mirror of https://gitlab.crans.org/bde/nk20
Manage auth token
This commit is contained in:
parent
559445c8b4
commit
b7383b35f7
|
@ -18,7 +18,7 @@ urlpatterns = [
|
||||||
path('user/',views.UserListView.as_view(),name="user_list"),
|
path('user/',views.UserListView.as_view(),name="user_list"),
|
||||||
path('user/<int:pk>',views.UserDetailView.as_view(),name="user_detail"),
|
path('user/<int:pk>',views.UserDetailView.as_view(),name="user_detail"),
|
||||||
path('user/<int:pk>/update',views.UserUpdateView.as_view(),name="user_update_profile"),
|
path('user/<int:pk>/update',views.UserUpdateView.as_view(),name="user_update_profile"),
|
||||||
path('generate-auth-token/', views.GenerateAuthTokenView.as_view(), name='generate_auth_token'),
|
path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'),
|
||||||
|
|
||||||
# API for the user autocompleter
|
# API for the user autocompleter
|
||||||
path('user/user-autocomplete',views.UserAutocomplete.as_view(),name="user_autocomplete"),
|
path('user/user-autocomplete',views.UserAutocomplete.as_view(),name="user_autocomplete"),
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
from dal import autocomplete
|
from dal import autocomplete
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django.views.generic import CreateView, ListView, DetailView, UpdateView, TemplateView
|
from django.views.generic import CreateView, ListView, DetailView, UpdateView, RedirectView, TemplateView
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.urls import reverse_lazy
|
from django.urls import reverse_lazy
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
|
@ -140,20 +140,21 @@ class UserListView(LoginRequiredMixin,SingleTableView):
|
||||||
return context
|
return context
|
||||||
|
|
||||||
|
|
||||||
class GenerateAuthTokenView(LoginRequiredMixin, TemplateView):
|
class ManageAuthTokens(LoginRequiredMixin, TemplateView):
|
||||||
"""
|
"""
|
||||||
Génère un jeton d'authentification pour un utilisateur et détruit l'ancien
|
Affiche le jeton d'authentification, et permet de le regénérer
|
||||||
"""
|
"""
|
||||||
template_name = "member/generate_auth_token.html"
|
model = Token
|
||||||
|
template_name = "member/manage_auth_tokens.html"
|
||||||
|
|
||||||
def get_context_data(self):
|
def get_context_data(self, **kwargs):
|
||||||
context = super().get_context_data()
|
context = super().get_context_data(**kwargs)
|
||||||
|
|
||||||
if Token.objects.filter(user=self.request.user).exists():
|
if 'regenerate' in self.request.GET and Token.objects.filter(user=self.request.user).exists():
|
||||||
Token.objects.get(user=self.request.user).delete()
|
Token.objects.get(user=self.request.user).delete()
|
||||||
token = Token.objects.create(user=self.request.user)
|
|
||||||
|
|
||||||
context['token'] = token.key
|
context['token'] = Token.objects.get_or_create(user=self.request.user)[0]
|
||||||
|
|
||||||
return context
|
return context
|
||||||
|
|
||||||
class UserAutocomplete(autocomplete.Select2QuerySetView):
|
class UserAutocomplete(autocomplete.Select2QuerySetView):
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
{% extends "base.html" %}
|
|
||||||
{% load i18n static pretty_money django_tables2 %}
|
|
||||||
|
|
||||||
{% block content %}
|
|
||||||
Jeton : <strong>{{ token }}</strong>
|
|
||||||
|
|
||||||
<div class="alert alert-danger">
|
|
||||||
Conservez bien précieusement ce jeton d'authentification, car il ne vous sera jamais donné de nouveau.
|
|
||||||
Revenir sur cette page aura pour conséquence de révoquer tout ancien jeton d'authentification.
|
|
||||||
Cela peut entre autres mener à des plantages d'autres applications qui pouvaient utiliser ce jeton.
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="alert alert-info">
|
|
||||||
<h4>À quoi sert ce jeton ?</h4>
|
|
||||||
|
|
||||||
Ce jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.
|
|
||||||
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token <TOKEN></code>
|
|
||||||
pour pouvoir vous identifier.
|
|
||||||
|
|
||||||
Une documentation de l'API arrivera ultérieurement.
|
|
||||||
</div>
|
|
||||||
{% endblock %}
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{% extends "base.html" %}
|
||||||
|
{% load i18n static pretty_money django_tables2 %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
<div class="alert alert-info">
|
||||||
|
<h4>À quoi sert un jeton d'authentification ?</h4>
|
||||||
|
|
||||||
|
Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.<br />
|
||||||
|
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token <TOKEN></code>
|
||||||
|
pour pouvoir vous identifier.<br /><br />
|
||||||
|
|
||||||
|
Une documentation de l'API arrivera ultérieurement.
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="alert alert-info">
|
||||||
|
<strong>{%trans 'Token' %} :</strong> {{ token.key }}<br />
|
||||||
|
<strong>{%trans 'Created' %} :</strong> {{ token.created }}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="alert alert-warning">
|
||||||
|
<strong>Attention :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a href="{% url 'member:auth_token' %}?regenerate">
|
||||||
|
<button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
|
||||||
|
</a>
|
||||||
|
{% endblock %}
|
|
@ -23,7 +23,9 @@
|
||||||
<dd class="col-6 col-md-3">{{ object.user.note.balance | pretty_money }}</dd>
|
<dd class="col-6 col-md-3">{{ object.user.note.balance | pretty_money }}</dd>
|
||||||
</dl>
|
</dl>
|
||||||
<center>
|
<center>
|
||||||
<a class="btn btn-primary" href="{% url 'member:generate_auth_token' %}">{% trans 'Generate auth token' %}</a>
|
{% if object.user.pk == user.pk %}
|
||||||
|
<a class="btn btn-primary" href="{% url 'member:auth_token' %}">{% trans 'Manage auth token' %}</a>
|
||||||
|
{% endif %}
|
||||||
<a class="btn btn-primary" href="{% url 'member:user_update_profile' object.pk %}">{% trans 'Update Profile' %}</a>
|
<a class="btn btn-primary" href="{% url 'member:user_update_profile' object.pk %}">{% trans 'Update Profile' %}</a>
|
||||||
<a class="btn btn-primary" href="{% url 'password_change' %}">{% trans 'Change password' %}</a>
|
<a class="btn btn-primary" href="{% url 'password_change' %}">{% trans 'Change password' %}</a>
|
||||||
</center>
|
</center>
|
||||||
|
|
Loading…
Reference in New Issue