kallithea Changeset - 9059da57b431

Changeset - 9059da57b431

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Søren Løvborg - 9 years ago 2017-03-15 22:07:53
sorenl@unity3d.com

auth: improve API key documentation for users

Add a warning about API key implications on the actual My Accounts/
API keys page where users are likely to see it.

No warning is added to the admin page equivalent, under the assumptions
that admins can be trusted to either know what API keys are (or at least
not mess around with them when editing other users), and thus don't need
the admonishment.

2 files changed with 21 insertions and 0 deletions:

docs/api/api.rst

kallithea/templates/admin/my_account/my_account_api_keys.html

0 comments (0 inline, 0 general)

docs/api/api.rst

➞

Show inline comments

@@ @@ -9,6 +9,14 @@ methods. Everything is available by send @@
 ``<your_server>/_admin/api``.
 API keys
 --------
 Every Kallithea user automatically receives an API key, which they can
 view under "My Account". On this page, API keys can also be revoked, and
 additional API keys can be generated.
 API access
 ----------

kallithea/templates/admin/my_account/my_account_api_keys.html

➞

Show inline comments

@@ @@ -79,6 +79,19 @@ @@
     ${h.end_form()}
 </div>
 <div class="alert alert-warning">
 <p>${_('''
 API keys are used to let scripts or services access %s using your
 account, as if you had provided the script or service with your actual
 password.
 ''') % (c.site_name or 'Kallithea')}</p>
 <p>${_('''
 Like passwords, API keys should therefore never be shared with others,
 nor passed to untrusted scripts or services. If such sharing should
 happen anyway, reset the API key on this page to prevent further use.
 ''')}</p>
 </div>
 <script>
     $(document).ready(function(){
         $("#lifetime").select2({

0 comments (0 inline, 0 general)