mirror of https://github.com/CIRCL/AIL-framework
fix: [users management] hide API keys by default + fix delete/edit users
parent
2c30f1edf9
commit
1a4c595024
|
@ -185,6 +185,8 @@ def delete_user_db(user_id):
|
||||||
r_serv_db.hdel('user:tokens', user_token)
|
r_serv_db.hdel('user:tokens', user_token)
|
||||||
r_serv_db.delete('user_metadata:{}'.format(user_id))
|
r_serv_db.delete('user_metadata:{}'.format(user_id))
|
||||||
r_serv_db.hdel('user:all', user_id)
|
r_serv_db.hdel('user:all', user_id)
|
||||||
|
else:
|
||||||
|
print('Error: user {} do not exist'.format(user_id))
|
||||||
|
|
||||||
def hashing_password(bytes_password):
|
def hashing_password(bytes_password):
|
||||||
hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt())
|
hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt())
|
||||||
|
|
|
@ -131,11 +131,11 @@ def new_token():
|
||||||
generate_new_token(current_user.get_id())
|
generate_new_token(current_user.get_id())
|
||||||
return redirect(url_for('settings.edit_profile'))
|
return redirect(url_for('settings.edit_profile'))
|
||||||
|
|
||||||
@settings.route("/settings/new_token_user", methods=['GET'])
|
@settings.route("/settings/new_token_user", methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@login_admin
|
@login_admin
|
||||||
def new_token_user():
|
def new_token_user():
|
||||||
user_id = request.args.get('user_id')
|
user_id = request.form.get('user_id')
|
||||||
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
|
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
|
||||||
generate_new_token(user_id)
|
generate_new_token(user_id)
|
||||||
return redirect(url_for('settings.users_list'))
|
return redirect(url_for('settings.users_list'))
|
||||||
|
@ -215,18 +215,18 @@ def users_list():
|
||||||
new_user_dict['password'] = request.args.get('new_user_password')
|
new_user_dict['password'] = request.args.get('new_user_password')
|
||||||
return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True)
|
return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True)
|
||||||
|
|
||||||
@settings.route("/settings/edit_user", methods=['GET'])
|
@settings.route("/settings/edit_user", methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@login_admin
|
@login_admin
|
||||||
def edit_user():
|
def edit_user():
|
||||||
user_id = request.args.get('user_id')
|
user_id = request.form.get('user_id')
|
||||||
return redirect(url_for('settings.create_user', user_id=user_id))
|
return redirect(url_for('settings.create_user', user_id=user_id))
|
||||||
|
|
||||||
@settings.route("/settings/delete_user", methods=['GET'])
|
@settings.route("/settings/delete_user", methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@login_admin
|
@login_admin
|
||||||
def delete_user():
|
def delete_user():
|
||||||
user_id = request.args.get('user_id')
|
user_id = request.form.get('user_id')
|
||||||
delete_user_db(user_id)
|
delete_user_db(user_id)
|
||||||
return redirect(url_for('settings.users_list'))
|
return redirect(url_for('settings.users_list'))
|
||||||
|
|
||||||
|
|
|
@ -52,8 +52,16 @@
|
||||||
<tr>
|
<tr>
|
||||||
<td>API Key</td>
|
<td>API Key</td>
|
||||||
<td>
|
<td>
|
||||||
{{user_metadata['api_key']}}
|
<span id="censored_key">
|
||||||
|
{{user_metadata['api_key'][:4]}}*********************************{{user_metadata['api_key'][-4:]}}
|
||||||
|
</span>
|
||||||
|
<span id="uncensored_key" style="display: none;">
|
||||||
|
{{user_metadata['api_key']}}
|
||||||
|
</span>
|
||||||
<a class="ml-3" href="{{url_for('settings.new_token')}}"><i class="fa fa-random"></i></a>
|
<a class="ml-3" href="{{url_for('settings.new_token')}}"><i class="fa fa-random"></i></a>
|
||||||
|
<span class="btn btn-outline-secondary ml-1 px-1 py-0" id="btn_key" onclick="show_api_key();">
|
||||||
|
<i class="fas fa-eye"></i>
|
||||||
|
</span>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
|
@ -91,6 +99,13 @@ function toggle_sidebar(){
|
||||||
$('#core_content').addClass('col-lg-10')
|
$('#core_content').addClass('col-lg-10')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function show_api_key() {
|
||||||
|
$('#censored_key').hide();
|
||||||
|
$('#btn_key').hide();
|
||||||
|
$('#uncensored_key').show();
|
||||||
|
}
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
</html>
|
</html>
|
||||||
|
|
|
@ -17,17 +17,6 @@
|
||||||
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
|
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
|
||||||
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
|
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
|
||||||
|
|
||||||
<style>
|
|
||||||
.edit_icon:hover{
|
|
||||||
cursor: pointer;
|
|
||||||
color: #17a2b8;
|
|
||||||
}
|
|
||||||
.trash_icon:hover{
|
|
||||||
cursor: pointer;
|
|
||||||
color: #c82333;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
|
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
|
||||||
|
@ -75,16 +64,37 @@
|
||||||
<td>{{user['email']}}</td>
|
<td>{{user['email']}}</td>
|
||||||
<td>{{user['role']}}</td>
|
<td>{{user['role']}}</td>
|
||||||
<td>
|
<td>
|
||||||
{{user['api_key']}}
|
<form action="{{ url_for('settings.new_token_user') }}" id="post_new_token" method=POST>
|
||||||
<a class="ml-3" href="{{url_for('settings.new_token_user')}}?user_id={{user['email']}}"><i class="fa fa-random"></i></a>
|
<span id="censored_key_{{loop.index0}}">
|
||||||
|
{{user['api_key'][:4]}}*********************************{{user['api_key'][-4:]}}
|
||||||
|
</span>
|
||||||
|
<span id="uncensored_key_{{loop.index0}}" style="display: none;">
|
||||||
|
{{user['api_key']}}
|
||||||
|
</span>
|
||||||
|
<input type="hidden" name="user_id" value="{{user['email']}}">
|
||||||
|
<button class="btn btn-outline-info ml-3 px-1 py-0" type="submit">
|
||||||
|
<i class="fas fa-random"></i>
|
||||||
|
</button>
|
||||||
|
<span class="btn btn-outline-secondary ml-1 px-1 py-0" id="btn_key_{{loop.index0}}" onclick="show_api_key({{loop.index0}})">
|
||||||
|
<i class="fas fa-eye"></i>
|
||||||
|
</span>
|
||||||
|
</form>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<a href="{{ url_for('settings.edit_user')}}?user_id={{user['email']}}">
|
<div class="d-flex justify-content-start">
|
||||||
<i class="fas fa-pencil-alt edit_icon"></i>
|
<form action="{{ url_for('settings.edit_user') }}" id="post_edit_user" method=POST>
|
||||||
</a>
|
<input type="hidden" name="user_id" value="{{user['email']}}">
|
||||||
<a href="{{ url_for('settings.delete_user')}}?user_id={{user['email']}}" class="ml-4">
|
<button class="btn btn-outline-primary ml-3 px-1 py-0" type="submit">
|
||||||
<i class="fas fa-trash-alt trash_icon"></i>
|
<i class="fas fa-pencil-alt"></i>
|
||||||
</a>
|
</button>
|
||||||
|
</form>
|
||||||
|
<form action="{{ url_for('settings.delete_user') }}" id="post_delete_user" method=POST>
|
||||||
|
<input type="hidden" name="user_id" value="{{user['email']}}">
|
||||||
|
<button class="btn btn-outline-danger ml-3 px-1 py-0" type="submit">
|
||||||
|
<i class="fas fa-trash-alt"></i>
|
||||||
|
</button>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -117,6 +127,13 @@ function toggle_sidebar(){
|
||||||
$('#core_content').addClass('col-lg-10')
|
$('#core_content').addClass('col-lg-10')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function show_api_key(key_id) {
|
||||||
|
$('#censored_key_' + key_id).hide();
|
||||||
|
$('#btn_key_' + key_id).hide();
|
||||||
|
$('#uncensored_key_' + key_id).show();
|
||||||
|
}
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
</html>
|
</html>
|
||||||
|
|
Loading…
Reference in New Issue