From 85aff372ac9a9f2ccecb13bb0ab83b70a6280f4e Mon Sep 17 00:00:00 2001 From: Jason Fisher Date: Fri, 13 Dec 2024 20:31:22 +0100 Subject: [PATCH 1/4] Added regen feature for api keys --- backend/core/api/settings/api_keys.py | 43 +++++++++++++++++++ backend/core/api/settings/urls.py | 3 +- .../pages/settings/settings/api_key_row.html | 4 ++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/backend/core/api/settings/api_keys.py b/backend/core/api/settings/api_keys.py index ca2891a2d..51c36b9d5 100644 --- a/backend/core/api/settings/api_keys.py +++ b/backend/core/api/settings/api_keys.py @@ -56,6 +56,49 @@ def generate_api_key_endpoint(request: WebRequest) -> HttpResponse: return http_response +@require_http_methods(["POST"]) +@web_require_scopes("api_keys:write") +def regenerate_api_key_endpoint(request: WebRequest, key_id: str) -> HttpResponse: + key: APIAuthToken | None = get_api_key_by_id(request.user.logged_in_as_team or request.user, key_id) + + if not key: + messages.error(request, "API key not found") + return render(request, "base/toast.html") + + delete_api_key(request, request.user.logged_in_as_team or request.user, key=key) + + key_obj, new_key_response = generate_public_api_key( + request, + request.user.logged_in_as_team or request.user, + api_key_name=key.name, + permissions=key.scopes, + expires=key.expires, + description=key.description, + administrator_toggle=bool(key.administrator_service_type), + administrator_type=key.administrator_service_type, + ) + + if not key_obj: + messages.error(request, f"Failed to regenerate the API key: {new_key_response}") + return render(request, "base/toast.html") + + messages.success(request, "API key regenerated successfully") + + http_response = render( + request, + "pages/settings/settings/api_key_generated_response.html", + { + "raw_key": new_key_response, + "name": key.name, + }, + ) + + http_response.headers["HX-Reswap"] = "beforebegin" + http_response.headers["HX-Retarget"] = 'div[data-hx-container="api_keys"]' + + return http_response + + @require_http_methods(["DELETE"]) def revoke_api_key_endpoint(request: WebRequest, key_id: str) -> HttpResponse: key: APIAuthToken | None = get_api_key_by_id(request.user.logged_in_as_team or request.user, key_id) diff --git a/backend/core/api/settings/urls.py b/backend/core/api/settings/urls.py index 56e54a7aa..bf9f1808d 100644 --- a/backend/core/api/settings/urls.py +++ b/backend/core/api/settings/urls.py @@ -1,7 +1,7 @@ from django.urls import path from . import change_name, profile_picture, preferences -from .api_keys import generate_api_key_endpoint, revoke_api_key_endpoint +from .api_keys import generate_api_key_endpoint, revoke_api_key_endpoint, regenerate_api_key_endpoint from .defaults import handle_client_defaults_endpoints, remove_client_default_logo_endpoint from .email_templates import save_email_template @@ -18,6 +18,7 @@ ), path("profile_picture/", profile_picture.change_profile_picture_endpoint, name="update profile picture"), path("api_keys/generate/", generate_api_key_endpoint, name="api_keys generate"), + path("api_keys/regenerate//", regenerate_api_key_endpoint, name="api_keys regenerate"), path("api_keys/revoke//", revoke_api_key_endpoint, name="api_keys revoke"), path("client_defaults//", handle_client_defaults_endpoints, name="client_defaults"), path("client_defaults/", handle_client_defaults_endpoints, name="client_defaults without client"), diff --git a/frontend/templates/pages/settings/settings/api_key_row.html b/frontend/templates/pages/settings/settings/api_key_row.html index 09a947a07..e19992c3a 100644 --- a/frontend/templates/pages/settings/settings/api_key_row.html +++ b/frontend/templates/pages/settings/settings/api_key_row.html @@ -4,6 +4,10 @@ {{ key.expires | date:"d M, Y" | default:"Never" }} {{ key.created | date:"d M, Y H:iA" }} +