cannot invalidate application tokens

[disconn3ct]

The problem

Users cannot invalidate application tokens

Did the issue persist even in safe mode?

Yes, it did persist

If you could not test in safe mode, please state why ("currently printing" is NOT an excuse!)

No response

Version of OctoPrint

1.10.0

Operating system running OctoPrint

dietpi

Printer model & used firmware incl. version

No response

Browser and version of browser, operating system running browser

No response

Checklist of files to include below

• Systeminfo Bundle (always include!)
• Contents of the JavaScript browser console (always include in cases of issues with the user interface)
• Screenshots and/or videos showing the problem (always include in case of issues with the user interface)
• GCODE file with which to reproduce (always include in case of issues with GCODE analysis or printing behaviour)

Additional information & file uploads

2024-04-28 11:02:45,911 - octoprint.server.api - ERROR - Error while executing SimpleApiPlugin appkeys
Traceback (most recent call last):
File "/mnt/dietpi_userdata/octoprint/.local/lib/python3.11/site-packages/octoprint/server/api/init.py", line 162, in pluginCommand
response = api_plugin.on_api_command(command, data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/mnt/dietpi_userdata/octoprint/.local/lib/python3.11/site-packages/octoprint/util/init.py", line 1686, in wrapper
return f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^
File "/mnt/dietpi_userdata/octoprint/.local/lib/python3.11/site-packages/octoprint/plugins/appkeys/init.py", line 381, in on_api_command
if user_for_key is None or user_for_key.user_id != user_id:
^^^^^^^^^^^^^^^^^^^^
AttributeError: 'User' object has no attribute 'user_id'

[disconn3ct]

This is probably a security issue in truth, but the barrier to entry is pretty high.

[jneilliii]

I am unable to reproduce this issue, where in the system are you pressing the delete key on the application key?

[disconn3ct]

Username to User Settings to Application Keys. Click the trash icon and it pops up with the confirmation. Clicking 'proceed' results in a 500

The user is not an administrator (operator only). It looks like the administrator/initial user can delete tokens successfully.

(Edit to add: Sorry for the delay. The robot strongly hinted a human was not going to review this so I didn't check in.)

[foosel]

Logged in as a user I can reproduce this. There must have gone something wrong during a refactoring.

[foosel]

Fix is ready for 1.10.1 (even though the build currently fails for other reasons).

[disconn3ct]

Confirmed working. Thanks!