fix: [users management] hide API keys by default + fix delete/edit users

This commit is contained in:
Terrtia 2020-09-21 14:55:48 +02:00
parent 2c30f1edf9
commit 1a4c595024
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
4 changed files with 60 additions and 26 deletions

View file

@ -185,6 +185,8 @@ def delete_user_db(user_id):
r_serv_db.hdel('user:tokens', user_token)
r_serv_db.delete('user_metadata:{}'.format(user_id))
r_serv_db.hdel('user:all', user_id)
else:
print('Error: user {} do not exist'.format(user_id))
def hashing_password(bytes_password):
hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt())

View file

@ -131,11 +131,11 @@ def new_token():
generate_new_token(current_user.get_id())
return redirect(url_for('settings.edit_profile'))
@settings.route("/settings/new_token_user", methods=['GET'])
@settings.route("/settings/new_token_user", methods=['POST'])
@login_required
@login_admin
def new_token_user():
user_id = request.args.get('user_id')
user_id = request.form.get('user_id')
if r_serv_db.exists('user_metadata:{}'.format(user_id)):
generate_new_token(user_id)
return redirect(url_for('settings.users_list'))
@ -215,18 +215,18 @@ def users_list():
new_user_dict['password'] = request.args.get('new_user_password')
return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True)
@settings.route("/settings/edit_user", methods=['GET'])
@settings.route("/settings/edit_user", methods=['POST'])
@login_required
@login_admin
def edit_user():
user_id = request.args.get('user_id')
user_id = request.form.get('user_id')
return redirect(url_for('settings.create_user', user_id=user_id))
@settings.route("/settings/delete_user", methods=['GET'])
@settings.route("/settings/delete_user", methods=['POST'])
@login_required
@login_admin
def delete_user():
user_id = request.args.get('user_id')
user_id = request.form.get('user_id')
delete_user_db(user_id)
return redirect(url_for('settings.users_list'))

View file

@ -52,8 +52,16 @@
<tr>
<td>API Key</td>
<td>
{{user_metadata['api_key']}}
<span id="censored_key">
{{user_metadata['api_key'][:4]}}*********************************{{user_metadata['api_key'][-4:]}}
</span>
<span id="uncensored_key" style="display: none;">
{{user_metadata['api_key']}}
</span>
<a class="ml-3" href="{{url_for('settings.new_token')}}"><i class="fa fa-random"></i></a>
<span class="btn btn-outline-secondary ml-1 px-1 py-0" id="btn_key" onclick="show_api_key();">
<i class="fas fa-eye"></i>
</span>
</td>
</tr>
</tbody>
@ -91,6 +99,13 @@ function toggle_sidebar(){
$('#core_content').addClass('col-lg-10')
}
}
function show_api_key() {
$('#censored_key').hide();
$('#btn_key').hide();
$('#uncensored_key').show();
}
</script>
</html>

View file

@ -17,17 +17,6 @@
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
<style>
.edit_icon:hover{
cursor: pointer;
color: #17a2b8;
}
.trash_icon:hover{
cursor: pointer;
color: #c82333;
}
</style>
</head>
<body>
@ -75,16 +64,37 @@
<td>{{user['email']}}</td>
<td>{{user['role']}}</td>
<td>
{{user['api_key']}}
<a class="ml-3" href="{{url_for('settings.new_token_user')}}?user_id={{user['email']}}"><i class="fa fa-random"></i></a>
<form action="{{ url_for('settings.new_token_user') }}" id="post_new_token" method=POST>
<span id="censored_key_{{loop.index0}}">
{{user['api_key'][:4]}}*********************************{{user['api_key'][-4:]}}
</span>
<span id="uncensored_key_{{loop.index0}}" style="display: none;">
{{user['api_key']}}
</span>
<input type="hidden" name="user_id" value="{{user['email']}}">
<button class="btn btn-outline-info ml-3 px-1 py-0" type="submit">
<i class="fas fa-random"></i>
</button>
<span class="btn btn-outline-secondary ml-1 px-1 py-0" id="btn_key_{{loop.index0}}" onclick="show_api_key({{loop.index0}})">
<i class="fas fa-eye"></i>
</span>
</form>
</td>
<td>
<a href="{{ url_for('settings.edit_user')}}?user_id={{user['email']}}">
<i class="fas fa-pencil-alt edit_icon"></i>
</a>
<a href="{{ url_for('settings.delete_user')}}?user_id={{user['email']}}" class="ml-4">
<i class="fas fa-trash-alt trash_icon"></i>
</a>
<div class="d-flex justify-content-start">
<form action="{{ url_for('settings.edit_user') }}" id="post_edit_user" method=POST>
<input type="hidden" name="user_id" value="{{user['email']}}">
<button class="btn btn-outline-primary ml-3 px-1 py-0" type="submit">
<i class="fas fa-pencil-alt"></i>
</button>
</form>
<form action="{{ url_for('settings.delete_user') }}" id="post_delete_user" method=POST>
<input type="hidden" name="user_id" value="{{user['email']}}">
<button class="btn btn-outline-danger ml-3 px-1 py-0" type="submit">
<i class="fas fa-trash-alt"></i>
</button>
</form>
</div>
</td>
</tr>
{% endfor %}
@ -117,6 +127,13 @@ function toggle_sidebar(){
$('#core_content').addClass('col-lg-10')
}
}
function show_api_key(key_id) {
$('#censored_key_' + key_id).hide();
$('#btn_key_' + key_id).hide();
$('#uncensored_key_' + key_id).show();
}
</script>
</html>