This is an automated email from the ASF dual-hosted git repository. gcruz pushed a commit to branch gc/8405 in repository https://gitbox.apache.org/repos/asf/allura.git
commit dad75f52a7b634e57c6c9a836065c7c4be10ec71 Author: Guillermo Cruz <[email protected]> AuthorDate: Wed Dec 22 11:35:33 2021 -0700 8405 added last_access field to save the last access date for OAuth tokens --- Allura/allura/controllers/rest.py | 3 +++ Allura/allura/model/oauth.py | 3 +++ Allura/allura/templates/oauth_applications.html | 3 +++ 3 files changed, 9 insertions(+) diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py index dbd9817..34f4118 100644 --- a/Allura/allura/controllers/rest.py +++ b/Allura/allura/controllers/rest.py @@ -43,6 +43,7 @@ from allura.lib.decorators import require_post from allura.lib.project_create_helpers import make_newproject_schema, deserialize_project, create_project_with_attrs from allura.lib.security import has_access import six +from datetime import datetime log = logging.getLogger(__name__) @@ -150,6 +151,7 @@ class OAuthNegotiator(object): if not (access_token and access_token.is_bearer): request.environ['tg.status_code_redirect'] = True raise exc.HTTPUnauthorized + access_token.last_access = datetime.utcnow() return access_token req = oauth.Request.from_request( request.method, @@ -178,6 +180,7 @@ class OAuthNegotiator(object): except oauth.Error as e: log.error('Invalid signature %s %s', type(e), e) raise exc.HTTPUnauthorized + access_token.last_access = datetime.utcnow() return access_token @expose() diff --git a/Allura/allura/model/oauth.py b/Allura/allura/model/oauth.py index cd585c5..479d52f 100644 --- a/Allura/allura/model/oauth.py +++ b/Allura/allura/model/oauth.py @@ -19,6 +19,8 @@ from __future__ import unicode_literals from __future__ import absolute_import import logging import typing +from datetime import datetime + import oauth2 as oauth from tg import tmpl_context as c, app_globals as g @@ -58,6 +60,7 @@ class OAuthToken(MappedClass): type = FieldProperty(str) api_key = FieldProperty(str, if_missing=lambda: h.nonce(20)) secret_key = FieldProperty(str, if_missing=h.cryptographic_nonce) + last_access = FieldProperty(datetime) def to_string(self): return oauth.Token(self.api_key, self.secret_key).to_string() diff --git a/Allura/allura/templates/oauth_applications.html b/Allura/allura/templates/oauth_applications.html index 7506975..9114f3d 100644 --- a/Allura/allura/templates/oauth_applications.html +++ b/Allura/allura/templates/oauth_applications.html @@ -90,6 +90,9 @@ <th>Bearer Token:</th><td>{{access_token.api_key}}</td> </tr> {% endif %} + <tr> + <th>Last Access:</th><td>{% if access_token.last_access %} {{ access_token.last_access.strftime('%a %b %d, %Y %I:%M %p UTC') }} {% endif %}</td> + </tr> <tr class="controls"> <td colspan="2"> <form method="POST" action="revoke_access_token" class="revoke_access_token">
