Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again.

2014-09-04 14:24:20 -04:00 · 2014-09-04 14:24:20 -04:00 · e783df31e0
commit e783df31e0
parent 1e7e012b92
9 changed files with 174 additions and 61 deletions
--- a/endpoints/api/discovery.py
+++ b/endpoints/api/discovery.py
@ -119,6 +119,11 @@ def swagger_route_data(include_internal=False, compact=False):
          if internal is not None:
            new_operation['internal'] = True

+          if include_internal:
+            requires_fresh_login = method_metadata(method, 'requires_fresh_login')
+            if requires_fresh_login is not None:
+              new_operation['requires_fresh_login'] = True
+
          if not internal or (internal and include_internal):
            operations.append(new_operation)