mirror of https://github.com/CIRCL/AIL-framework
fix: [users management] hide API keys by default + fix delete/edit users
parent
2c30f1edf9
commit
1a4c595024
|
@ -185,6 +185,8 @@ def delete_user_db(user_id):
|
|||
r_serv_db.hdel('user:tokens', user_token)
|
||||
r_serv_db.delete('user_metadata:{}'.format(user_id))
|
||||
r_serv_db.hdel('user:all', user_id)
|
||||
else:
|
||||
print('Error: user {} do not exist'.format(user_id))
|
||||
|
||||
def hashing_password(bytes_password):
|
||||
hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt())
|
||||
|
|
|
@ -131,11 +131,11 @@ def new_token():
|
|||
generate_new_token(current_user.get_id())
|
||||
return redirect(url_for('settings.edit_profile'))
|
||||
|
||||
@settings.route("/settings/new_token_user", methods=['GET'])
|
||||
@settings.route("/settings/new_token_user", methods=['POST'])
|
||||
@login_required
|
||||
@login_admin
|
||||
def new_token_user():
|
||||
user_id = request.args.get('user_id')
|
||||
user_id = request.form.get('user_id')
|
||||
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
|
||||
generate_new_token(user_id)
|
||||
return redirect(url_for('settings.users_list'))
|
||||
|
@ -215,18 +215,18 @@ def users_list():
|
|||
new_user_dict['password'] = request.args.get('new_user_password')
|
||||
return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True)
|
||||
|
||||
@settings.route("/settings/edit_user", methods=['GET'])
|
||||
@settings.route("/settings/edit_user", methods=['POST'])
|
||||
@login_required
|
||||
@login_admin
|
||||
def edit_user():
|
||||
user_id = request.args.get('user_id')
|
||||
user_id = request.form.get('user_id')
|
||||
return redirect(url_for('settings.create_user', user_id=user_id))
|
||||
|
||||
@settings.route("/settings/delete_user", methods=['GET'])
|
||||
@settings.route("/settings/delete_user", methods=['POST'])
|
||||
@login_required
|
||||
@login_admin
|
||||
def delete_user():
|
||||
user_id = request.args.get('user_id')
|
||||
user_id = request.form.get('user_id')
|
||||
delete_user_db(user_id)
|
||||
return redirect(url_for('settings.users_list'))
|
||||
|
||||
|
|
|
@ -52,8 +52,16 @@
|
|||
<tr>
|
||||
<td>API Key</td>
|
||||
<td>
|
||||
{{user_metadata['api_key']}}
|
||||
<span id="censored_key">
|
||||
{{user_metadata['api_key'][:4]}}*********************************{{user_metadata['api_key'][-4:]}}
|
||||
</span>
|
||||
<span id="uncensored_key" style="display: none;">
|
||||
{{user_metadata['api_key']}}
|
||||
</span>
|
||||
<a class="ml-3" href="{{url_for('settings.new_token')}}"><i class="fa fa-random"></i></a>
|
||||
<span class="btn btn-outline-secondary ml-1 px-1 py-0" id="btn_key" onclick="show_api_key();">
|
||||
<i class="fas fa-eye"></i>
|
||||
</span>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
@ -91,6 +99,13 @@ function toggle_sidebar(){
|
|||
$('#core_content').addClass('col-lg-10')
|
||||
}
|
||||
}
|
||||
|
||||
function show_api_key() {
|
||||
$('#censored_key').hide();
|
||||
$('#btn_key').hide();
|
||||
$('#uncensored_key').show();
|
||||
}
|
||||
|
||||
</script>
|
||||
|
||||
</html>
|
||||
|
|
|
@ -17,17 +17,6 @@
|
|||
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
|
||||
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
|
||||
|
||||
<style>
|
||||
.edit_icon:hover{
|
||||
cursor: pointer;
|
||||
color: #17a2b8;
|
||||
}
|
||||
.trash_icon:hover{
|
||||
cursor: pointer;
|
||||
color: #c82333;
|
||||
}
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
|
@ -75,16 +64,37 @@
|
|||
<td>{{user['email']}}</td>
|
||||
<td>{{user['role']}}</td>
|
||||
<td>
|
||||
{{user['api_key']}}
|
||||
<a class="ml-3" href="{{url_for('settings.new_token_user')}}?user_id={{user['email']}}"><i class="fa fa-random"></i></a>
|
||||
<form action="{{ url_for('settings.new_token_user') }}" id="post_new_token" method=POST>
|
||||
<span id="censored_key_{{loop.index0}}">
|
||||
{{user['api_key'][:4]}}*********************************{{user['api_key'][-4:]}}
|
||||
</span>
|
||||
<span id="uncensored_key_{{loop.index0}}" style="display: none;">
|
||||
{{user['api_key']}}
|
||||
</span>
|
||||
<input type="hidden" name="user_id" value="{{user['email']}}">
|
||||
<button class="btn btn-outline-info ml-3 px-1 py-0" type="submit">
|
||||
<i class="fas fa-random"></i>
|
||||
</button>
|
||||
<span class="btn btn-outline-secondary ml-1 px-1 py-0" id="btn_key_{{loop.index0}}" onclick="show_api_key({{loop.index0}})">
|
||||
<i class="fas fa-eye"></i>
|
||||
</span>
|
||||
</form>
|
||||
</td>
|
||||
<td>
|
||||
<a href="{{ url_for('settings.edit_user')}}?user_id={{user['email']}}">
|
||||
<i class="fas fa-pencil-alt edit_icon"></i>
|
||||
</a>
|
||||
<a href="{{ url_for('settings.delete_user')}}?user_id={{user['email']}}" class="ml-4">
|
||||
<i class="fas fa-trash-alt trash_icon"></i>
|
||||
</a>
|
||||
<div class="d-flex justify-content-start">
|
||||
<form action="{{ url_for('settings.edit_user') }}" id="post_edit_user" method=POST>
|
||||
<input type="hidden" name="user_id" value="{{user['email']}}">
|
||||
<button class="btn btn-outline-primary ml-3 px-1 py-0" type="submit">
|
||||
<i class="fas fa-pencil-alt"></i>
|
||||
</button>
|
||||
</form>
|
||||
<form action="{{ url_for('settings.delete_user') }}" id="post_delete_user" method=POST>
|
||||
<input type="hidden" name="user_id" value="{{user['email']}}">
|
||||
<button class="btn btn-outline-danger ml-3 px-1 py-0" type="submit">
|
||||
<i class="fas fa-trash-alt"></i>
|
||||
</button>
|
||||
</form>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
|
@ -117,6 +127,13 @@ function toggle_sidebar(){
|
|||
$('#core_content').addClass('col-lg-10')
|
||||
}
|
||||
}
|
||||
|
||||
function show_api_key(key_id) {
|
||||
$('#censored_key_' + key_id).hide();
|
||||
$('#btn_key_' + key_id).hide();
|
||||
$('#uncensored_key_' + key_id).show();
|
||||
}
|
||||
|
||||
</script>
|
||||
|
||||
</html>
|
||||
|
|
Loading…
Reference in New Issue