Mercurial > kallithea

changeset 1693:60249224be04 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix for api key lookup, reuse same function in user model
author Marcin Kuzminski <marcin@python-works.com>
date Thu, 17 Nov 2011 18:52:48 +0200
parents b76bb93db070
children 1450ceb36aa6
files rhodecode/controllers/api/__init__.py rhodecode/model/db.py rhodecode/model/user.py rhodecode/tests/functional/test_login.py
diffstat 4 files changed, 6 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/rhodecode/controllers/api/__init__.py	Thu Nov 17 18:33:44 2011 +0200
+++ b/rhodecode/controllers/api/__init__.py	Thu Nov 17 18:52:48 2011 +0200
@@ -114,7 +114,7 @@
             return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \
                                  % (e, urllib.unquote_plus(raw_body)))
 
-        #check AUTH based on API KEY
+        # check AUTH based on API KEY
         try:
             self._req_api_key = json_body['api_key']
             self._req_method = json_body['method']
@@ -125,9 +125,11 @@
         except KeyError, e:
             return jsonrpc_error(message='Incorrect JSON query missing %s' % e)
 
-        #check if we can find this session using api_key
+        # check if we can find this session using api_key
         try:
             u = User.get_by_api_key(self._req_api_key)
+            if u is None:
+                return jsonrpc_error(message='Invalid API KEY')
             auth_u = AuthUser(u.user_id, self._req_api_key)
         except Exception, e:
             return jsonrpc_error(message='Invalid API KEY')
--- a/rhodecode/model/db.py	Thu Nov 17 18:33:44 2011 +0200
+++ b/rhodecode/model/db.py	Thu Nov 17 18:52:48 2011 +0200
@@ -324,7 +324,7 @@
         if cache:
             q = q.options(FromCache("sql_cache_short",
                                     "get_api_key_%s" % api_key))
-        q.one()
+        return q.scalar()
 
     def update_lastlogin(self):
         """Update user lastlogin"""
--- a/rhodecode/model/user.py	Thu Nov 17 18:33:44 2011 +0200
+++ b/rhodecode/model/user.py	Thu Nov 17 18:52:48 2011 +0200
@@ -70,13 +70,7 @@
         return user.scalar()
 
     def get_by_api_key(self, api_key, cache=False):
-
-        user = self.sa.query(User)\
-                .filter(User.api_key == api_key)
-        if cache:
-            user = user.options(FromCache("sql_cache_short",
-                                          "get_user_%s" % api_key))
-        return user.scalar()
+        return User.get_by_api_key(api_key, cache)
 
     def create(self, form_data):
         try:
--- a/rhodecode/tests/functional/test_login.py	Thu Nov 17 18:33:44 2011 +0200
+++ b/rhodecode/tests/functional/test_login.py	Thu Nov 17 18:52:48 2011 +0200
@@ -247,7 +247,6 @@
         # GOOD KEY
 
         key = User.get_by_username(username).api_key
-
         response = self.app.get(url(controller='login',
                                     action='password_reset_confirmation',
                                     key=key))