Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FEATURE: track date api key was last used 

Start tracking the date an api key was last used. This has already been
the case for user_api_keys.

This information can provide us with the ability to automatically expire
unused api keys after N days.
This commit is contained in:
Sam Saffron 2019-09-03 18:10:29 +10:00
parent af9b08bed3
commit dc9110cc43
4 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/models/api_key.rb
View File

@ -35,6 +35,7 @@ end
# updated_at :datetime not null # updated_at :datetime not null
# allowed_ips :inet is an Array # allowed_ips :inet is an Array
# hidden :boolean default(FALSE), not null # hidden :boolean default(FALSE), not null
# last_used_at :datetime
# #
# Indexes # Indexes
# #

6
db/migrate/20190903073730_add_last_used_at_to_api_key.rb Normal file
View File

@ -0,0 +1,6 @@
# frozen_string_literal: true
class AddLastUsedAtToApiKey < ActiveRecord::Migration[5.2]
def change
add_column :api_keys, :last_used_at, :datetime
end
end

7
lib/auth/default_current_user_provider.rb
View File

@ -292,6 +292,7 @@ class Auth::DefaultCurrentUserProvider
return nil return nil
end end
user =
if api_key.user if api_key.user
api_key.user if !api_username || (api_key.user.username_lower == api_username.downcase) api_key.user if !api_username || (api_key.user.username_lower == api_username.downcase)
elsif api_username elsif api_username
@ -301,6 +302,12 @@ class Auth::DefaultCurrentUserProvider
elsif external_id = header_api_key? ? @env[HEADER_API_USER_EXTERNAL_ID] : request["api_user_external_id"] elsif external_id = header_api_key? ? @env[HEADER_API_USER_EXTERNAL_ID] : request["api_user_external_id"]
SingleSignOnRecord.find_by(external_id: external_id.to_s).try(:user) SingleSignOnRecord.find_by(external_id: external_id.to_s).try(:user)
end end
if user
api_key.update_columns(last_used_at: Time.zone.now)
end
user
end end
end end

11
spec/components/auth/default_current_user_provider_spec.rb
View File

@ -56,11 +56,14 @@ describe Auth::DefaultCurrentUserProvider do
it "raises for a user pretending" do it "raises for a user pretending" do
user = Fabricate(:user) user = Fabricate(:user)
user2 = Fabricate(:user) user2 = Fabricate(:user)
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1) key = ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1)
expect { expect {
provider("/?api_key=hello&api_username=#{user2.username.downcase}").current_user provider("/?api_key=hello&api_username=#{user2.username.downcase}").current_user
}.to raise_error(Discourse::InvalidAccess) }.to raise_error(Discourse::InvalidAccess)
key.reload
expect(key.last_used_at).to eq(nil)
end end
it "raises for a user with a mismatching ip" do it "raises for a user with a mismatching ip" do
@ -74,8 +77,10 @@ describe Auth::DefaultCurrentUserProvider do
end end
it "allows a user with a matching ip" do it "allows a user with a matching ip" do
freeze_time
user = Fabricate(:user) user = Fabricate(:user)
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1, allowed_ips: ['100.0.0.0/24']) key = ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1, allowed_ips: ['100.0.0.0/24'])
found_user = provider("/?api_key=hello&api_username=#{user.username.downcase}", found_user = provider("/?api_key=hello&api_username=#{user.username.downcase}",
"REMOTE_ADDR" => "100.0.0.22").current_user "REMOTE_ADDR" => "100.0.0.22").current_user
@ -86,6 +91,8 @@ describe Auth::DefaultCurrentUserProvider do
"HTTP_X_FORWARDED_FOR" => "10.1.1.1, 100.0.0.22").current_user "HTTP_X_FORWARDED_FOR" => "10.1.1.1, 100.0.0.22").current_user
expect(found_user.id).to eq(user.id) expect(found_user.id).to eq(user.id)
key.reload
expect(key.last_used_at).to eq_time(Time.zone.now)
end end
it "finds a user for a correct system api key" do it "finds a user for a correct system api key" do