Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature regen api keys #541

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Feature regen api keys #541

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
85aff37
Added regen feature for api keys
Dec 13, 2024
390370e
Added tests for feature
Dec 13, 2024
e9e6e96
Reworked regenerate function to just create a new guid instead of who…
Dec 16, 2024
3e1e6c7
Removed unused function
Dec 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions backend/core/api/settings/api_keys.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,35 @@ def generate_api_key_endpoint(request: WebRequest) -> HttpResponse:
return http_response


@require_http_methods(["POST"])
@web_require_scopes("api_keys:write")
def regenerate_api_key_endpoint(request: WebRequest, key_id: str) -> HttpResponse:
key: APIAuthToken | None = get_api_key_by_id(request.user.logged_in_as_team or request.user, key_id)

if not key:
messages.error(request, "API key not found")
return render(request, "base/toast.html")

raw_key = key.generate_key()
key.save()

messages.success(request, "API key regenerated successfully")

http_response = render(
request,
"pages/settings/settings/api_key_generated_response.html",
{
"raw_key": raw_key,
"name": key.name,
},
)

http_response.headers["HX-Reswap"] = "beforebegin"
http_response.headers["HX-Retarget"] = 'div[data-hx-container="api_keys"]'

return http_response


@require_http_methods(["DELETE"])
def revoke_api_key_endpoint(request: WebRequest, key_id: str) -> HttpResponse:
key: APIAuthToken | None = get_api_key_by_id(request.user.logged_in_as_team or request.user, key_id)
Expand Down
3 changes: 2 additions & 1 deletion backend/core/api/settings/urls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from django.urls import path

from . import change_name, profile_picture, preferences
from .api_keys import generate_api_key_endpoint, revoke_api_key_endpoint
from .api_keys import generate_api_key_endpoint, revoke_api_key_endpoint, regenerate_api_key_endpoint
from .defaults import handle_client_defaults_endpoints, remove_client_default_logo_endpoint
from .email_templates import save_email_template

Expand All @@ -18,6 +18,7 @@
),
path("profile_picture/", profile_picture.change_profile_picture_endpoint, name="update profile picture"),
path("api_keys/generate/", generate_api_key_endpoint, name="api_keys generate"),
path("api_keys/regenerate/<str:key_id>/", regenerate_api_key_endpoint, name="api_keys regenerate"),
path("api_keys/revoke/<str:key_id>/", revoke_api_key_endpoint, name="api_keys revoke"),
path("client_defaults/<int:client_id>/", handle_client_defaults_endpoints, name="client_defaults"),
path("client_defaults/", handle_client_defaults_endpoints, name="client_defaults without client"),
Expand Down
4 changes: 4 additions & 0 deletions frontend/templates/pages/settings/settings/api_key_row.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@
<td>{{ key.expires | date:"d M, Y" | default:"Never" }}</td>
<td>{{ key.created | date:"d M, Y H:iA" }}</td>
<td>
<button class="btn btn-warning btn-sm"
hx-post="{% url 'api:settings:api_keys regenerate' key_id=key.id %}"
hx-target="closest tr"
hx-swap="outerHTML">Regenerate</button>
<button class="btn btn-error btn-sm"
hx-delete="{% url 'api:settings:api_keys revoke' key_id=key.id %}"
hx-target="closest tr"
Expand Down
41 changes: 41 additions & 0 deletions tests/api/test_regenerate_api_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
from django.test import TestCase
from django.urls import reverse
from backend.models import User
from backend.core.api.public import APIAuthToken


class RegenerateAPIKeyTestCase(TestCase):
def setUp(self):
self.user = User.objects.create_user(
username="[email protected]",
password="user",
email="[email protected]",
entitlements=["api-access", "api_keys:write"],
is_superuser=False,
)
self.user.save()
self.client.login(username="[email protected]", password="user")
self.api_key = APIAuthToken.objects.create(
user=self.user, name="Test Key", scopes=["api_keys:write"], description="Test Description"
)
self.url = reverse("api:settings:api_keys regenerate", args=[self.api_key.id])

def test_regenerate_api_key_success(self):
response = self.client.post(self.url)
self.assertEqual(response.status_code, 200)
self.assertContains(response, "API key regenerated successfully")
self.assertTrue(APIAuthToken.objects.filter(name="Test Key").exists())

def test_regenerate_nonexistent_api_key(self):
invalid_url = reverse("api:settings:api_keys regenerate", args=[999999])
response = self.client.post(invalid_url)
self.assertEqual(response.status_code, 200)
self.assertContains(response, "API key not found")

def test_regenerate_api_key_invalid_method(self):
response = self.client.get(self.url)
self.assertEqual(response.status_code, 405)

def tearDown(self):
APIAuthToken.objects.all().delete()
self.user.delete()