Allow Application API tokens to be revoked by their owner

applications/templates/applications/application/detail.html

 {% extends "base.html" %}
 {% load bootstrap4 %}
 
+{% block extra_head %}
+    <script src="https://cdn.jsdelivr.net/npm/js-cookie@2.2.0/src/js.cookie.min.js"></script>
+{% endblock %}
+
 {% block content %}
     <nav aria-label="breadcrumb">
         <ol class="breadcrumb">
@@ -64,8 +68,27 @@
                     <td>
                         <span id="spanApiToken">
                             {% if application.proxy_user.auth_token %}
+                                <script type="application/javascript">
+                                    function revokeToken() {
+                                        $.ajax({
+                                            dataType: "json",
+                                            url: "{% url 'applications:token' pk=application.pk %}",
+                                            method: "DELETE",
+                                            headers: {
+                                                "X-CSRFToken": Cookies.get("csrftoken")
+                                            },
+                                            data: null,
+                                            success: function (data) {
+                                                $('#spanApiToken').text("");
+                                            }
+                                        });
+                                    }
+                                </script>
+
                                 {{ application.proxy_user.auth_token }}
 
+                                <button onclick="revokeToken();" class="btn btn-danger" role="button">Revoke API Token</button>
+
                             {% else %}
                                 <script type="application/javascript">
                                     function getToken() {

applications/urls.py

@@ -29,6 +29,10 @@ urlpatterns = [
          views.ApplicationGetTokenView.as_view(),
          name='token'),
 
+    path('<int:pk>/token',
+         views.ApplicationGetTokenView.as_view(),
+         name='token'),
+
     path('<int:pk>/manage-access',
          views.ApplicationManageAccessView.as_view(),
          name='application.manage-access'),

applications/views.py

@@ -98,7 +98,7 @@ class ApplicationGetTokenView(OwnerPermissionMixin, DetailView):
 
     def render_to_response(self, context, **response_kwargs):
         """
-        Get an existing API Token or create a new one for the currently authenticated user.
+        Get an existing API Token or create a new one for the requested :class:`Application`.
 
         :return: JSON containing Token key
         """
@@ -112,3 +112,19 @@ class ApplicationGetTokenView(OwnerPermissionMixin, DetailView):
                 }
             }
         })
+
+    def delete(self, request, *args, **kwargs):
+        """
+        Revoke an API Token for the requested :class:`Application`.
+
+        :return: JSON containing Token key
+        """
+        self.object = self.get_object()
+        self.object.proxy_user.revoke_auth_token()
+
+        return JsonResponse({
+            'status': 'success',
+            'data': {
+                'token': None,
+            }
+        })

profiles/models.py

@@ -28,3 +28,10 @@ class User(AbstractUser):
         """
         token, created = Token.objects.get_or_create(user=self)
         return token
+
+    def revoke_auth_token(self):
+        """
+        Revoke and API auth token for this user.
+        """
+        self.auth_token.delete()
+