opensourceprojects.eu / Allura-Contrib / Diff of /Allura/allura/model/auth.py

Diff of /Allura/allura/model/auth.py [f698cc] .. [728a6a]

Switch to unified view

-a/Allura/allura/model/auth.py
+b/Allura/allura/model/auth.py
 ...
     then encoded as per normal.
     """
     return urllib.urlencode([i for i in generate_smart_str(params)])
-class ApiToken(MappedClass):
+class ApiAuthMixIn(object):
-    class __mongometa__:
-        name='api_token'
-        session = main_orm_session
-        unique_indexes = [ 'user_id' ]
-    _id = FieldProperty(S.ObjectId)
-    user_id = ForeignIdProperty('User')
-    api_key = FieldProperty(str, if_missing=lambda:h.nonce(20))
-    secret_key = FieldProperty(str, if_missing=h.cryptographic_nonce)
-    expires = FieldProperty(datetime, if_missing=None)
-    capabilities = FieldProperty({str:str})
-    user = RelationProperty('User')
     def authenticate_request(self, path, params):
         try:
             # Validate timestamp
             timestamp = iso8601.parse_date(params['api_timestamp'])
             timestamp_utc = timestamp.replace(tzinfo=None) - timestamp.utcoffset()
-            if self.expires and datetime.utcnow() > self.expires:
-                return False
             if abs(datetime.utcnow() - timestamp_utc) > timedelta(minutes=10):
                 return False
             # Validate signature
             api_signature = params['api_signature']
             params = sorted((k,v) for k,v in params.iteritems() if k != 'api_signature')
 ...
         if not has_api_signature:
             string_to_sign = path + '?' + urlencode(sorted(params))
             digest = hmac.new(self.secret_key, string_to_sign, hashlib.sha256)
             params.append(('api_signature', digest.hexdigest()))
         return params
+    def get_capability(self, key):
+        return None
+class ApiToken(MappedClass, ApiAuthMixIn):
+    class __mongometa__:
+        name='api_token'
+        session = main_orm_session
+        unique_indexes = [ 'user_id' ]
+    _id = FieldProperty(S.ObjectId)
+    user_id = ForeignIdProperty('User')
+    api_key = FieldProperty(str, if_missing=lambda:h.nonce(20))
+    secret_key = FieldProperty(str, if_missing=h.cryptographic_nonce)
+    user = RelationProperty('User')
+    @classmethod
+    def get(cls, api_key):
+        return cls.query.get(api_key=api_key)
+class ApiTicket(MappedClass, ApiAuthMixIn):
+    class __mongometa__:
+        name='api_ticket'
+        session = main_orm_session
+    PREFIX = 'tck'
+    _id = FieldProperty(S.ObjectId)
+    user_id = ForeignIdProperty('User')
+    api_ticket = FieldProperty(str, if_missing=lambda: ApiTicket.PREFIX + h.nonce(20))
+    secret_key = FieldProperty(str, if_missing=h.cryptographic_nonce)
+    expires = FieldProperty(datetime, if_missing=None)
+    capabilities = FieldProperty({str:str})
+    user = RelationProperty('User')
+    @classmethod
+    def get(cls, api_ticket):
+        if not api_ticket.startswith(cls.PREFIX):
+            return None
+        return cls.query.get(api_ticket=api_ticket)
+    def authenticate_request(self, path, params):
+        if self.expires and datetime.utcnow() > self.expires:
+            return False
+        return ApiAuthMixIn.authenticate_request(self, path, params)
+    def get_capability(self, key):
+        return self.capabilities.get(key)
 class EmailAddress(MappedClass):
     re_format = re.compile('^.* <(.*)>$')
     class __mongometa__:
         name='email_address'