# 456 Rework API key creation

* removes frontend input field holding generated API key * replaces with modal form * reworks tests on API token form
2025-01-08 16:03:26 +01:00
parent 123a470006
commit 9b63307f01
11 changed files with 214 additions and 389 deletions
--- a/user/forms/modals/api_token.py
+++ b/user/forms/modals/api_token.py
@@ -0,0 +1,49 @@
+"""
+Author: Michel Peltriaux
+Created on: 08.01.25
+
+"""
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from api.models import APIUserToken
+from konova.forms.modals import BaseModalForm
+from konova.utils.mailer import Mailer
+
+
+class NewAPITokenModalForm(BaseModalForm):
+    confirm = forms.BooleanField(
+        label=_("Confirm"),
+        label_suffix=_(""),
+        widget=forms.CheckboxInput(),
+        required=True,
+    )
+
+    def __init__(self, *args, **kwargs):
+        self.template = "modal/modal_form.html"
+        super().__init__(*args, **kwargs)
+        self.form_title = _("Generate API Token")
+
+        self.form_caption = ""
+        if self.__user_has_api_token():
+            self.form_caption = _("You are about to create a new API token. The existing one will not be usable afterwards.")
+            self.form_caption += "\n"
+        self.form_caption += _("A new token needs to be validated by an administrator!")
+        # Disable automatic w-100 setting for this type of modal form. Looks kinda strange
+        self.fields["confirm"].widget.attrs["class"] = ""
+
+    def __user_has_api_token(self):
+        return self.instance.api_token is not None
+
+    def save(self):
+        user = self.instance
+        if user.api_token is not None:
+            user.api_token.delete()
+        user.api_token = APIUserToken.objects.create()
+        user.save()
+
+        mailer = Mailer()
+        mailer.send_mail_verify_api_token(user)
+
+        return user.api_token
+
--- a/user/forms/user.py
+++ b/user/forms/user.py
@@ -66,48 +66,3 @@ class UserNotificationForm(BaseForm):
            id__in=selected_notification_ids,
        )
        self.user.notifications.set(notifications)
-
-
-class UserAPITokenForm(BaseForm):
-    token = forms.CharField(
-        label=_("Token"),
-        label_suffix="",
-        max_length=255,
-        required=True,
-        help_text=_("Generated automatically - not editable"),
-        widget=GenerateInput(
-            attrs={
-                "class": "form-control",
-                "url": reverse_lazy("api:generate-new-token"),
-            }
-        )
-    )
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.form_title = _("Create new token")
-        self.form_caption = _("A new token needs to be validated by an administrator!")
-
-        self.action_url = reverse("user:api-token")
-        self.cancel_redirect = reverse("user:index")
-
-        # Make direct token editing by user impossible. Instead set the proper url for generating a new token
-        self.initialize_form_field("token", None)
-        self.fields["token"].widget.attrs["readonly"] = True
-
-    def save(self):
-        """ Saves the form data
-
-        Returns:
-            api_token (APIUserToken)
-        """
-        user = self.instance
-        new_token = self.cleaned_data["token"]
-        if user.api_token is not None:
-            user.api_token.delete()
-        new_token = APIUserToken.objects.create(
-            token=new_token
-        )
-        user.api_token = new_token
-        user.save()
-        return new_token