token.rb 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. class Token < ActiveRecord::Base
  3. before_create :generate_token
  4. belongs_to :user
  5. store :preferences
  6. =begin
  7. create new token
  8. token = Token.create(action: 'PasswordReset', user_id: user.id)
  9. returns
  10. the token
  11. create new persistent token
  12. token = Token.create(
  13. action: 'api',
  14. persistent: true,
  15. user_id: user.id,
  16. preferences: {
  17. permission: {
  18. 'user_preferences.calendar' => true,
  19. }
  20. }
  21. )
  22. in case if you use it via an controller, e. g. you can verify via "curl -H "Authorization: Token token=33562a00d7eda2a7c2fb639b91c6bcb8422067b6" http://...
  23. returns
  24. the token
  25. =end
  26. =begin
  27. check token
  28. user = Token.check(action: 'PasswordReset', name: '123abc12qweads')
  29. check api token with permissions
  30. user = Token.check(action: 'api', name: '123abc12qweads', permission: 'admin.session')
  31. user = Token.check(action: 'api', name: '123abc12qweads', permission: ['admin.session', 'ticket.agent'])
  32. returns
  33. user for who this token was created
  34. =end
  35. def self.check(data)
  36. # fetch token
  37. token = Token.find_by(action: data[:action], name: data[:name])
  38. return if !token
  39. # check if token is still valid
  40. if !token.persistent &&
  41. token.created_at < 1.day.ago
  42. # delete token
  43. token.delete
  44. token.save
  45. return
  46. end
  47. user = token.user
  48. # persistent token not valid if user is inactive
  49. if !data[:inactive_user]
  50. return if token.persistent && user.active == false
  51. end
  52. # add permission check
  53. if data[:permission]
  54. return if !user.permissions?(data[:permission])
  55. return if !token.preferences[:permission]
  56. local_permissions = data[:permission]
  57. if data[:permission].class != Array
  58. local_permissions = [data[:permission]]
  59. end
  60. match = false
  61. local_permissions.each do |local_permission|
  62. local_permissions = Permission.with_parents(local_permission)
  63. local_permissions.each do |local_permission_name|
  64. next if !token.preferences[:permission].include?(local_permission_name)
  65. match = true
  66. break
  67. end
  68. next if !match
  69. break
  70. end
  71. return if !match
  72. end
  73. # return token user
  74. user
  75. end
  76. =begin
  77. cleanup old token
  78. Token.cleanup
  79. =end
  80. def self.cleanup
  81. Token.where('persistent IS ? AND created_at < ?', nil, Time.zone.now - 30.days).delete_all
  82. true
  83. end
  84. private
  85. def generate_token
  86. loop do
  87. self.name = SecureRandom.urlsafe_base64(48)
  88. break if !Token.exists?(name: name)
  89. end
  90. true
  91. end
  92. end