Skip to content

Commit

Permalink
Journalist API: Update last_access metadata with token auth
Browse files Browse the repository at this point in the history
For auditing journalist access to the server
  • Loading branch information
redshiftzero committed Jun 29, 2018
1 parent 67ab286 commit c5fcff4
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions securedrop/journalist_app/api.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
from datetime import datetime
from functools import wraps
import json

Expand Down Expand Up @@ -56,8 +57,16 @@ def get_token():
one_time_code = creds['one_time_code']
try:
journalist = Journalist.login(username, password, one_time_code)
return jsonify({'token': journalist.generate_api_token(
expiration=7200), 'expiration': 7200}), 200

response = jsonify({'token': journalist.generate_api_token(
expiration=7200), 'expiration': 7200})

# Update access metadata
journalist.last_access = datetime.utcnow()
db.session.add(journalist)
db.session.commit()

return response, 200
except Exception:
return abort(403, 'Token authentication failed.')

Expand Down Expand Up @@ -138,6 +147,9 @@ def single_submission(filesystem_id, submission_id):
@token_required
def post_reply(filesystem_id):
source = get_or_404(Source, filesystem_id, Source.filesystem_id)
if not request.json:
abort(400, 'please send requests in valid JSON')

if 'reply' not in request.json:
abort(400, 'reply not found in request body')

Expand Down

0 comments on commit c5fcff4

Please sign in to comment.