objects.get(name=org_id)
except Organization.DoesNotExist:
# The following should apply, but currently it can't due to
# tests.
# raise UserUnauthorizedError()
pass
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
raise UserUnauthorizedError()
# Remove org is not None when we enforce org context on tokens.
if org is not None and user not in org.members:
raise ForbiddenError()
if user.status != 'confirmed':
raise UserUnauthorizedError()
if not user.password:
raise BadRequestError('Please use the GUI to set a password and retry')
if not user.check_password(password):
raise UserUnauthorizedError('Wrong password')
if not org:
org = reissue_cookie_session(request, user.id).org
# first check if the api token name is unique if it has been provided
# otherwise produce a new one.
if api_token_name:
# will raise exception if there exists valid token with given name
token_with_name_not_exists(user, api_token_name)
else:
api_token_name = get_random_name_for_token(user)
tokens_num = len([
token for token in ApiToken.objects(user_id=user.id, revoked=False)
if token.is_valid()
])
if tokens_num < config.ACTIVE_APITOKEN_NUM:
new_api_token = ApiToken()
new_api_token.name = api_token_name
new_api_token.org = org
new_api_token.ttl = ttl
new_api_token.set_user(user)
new_api_token.ip_address = ip_from_request(request)
new_api_token.user_agent = request.user_agent
new_api_token.save()
else:
raise BadRequestError("MAX number of %s active tokens reached" %
config.ACTIVE_APITOKEN_NUM)
token_view = new_api_token.get_public_view()
token_view['last_accessed_at'] = 'Never'
token_view['token'] = new_api_token.token
return token_view