implement API token revoke

This commit is contained in:
simon 2022-02-11 18:19:10 +07:00
parent f1de8db4f3
commit 7524691b79
No known key found for this signature in database
GPG Key ID: 2C15AA5E89985DD4
3 changed files with 14 additions and 1 deletions

View File

@ -120,6 +120,7 @@
<p>API token: <button type="button" onclick="textReveal()" id="text-reveal-button">Show</button></p> <p>API token: <button type="button" onclick="textReveal()" id="text-reveal-button">Show</button></p>
<div id="text-reveal" class="description-text"> <div id="text-reveal" class="description-text">
<p>{{ api_token }}</p> <p>{{ api_token }}</p>
<button class="danger-button" type="button" onclick="resetToken()">Revoke</button>
</div> </div>
</div> </div>
<div class="settings-item"> <div class="settings-item">

View File

@ -715,7 +715,6 @@ class SettingsView(View):
"""get existing or create new token of user""" """get existing or create new token of user"""
# pylint: disable=no-member # pylint: disable=no-member
token = Token.objects.get_or_create(user=request.user)[0] token = Token.objects.get_or_create(user=request.user)[0]
print(token)
return token return token
@staticmethod @staticmethod
@ -758,6 +757,11 @@ def process(request):
if request.method == "POST": if request.method == "POST":
current_user = request.user.id current_user = request.user.id
post_dict = json.loads(request.body.decode()) post_dict = json.loads(request.body.decode())
if post_dict.get("reset-token"):
print("revoke API token")
request.user.auth_token.delete()
return JsonResponse({"success": True})
post_handler = PostData(post_dict, current_user) post_handler = PostData(post_dict, current_user)
if post_handler.to_exec: if post_handler.to_exec:
task_result = post_handler.run_task() task_result = post_handler.run_task()

View File

@ -235,6 +235,14 @@ function findPlaylists(button) {
}, 500); }, 500);
} }
function resetToken() {
var payload = JSON.stringify({'reset-token': true});
sendPost(payload);
var message = document.createElement("p");
message.innerText = "Token revoked";
document.getElementById("text-reveal").replaceWith(message);
}
// delete from file system // delete from file system
function deleteConfirm() { function deleteConfirm() {
to_show = document.getElementById("delete-button"); to_show = document.getElementById("delete-button");