Auth token is hidden

2025-11-04 09:12:11 +01:00 · 2020-02-17 23:30:55 +01:00
parent b7383b35f7
commit 987b898a33
2 changed files with 16 additions and 7 deletions
--- a/apps/member/views.py
+++ b/apps/member/views.py
@@ -4,6 +4,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 from dal import autocomplete
 from django.contrib.auth.mixins import LoginRequiredMixin
+from django.shortcuts import redirect
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import CreateView, ListView, DetailView, UpdateView, RedirectView, TemplateView
 from django.contrib.auth.models import User
@@ -147,14 +148,16 @@ class ManageAuthTokens(LoginRequiredMixin, TemplateView):
    model = Token
    template_name = "member/manage_auth_tokens.html"

+    def get(self, request, *args, **kwargs):
+        if 'regenerate' in request.GET and Token.objects.filter(user=request.user).exists():
+            Token.objects.get(user=self.request.user).delete()
+            return redirect(reverse_lazy('member:auth_token') + "?show", permanent=True)
+
+        return super().get(request, *args, **kwargs)
+
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
-
-        if 'regenerate' in self.request.GET and Token.objects.filter(user=self.request.user).exists():
-            Token.objects.get(user=self.request.user).delete()
-
        context['token'] = Token.objects.get_or_create(user=self.request.user)[0]
-
        return context

 class UserAutocomplete(autocomplete.Select2QuerySetView):
--- a/templates/member/manage_auth_tokens.html
+++ b/templates/member/manage_auth_tokens.html
@@ -13,7 +13,13 @@
    </div>

    <div class="alert alert-info">
-        <strong>{%trans  'Token' %} :</strong> {{ token.key }}<br />
+        <strong>{%trans  'Token' %} :</strong>
+        {% if 'show' in request.GET %}
+            {{ token.key }} (<a href="?">cacher</a>)
+        {% else %}
+            <em>caché</em> (<a href="?show">montrer</a>)
+        {% endif %}
+        <br />
        <strong>{%trans  'Created' %} :</strong> {{ token.created }}
    </div>

@@ -21,7 +27,7 @@
        <strong>Attention :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
    </div>

-    <a href="{% url 'member:auth_token' %}?regenerate">
+    <a href="?regenerate">
        <button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
    </a>
 {% endblock %}