removes authtoken

awx/main/models/organization.py

@@ -1,21 +1,15 @@
 # Copyright (c) 2015 Ansible, Inc.
 # All Rights Reserved.
 
-# Python
-import datetime
-import hashlib
-import hmac
-import uuid
+
 
 # Django
 from django.conf import settings
-from django.db import models, connection
+from django.db import models
 from django.contrib.auth.models import User
 from django.contrib.sessions.models import Session
 from django.utils.timezone import now as tz_now
-from django.utils.translation import ugettext_lazy as _
 
-import six
 
 # AWX
 from awx.api.versioning import reverse
@@ -27,7 +21,7 @@ from awx.main.models.rbac import (
 )
 from awx.main.models.mixins import ResourceMixin, CustomVirtualEnvMixin
 
-__all__ = ['Organization', 'Team', 'Profile', 'AuthToken', 'UserSessionMembership']
+__all__ = ['Organization', 'Team', 'Profile', 'UserSessionMembership']
 
 
 class Organization(CommonModel, NotificationFieldsModel, ResourceMixin, CustomVirtualEnvMixin):
@@ -135,141 +129,6 @@ class Profile(CreatedModifiedModel):
     )
 
 
-"""
-Since expiration and session expiration is event driven a token could be
-invalidated for both reasons. Further, we only support a single reason for a
-session token being invalid. For this case, mark the token as expired.
-
-Note: Again, because the value of reason is event based. The reason may not be
-set (i.e. may equal '') even though a session is expired or a limit is reached.
-"""
-
-
-class AuthToken(BaseModel):
-    '''
-    Custom authentication tokens per user with expiration and request-specific
-    data.
-    '''
-
-    REASON_CHOICES = [
-        ('', _('Token not invalidated')),
-        ('timeout_reached', _('Token is expired')),
-        ('limit_reached', _('The maximum number of allowed sessions for this user has been exceeded.')),
-        # invalid_token is not a used data-base value, but is returned by the
-        # api when a token is not found
-        ('invalid_token', _('Invalid token')),
-    ]
-
-    class Meta:
-        app_label = 'main'
-
-    key = models.CharField(max_length=40, primary_key=True)
-    user = prevent_search(models.ForeignKey('auth.User',
-                          related_name='auth_tokens', on_delete=models.CASCADE))
-    created = models.DateTimeField(auto_now_add=True)
-    modified = models.DateTimeField(auto_now=True)
-    expires = models.DateTimeField(default=tz_now)
-    request_hash = prevent_search(models.CharField(max_length=40, blank=True,
-                                                   default=''))
-    reason = models.CharField(
-        max_length=1024,
-        blank=True,
-        default='',
-        help_text=_('Reason the auth token was invalidated.')
-    )
-
-    @staticmethod
-    def reason_long(reason):
-        for x in AuthToken.REASON_CHOICES:
-            if x[0] == reason:
-                return six.text_type(x[1])
-        return None
-
-    @classmethod
-    def get_request_hash(cls, request):
-        h = hashlib.sha1()
-        h.update(settings.SECRET_KEY)
-        for header in settings.REMOTE_HOST_HEADERS:
-            value = request.META.get(header, '').split(',')[0].strip()
-            if value:
-                h.update(value)
-                break
-        h.update(request.META.get('HTTP_USER_AGENT', ''))
-        return h.hexdigest()
-
-    def save(self, *args, **kwargs):
-        if not self.pk:
-            self.refresh(save=False)
-        if not self.key:
-            self.key = self.generate_key()
-        return super(AuthToken, self).save(*args, **kwargs)
-
-    def refresh(self, now=None, save=True):
-        if not now:
-            now = tz_now()
-        if not self.pk or not self.is_expired(now=now):
-            self.expires = now + datetime.timedelta(seconds=settings.AUTH_TOKEN_EXPIRATION)
-            if save:
-                connection.on_commit(lambda: self.save(update_fields=['expires']))
-
-    def invalidate(self, reason='timeout_reached', save=True):
-        if not AuthToken.reason_long(reason):
-            raise ValueError(_('Invalid reason specified'))
-        self.reason = reason
-        if save:
-            self.save()
-        return reason
-
-    @staticmethod
-    def get_tokens_over_limit(user, now=None):
-        if now is None:
-            now = tz_now()
-        invalid_tokens = AuthToken.objects.none()
-        if settings.AUTH_TOKEN_PER_USER != -1:
-            invalid_tokens = AuthToken.objects.filter(
-                user=user,
-                expires__gt=now,
-                reason='',
-            ).order_by('-created')[settings.AUTH_TOKEN_PER_USER:]
-        return invalid_tokens
-
-    def generate_key(self):
-        unique = uuid.uuid4()
-        return hmac.new(unique.bytes, digestmod=hashlib.sha1).hexdigest()
-
-    def is_expired(self, now=None):
-        if not now:
-            now = tz_now()
-        return bool(self.expires < now)
-
-    @property
-    def invalidated(self):
-        return bool(self.reason != '')
-
-    """
-    Token is valid if it's in the set of unexpired tokens.
-    The unexpired token set is:
-        * tokens not expired
-        * limited to number of tokens per-user
-        * sorted by created on date
-    """
-    def in_valid_tokens(self, now=None):
-        if not now:
-            now = tz_now()
-        valid_n_tokens_qs = self.user.auth_tokens.filter(
-            expires__gt=now,
-            reason='',
-        ).order_by('-created')
-        if settings.AUTH_TOKEN_PER_USER != -1:
-            valid_n_tokens_qs = valid_n_tokens_qs[0:settings.AUTH_TOKEN_PER_USER]
-        valid_n_tokens = valid_n_tokens_qs.values_list('key', flat=True)
-
-        return bool(self.key in valid_n_tokens)
-
-    def __unicode__(self):
-        return self.key
-
-
 class UserSessionMembership(BaseModel):
     '''
     A lookup table for session membership given user.