示例#1
0
    def create_macaroon(self):
        if not self.request.user.has_primary_verified_email:
            self.request.session.flash(
                "Verify your email to create an API token.", queue="error"
            )
            return HTTPSeeOther(self.request.route_path("manage.account"))

        form = CreateMacaroonForm(
            **self.request.POST,
            user_id=self.request.user.id,
            macaroon_service=self.macaroon_service,
            project_names=self.project_names,
        )

        response = {**self.default_response}
        if form.validate():
            serialized_macaroon, macaroon = self.macaroon_service.create_macaroon(
                location=self.request.domain,
                user_id=self.request.user.id,
                description=form.description.data,
                caveats={"permissions": form.validated_scope, "version": 1},
            )
            response.update(serialized_macaroon=serialized_macaroon, macaroon=macaroon)

        return {**response, "create_macaroon_form": form}
示例#2
0
    def create_macaroon(self):
        if not self.request.user.has_primary_verified_email:
            self.request.session.flash(
                "Verify your email to create an API token.", queue="error")
            return HTTPSeeOther(self.request.route_path("manage.account"))

        form = CreateMacaroonForm(
            **self.request.POST,
            user_id=self.request.user.id,
            macaroon_service=self.macaroon_service,
            project_names=self.project_names,
        )

        response = {**self.default_response}
        if form.validate():
            macaroon_caveats = {
                "permissions": form.validated_scope,
                "version": 1
            }
            serialized_macaroon, macaroon = self.macaroon_service.create_macaroon(
                location=self.request.domain,
                user_id=self.request.user.id,
                description=form.description.data,
                caveats=macaroon_caveats,
            )
            self.user_service.record_event(
                self.request.user.id,
                tag="account:api_token:added",
                ip_address=self.request.remote_addr,
                additional={
                    "description": form.description.data,
                    "caveats": macaroon_caveats,
                },
            )
            if "projects" in form.validated_scope:
                projects = [
                    project for project in self.request.user.projects if
                    project.normalized_name in form.validated_scope["projects"]
                ]
                for project in projects:
                    # NOTE: We don't disclose the full caveats for this token
                    # to the project event log, since the token could also
                    # have access to projects that this project's owner
                    # isn't aware of.
                    project.record_event(
                        tag="project:api_token:added",
                        ip_address=self.request.remote_addr,
                        additional={
                            "description": form.description.data,
                            "user": self.request.user.username,
                        },
                    )

            response.update(serialized_macaroon=serialized_macaroon,
                            macaroon=macaroon)

        return {**response, "create_macaroon_form": form}
示例#3
0
 def default_response(self):
     return {
         "project_names": self.project_names,
         "create_macaroon_form": CreateMacaroonForm(
             user_id=self.request.user.id,
             macaroon_service=self.macaroon_service,
             project_names=self.project_names,
         ),
         "delete_macaroon_form": DeleteMacaroonForm(
             macaroon_service=self.macaroon_service
         ),
     }