projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
11453: Accept salted tokens at /users/current and /groups.
[arvados.git] / services / api / app / models / api_client_authorization.rb
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 10c02cca25a576a113801b07865a75dfa8affa82..3e90c0eb304674fc2b6ad283af42838894f06ac1 100644 (file)
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -82,6 +82,22 @@ class ApiClientAuthorization < ArvadosModel
     ["#{table_name}.id desc"]
   end
 
+  def self.validate(remote_id:)
+    token = Thread.current[:supplied_token]
+    return nil if !token
+    version, uuid, secret = token.split(',')
+    return nil if version != 'v2'
+    auth = ApiClientAuthorization.
+           includes(:user).
+           where('uuid=? and (expires_at is null or expires_at > CURRENT_TIMESTAMP)', uuid).
+           first
+    if auth && secret == OpenSSL::HMAC.hexdigest('sha1', auth.api_token, remote_id)
+      return auth
+    else
+      return nil
+    end
+  end
+    
   protected
 
   def permission_to_create