From c04e2e498bcbdc87f03290000d51fce3c6834cbd Mon Sep 17 00:00:00 2001 From: allegroai <> Date: Tue, 15 Mar 2022 16:29:37 +0200 Subject: [PATCH] Support credentials label and last_used_from fields --- apiserver/apimodels/auth.py | 1 + apiserver/bll/auth/__init__.py | 2 +- apiserver/database/model/auth.py | 1 + apiserver/schema/services/auth.conf | 4 ++++ apiserver/service_repo/auth/auth.py | 9 +++++++-- apiserver/service_repo/validators.py | 2 +- apiserver/services/auth.py | 5 ++++- 7 files changed, 19 insertions(+), 5 deletions(-) diff --git a/apiserver/apimodels/auth.py b/apiserver/apimodels/auth.py index 34917ad..2796bc0 100644 --- a/apiserver/apimodels/auth.py +++ b/apiserver/apimodels/auth.py @@ -81,6 +81,7 @@ class Credentials(Base): class CredentialsResponse(Credentials): secret_key = StringField() last_used = DateTimeField(default=None) + last_used_from = StringField() class CreateCredentialsRequest(Base): diff --git a/apiserver/bll/auth/__init__.py b/apiserver/bll/auth/__init__.py index 7ffb49b..e333dfb 100644 --- a/apiserver/bll/auth/__init__.py +++ b/apiserver/bll/auth/__init__.py @@ -162,7 +162,7 @@ class AuthBLL: access_key=get_client_id(), secret_key=get_secret_key(), label=label ) user.credentials.append( - Credentials(key=cred.access_key, secret=cred.secret_key) + Credentials(key=cred.access_key, secret=cred.secret_key, label=label) ) user.save() diff --git a/apiserver/database/model/auth.py b/apiserver/database/model/auth.py index 8f99515..cb35aee 100644 --- a/apiserver/database/model/auth.py +++ b/apiserver/database/model/auth.py @@ -50,6 +50,7 @@ class Credentials(EmbeddedDocument): secret = StringField(required=True) label = StringField() last_used = DateTimeField() + last_used_from = StringField() class User(DbModelMixin, AuthDocument): diff --git a/apiserver/schema/services/auth.conf b/apiserver/schema/services/auth.conf index 48fe500..a821059 100644 --- a/apiserver/schema/services/auth.conf +++ b/apiserver/schema/services/auth.conf @@ -24,6 +24,10 @@ _definitions { description: "" format: "date-time" } + last_used_from { + type: string + description: "" + } } } role { diff --git a/apiserver/service_repo/auth/auth.py b/apiserver/service_repo/auth/auth.py index fa3c1c5..2dbd9aa 100644 --- a/apiserver/service_repo/auth/auth.py +++ b/apiserver/service_repo/auth/auth.py @@ -51,7 +51,7 @@ def authorize_token(jwt_token, *_, **__): ) -def authorize_credentials(auth_data, service, action, call_data_items): +def authorize_credentials(auth_data, service, action, call): """Validate credentials against service/action and request data (dicts). Returns a new basic object (auth payload) """ @@ -100,7 +100,12 @@ def authorize_credentials(auth_data, service, action, call_data_items): if not fixed_user: # In case these are proper credentials, update last used time User.objects(id=user.id, credentials__key=access_key).update( - **{"set__credentials__$__last_used": datetime.utcnow()} + **{ + "set__credentials__$__last_used": datetime.utcnow(), + "set__credentials__$__last_used_from": call.get_worker( + default=call.real_ip + ), + } ) with TimingContext("mongo", "company_by_id"): diff --git a/apiserver/service_repo/validators.py b/apiserver/service_repo/validators.py index 530bc63..2d69eda 100644 --- a/apiserver/service_repo/validators.py +++ b/apiserver/service_repo/validators.py @@ -69,7 +69,7 @@ def validate_auth(endpoint, call): auth = call.authorization or "" auth_type, _, auth_data = auth.partition(" ") authorize_func = get_auth_func(auth_type) - call.auth = authorize_func(auth_data, service, action, call.batched_data) + call.auth = authorize_func(auth_data, service, action, call) except Exception: if endpoint.authorize: # if endpoint requires authorization, re-raise exception diff --git a/apiserver/services/auth.py b/apiserver/services/auth.py index 1f9b04c..c374555 100644 --- a/apiserver/services/auth.py +++ b/apiserver/services/auth.py @@ -161,7 +161,10 @@ def get_credentials(call: APICall, _, __): call.result.data_model = GetCredentialsResponse( credentials=[ CredentialsResponse( - access_key=c.key, last_used=c.last_used, label=c.label + access_key=c.key, + last_used=c.last_used, + label=c.label, + last_used_from=c.last_used_from, ) for c in user.credentials ]