Commits

Marcin Kuzminski committed 6024922

fix for api key lookup, reuse same function in user model

Comments (0)

Files changed (4)

rhodecode/controllers/api/__init__.py

             return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \
                                  % (e, urllib.unquote_plus(raw_body)))
 
-        #check AUTH based on API KEY
+        # check AUTH based on API KEY
         try:
             self._req_api_key = json_body['api_key']
             self._req_method = json_body['method']
         except KeyError, e:
             return jsonrpc_error(message='Incorrect JSON query missing %s' % e)
 
-        #check if we can find this session using api_key
+        # check if we can find this session using api_key
         try:
             u = User.get_by_api_key(self._req_api_key)
+            if u is None:
+                return jsonrpc_error(message='Invalid API KEY')
             auth_u = AuthUser(u.user_id, self._req_api_key)
         except Exception, e:
             return jsonrpc_error(message='Invalid API KEY')

rhodecode/model/db.py

         if cache:
             q = q.options(FromCache("sql_cache_short",
                                     "get_api_key_%s" % api_key))
-        q.one()
+        return q.scalar()
 
     def update_lastlogin(self):
         """Update user lastlogin"""

rhodecode/model/user.py

         return user.scalar()
 
     def get_by_api_key(self, api_key, cache=False):
-
-        user = self.sa.query(User)\
-                .filter(User.api_key == api_key)
-        if cache:
-            user = user.options(FromCache("sql_cache_short",
-                                          "get_user_%s" % api_key))
-        return user.scalar()
+        return User.get_by_api_key(api_key, cache)
 
     def create(self, form_data):
         try:

rhodecode/tests/functional/test_login.py

         # GOOD KEY
 
         key = User.get_by_username(username).api_key
-
         response = self.app.get(url(controller='login',
                                     action='password_reset_confirmation',
                                     key=key))