Skip to content
Snippets Groups Projects
Commit 9bd0562a authored by Teemu Autto's avatar Teemu Autto
Browse files

personal tokens list -view.

parent 2088e144
No related branches found
No related tags found
1 merge request!70Tokens
......@@ -19,6 +19,7 @@ from sentry_sdk import set_user
from .models import AccessToken, User, Item
from mongoengine import DoesNotExist
from mongoengine.queryset.visitor import Q
bp = Blueprint('auth', __name__, url_prefix='/auth')
logger = logging.getLogger(__name__)
......@@ -194,6 +195,8 @@ def user_access_tokens(email):
"""
user: User = get_user_by_email(email)
# Fetch all the user tokens that are active or have no expire date
tokens = AccessToken.objects(Q(expires__gte=datetime.now()) | Q(expires=None), user=user).all()
token = None
if request.method == 'POST':
......@@ -220,4 +223,26 @@ def user_access_tokens(email):
else:
flash(_("Created token: %s") % token.name)
return render_template('auth/tokens.html', user=user, token=token)
return render_template('auth/tokens.html', user=user, tokens=tokens, token=token)
@bp.route('/profile/<email>/token/<id>', methods=('POST',))
def delete_user_access_token(email, id):
"""
Delete an access token.
"""
user = get_user_by_email(email)
token = AccessToken.objects.get_or_404(id=id)
if token.user != user:
logger.warning("User %s tried to delete token %s", user.email, token.name, extra={
"user": user.email,
"token": str(token.id),
"token_user": token.user.email,
})
abort(403)
token.delete()
flash(f"Deleted token {token.name}")
return redirect(url_for('auth.user_access_tokens', email=token.user.email))
......@@ -57,5 +57,50 @@
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-8 offset-md-4">
<h2 class="text-center mb-4">{{ _("Active Access Tokens") }}</h2>
<table class="table table-striped">
<thead>
<tr>
<th>{{ _("Token name") }}</th>
<th>{{ _("Created") }}</th>
<th>{{ _("Last used") }}</th>
<th>{{ _("Expires") }}</th>
<th>{{ _("Actions") }}</th>
</tr>
</thead>
<tbody>
{% for access_token in tokens %}
<tr>
<td>{{ access_token.name }}</td>
<td>{{ access_token.created_at|dateformat }}</td>
<td>
{% if access_token.last_used_at %}
{{ access_token.last_used_at|dateformat }}
{% else %}{{ _("Never") }}
{% endif %}
</td>
<td>
{% if access_token.expires_at %}
{{ access_token.expires_at|dateformat }}
{% else %}{{ _("Never") }}
{% endif %}
</td>
<td>
<form action="{{ url_for('auth.delete_user_access_token', email='me', id=access_token.id) }}"
method="post">
<button type="submit" class="btn btn-danger">{{ _("Delete") }}</button>
</form>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
{% endblock %}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment