Fix access token not being shown after creation

Fixes #190

diff --git a/app/blueprints/api/tokens.py b/app/blueprints/api/tokens.py
index 8eb2a67108917fdb5b11d11d30049ae4ca3383b7..03856dabd74ade92e372b6a9e0a1dc0f29615b35 100644 (file)
--- a/app/blueprints/api/tokens.py
+++ b/app/blueprints/api/tokens.py
@@ -69,7 +69,7 @@ def create_edit_token(username, id=None):
                elif token.owner != user:
                        abort(403)
 
-               access_token = session.pop("token_" + str(id), None)
+               access_token = session.pop("token_" + str(token.id), None)
 
        form = CreateAPIToken(formdata=request.form, obj=token)
        form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
@@ -80,13 +80,14 @@ def create_edit_token(username, id=None):
                        token.owner = user
                        token.access_token = randomString(32)
 
-                       # Store token so it can be shown in the edit page
-                       session["token_" + str(token.id)] = token.access_token
-
                form.populate_obj(token)
                db.session.add(token)
                db.session.commit() # save
 
+               if is_new:
+                       # Store token so it can be shown in the edit page
+                       session["token_" + str(token.id)] = token.access_token
+
                return redirect(url_for("api.create_edit_token", username=username, id=token.id))
 
        return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
@@ -102,8 +103,6 @@ def reset_token(username, id):
        if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
                abort(403)
 
-       is_new = id is None
-
        token = APIToken.query.get(id)
        if token is None:
                abort(404)