Merge e05c81c into 813df5e

rdmorganiser · Feb 28, 2023 · 93dcf3d · 93dcf3d
2 parents 813df5e + e05c81c
commit 93dcf3d
Show file tree

Hide file tree

Showing 7 changed files with 88 additions and 1 deletion.
diff --git a/rdmo/accounts/templates/account/account_token.html b/rdmo/accounts/templates/account/account_token.html
@@ -0,0 +1,21 @@
+{% extends 'core/page.html' %}
+{% load i18n %}
+
+{% block page %}
+
+    <h1>{% trans "API token" %}</h1>
+
+    <p>{% trans 'Your API token is:' %} <code>{{ token }}</code></p>
+
+    <form method="post" action="{% url 'account_token' %}" novalidate>
+        {% csrf_token %}
+        <input type="submit" name="regenerate" value="{% trans 'Regenerate token' %}" class="btn btn-default" />
+    </form>
+
+    <p>
+        {% trans 'You can use this token in HTTP requests by using the <code>Authorization</code> Header:' %}
+    </p>
+
+    <pre>Authorization: Token {{ token }}</pre>
+
+{% endblock %}
diff --git a/rdmo/accounts/tests/test_views.py b/rdmo/accounts/tests/test_views.py
@@ -332,3 +332,38 @@ def test_signup_next(db, client):
 
     assert response.status_code == 302
     assert response.url == '/about/'
+
+
+def test_token_get_for_user(db, client):
+    client.login(username='user', password='user')
+
+    if settings.ACCOUNT_ALLOW_USER_TOKEN:
+        url = reverse('account_token')
+        response = client.get(url)
+        assert response.status_code == 200
+
+
+def test_token_get_for_anonymous(db, client):
+    if settings.ACCOUNT_ALLOW_USER_TOKEN:
+        url = reverse('account_token')
+        response = client.get(url)
+        assert response.status_code == 302
+        assert response.url == reverse('account_login') + '?next=' + url
+
+
+def test_token_post_for_user(db, client):
+    client.login(username='user', password='user')
+
+    if settings.ACCOUNT_ALLOW_USER_TOKEN:
+        url = reverse('account_token')
+        response = client.post(url)
+        assert response.status_code == 200
+
+
+def test_token_post_for_anonymous(db, client):
+
+    if settings.ACCOUNT_ALLOW_USER_TOKEN:
+        url = reverse('account_token')
+        response = client.post(url)
+        assert response.status_code == 302
+        assert response.url == reverse('account_login') + '?next=' + url
diff --git a/rdmo/accounts/urls/__init__.py b/rdmo/accounts/urls/__init__.py
@@ -2,7 +2,7 @@
 from django.contrib.auth import views as auth_views
 from django.urls import include, re_path
 
-from ..views import profile_update, remove_user, terms_of_use
+from ..views import profile_update, remove_user, terms_of_use, token
 
 urlpatterns = [
     # edit own profile
@@ -29,3 +29,8 @@
         re_path('^login/', auth_views.LoginView.as_view(template_name='account/login.html'), name='account_login'),
         re_path('^logout/', auth_views.LogoutView.as_view(next_page=settings.LOGIN_REDIRECT_URL), name='account_logout'),
     ]
+
+if settings.ACCOUNT_ALLOW_USER_TOKEN:
+    urlpatterns += [
+        re_path(r'^token/$', token, name='account_token')
+    ]
diff --git a/rdmo/accounts/views.py b/rdmo/accounts/views.py
@@ -5,6 +5,7 @@
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponseRedirect
 from django.shortcuts import render
+from rest_framework.authtoken.models import Token
 
 from rdmo.core.utils import get_next, get_referer_path_info
 
@@ -73,3 +74,16 @@ def remove_user(request):
 
 def terms_of_use(request):
     return render(request, 'account/terms_of_use.html')
+
+@login_required()
+def token(request):
+    if request.method == 'POST':
+        try:
+            Token.objects.get(user=request.user).delete()
+        except Token.DoesNotExist:
+            pass
+
+    token, created = Token.objects.get_or_create(user=request.user)
+    return render(request, 'account/account_token.html', {
+        'token': token
+    })
diff --git a/rdmo/core/settings.py b/rdmo/core/settings.py
@@ -108,6 +108,7 @@
 ACCOUNT_PASSWORD_MIN_LENGTH = 4
 ACCOUNT_EMAIL_MAX_LENGTH = 190
 ACCOUNT_PREVENT_ENUMERATION = False
+ACCOUNT_ALLOW_USER_TOKEN = False
 
 ACCOUNT_ADAPTER = 'rdmo.accounts.adapter.AccountAdapter'
 
@@ -178,6 +179,7 @@
     'ACCOUNT',
     'ACCOUNT_SIGNUP',
     'ACCOUNT_TERMS_OF_USE',
+    'ACCOUNT_ALLOW_USER_TOKEN',
     'SOCIALACCOUNT',
     'PROFILE_UPDATE',
     'PROFILE_DELETE',

diff --git a/rdmo/core/templates/core/base_navigation.html b/rdmo/core/templates/core/base_navigation.html
@@ -117,6 +117,14 @@
                             {% include 'core/base_navigation_socialaccount.html' %}
                         {% endif %}
 
+                        {% if settings.ACCOUNT_ALLOW_USER_TOKEN %}
+                        <li>
+                            <a href="{% url 'account_token' %}">
+                                {% trans 'API token' %}
+                            </a>
+                        </li>
+                        {% endif %}
+
                         {% if settings.PROFILE_DELETE %}
                         <li>
                             <a href="{% url 'profile_remove' %}">

diff --git a/testing/config/settings/base.py b/testing/config/settings/base.py
@@ -27,6 +27,8 @@
 ACCOUNT_SIGNUP = True
 SOCIALACCOUNT = False
 
+ACCOUNT_ALLOW_USER_TOKEN = True
+
 PROJECT_SEND_ISSUE = True
 
 PROJECT_SEND_INVITE = True