From f6a177295dd7792fc903fb937809b090c7e13b1f Mon Sep 17 00:00:00 2001
From: moriartyj <moriartyj@gmail.com>
Date: Fri, 27 May 2016 06:24:35 -0700
Subject: [PATCH] Automatic rejection of old API IDs (#441)

Automatic rejection of old API IDs
Closes #436
---
 alliance_auth/settings.py.example |  4 ++++
 eveonline/forms.py                |  3 +++
 eveonline/managers.py             | 12 ++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/alliance_auth/settings.py.example b/alliance_auth/settings.py.example
index 259784de..632b5190 100644
--- a/alliance_auth/settings.py.example
+++ b/alliance_auth/settings.py.example
@@ -335,11 +335,15 @@ ALLIANCE_NAME = os.environ.get('AA_ALLIANCE_NAME', '')
 # MEMBER_API_ACCOUNT - Require API to be for Account and not character restricted
 # BLUE_API_MASK - Numeric value of minimum API mask required for blues
 # BLUE_API_ACCOUNT - Require API to be for Account and not character restricted
+# REJECT_OLD_APIS - Require each submitted API be newer than the latest submitted API
+# REJECT_OLD_APIS_MARGIN - Margin from latest submitted API ID within which a newly submitted API is still accepted
 #######################
 MEMBER_API_MASK = os.environ.get('AA_MEMBER_API_MASK', 268435455)
 MEMBER_API_ACCOUNT = 'True' == os.environ.get('AA_MEMBER_API_ACCOUNT', 'True')
 BLUE_API_MASK = os.environ.get('AA_BLUE_API_MASK', 8388608)
 BLUE_API_ACCOUNT = 'True' == os.environ.get('AA_BLUE_API_ACCOUNT', 'False')
+REJECT_OLD_APIS = 'True' == os.environ.get('AA_REJECT_OLD_APIS', 'False')
+REJECT_OLD_APIS_MARGIN = os.environ.get('AA_REJECT_OLD_APIS_MARGIN', 50)
 
 ##########################
 # Pathfinder Configuration
diff --git a/eveonline/forms.py b/eveonline/forms.py
index 2cf62974..eff7a873 100644
--- a/eveonline/forms.py
+++ b/eveonline/forms.py
@@ -35,6 +35,9 @@ class UpdateKeyForm(forms.Form):
                     raise forms.ValidationError(u'API key already exist')
                 if EveApiManager.api_key_is_valid(self.cleaned_data['api_id'], self.cleaned_data['api_key']) is False:
                     raise forms.ValidationError(u'API key is invalid')
+                if (settings.REJECT_OLD_APIS and
+                    EveManager.check_if_api_key_pair_is_new(self.cleaned_data['api_id'], settings.REJECT_OLD_APIS_MARGIN) is False):
+                    raise forms.ValidationError(u'API key is too old. Please create a new key')
                 chars = EveApiManager.get_characters_from_api(self.cleaned_data['api_id'], self.cleaned_data['api_key']).result
                 states = []
                 states.append(self.user_state)
diff --git a/eveonline/managers.py b/eveonline/managers.py
index 32c12e56..ebf249c6 100644
--- a/eveonline/managers.py
+++ b/eveonline/managers.py
@@ -157,6 +157,18 @@ class EveManager:
             logger.debug("Determined api id %s does not exist." % api_id)
             return False
 
+    @staticmethod
+    def check_if_api_key_pair_is_new(api_id, fudge_factor):
+        if EveApiKeyPair.objects.count() == 0:
+            return True
+        latest_api_id = int(EveApiKeyPair.objects.order_by('-api_id')[0].api_id) - fudge_factor
+        if latest_api_id >= api_id:
+            logger.debug("api key (%d) is older than latest API key (%d). Rejecting" % (api_id, latest_api_id) )
+            return False
+        else:
+            logger.debug("api key (%d) is new. Accepting" % api_id )
+            return True
+
     @staticmethod
     def delete_api_key_pair(api_id, user_id):
         logger.debug("Deleting api id %s" % api_id)