From 1a4c59502427f2ff308766989c242264d623d41c Mon Sep 17 00:00:00 2001 From: Terrtia Date: Mon, 21 Sep 2020 14:55:48 +0200 Subject: [PATCH] fix: [users management] hide API keys by default + fix delete/edit users --- var/www/modules/Role_Manager.py | 2 + var/www/modules/settings/Flask_settings.py | 12 ++-- .../settings/templates/edit_profile.html | 17 +++++- .../settings/templates/users_list.html | 55 ++++++++++++------- 4 files changed, 60 insertions(+), 26 deletions(-) diff --git a/var/www/modules/Role_Manager.py b/var/www/modules/Role_Manager.py index 631119cb..080a8ba6 100644 --- a/var/www/modules/Role_Manager.py +++ b/var/www/modules/Role_Manager.py @@ -185,6 +185,8 @@ def delete_user_db(user_id): r_serv_db.hdel('user:tokens', user_token) r_serv_db.delete('user_metadata:{}'.format(user_id)) r_serv_db.hdel('user:all', user_id) + else: + print('Error: user {} do not exist'.format(user_id)) def hashing_password(bytes_password): hashed = bcrypt.hashpw(bytes_password, bcrypt.gensalt()) diff --git a/var/www/modules/settings/Flask_settings.py b/var/www/modules/settings/Flask_settings.py index 7119a35f..6b8cdb09 100644 --- a/var/www/modules/settings/Flask_settings.py +++ b/var/www/modules/settings/Flask_settings.py @@ -131,11 +131,11 @@ def new_token(): generate_new_token(current_user.get_id()) return redirect(url_for('settings.edit_profile')) -@settings.route("/settings/new_token_user", methods=['GET']) +@settings.route("/settings/new_token_user", methods=['POST']) @login_required @login_admin def new_token_user(): - user_id = request.args.get('user_id') + user_id = request.form.get('user_id') if r_serv_db.exists('user_metadata:{}'.format(user_id)): generate_new_token(user_id) return redirect(url_for('settings.users_list')) @@ -215,18 +215,18 @@ def users_list(): new_user_dict['password'] = request.args.get('new_user_password') return render_template("users_list.html", all_users=all_users, new_user=new_user_dict, admin_level=True) -@settings.route("/settings/edit_user", methods=['GET']) +@settings.route("/settings/edit_user", methods=['POST']) @login_required @login_admin def edit_user(): - user_id = request.args.get('user_id') + user_id = request.form.get('user_id') return redirect(url_for('settings.create_user', user_id=user_id)) -@settings.route("/settings/delete_user", methods=['GET']) +@settings.route("/settings/delete_user", methods=['POST']) @login_required @login_admin def delete_user(): - user_id = request.args.get('user_id') + user_id = request.form.get('user_id') delete_user_db(user_id) return redirect(url_for('settings.users_list')) diff --git a/var/www/modules/settings/templates/edit_profile.html b/var/www/modules/settings/templates/edit_profile.html index ffa65e83..9a095f7c 100644 --- a/var/www/modules/settings/templates/edit_profile.html +++ b/var/www/modules/settings/templates/edit_profile.html @@ -52,8 +52,16 @@ API Key - {{user_metadata['api_key']}} + + {{user_metadata['api_key'][:4]}}*********************************{{user_metadata['api_key'][-4:]}} + + + + + @@ -91,6 +99,13 @@ function toggle_sidebar(){ $('#core_content').addClass('col-lg-10') } } + +function show_api_key() { + $('#censored_key').hide(); + $('#btn_key').hide(); + $('#uncensored_key').show(); +} + diff --git a/var/www/modules/settings/templates/users_list.html b/var/www/modules/settings/templates/users_list.html index 0c58ab2e..00601977 100644 --- a/var/www/modules/settings/templates/users_list.html +++ b/var/www/modules/settings/templates/users_list.html @@ -17,17 +17,6 @@ - - @@ -75,16 +64,37 @@ {{user['email']}} {{user['role']}} - {{user['api_key']}} - +
+ + {{user['api_key'][:4]}}*********************************{{user['api_key'][-4:]}} + + + + + + + +
- - - - - - +
+
+ + +
+
+ + +
+
{% endfor %} @@ -117,6 +127,13 @@ function toggle_sidebar(){ $('#core_content').addClass('col-lg-10') } } + +function show_api_key(key_id) { + $('#censored_key_' + key_id).hide(); + $('#btn_key_' + key_id).hide(); + $('#uncensored_key_' + key_id).show(); +} +