FEATURE: Hash user API keys in the database (#9344)

The 'key' column will be dropped in a future commit.
This commit is contained in:
Dan Ungureanu
2020-04-07 16:42:52 +03:00
committed by GitHub
parent 34df9f7908
commit 0653750fbf
6 changed files with 62 additions and 8 deletions

View File

@ -20,6 +20,28 @@ class UserApiKey < ActiveRecord::Base
belongs_to :user
scope :active, -> { where(revoked_at: nil) }
scope :with_key, ->(key) { where(key_hash: ApiKey.hash_key(key)) }
after_initialize :generate_key
def generate_key
if !self.key_hash
@key ||= SecureRandom.hex
self.key = @key
self.key_hash = ApiKey.hash_key(@key)
end
end
def key
raise ApiKey::KeyAccessError.new "API key is only accessible immediately after creation" unless key_available?
@key
end
def key_available?
@key.present?
end
def self.allowed_scopes
Set.new(SiteSetting.allow_user_api_key_scopes.split("|"))
end
@ -88,6 +110,7 @@ end
# revoked_at :datetime
# scopes :text default([]), not null, is an Array
# last_used_at :datetime not null
# key_hash :string not null
#
# Indexes
#