app/dao/api_key_dao.py

import uuid
from datetime import datetime

from app import db, encryption
from app.models import ApiKey

from app.dao.dao_utils import (
    transactional,
    version_class
)


@transactional
@version_class(ApiKey)
def save_model_api_key(api_key):
    if not api_key.id:
        api_key.id = uuid.uuid4()  # must be set now so version history model can use same id
    api_key.secret = uuid.uuid4()
    db.session.add(api_key)


@transactional
@version_class(ApiKey)
def expire_api_key(service_id, api_key_id):
    api_key = ApiKey.query.filter_by(id=api_key_id, service_id=service_id).one()
    api_key.expiry_date = datetime.utcnow()
    db.session.add(api_key)


def get_model_api_keys(service_id, id=None):
    if id:
        return ApiKey.query.filter_by(id=id, service_id=service_id, expiry_date=None).one()
    return ApiKey.query.filter_by(service_id=service_id).all()


def get_unsigned_secrets(service_id):
    """
    This method can only be exposed to the Authentication of the api calls.
    """
    api_keys = ApiKey.query.filter_by(service_id=service_id, expiry_date=None).all()
    keys = [x.secret for x in api_keys]
    return keys


def get_unsigned_secret(key_id):
    """
    This method can only be exposed to the Authentication of the api calls.
    """
    api_key = ApiKey.query.filter_by(id=key_id, expiry_date=None).one()
    return api_key.secret
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`import uuid`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`from datetime import datetime`

Refactor ApiKeys.secret and ServiceInboundApi.bearer_token to use the same encryption method and get rid of the duplicate code. 2017-06-19 14:32:22 +01:00			`from app import db, encryption`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`from app.models import ApiKey`

Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`from app.dao.dao_utils import (`
			`transactional,`
When using the versioned decorator I noticed that when adding or revoking an api key the service it associated with was of course added to db.session.dirty. That resulted in an updated version of service being added to the service history table that showed no visible difference from that record immediately precending it as the change was to another table, namely the api_key table. A new api key or revoked api key was correctly added to api_key and api_key_history tables. However I think an 'unchanged' service history record may be a bit confusing as you'd need to correlate with api_keys to work out what the change was. I think it's best to just record the new/revoked api_key and not create another version of the service. This pr wraps the exisiting versioned decorator with one that take a class which you are interested in versioning. Using the new decorator you only get a new version and history record for the class you pass to outer decorator. If the exising behaviour is acceptable to the powers that be then by all means ignore/close this pr. 2016-04-21 18:10:57 +01:00			`version_class`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00
			`@transactional`
When using the versioned decorator I noticed that when adding or revoking an api key the service it associated with was of course added to db.session.dirty. That resulted in an updated version of service being added to the service history table that showed no visible difference from that record immediately precending it as the change was to another table, namely the api_key table. A new api key or revoked api key was correctly added to api_key and api_key_history tables. However I think an 'unchanged' service history record may be a bit confusing as you'd need to correlate with api_keys to work out what the change was. I think it's best to just record the new/revoked api_key and not create another version of the service. This pr wraps the exisiting versioned decorator with one that take a class which you are interested in versioning. Using the new decorator you only get a new version and history record for the class you pass to outer decorator. If the exising behaviour is acceptable to the powers that be then by all means ignore/close this pr. 2016-04-21 18:10:57 +01:00			`@version_class(ApiKey)`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`def save_model_api_key(api_key):`
			`if not api_key.id:`
			`api_key.id = uuid.uuid4() # must be set now so version history model can use same id`
Refactor ApiKeys.secret and ServiceInboundApi.bearer_token to use the same encryption method and get rid of the duplicate code. 2017-06-19 14:32:22 +01:00			`api_key.secret = uuid.uuid4()`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`db.session.add(api_key)`


			`@transactional`
			`@version_class(ApiKey)`
			`def expire_api_key(service_id, api_key_id):`
			`api_key = ApiKey.query.filter_by(id=api_key_id, service_id=service_id).one()`
			`api_key.expiry_date = datetime.utcnow()`
			`db.session.add(api_key)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00

Update api-key/revoke endpoint to expire the key for the service. Previously we assumed there was only one api key that was valid. 2016-01-20 14:48:44 +00:00			`def get_model_api_keys(service_id, id=None):`
			`if id:`
			`return ApiKey.query.filter_by(id=id, service_id=service_id, expiry_date=None).one()`
			`return ApiKey.query.filter_by(service_id=service_id).all()`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00

Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`def get_unsigned_secrets(service_id):`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`"""`
			`This method can only be exposed to the Authentication of the api calls.`
			`"""`
Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`api_keys = ApiKey.query.filter_by(service_id=service_id, expiry_date=None).all()`
Refactor ApiKeys.secret and ServiceInboundApi.bearer_token to use the same encryption method and get rid of the duplicate code. 2017-06-19 14:32:22 +01:00			`keys = [x.secret for x in api_keys]`
Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`return keys`


			`def get_unsigned_secret(key_id):`
			`"""`
			`This method can only be exposed to the Authentication of the api calls.`
			`"""`
			`api_key = ApiKey.query.filter_by(id=key_id, expiry_date=None).one()`
Refactor ApiKeys.secret and ServiceInboundApi.bearer_token to use the same encryption method and get rid of the duplicate code. 2017-06-19 14:32:22 +01:00			`return api_key.secret`