mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-12-23 07:52:23 +00:00
Manage auth token
This commit is contained in:
parent
559445c8b4
commit
b7383b35f7
@ -18,7 +18,7 @@ urlpatterns = [
|
||||
path('user/',views.UserListView.as_view(),name="user_list"),
|
||||
path('user/<int:pk>',views.UserDetailView.as_view(),name="user_detail"),
|
||||
path('user/<int:pk>/update',views.UserUpdateView.as_view(),name="user_update_profile"),
|
||||
path('generate-auth-token/', views.GenerateAuthTokenView.as_view(), name='generate_auth_token'),
|
||||
path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'),
|
||||
|
||||
# API for the user autocompleter
|
||||
path('user/user-autocomplete',views.UserAutocomplete.as_view(),name="user_autocomplete"),
|
||||
|
@ -5,7 +5,7 @@
|
||||
from dal import autocomplete
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views.generic import CreateView, ListView, DetailView, UpdateView, TemplateView
|
||||
from django.views.generic import CreateView, ListView, DetailView, UpdateView, RedirectView, TemplateView
|
||||
from django.contrib.auth.models import User
|
||||
from django.urls import reverse_lazy
|
||||
from django.db.models import Q
|
||||
@ -140,20 +140,21 @@ class UserListView(LoginRequiredMixin,SingleTableView):
|
||||
return context
|
||||
|
||||
|
||||
class GenerateAuthTokenView(LoginRequiredMixin, TemplateView):
|
||||
class ManageAuthTokens(LoginRequiredMixin, TemplateView):
|
||||
"""
|
||||
Génère un jeton d'authentification pour un utilisateur et détruit l'ancien
|
||||
Affiche le jeton d'authentification, et permet de le regénérer
|
||||
"""
|
||||
template_name = "member/generate_auth_token.html"
|
||||
model = Token
|
||||
template_name = "member/manage_auth_tokens.html"
|
||||
|
||||
def get_context_data(self):
|
||||
context = super().get_context_data()
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
|
||||
if Token.objects.filter(user=self.request.user).exists():
|
||||
if 'regenerate' in self.request.GET and Token.objects.filter(user=self.request.user).exists():
|
||||
Token.objects.get(user=self.request.user).delete()
|
||||
token = Token.objects.create(user=self.request.user)
|
||||
|
||||
context['token'] = token.key
|
||||
context['token'] = Token.objects.get_or_create(user=self.request.user)[0]
|
||||
|
||||
return context
|
||||
|
||||
class UserAutocomplete(autocomplete.Select2QuerySetView):
|
||||
|
@ -1,22 +0,0 @@
|
||||
{% extends "base.html" %}
|
||||
{% load i18n static pretty_money django_tables2 %}
|
||||
|
||||
{% block content %}
|
||||
Jeton : <strong>{{ token }}</strong>
|
||||
|
||||
<div class="alert alert-danger">
|
||||
Conservez bien précieusement ce jeton d'authentification, car il ne vous sera jamais donné de nouveau.
|
||||
Revenir sur cette page aura pour conséquence de révoquer tout ancien jeton d'authentification.
|
||||
Cela peut entre autres mener à des plantages d'autres applications qui pouvaient utiliser ce jeton.
|
||||
</div>
|
||||
|
||||
<div class="alert alert-info">
|
||||
<h4>À quoi sert ce jeton ?</h4>
|
||||
|
||||
Ce jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.
|
||||
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token <TOKEN></code>
|
||||
pour pouvoir vous identifier.
|
||||
|
||||
Une documentation de l'API arrivera ultérieurement.
|
||||
</div>
|
||||
{% endblock %}
|
27
templates/member/manage_auth_tokens.html
Normal file
27
templates/member/manage_auth_tokens.html
Normal file
@ -0,0 +1,27 @@
|
||||
{% extends "base.html" %}
|
||||
{% load i18n static pretty_money django_tables2 %}
|
||||
|
||||
{% block content %}
|
||||
<div class="alert alert-info">
|
||||
<h4>À quoi sert un jeton d'authentification ?</h4>
|
||||
|
||||
Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.<br />
|
||||
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token <TOKEN></code>
|
||||
pour pouvoir vous identifier.<br /><br />
|
||||
|
||||
Une documentation de l'API arrivera ultérieurement.
|
||||
</div>
|
||||
|
||||
<div class="alert alert-info">
|
||||
<strong>{%trans 'Token' %} :</strong> {{ token.key }}<br />
|
||||
<strong>{%trans 'Created' %} :</strong> {{ token.created }}
|
||||
</div>
|
||||
|
||||
<div class="alert alert-warning">
|
||||
<strong>Attention :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
|
||||
</div>
|
||||
|
||||
<a href="{% url 'member:auth_token' %}?regenerate">
|
||||
<button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
|
||||
</a>
|
||||
{% endblock %}
|
@ -23,7 +23,9 @@
|
||||
<dd class="col-6 col-md-3">{{ object.user.note.balance | pretty_money }}</dd>
|
||||
</dl>
|
||||
<center>
|
||||
<a class="btn btn-primary" href="{% url 'member:generate_auth_token' %}">{% trans 'Generate auth token' %}</a>
|
||||
{% if object.user.pk == user.pk %}
|
||||
<a class="btn btn-primary" href="{% url 'member:auth_token' %}">{% trans 'Manage auth token' %}</a>
|
||||
{% endif %}
|
||||
<a class="btn btn-primary" href="{% url 'member:user_update_profile' object.pk %}">{% trans 'Update Profile' %}</a>
|
||||
<a class="btn btn-primary" href="{% url 'password_change' %}">{% trans 'Change password' %}</a>
|
||||
</center>
|
||||
|
Loading…
Reference in New Issue
Block a user