app/dao/api_key_dao.py

import uuid
from flask import current_app
from itsdangerous import URLSafeSerializer

from app import db
from app.models import ApiKey

from app.dao.dao_utils import (
    transactional,
    version_class
)


@transactional
@version_class(ApiKey)
def save_model_api_key(api_key, update_dict={}):
    if update_dict:
        update_dict.pop('id', None)
        for key, value in update_dict.items():
            setattr(api_key, key, value)
        db.session.add(api_key)
    else:
        if not api_key.id:
            api_key.id = uuid.uuid4()  # must be set now so version history model can use same id
        api_key.secret = _generate_secret()
        db.session.add(api_key)


def get_model_api_keys(service_id, id=None):
    if id:
        return ApiKey.query.filter_by(id=id, service_id=service_id, expiry_date=None).one()
    return ApiKey.query.filter_by(service_id=service_id).all()


def get_unsigned_secrets(service_id):
    """
    This method can only be exposed to the Authentication of the api calls.
    """
    api_keys = ApiKey.query.filter_by(service_id=service_id, expiry_date=None).all()
    keys = [_get_secret(x.secret) for x in api_keys]
    return keys


def get_unsigned_secret(key_id):
    """
    This method can only be exposed to the Authentication of the api calls.
    """
    api_key = ApiKey.query.filter_by(id=key_id, expiry_date=None).one()
    return _get_secret(api_key.secret)


def _generate_secret(token=None):
    if not token:
        token = uuid.uuid4()
    serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
    return serializer.dumps(str(token), current_app.config.get('DANGEROUS_SALT'))


def _get_secret(signed_secret):
    serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
    return serializer.loads(signed_secret, salt=current_app.config.get('DANGEROUS_SALT'))
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`import uuid`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`from flask import current_app`
			`from itsdangerous import URLSafeSerializer`

			`from app import db`
			`from app.models import ApiKey`

Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`from app.dao.dao_utils import (`
			`transactional,`
When using the versioned decorator I noticed that when adding or revoking an api key the service it associated with was of course added to db.session.dirty. That resulted in an updated version of service being added to the service history table that showed no visible difference from that record immediately precending it as the change was to another table, namely the api_key table. A new api key or revoked api key was correctly added to api_key and api_key_history tables. However I think an 'unchanged' service history record may be a bit confusing as you'd need to correlate with api_keys to work out what the change was. I think it's best to just record the new/revoked api_key and not create another version of the service. This pr wraps the exisiting versioned decorator with one that take a class which you are interested in versioning. Using the new decorator you only get a new version and history record for the class you pass to outer decorator. If the exising behaviour is acceptable to the powers that be then by all means ignore/close this pr. 2016-04-21 18:10:57 +01:00			`version_class`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00
			`@transactional`
When using the versioned decorator I noticed that when adding or revoking an api key the service it associated with was of course added to db.session.dirty. That resulted in an updated version of service being added to the service history table that showed no visible difference from that record immediately precending it as the change was to another table, namely the api_key table. A new api key or revoked api key was correctly added to api_key and api_key_history tables. However I think an 'unchanged' service history record may be a bit confusing as you'd need to correlate with api_keys to work out what the change was. I think it's best to just record the new/revoked api_key and not create another version of the service. This pr wraps the exisiting versioned decorator with one that take a class which you are interested in versioning. Using the new decorator you only get a new version and history record for the class you pass to outer decorator. If the exising behaviour is acceptable to the powers that be then by all means ignore/close this pr. 2016-04-21 18:10:57 +01:00			`@version_class(ApiKey)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`def save_model_api_key(api_key, update_dict={}):`
			`if update_dict:`
Changes for pr comments 2016-04-21 15:22:26 +01:00			`update_dict.pop('id', None)`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`for key, value in update_dict.items():`
Changes for pr comments 2016-04-21 15:22:26 +01:00			`setattr(api_key, key, value)`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`db.session.add(api_key)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`else:`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`if not api_key.id:`
			`api_key.id = uuid.uuid4() # must be set now so version history model can use same id`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`api_key.secret = _generate_secret()`
			`db.session.add(api_key)`


Update api-key/revoke endpoint to expire the key for the service. Previously we assumed there was only one api key that was valid. 2016-01-20 14:48:44 +00:00			`def get_model_api_keys(service_id, id=None):`
			`if id:`
			`return ApiKey.query.filter_by(id=id, service_id=service_id, expiry_date=None).one()`
			`return ApiKey.query.filter_by(service_id=service_id).all()`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00

Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`def get_unsigned_secrets(service_id):`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`"""`
			`This method can only be exposed to the Authentication of the api calls.`
			`"""`
Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`api_keys = ApiKey.query.filter_by(service_id=service_id, expiry_date=None).all()`
			`keys = [_get_secret(x.secret) for x in api_keys]`
			`return keys`


			`def get_unsigned_secret(key_id):`
			`"""`
			`This method can only be exposed to the Authentication of the api calls.`
			`"""`
			`api_key = ApiKey.query.filter_by(id=key_id, expiry_date=None).one()`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`return _get_secret(api_key.secret)`


			`def _generate_secret(token=None):`
			`if not token:`
			`token = uuid.uuid4()`
			`serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))`
			`return serializer.dumps(str(token), current_app.config.get('DANGEROUS_SALT'))`


			`def _get_secret(signed_secret):`
			`serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))`
			`return serializer.loads(signed_secret, salt=current_app.config.get('DANGEROUS_SALT'))`