You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kibble.apache.org by hu...@apache.org on 2018/09/18 16:21:23 UTC

[kibble] branch master updated (8e68ec3 -> 444e12f)

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/kibble.git.


    from 8e68ec3  cleanup and disallow searching redundant indices
     new 34dc050  adopt a token system for API access outside browsers
     new 444e12f  gen and show tokens

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 api/pages/session.py   | 11 ++++++++-
 api/plugins/session.py | 66 ++++++++++++++++++++++++++++----------------------
 2 files changed, 47 insertions(+), 30 deletions(-)

[kibble] 01/02: adopt a token system for API access outside browsers

Posted by hu...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kibble.git

commit 34dc05038cd92f71fc1aed58521412b74b9017d4
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Tue Sep 18 18:20:56 2018 +0200

    adopt a token system for API access outside browsers
    
    the token is autogenerated on your first login,
    and needs to be changable/resettable.
---
 api/plugins/session.py | 66 ++++++++++++++++++++++++++++----------------------
 1 file changed, 37 insertions(+), 29 deletions(-)

diff --git a/api/plugins/session.py b/api/plugins/session.py
index 6476135..40e0b59 100644
--- a/api/plugins/session.py
+++ b/api/plugins/session.py
@@ -107,34 +107,42 @@ class KibbleSession(object):
         # Get Kibble cookie
         cookie = None
         cookies = None
-        if 'HTTP_COOKIE' in environ:
-            cookies = http.cookies.SimpleCookie(environ['HTTP_COOKIE'])
-        if cookies and 'kibble_session' in cookies:
-            cookie = cookies['kibble_session'].value
-            try:
-                if re.match(r"^[-a-f0-9]+$", cookie): # Validate cookie, must follow UUID4 specs
-                    doc = None
-                    sdoc = self.DB.ES.get(index=self.DB.dbname, doc_type='uisession', id = cookie)
-                    if sdoc and 'cid' in sdoc['_source']:
-                        doc = self.DB.ES.get(index=self.DB.dbname, doc_type='useraccount', id = sdoc['_source']['cid'])
-                    if doc and '_source' in doc:
-                        # Make sure this cookie has been used in the past 7 days, else nullify it.
-                        # Further more, run an update of the session if >1 hour ago since last update.
-                        age = time.time() - sdoc['_source']['timestamp']
-                        if age > (7*86400):
-                            self.DB.ES.delete(index=self.DB.dbname, doc_type='uisession', id = cookie)
-                            sdoc['_source'] = None # Wipe it!
-                            doc = None
-                        elif age > 3600:
-                            sdoc['_source']['timestamp'] = int(time.time()) # Update timestamp in session DB
-                            self.DB.ES.update(index=self.DB.dbname, doc_type='uisession', id = cookie, body = {'doc':sdoc['_source']})
-                        if doc:
-                            self.user = doc['_source']
-                else:
-                    cookie = None
-            except Exception as err:
-                print(err)
-        if not cookie:
-            self.newCookie()
+        if 'HTTP_KIBBLE_TOKEN' in environ:
+            token = environ.get('HTTP_KIBBLE_TOKEN')
+            if re.match(r"^[-a-f0-9]+$", token): # Validate token, must follow UUID4 specs
+                res = self.DB.ES.search(index=self.DB.dbname, doc_type='useraccount', body = {"query": { "match": { "token": token}}})
+                if res['hits']['hits']:
+                    self.user = res['hits']['hits'][0]['_source']
+                    self.newCookie()
+        else:
+            if 'HTTP_COOKIE' in environ:
+                cookies = http.cookies.SimpleCookie(environ['HTTP_COOKIE'])
+            if cookies and 'kibble_session' in cookies:
+                cookie = cookies['kibble_session'].value
+                try:
+                    if re.match(r"^[-a-f0-9]+$", cookie): # Validate cookie, must follow UUID4 specs
+                        doc = None
+                        sdoc = self.DB.ES.get(index=self.DB.dbname, doc_type='uisession', id = cookie)
+                        if sdoc and 'cid' in sdoc['_source']:
+                            doc = self.DB.ES.get(index=self.DB.dbname, doc_type='useraccount', id = sdoc['_source']['cid'])
+                        if doc and '_source' in doc:
+                            # Make sure this cookie has been used in the past 7 days, else nullify it.
+                            # Further more, run an update of the session if >1 hour ago since last update.
+                            age = time.time() - sdoc['_source']['timestamp']
+                            if age > (7*86400):
+                                self.DB.ES.delete(index=self.DB.dbname, doc_type='uisession', id = cookie)
+                                sdoc['_source'] = None # Wipe it!
+                                doc = None
+                            elif age > 3600:
+                                sdoc['_source']['timestamp'] = int(time.time()) # Update timestamp in session DB
+                                self.DB.ES.update(index=self.DB.dbname, doc_type='uisession', id = cookie, body = {'doc':sdoc['_source']})
+                            if doc:
+                                self.user = doc['_source']
+                    else:
+                        cookie = None
+                except Exception as err:
+                    print(err)
+            if not cookie:
+                self.newCookie()
         self.cookie = cookie
         
\ No newline at end of file

[kibble] 02/02: gen and show tokens

Posted by hu...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kibble.git

commit 444e12f28a57cd9fd3c312d067a6c43e5e93b8a7
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Tue Sep 18 18:21:08 2018 +0200

    gen and show tokens
---
 api/pages/session.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/api/pages/session.py b/api/pages/session.py
index 3b5f432..425cd89 100644
--- a/api/pages/session.py
+++ b/api/pages/session.py
@@ -101,6 +101,7 @@ import re
 import time
 import bcrypt
 import hashlib
+import uuid
 
 def run(API, environ, indata, session):
     
@@ -143,6 +144,13 @@ def run(API, environ, indata, session):
     
     # Display the user data for this session
     if method == "GET":
+        
+        # Do we have an API key? If not, make one
+        if not session.user.get('token') or indata.get('newtoken'):
+            token = str(uuid.uuid4())
+            session.user['token'] = token
+            session.DB.ES.index(index=session.DB.dbname, doc_type='useraccount', id = session.user['email'], body = session.user)
+        
         # Run a quick search of all orgs we have.
         res = session.DB.ES.search(
                 index=session.DB.dbname,
@@ -167,7 +175,8 @@ def run(API, environ, indata, session):
             'organisations': session.user['organisations'],
             'ownerships': session.user['ownerships'],
             'gravatar': hashlib.md5(session.user['email'].encode('utf-8')).hexdigest(),
-            'userlevel': session.user['userlevel']
+            'userlevel': session.user['userlevel'],
+            'token': session.user['token']
         }
         yield json.dumps(JSON_OUT)
         return