2 # Copyright (C) 2018 rubenwardy
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <https://www.gnu.org/licenses/>.
18 from flask import render_template, redirect, request, session, url_for, abort
19 from flask_user import login_required, current_user
21 from app.models import db, User, APIToken, Package, Permission
22 from app.utils import randomString
23 from app.querybuilder import QueryBuilder
25 from flask_wtf import FlaskForm
27 from wtforms.validators import *
28 from wtforms.ext.sqlalchemy.fields import QuerySelectField
30 class CreateAPIToken(FlaskForm):
31 name = StringField("Name", [InputRequired(), Length(1, 30)])
32 package = QuerySelectField("Limit to package", allow_blank=True, \
33 get_pk=lambda a: a.id, get_label=lambda a: a.title)
34 submit = SubmitField("Save")
37 @bp.route("/user/tokens/")
39 def list_tokens_redirect():
40 return redirect(url_for("api.list_tokens", username=current_user.username))
43 @bp.route("/users/<username>/tokens/")
45 def list_tokens(username):
46 user = User.query.filter_by(username=username).first()
50 if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
53 return render_template("api/list_tokens.html", user=user)
56 @bp.route("/users/<username>/tokens/new/", methods=["GET", "POST"])
57 @bp.route("/users/<username>/tokens/<int:id>/edit/", methods=["GET", "POST"])
59 def create_edit_token(username, id=None):
60 user = User.query.filter_by(username=username).first()
64 if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
72 token = APIToken.query.get(id)
75 elif token.owner != user:
78 access_token = session.pop("token_" + str(token.id), None)
80 form = CreateAPIToken(formdata=request.form, obj=token)
81 form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
83 if request.method == "POST" and form.validate():
87 token.access_token = randomString(32)
89 form.populate_obj(token)
91 db.session.commit() # save
94 # Store token so it can be shown in the edit page
95 session["token_" + str(token.id)] = token.access_token
97 return redirect(url_for("api.create_edit_token", username=username, id=token.id))
99 return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
102 @bp.route("/users/<username>/tokens/<int:id>/reset/", methods=["POST"])
104 def reset_token(username, id):
105 user = User.query.filter_by(username=username).first()
109 if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
112 token = APIToken.query.get(id)
115 elif token.owner != user:
118 token.access_token = randomString(32)
120 db.session.commit() # save
122 # Store token so it can be shown in the edit page
123 session["token_" + str(token.id)] = token.access_token
125 return redirect(url_for("api.create_edit_token", username=username, id=token.id))
128 @bp.route("/users/<username>/tokens/<int:id>/delete/", methods=["POST"])
130 def delete_token(username, id):
131 user = User.query.filter_by(username=username).first()
135 if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
140 token = APIToken.query.get(id)
143 elif token.owner != user:
146 db.session.delete(token)
149 return redirect(url_for("api.list_tokens", username=username))