From c16e9dc4fe249cdcbab15817800a21ecfec4e4db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Thu, 17 Jan 2019 16:02:57 +0200 Subject: [PATCH] Prepare for the removal of Profile.api_key --- .../management/commands/createreadonlykeys.py | 20 ------------------- hc/accounts/tests/test_profile.py | 13 ++++++++++++ hc/accounts/views.py | 16 +++++++-------- templates/accounts/profile.html | 8 ++++---- 4 files changed, 25 insertions(+), 32 deletions(-) delete mode 100644 hc/accounts/management/commands/createreadonlykeys.py diff --git a/hc/accounts/management/commands/createreadonlykeys.py b/hc/accounts/management/commands/createreadonlykeys.py deleted file mode 100644 index c7640975..00000000 --- a/hc/accounts/management/commands/createreadonlykeys.py +++ /dev/null @@ -1,20 +0,0 @@ -from base64 import urlsafe_b64encode -import os - -from django.core.management.base import BaseCommand - -from hc.accounts.models import Profile - - -class Command(BaseCommand): - help = """Create read-only API keys.""" - - def handle(self, *args, **options): - c = 0 - q = Profile.objects.filter(api_key_readonly="").exclude(api_key="") - for profile in q: - profile.api_key_readonly = urlsafe_b64encode(os.urandom(24)).decode() - profile.save() - c += 1 - - return "Done! Generated %d readonly keys." % c diff --git a/hc/accounts/tests/test_profile.py b/hc/accounts/tests/test_profile.py index 97c905ec..cb393d25 100644 --- a/hc/accounts/tests/test_profile.py +++ b/hc/accounts/tests/test_profile.py @@ -27,6 +27,19 @@ class ProfileTestCase(BaseTestCase): expected_subject = "Set password on %s" % settings.SITE_NAME self.assertEqual(mail.outbox[0].subject, expected_subject) + def test_it_shows_api_keys(self): + self.project.api_key_readonly = "R" * 32 + self.project.save() + + self.client.login(username="alice@example.org", password="password") + + form = {"show_api_keys": "1"} + r = self.client.post("/accounts/profile/", form) + self.assertEqual(r.status_code, 200) + + self.assertContains(r, "X" * 32) + self.assertContains(r, "R" * 32) + def test_it_creates_api_key(self): self.client.login(username="alice@example.org", password="password") diff --git a/hc/accounts/views.py b/hc/accounts/views.py index 35f98797..84366b90 100644 --- a/hc/accounts/views.py +++ b/hc/accounts/views.py @@ -190,10 +190,12 @@ def check_token(request, username, token): def profile(request): _ensure_own_team(request) profile = request.profile + project = profile.get_own_project() ctx = { "page": "profile", "profile": profile, + "project": project, "show_api_keys": False, "api_status": "default", "team_status": "default" @@ -209,10 +211,9 @@ def profile(request): elif "create_api_keys" in request.POST: profile.set_api_keys() - for project in request.user.project_set.all(): - project.api_key = profile.api_key - project.api_key_readonly = profile.api_key_readonly - project.save() + project.api_key = profile.api_key + project.api_key_readonly = profile.api_key_readonly + project.save() ctx["show_api_keys"] = True ctx["api_keys_created"] = True @@ -223,10 +224,9 @@ def profile(request): profile.api_key_readonly = "" profile.save() - for project in request.user.project_set.all(): - project.api_key = "" - project.api_key_readonly = "" - project.save() + project.api_key = "" + project.api_key_readonly = "" + project.save() ctx["api_keys_revoked"] = True ctx["api_status"] = "info" diff --git a/templates/accounts/profile.html b/templates/accounts/profile.html index 3413a9c2..75143bb5 100644 --- a/templates/accounts/profile.html +++ b/templates/accounts/profile.html @@ -60,16 +60,16 @@

API Access

- {% if profile.api_key %} + {% if project.api_key %} {% if show_api_keys %}

API key:
- {{ profile.api_key }} + {{ project.api_key }}

- {% if profile.api_key_readonly %} + {% if project.api_key_readonly %}

API key (read-only):
- {{ profile.api_key_readonly }} + {{ project.api_key_readonly }}

{% endif %}