Support credentials label and last_used_from fields

apiserver/apimodels/auth.py

@@ -81,6 +81,7 @@ class Credentials(Base):
 class CredentialsResponse(Credentials):
     secret_key = StringField()
     last_used = DateTimeField(default=None)
+    last_used_from = StringField()
 
 
 class CreateCredentialsRequest(Base):

apiserver/bll/auth/__init__.py

@@ -162,7 +162,7 @@ class AuthBLL:
                 access_key=get_client_id(), secret_key=get_secret_key(), label=label
             )
             user.credentials.append(
-                Credentials(key=cred.access_key, secret=cred.secret_key)
+                Credentials(key=cred.access_key, secret=cred.secret_key, label=label)
             )
             user.save()
 

apiserver/database/model/auth.py

@@ -50,6 +50,7 @@ class Credentials(EmbeddedDocument):
     secret = StringField(required=True)
     label = StringField()
     last_used = DateTimeField()
+    last_used_from = StringField()
 
 
 class User(DbModelMixin, AuthDocument):

apiserver/schema/services/auth.conf

@@ -24,6 +24,10 @@ _definitions {
                 description: ""
                 format: "date-time"
             }
+            last_used_from {
+                type: string
+                description: ""
+            }
         }
     }
     role {

apiserver/service_repo/auth/auth.py

@@ -51,7 +51,7 @@ def authorize_token(jwt_token, *_, **__):
         )
 
 
-def authorize_credentials(auth_data, service, action, call_data_items):
+def authorize_credentials(auth_data, service, action, call):
     """Validate credentials against service/action and request data (dicts).
     Returns a new basic object (auth payload)
     """
@@ -100,7 +100,12 @@ def authorize_credentials(auth_data, service, action, call_data_items):
         if not fixed_user:
             # In case these are proper credentials, update last used time
             User.objects(id=user.id, credentials__key=access_key).update(
-                **{"set__credentials__$__last_used": datetime.utcnow()}
+                **{
+                    "set__credentials__$__last_used": datetime.utcnow(),
+                    "set__credentials__$__last_used_from": call.get_worker(
+                        default=call.real_ip
+                    ),
+                }
             )
 
     with TimingContext("mongo", "company_by_id"):

apiserver/service_repo/validators.py

@@ -69,7 +69,7 @@ def validate_auth(endpoint, call):
         auth = call.authorization or ""
         auth_type, _, auth_data = auth.partition(" ")
         authorize_func = get_auth_func(auth_type)
-        call.auth = authorize_func(auth_data, service, action, call.batched_data)
+        call.auth = authorize_func(auth_data, service, action, call)
     except Exception:
         if endpoint.authorize:
             # if endpoint requires authorization, re-raise exception

apiserver/services/auth.py

@@ -161,7 +161,10 @@ def get_credentials(call: APICall, _, __):
         call.result.data_model = GetCredentialsResponse(
             credentials=[
                 CredentialsResponse(
-                    access_key=c.key, last_used=c.last_used, label=c.label
+                    access_key=c.key,
+                    last_used=c.last_used,
+                    label=c.label,
+                    last_used_from=c.last_used_from,
                 )
                 for c in user.credentials
             ]