takahe/users/views/settings/tokens.py

78 lines
2.4 KiB
Python
Raw Normal View History

import secrets
from django import forms
from django.contrib import messages
from django.shortcuts import redirect
from django.views.generic import DetailView, FormView
from django.views.generic.list import ListView
from api.models.application import Application
from api.models.token import Token
from users.views.base import IdentityViewMixin
class TokensRoot(IdentityViewMixin, ListView):
"""
Shows a listing of tokens the user has authorized
"""
template_name = "settings/tokens.html"
extra_context = {"section": "tokens"}
context_object_name = "tokens"
def get_queryset(self):
return Token.objects.filter(
user=self.request.user,
identity=self.identity,
).prefetch_related("application")
class TokenCreate(IdentityViewMixin, FormView):
"""
Allows the user to create a new app and token just for themselves.
"""
template_name = "settings/token_create.html"
extra_context = {"section": "tokens"}
class form_class(forms.Form):
name = forms.CharField(help_text="Identifies this app in your app list")
scope = forms.ChoiceField(
choices=(("read", "Read-only access"), ("write", "Full access")),
help_text="What should this app be able to do with your account?",
)
def form_valid(self, form):
scopes = "read write push" if form.cleaned_data["scope"] == "write" else "read"
application = Application.create(
client_name=form.cleaned_data["name"],
website=None,
redirect_uris="urn:ietf:wg:oauth:2.0:oob",
scopes=scopes,
)
token = Token.objects.create(
application=application,
user=self.request.user,
identity=self.identity,
token=secrets.token_urlsafe(43),
scopes=scopes,
)
return redirect("settings_token_edit", handle=self.identity.handle, pk=token.pk)
class TokenEdit(IdentityViewMixin, DetailView):
template_name = "settings/token_edit.html"
extra_context = {"section": "tokens"}
def get_queryset(self):
return self.identity.tokens
def post(self, request, *args, **kwargs):
self.object = self.get_object()
messages.success(
request, f"{self.object.application.name}'s access has been removed."
)
self.object.delete()
return redirect("settings_tokens", handle=self.identity.handle)