fix: [users management] hide API keys by default + fix delete/edit users

pull/534/head
Terrtia 2020-09-21 14:55:48 +02:00
parent 2c30f1edf9
commit 1a4c595024
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
4 changed files with 60 additions and 26 deletions

View File

@ -185,6 +185,8 @@ def delete_user_db(user_id):
r_serv_db.hdel('user:tokens', user_token) r_serv_db.hdel('user:tokens', user_token)
r_serv_db.delete('user_metadata:{}'.format(user_id)) r_serv_db.delete('user_metadata:{}'.format(user_id))
r_serv_db.hdel('user:all', user_id) r_serv_db.hdel('user:all', user_id)
else:
print('Error: user {} do not exist'.format(user_id))
def hashing_password(bytes_password): def hashing_password(bytes_password):
hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt()) hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt())

View File

@ -131,11 +131,11 @@ def new_token():
generate_new_token(current_user.get_id()) generate_new_token(current_user.get_id())
return redirect(url_for('settings.edit_profile')) return redirect(url_for('settings.edit_profile'))
@settings.route("/settings/new_token_user", methods=['GET']) @settings.route("/settings/new_token_user", methods=['POST'])
@login_required @login_required
@login_admin @login_admin
def new_token_user(): def new_token_user():
user_id = request.args.get('user_id') user_id = request.form.get('user_id')
if r_serv_db.exists('user_metadata:{}'.format(user_id)): if r_serv_db.exists('user_metadata:{}'.format(user_id)):
generate_new_token(user_id) generate_new_token(user_id)
return redirect(url_for('settings.users_list')) return redirect(url_for('settings.users_list'))
@ -215,18 +215,18 @@ def users_list():
new_user_dict['password'] = request.args.get('new_user_password') new_user_dict['password'] = request.args.get('new_user_password')
return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True) return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True)
@settings.route("/settings/edit_user", methods=['GET']) @settings.route("/settings/edit_user", methods=['POST'])
@login_required @login_required
@login_admin @login_admin
def edit_user(): def edit_user():
user_id = request.args.get('user_id') user_id = request.form.get('user_id')
return redirect(url_for('settings.create_user', user_id=user_id)) return redirect(url_for('settings.create_user', user_id=user_id))
@settings.route("/settings/delete_user", methods=['GET']) @settings.route("/settings/delete_user", methods=['POST'])
@login_required @login_required
@login_admin @login_admin
def delete_user(): def delete_user():
user_id = request.args.get('user_id') user_id = request.form.get('user_id')
delete_user_db(user_id) delete_user_db(user_id)
return redirect(url_for('settings.users_list')) return redirect(url_for('settings.users_list'))

View File

@ -52,8 +52,16 @@
<tr> <tr>
<td>API Key</td> <td>API Key</td>
<td> <td>
{{user_metadata['api_key']}} <span id="censored_key">
{{user_metadata['api_key'][:4]}}*********************************{{user_metadata['api_key'][-4:]}}
</span>
<span id="uncensored_key" style="display: none;">
{{user_metadata['api_key']}}
</span>
<a class="ml-3" href="{{url_for('settings.new_token')}}"><i class="fa fa-random"></i></a> <a class="ml-3" href="{{url_for('settings.new_token')}}"><i class="fa fa-random"></i></a>
<span class="btn btn-outline-secondary ml-1 px-1 py-0" id="btn_key" onclick="show_api_key();">
<i class="fas fa-eye"></i>
</span>
</td> </td>
</tr> </tr>
</tbody> </tbody>
@ -91,6 +99,13 @@ function toggle_sidebar(){
$('#core_content').addClass('col-lg-10') $('#core_content').addClass('col-lg-10')
} }
} }
function show_api_key() {
$('#censored_key').hide();
$('#btn_key').hide();
$('#uncensored_key').show();
}
</script> </script>
</html> </html>

View File

@ -17,17 +17,6 @@
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script> <script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script> <script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
<style>
.edit_icon:hover{
cursor: pointer;
color: #17a2b8;
}
.trash_icon:hover{
cursor: pointer;
color: #c82333;
}
</style>
</head> </head>
<body> <body>
@ -75,16 +64,37 @@
<td>{{user['email']}}</td> <td>{{user['email']}}</td>
<td>{{user['role']}}</td> <td>{{user['role']}}</td>
<td> <td>
{{user['api_key']}} <form action="{{ url_for('settings.new_token_user') }}" id="post_new_token" method=POST>
<a class="ml-3" href="{{url_for('settings.new_token_user')}}?user_id={{user['email']}}"><i class="fa fa-random"></i></a> <span id="censored_key_{{loop.index0}}">
{{user['api_key'][:4]}}*********************************{{user['api_key'][-4:]}}
</span>
<span id="uncensored_key_{{loop.index0}}" style="display: none;">
{{user['api_key']}}
</span>
<input type="hidden" name="user_id" value="{{user['email']}}">
<button class="btn btn-outline-info ml-3 px-1 py-0" type="submit">
<i class="fas fa-random"></i>
</button>
<span class="btn btn-outline-secondary ml-1 px-1 py-0" id="btn_key_{{loop.index0}}" onclick="show_api_key({{loop.index0}})">
<i class="fas fa-eye"></i>
</span>
</form>
</td> </td>
<td> <td>
<a href="{{ url_for('settings.edit_user')}}?user_id={{user['email']}}"> <div class="d-flex justify-content-start">
<i class="fas fa-pencil-alt edit_icon"></i> <form action="{{ url_for('settings.edit_user') }}" id="post_edit_user" method=POST>
</a> <input type="hidden" name="user_id" value="{{user['email']}}">
<a href="{{ url_for('settings.delete_user')}}?user_id={{user['email']}}" class="ml-4"> <button class="btn btn-outline-primary ml-3 px-1 py-0" type="submit">
<i class="fas fa-trash-alt trash_icon"></i> <i class="fas fa-pencil-alt"></i>
</a> </button>
</form>
<form action="{{ url_for('settings.delete_user') }}" id="post_delete_user" method=POST>
<input type="hidden" name="user_id" value="{{user['email']}}">
<button class="btn btn-outline-danger ml-3 px-1 py-0" type="submit">
<i class="fas fa-trash-alt"></i>
</button>
</form>
</div>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -117,6 +127,13 @@ function toggle_sidebar(){
$('#core_content').addClass('col-lg-10') $('#core_content').addClass('col-lg-10')
} }
} }
function show_api_key(key_id) {
$('#censored_key_' + key_id).hide();
$('#btn_key_' + key_id).hide();
$('#uncensored_key_' + key_id).show();
}
</script> </script>
</html> </html>