Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password

2017-12-08 17:05:59 -05:00 · 2017-12-08 17:05:59 -05:00 · 524d77f527
commit 524d77f527
parent 53b762a875
50 changed files with 943 additions and 289 deletions
--- a/util/audit.py
+++ b/util/audit.py
@ -9,7 +9,7 @@ from app import analytics, userevents, ip_resolver
 from data import model
 from auth.registry_jwt_auth import get_granted_entity
 from auth.auth_context import (get_authenticated_user, get_validated_token,
-                               get_validated_oauth_token)
+                               get_validated_oauth_token, get_validated_app_specific_token)

 logger = logging.getLogger(__name__)

@ -27,20 +27,28 @@ def track_and_log(event_name, repo_obj, analytics_name=None, analytics_sample=1,
  authenticated_oauth_token = get_validated_oauth_token()
  authenticated_user = get_authenticated_user()
  authenticated_token = get_validated_token() if not authenticated_user else None
+  app_specific_token = get_validated_app_specific_token()

-  if not authenticated_user and not authenticated_token and not authenticated_oauth_token:
+  if (not authenticated_user and not authenticated_token and not authenticated_oauth_token and
+      not app_specific_token):
    entity = get_granted_entity()
    if entity:
      authenticated_user = entity.user
      authenticated_token = entity.token
      authenticated_oauth_token = entity.oauth
+      app_specific_token = entity.app_specific_token

  logger.debug('Logging the %s to Mixpanel and the log system', event_name)
  if authenticated_oauth_token:
    metadata['oauth_token_id'] = authenticated_oauth_token.id
    metadata['oauth_token_application_id'] = authenticated_oauth_token.application.client_id
    metadata['oauth_token_application'] = authenticated_oauth_token.application.name
+    metadata['username'] = authenticated_user.username
    analytics_id = 'oauth:{0}'.format(authenticated_oauth_token.id)
+  elif app_specific_token:
+    metadata['app_specific_token'] = app_specific_token.uuid
+    metadata['username'] = authenticated_user.username
+    analytics_id = 'appspecifictoken:{0}'.format(app_specific_token.uuid)
  elif authenticated_user:
    metadata['username'] = authenticated_user.username
    analytics_id = authenticated_user.username