Changeset - 86ee450f8b2d
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Mads Kiilerich - 9 years ago 2016-08-04 14:23:36
madski@unity3d.com
routing: introduce 'my_account_api_keys_delete' url and use POST instead of DELETE
3 files changed with 8 insertions and 8 deletions:
kallithea/config/routing.py
2
2
kallithea/templates/admin/my_account/my_account_api_keys.html
2
2
kallithea/tests/functional/test_my_account.py
4
4
0 comments (0 inline, 0 general)
kallithea/config/routing.py
Show inline comments
 
@@ -343,50 +343,50 @@ def make_map(config):
 
                  action="my_account_password", conditions=dict(method=["GET"]))
 
        m.connect("my_account_password", "/my_account/password",
 
                  action="my_account_password", conditions=dict(method=["POST"]))
 

			




	
	
	
		
 
        m.connect("my_account_repos", "/my_account/repos",

			




	
	
	
		
 
                  action="my_account_repos", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_watched", "/my_account/watched",

			




	
	
	
		
 
                  action="my_account_watched", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_perms", "/my_account/perms",

			




	
	
	
		
 
                  action="my_account_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_emails", "/my_account/emails",

			




	
	
	
		
 
                  action="my_account_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account_emails", "/my_account/emails",

			




	
	
	
		
 
                  action="my_account_emails_add", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("my_account_emails", "/my_account/emails",

			




	
	
	
		
 
                  action="my_account_emails_delete", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_api_keys", "/my_account/api_keys",

			




	
	
	
		
 
                  action="my_account_api_keys", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account_api_keys", "/my_account/api_keys",

			




	
	
	
		
 
                  action="my_account_api_keys_add", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("my_account_api_keys", "/my_account/api_keys",

			




	
	
	
		
 
                  action="my_account_api_keys_delete", conditions=dict(method=["DELETE"]))

			




	
	
	
		
 
        m.connect("my_account_api_keys_delete", "/my_account/api_keys/delete",

			




	
	
	
		
 
                  action="my_account_api_keys_delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #NOTIFICATION REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/notifications') as m:

			




	
	
	
		
 
        m.connect("notifications", "/notifications",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("notifications_mark_all_read", "/notifications/mark_all_read",

			




	
	
	
		
 
                  action="mark_all_read", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_notifications", "/notifications.{format}",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("notification_update", "/notifications/{notification_id}/update",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("notification_delete", "/notifications/{notification_id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("notification", "/notifications/{notification_id}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_notification", "/notifications/{notification_id}.{format}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN GIST

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/gists') as m:

			




	
	
	
		
 
        m.connect("gists", "/gists",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/my_account/my_account_api_keys.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
<div class="apikeys_wrap">

			




	
	
	
		
 
  <table class="noborder">

			




	
	
	
		
 
    <tr>

			




	
	
	
		
 
        <td style="width: 450px"><div class="truncate autoexpand" style="width:120px;font-size:16px;font-family: monospace">${c.user.api_key}</div></td>

			




	
	
	
		
 
        <td>

			




	
	
	
		
 
            <span class="btn btn-mini btn-success disabled">${_('Built-in')}</span>

			




	
	
	
		
 
        </td>

			




	
	
	
		
 
        <td>${_('Expires')}: ${_('Never')}</td>

			




	
	
	
		
 
        <td>

			




	
	
	
		
 
            ${h.form(url('my_account_api_keys'),method='delete')}

			




	
	
	
		
 
            ${h.form(url('my_account_api_keys_delete'))}

			




	
	
	
		
 
                ${h.hidden('del_api_key',c.user.api_key)}

			




	
	
	
		
 
                ${h.hidden('del_api_key_builtin',1)}

			




	
	
	
		
 
                <button class="btn btn-mini btn-danger" type="submit"

			




	
	
	
		
 
                        onclick="return confirm('${_('Confirm to reset this API key: %s') % c.user.api_key}');">

			




	
	
	
		
 
                    ${_('Reset')}

			




	
	
	
		
 
                </button>

			




	
	
	
		
 
            ${h.end_form()}

			




	
	
	
		
 
        </td>

			




	
	
	
		
 
    </tr>

			




	
	
	
		
 
    %if c.user_api_keys:

			




	
	
	
		
 
        %for api_key in c.user_api_keys:

			




	
	
	
		
 
          <tr class="${'expired' if api_key.expired else ''}">

			




	
	
	
		
 
            <td style="width: 450px"><div class="truncate autoexpand" style="width:120px;font-size:16px;font-family: monospace">${api_key.api_key}</div></td>

			




	
	
	
		
 
            <td>${api_key.description}</td>

			




	
	
	
		
 
            <td style="min-width: 80px">

			




	
	
	
		
 
                 %if api_key.expires == -1:

			




	
	
	
		
 
                  ${_('Expires')}: ${_('Never')}

			




	
	
	
		
 
                 %else:

			




	
	
	
		
 
                    %if api_key.expired:

			




	
	
	
		
 
                        ${_('Expired')}: ${h.age(h.time_to_datetime(api_key.expires))}

			




	
	
	
		
 
                    %else:

			




	
	
	
		
 
                        ${_('Expires')}: ${h.age(h.time_to_datetime(api_key.expires))}

			




	
	
	
		
 
                    %endif

			




	
	
	
		
 
                 %endif

			




	
	
	
		
 
            </td>

			




	
	
	
		
 
            <td>

			




	
	
	
		
 
                ${h.form(url('my_account_api_keys'),method='delete')}

			




	
	
	
		
 
                ${h.form(url('my_account_api_keys_delete'))}

			




	
	
	
		
 
                    ${h.hidden('del_api_key',api_key.api_key)}

			




	
	
	
		
 
                    <button class="btn btn-mini btn-danger" type="submit"

			




	
	
	
		
 
                            onclick="return confirm('${_('Confirm to remove this API key: %s') % api_key.api_key}');">

			




	
	
	
		
 
                        <i class="icon-minus-circled"></i>

			




	
	
	
		
 
                        ${_('Remove')}

			




	
	
	
		
 
                    </button>

			




	
	
	
		
 
                ${h.end_form()}

			




	
	
	
		
 
            </td>

			




	
	
	
		
 
          </tr>

			




	
	
	
		
 
        %endfor

			




	
	
	
		
 
    %else:

			




	
	
	
		
 
    <tr><td><div class="ip">${_('No additional API keys specified')}</div></td></tr>

			




	
	
	
		
 
    %endif

			




	
	
	
		
 
  </table>

			




	
	
	
		
 
</div>

			




	
	
	
		
 

			




	
	
	
		
 
<div>

			




	
	
	
		
 
    ${h.form(url('my_account_api_keys'), method='post')}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <!-- fields -->

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="description">${_('New API key')}:</label>

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_my_account.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -204,44 +204,44 @@ class TestMyAccountController(TestContro

			




	
	
	
		
 
                                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully created')

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            response = response.follow()

			




	
	
	
		
 
            user = User.get(usr['user_id'])

			




	
	
	
		
 
            for api_key in user.api_keys:

			




	
	
	
		
 
                response.mustcontain(api_key)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            for api_key in UserApiKeys.query().all():

			




	
	
	
		
 
                Session().delete(api_key)

			




	
	
	
		
 
                Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_my_account_remove_api_key(self):

			




	
	
	
		
 
        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

			




	
	
	
		
 
        user = User.get(usr['user_id'])

			




	
	
	
		
 
        response = self.app.post(url('my_account_api_keys'),

			




	
	
	
		
 
                                 {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully created')

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 

			




	
	
	
		
 
        #now delete our key

			




	
	
	
		
 
        keys = UserApiKeys.query().all()

			




	
	
	
		
 
        assert 1 == len(keys)

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('my_account_api_keys'),

			




	
	
	
		
 
                 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = self.app.post(url('my_account_api_keys_delete'),

			




	
	
	
		
 
                 {'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully deleted')

			




	
	
	
		
 
        keys = UserApiKeys.query().all()

			




	
	
	
		
 
        assert 0 == len(keys)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    def test_my_account_reset_main_api_key(self):

			




	
	
	
		
 
        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

			




	
	
	
		
 
        user = User.get(usr['user_id'])

			




	
	
	
		
 
        api_key = user.api_key

			




	
	
	
		
 
        response = self.app.get(url('my_account_api_keys'))

			




	
	
	
		
 
        response.mustcontain(api_key)

			




	
	
	
		
 
        response.mustcontain('Expires: Never')

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('my_account_api_keys'),

			




	
	
	
		
 
                 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = self.app.post(url('my_account_api_keys_delete'),

			




	
	
	
		
 
                 {'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully reset')

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 
        response.mustcontain(no=[api_key])

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.