personal tokens list -view.

9bd0562a · Teemu Autto · 2088e144 · 9bd0562a · 9bd0562a
Commit 9bd0562a authored 2 years ago by Teemu Autto
--- a/src/tjts5901/auth.py
+++ b/src/tjts5901/auth.py
@@ -19,6 +19,7 @@ from sentry_sdk import set_user
 from .models import AccessToken, User, Item

 from mongoengine import DoesNotExist
+from mongoengine.queryset.visitor import Q

 bp = Blueprint('auth', __name__, url_prefix='/auth')
 logger = logging.getLogger(__name__)
@@ -194,6 +195,8 @@ def user_access_tokens(email):
    """

    user: User = get_user_by_email(email)
+    # Fetch all the user tokens that are active or have no expire date
+    tokens = AccessToken.objects(Q(expires__gte=datetime.now()) | Q(expires=None), user=user).all()

    token = None
    if request.method == 'POST':
@@ -220,4 +223,26 @@ def user_access_tokens(email):
        else:
            flash(_("Created token: %s") % token.name)

-    return render_template('auth/tokens.html', user=user, token=token)
+    return render_template('auth/tokens.html', user=user, tokens=tokens, token=token)
+
+
+@bp.route('/profile/<email>/token/<id>', methods=('POST',))
+def delete_user_access_token(email, id):
+    """
+    Delete an access token.
+    """
+    user = get_user_by_email(email)
+    token = AccessToken.objects.get_or_404(id=id)
+
+    if token.user != user:
+        logger.warning("User %s tried to delete token %s", user.email, token.name, extra={
+            "user": user.email,
+            "token": str(token.id),
+            "token_user": token.user.email,
+        })
+        abort(403)
+
+    token.delete()
+
+    flash(f"Deleted token {token.name}")
+    return redirect(url_for('auth.user_access_tokens', email=token.user.email))
--- a/src/tjts5901/templates/auth/tokens.html
+++ b/src/tjts5901/templates/auth/tokens.html
@@ -57,5 +57,50 @@
        </div>
    </div>
 </div>
-  
+
+<div class="container">
+    <div class="row">
+        <div class="col-md-8 offset-md-4">
+            <h2 class="text-center mb-4">{{ _("Active Access Tokens") }}</h2>
+            <table class="table table-striped">
+                <thead>
+                    <tr>
+                        <th>{{ _("Token name") }}</th>
+                        <th>{{ _("Created") }}</th>
+                        <th>{{ _("Last used") }}</th>
+                        <th>{{ _("Expires") }}</th>
+                        <th>{{ _("Actions") }}</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {% for access_token in tokens %}
+                    <tr>
+                        <td>{{ access_token.name }}</td>
+                        <td>{{ access_token.created_at|dateformat }}</td>
+                        <td>
+                            {% if access_token.last_used_at %}
+                                {{ access_token.last_used_at|dateformat }}
+                            {% else %}{{ _("Never") }}
+                            {% endif %}
+                        </td>
+                        <td>
+                            {% if access_token.expires_at %}
+                                {{ access_token.expires_at|dateformat }}
+                            {% else %}{{ _("Never") }}
+                            {% endif %}
+                        </td>
+                        <td>
+                            <form action="{{ url_for('auth.delete_user_access_token', email='me', id=access_token.id) }}"
+                                method="post">
+                                <button type="submit" class="btn btn-danger">{{ _("Delete") }}</button>
+                            </form>
+                        </td>
+                    </tr>
+                    {% endfor %}
+                </tbody>
+            </table>
+        </div>
+    </div>
+</div>
+
 {% endblock %}
\ No newline at end of file