Manage auth token

This commit is contained in:
Yohann D'ANELLO 2020-02-17 21:32:08 +01:00
parent 559445c8b4
commit b7383b35f7
5 changed files with 41 additions and 33 deletions

View File

@ -18,7 +18,7 @@ urlpatterns = [
path('user/',views.UserListView.as_view(),name="user_list"), path('user/',views.UserListView.as_view(),name="user_list"),
path('user/<int:pk>',views.UserDetailView.as_view(),name="user_detail"), path('user/<int:pk>',views.UserDetailView.as_view(),name="user_detail"),
path('user/<int:pk>/update',views.UserUpdateView.as_view(),name="user_update_profile"), path('user/<int:pk>/update',views.UserUpdateView.as_view(),name="user_update_profile"),
path('generate-auth-token/', views.GenerateAuthTokenView.as_view(), name='generate_auth_token'), path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'),
# API for the user autocompleter # API for the user autocompleter
path('user/user-autocomplete',views.UserAutocomplete.as_view(),name="user_autocomplete"), path('user/user-autocomplete',views.UserAutocomplete.as_view(),name="user_autocomplete"),

View File

@ -5,7 +5,7 @@
from dal import autocomplete from dal import autocomplete
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from django.views.generic import CreateView, ListView, DetailView, UpdateView, TemplateView from django.views.generic import CreateView, ListView, DetailView, UpdateView, RedirectView, TemplateView
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.db.models import Q from django.db.models import Q
@ -140,20 +140,21 @@ class UserListView(LoginRequiredMixin,SingleTableView):
return context return context
class GenerateAuthTokenView(LoginRequiredMixin, TemplateView): class ManageAuthTokens(LoginRequiredMixin, TemplateView):
""" """
Génère un jeton d'authentification pour un utilisateur et détruit l'ancien Affiche le jeton d'authentification, et permet de le regénérer
""" """
template_name = "member/generate_auth_token.html" model = Token
template_name = "member/manage_auth_tokens.html"
def get_context_data(self): def get_context_data(self, **kwargs):
context = super().get_context_data() context = super().get_context_data(**kwargs)
if Token.objects.filter(user=self.request.user).exists(): if 'regenerate' in self.request.GET and Token.objects.filter(user=self.request.user).exists():
Token.objects.get(user=self.request.user).delete() Token.objects.get(user=self.request.user).delete()
token = Token.objects.create(user=self.request.user)
context['token'] = token.key context['token'] = Token.objects.get_or_create(user=self.request.user)[0]
return context return context
class UserAutocomplete(autocomplete.Select2QuerySetView): class UserAutocomplete(autocomplete.Select2QuerySetView):

View File

@ -1,22 +0,0 @@
{% extends "base.html" %}
{% load i18n static pretty_money django_tables2 %}
{% block content %}
Jeton : <strong>{{ token }}</strong>
<div class="alert alert-danger">
Conservez bien précieusement ce jeton d'authentification, car il ne vous sera jamais donné de nouveau.
Revenir sur cette page aura pour conséquence de révoquer tout ancien jeton d'authentification.
Cela peut entre autres mener à des plantages d'autres applications qui pouvaient utiliser ce jeton.
</div>
<div class="alert alert-info">
<h4>À quoi sert ce jeton ?</h4>
Ce jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token &lt;TOKEN&gt;</code>
pour pouvoir vous identifier.
Une documentation de l'API arrivera ultérieurement.
</div>
{% endblock %}

View File

@ -0,0 +1,27 @@
{% extends "base.html" %}
{% load i18n static pretty_money django_tables2 %}
{% block content %}
<div class="alert alert-info">
<h4>À quoi sert un jeton d'authentification ?</h4>
Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.<br />
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token &lt;TOKEN&gt;</code>
pour pouvoir vous identifier.<br /><br />
Une documentation de l'API arrivera ultérieurement.
</div>
<div class="alert alert-info">
<strong>{%trans 'Token' %} :</strong> {{ token.key }}<br />
<strong>{%trans 'Created' %} :</strong> {{ token.created }}
</div>
<div class="alert alert-warning">
<strong>Attention :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
</div>
<a href="{% url 'member:auth_token' %}?regenerate">
<button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
</a>
{% endblock %}

View File

@ -23,7 +23,9 @@
<dd class="col-6 col-md-3">{{ object.user.note.balance | pretty_money }}</dd> <dd class="col-6 col-md-3">{{ object.user.note.balance | pretty_money }}</dd>
</dl> </dl>
<center> <center>
<a class="btn btn-primary" href="{% url 'member:generate_auth_token' %}">{% trans 'Generate auth token' %}</a> {% if object.user.pk == user.pk %}
<a class="btn btn-primary" href="{% url 'member:auth_token' %}">{% trans 'Manage auth token' %}</a>
{% endif %}
<a class="btn btn-primary" href="{% url 'member:user_update_profile' object.pk %}">{% trans 'Update Profile' %}</a> <a class="btn btn-primary" href="{% url 'member:user_update_profile' object.pk %}">{% trans 'Update Profile' %}</a>
<a class="btn btn-primary" href="{% url 'password_change' %}">{% trans 'Change password' %}</a> <a class="btn btn-primary" href="{% url 'password_change' %}">{% trans 'Change password' %}</a>
</center> </center>