A controller action to cycle the API key

ckan · Jan 1, 2014 · 0952e46 · 0952e46
1 parent 46752e5
commit 0952e46
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 0 deletions.
diff --git a/ckan/config/routing.py b/ckan/config/routing.py
@@ -349,6 +349,7 @@ def make_map():
         m.connect('/user/edit', action='edit')
         # Note: openid users have slashes in their ids, so need the wildcard
         # in the route.
+        m.connect('user_cycle_apikey', '/user/cycle_key/{id}', action='cycle_apikey')
         m.connect('/user/activity/{id}/{offset}', action='activity')
         m.connect('user_activity_stream', '/user/activity/{id}',
                   action='activity', ckan_icon='time')

diff --git a/ckan/controllers/user.py b/ckan/controllers/user.py
@@ -195,6 +195,41 @@ def delete(self, id):
             msg = _('Unauthorized to delete user with id "{user_id}".')
             abort(401, msg.format(user_id=id))
 
+    def cycle_apikey(self, id):
+        '''Cycle the API key of a user'''
+        context = {'model': model,
+                   'session': model.Session,
+                   'user': c.user,
+                   'auth_user_obj': c.userobj,
+                   }
+        if id is None:
+            if c.userobj:
+                id = c.userobj.id
+            else:
+                abort(400, _('No user specified'))
+        data_dict = {'id': id}
+
+        try:
+            check_access('user_update', context, data_dict)
+        except NotAuthorized:
+            abort(401, _('Unauthorized to edit a user.'))
+
+        try:
+            old_data = get_action('user_show')(context, data_dict)
+            old_data['apikey'] = model.types.make_uuid()
+            context['schema'] = schema.default_cycle_apikey_user_schema()
+            data_dict = old_data
+            get_action('user_update')(context, data_dict)
+
+        except NotAuthorized:
+            abort(401, _('Unauthorized to edit user %s') % '')
+        except NotFound:
+            abort(404, _('User not found'))
+
+        h.flash_success(_('Profile updated'))
+        h.redirect_to(controller='user', action='read', id=data_dict['name'])
+
+
     def _save_new(self, context):
         try:
             data_dict = logic.clean_dict(unflatten(

diff --git a/ckan/logic/schema.py b/ckan/logic/schema.py
@@ -438,6 +438,12 @@ def default_update_user_schema():
 
     return schema
 
+def default_cycle_apikey_user_schema():
+    schema = default_update_user_schema()
+
+    schema['apikey'] = [not_empty, unicode]
+    return schema
+
 def default_user_invite_schema():
     schema = {
         'email': [not_empty, unicode],