mirror of https://github.com/snachodog/mybuddy.git
Refactor API key reset as part of settings form
This adds core CSRF protection to the reset functionality.
This commit is contained in:
parent
cca1e409e3
commit
1689bc8e20
|
@ -81,12 +81,12 @@
|
|||
<label for="id_email" class="col-sm-2 col-form-label">{% trans "Key" %}</label>
|
||||
<div class="col-sm-10">
|
||||
<samp>{{ user.settings.api_key }}</samp>
|
||||
<a class="btn btn-xs btn-danger" href="{% url 'babybuddy:user-reset-api-key' %}">{% trans "Regenerate" %}</a>
|
||||
<input type="submit" name="api_key_regenerate" value="{% trans "Regenerate" %}" class="btn btn-danger btn-xs" />
|
||||
</div>
|
||||
</div>
|
||||
</fieldset>
|
||||
<input type="hidden" name="next" value="{% url 'babybuddy:user-settings' %}" />
|
||||
<button type="submit" class="btn btn-primary">{% trans "Submit" %}</button>
|
||||
<input type="submit" name="save_settings" value="{% trans "Submit" %}" class="btn btn-primary">
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
|
@ -104,6 +104,21 @@ class FormsTestCase(TestCase):
|
|||
self.assertEqual(page.status_code, 200)
|
||||
self.assertContains(page, 'New First Name')
|
||||
|
||||
def test_user_regenerate_api_key(self):
|
||||
self.c.login(**self.credentials)
|
||||
|
||||
api_key_before = User.objects.get(pk=self.user.id).settings.api_key()
|
||||
|
||||
params = self.settings_template.copy()
|
||||
params['api_key_regenerate'] = 'Regenerate'
|
||||
|
||||
page = self.c.post('/user/settings/', params, follow=True)
|
||||
self.assertEqual(page.status_code, 200)
|
||||
self.assertNotEqual(
|
||||
api_key_before,
|
||||
User.objects.get(pk=self.user.id).settings.api_key()
|
||||
)
|
||||
|
||||
def test_user_settings_invalid(self):
|
||||
self.c.login(**self.credentials)
|
||||
|
||||
|
|
|
@ -45,15 +45,6 @@ class ViewsTestCase(TestCase):
|
|||
self.assertNotEqual(session1, session2)
|
||||
self.assertEqual(session2, session3)
|
||||
|
||||
def test_user_reset_api_key(self):
|
||||
api_key_before = User.objects.get(pk=self.user.id).settings.api_key()
|
||||
page = self.c.get('/user/reset-api-key/')
|
||||
self.assertEqual(page.status_code, 302)
|
||||
self.assertNotEqual(
|
||||
api_key_before,
|
||||
User.objects.get(pk=self.user.id).settings.api_key()
|
||||
)
|
||||
|
||||
def test_user_settings(self):
|
||||
page = self.c.get('/user/settings/')
|
||||
self.assertEqual(page.status_code, 200)
|
||||
|
|
|
@ -37,11 +37,6 @@ app_patterns = [
|
|||
views.UserPassword.as_view(),
|
||||
name='user-password'
|
||||
),
|
||||
path(
|
||||
'user/reset-api-key/',
|
||||
views.UserResetAPIKey.as_view(),
|
||||
name='user-reset-api-key'
|
||||
),
|
||||
path(
|
||||
'user/settings/',
|
||||
views.UserSettings.as_view(),
|
||||
|
|
|
@ -103,16 +103,6 @@ class UserPassword(LoginRequiredMixin, View):
|
|||
return render(request, self.template_name, {'form': form})
|
||||
|
||||
|
||||
class UserResetAPIKey(LoginRequiredMixin, View):
|
||||
"""
|
||||
Resets the API key of the logged in user.
|
||||
"""
|
||||
def get(self, request):
|
||||
request.user.settings.api_key(reset=True)
|
||||
messages.success(request, _('User API key regenerated.'))
|
||||
return redirect('babybuddy:user-settings')
|
||||
|
||||
|
||||
class UserSettings(LoginRequiredMixin, View):
|
||||
"""
|
||||
Handles both the User and Settings models.
|
||||
|
@ -130,6 +120,11 @@ class UserSettings(LoginRequiredMixin, View):
|
|||
})
|
||||
|
||||
def post(self, request):
|
||||
if request.POST.get('api_key_regenerate'):
|
||||
request.user.settings.api_key(reset=True)
|
||||
messages.success(request, _('User API key regenerated.'))
|
||||
return redirect('babybuddy:user-settings')
|
||||
|
||||
form_user = self.form_user_class(
|
||||
instance=request.user,
|
||||
data=request.POST)
|
||||
|
|
Loading…
Reference in New Issue