action="delete", conditions=dict(method=["DELETE"]))

        m.connect("edit_user", "/users/{id}/edit",

                  action="edit", conditions=dict(method=["GET"]))

        #EXTRAS USER ROUTES

        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

                  action="edit_advanced", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="edit_api_keys", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="add_api_key", conditions=dict(method=["POST"]))

        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

                  action="edit_perms", conditions=dict(method=["GET"]))

        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

                  action="update_perms", conditions=dict(method=["PUT"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

                  action="edit_emails", conditions=dict(method=["GET"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

                  action="add_email", conditions=dict(method=["PUT"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

                  action="delete_email", conditions=dict(method=["DELETE"]))

<div class="apikeys_wrap">

  <table class="noborder">

    <tr>

        <td style="width: 450px"><div class="truncate autoexpand" style="width:120px;font-size:16px;font-family: monospace">${c.user.api_key}</div></td>

        <td>

            <span class="btn btn-mini btn-success disabled">${_('Built-in')}</span>

        </td>

        <td>${_('Expires')}: ${_('Never')}</td>

        <td>

                ${h.hidden('del_api_key',c.user.api_key)}

                ${h.hidden('del_api_key_builtin',1)}

                <button class="btn btn-mini btn-danger" type="submit"

                        onclick="return confirm('${_('Confirm to reset this API key: %s') % c.user.api_key}');">

                    ${_('Reset')}

                </button>

            ${h.end_form()}

        </td>

    </tr>

    %if c.user_api_keys:

        %for api_key in c.user_api_keys:

          <tr class="${'expired' if api_key.expired else ''}">

            <td style="min-width: 80px">

                 %if api_key.expires == -1:

                  ${_('Expires')}: ${_('Never')}

                 %else:

                    %if api_key.expired:

                        ${_('Expired')}: ${h.age(h.time_to_datetime(api_key.expires))}

                    %else:

                        ${_('Expires')}: ${h.age(h.time_to_datetime(api_key.expires))}

                    %endif

                 %endif

            </td>

            <td>

                    ${h.hidden('del_api_key',api_key.api_key)}

                    <button class="btn btn-mini btn-danger" type="submit"

                            onclick="return confirm('${_('Confirm to remove this API key: %s') % api_key.api_key}');">

                        <i class="icon-minus-circled"></i>

                        ${_('Remove')}

                    </button>

                ${h.end_form()}

            </td>

          </tr>

        %endfor

    %else:

    <tr><td><div class="ip">${_('No additional API keys specified')}</div></td></tr>

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

        response = response.follow()

        #now delete our key

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        assert 1 == len(keys)

        self.checkSessionFlash(response, 'API key successfully deleted')

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        assert 0 == len(keys)

    def test_reset_main_api_key(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        api_key = user.api_key

        response = self.app.get(url('edit_user_api_keys', id=user_id))

        response.mustcontain(api_key)

        response.mustcontain('Expires: Never')

        self.checkSessionFlash(response, 'API key successfully reset')

        response = response.follow()

        response.mustcontain(no=[api_key])

class TestAdminUsersController_unittest(object):

    """ Unit tests for the users controller """

    def test_get_user_or_raise_if_default(self, monkeypatch):

        # flash complains about an non-existing session

        def flash_mock(*args, **kwargs):

            pass

        user = User.get_default_user()

        response = self.app.get(url('edit_user_api_keys', id=user.user_id), status=404)

    def test_add_api_keys_default_user(self):

        self.log_user()

        user = User.get_default_user()

        response = self.app.post(url('edit_user_api_keys', id=user.user_id),

                 {'_method': 'put', '_authentication_token': self.authentication_token()}, status=404)

    def test_delete_api_keys_default_user(self):

        self.log_user()

        user = User.get_default_user()

    # Permissions

    def test_edit_perms_default_user(self):

        self.log_user()

        user = User.get_default_user()

        response = self.app.get(url('edit_user_perms', id=user.user_id), status=404)

    def test_update_perms_default_user(self):

        self.log_user()

        user = User.get_default_user()

        response = self.app.post(url('edit_user_perms', id=user.user_id),

                 {'_method': 'put', '_authentication_token': self.authentication_token()}, status=404)