Add api key generation endpoint

554734f6 · Megan Henning · 7aa46db6 · 554734f6 · 554734f6 · 554734f6
Commit 554734f6 authored 8 years ago by Megan Henning
--- a/api/api.py
+++ b/api/api.py
@@ -198,6 +198,7 @@ routes = [
    webapp2_extras.routes.PathPrefixRoute(r'/api/users', [
        webapp2.Route(r'/self',                                 userhandler.UserHandler, handler_method='self', methods=['GET']),
        webapp2.Route(r'/self/avatar',                          userhandler.UserHandler, handler_method='self_avatar', methods=['GET']),
+        webapp2.Route(r'/self/key',                             userhandler.UserHandler, handler_method='generate_api_key',methods=['POST']),
        webapp2.Route(_format(r'/<_id:{user_id_re}>'),          userhandler.UserHandler, name='user'),
        webapp2.Route(_format(r'/<uid:{user_id_re}>/groups'),   grouphandler.GroupHandler, handler_method='get_all', methods=['GET'], name='groups'),
        webapp2.Route(_format(r'/<uid:{user_id_re}>/avatar'),   userhandler.UserHandler, handler_method='avatar', methods=['GET'], name='avatar'),

--- a/api/handlers/userhandler.py
+++ b/api/handlers/userhandler.py
+import base64
 import datetime
 import pymongo
+import uuid

 from .. import base
 from .. import util
@@ -21,12 +23,7 @@ class UserHandler(base.RequestHandler):
        self._init_storage()
        user = self._get_user(_id)
        permchecker = userauth.default(self, user)
-        projection = []
-        if self.is_true('remotes'):
-            projection += ['remotes']
-        if self.is_true('status'):
-            projection += ['status']
-        result = permchecker(self.storage.exec_op)('GET', _id, projection=projection or None)
+        result = permchecker(self.storage.exec_op)('GET', _id, projection={'api_key': 0} or None)
        if result is None:
            self.abort(404, 'User does not exist')
        return result
@@ -44,7 +41,7 @@ class UserHandler(base.RequestHandler):
    def get_all(self):
        self._init_storage()
        permchecker = userauth.list_permission_checker(self)
-        result = permchecker(self.storage.exec_op)('GET', projection={'preferences': False})
+        result = permchecker(self.storage.exec_op)('GET', projection={'preferences': 0, 'api_key': 0})
        if result is None:
            self.abort(404, 'Not found')
        return result
@@ -227,6 +224,20 @@ class UserHandler(base.RequestHandler):
        else:
            self.abort(404, 'no avatar')

+    def generate_api_key(self):
+        self._init_storage()
+        if not self.uid:
+            self.abort(400, 'no user is logged in')
+        generated_key = base64.urlsafe_b64encode(str(uuid.uuid4()))
+        now = datetime.datetime.utcnow()
+        # Fix last used to unset somehow with containerstorage in the way
+        payload = {'api_key': {'key': generated_key, 'created': now, 'last_used': None}}
+        result = self.storage.exec_op('PUT', _id=self.uid, payload=payload)
+        if result.modified_count == 1:
+            return {'key': generated_key}
+        else:
+            self.abort(404, 'New key for user {} not generated'.format(_id))
+
    def _get_user(self, _id):
        user = self.storage.get_container(_id)
        if user is not None:

--- a/api/schemas/mongo/user.json
+++ b/api/schemas/mongo/user.json
@@ -31,7 +31,17 @@
    "preferences":      {
                          "title": "Preferences",
                          "type": "object"
-                        }
+                        },
+    "api_keys":         {
+                          "type": "object",
+                          "properties": {
+                              "key":            {"type": "string"},
+                              "created":        {},
+                              "last_used":      {}
+                          },
+                          "additionalProperties": false
+    }
+
  },
  "additionalProperties": false,
  "required":["_id", "firstname", "lastname", "created", "modified", "root"]