77 lines
2.4 KiB
Python
77 lines
2.4 KiB
Python
import secrets
|
|
|
|
from django import forms
|
|
from django.contrib import messages
|
|
from django.shortcuts import redirect
|
|
from django.views.generic import DetailView, FormView
|
|
from django.views.generic.list import ListView
|
|
|
|
from api.models.application import Application
|
|
from api.models.token import Token
|
|
from users.views.base import IdentityViewMixin
|
|
|
|
|
|
class TokensRoot(IdentityViewMixin, ListView):
|
|
"""
|
|
Shows a listing of tokens the user has authorized
|
|
"""
|
|
|
|
template_name = "settings/tokens.html"
|
|
extra_context = {"section": "tokens"}
|
|
context_object_name = "tokens"
|
|
|
|
def get_queryset(self):
|
|
return Token.objects.filter(
|
|
user=self.request.user,
|
|
identity=self.identity,
|
|
).prefetch_related("application")
|
|
|
|
|
|
class TokenCreate(IdentityViewMixin, FormView):
|
|
"""
|
|
Allows the user to create a new app and token just for themselves.
|
|
"""
|
|
|
|
template_name = "settings/token_create.html"
|
|
extra_context = {"section": "tokens"}
|
|
|
|
class form_class(forms.Form):
|
|
name = forms.CharField(help_text="Identifies this app in your app list")
|
|
scope = forms.ChoiceField(
|
|
choices=(("read", "Read-only access"), ("write", "Full access")),
|
|
help_text="What should this app be able to do with your account?",
|
|
)
|
|
|
|
def form_valid(self, form):
|
|
scopes = "read write push" if form.cleaned_data["scope"] == "write" else "read"
|
|
application = Application.create(
|
|
client_name=form.cleaned_data["name"],
|
|
website=None,
|
|
redirect_uris="urn:ietf:wg:oauth:2.0:oob",
|
|
scopes=scopes,
|
|
)
|
|
token = Token.objects.create(
|
|
application=application,
|
|
user=self.request.user,
|
|
identity=self.identity,
|
|
token=secrets.token_urlsafe(43),
|
|
scopes=scopes,
|
|
)
|
|
return redirect("settings_token_edit", handle=self.identity.handle, pk=token.pk)
|
|
|
|
|
|
class TokenEdit(IdentityViewMixin, DetailView):
|
|
template_name = "settings/token_edit.html"
|
|
extra_context = {"section": "tokens"}
|
|
|
|
def get_queryset(self):
|
|
return self.identity.tokens
|
|
|
|
def post(self, request, *args, **kwargs):
|
|
self.object = self.get_object()
|
|
messages.success(
|
|
request, f"{self.object.application.name}'s access has been removed."
|
|
)
|
|
self.object.delete()
|
|
return redirect("settings_tokens", handle=self.identity.handle)
|