Allow Application API token to be generated on request

c30ecd37 · James Graham · b4cb5519 · c30ecd37 · c30ecd37 · c30ecd37
Commit c30ecd37 authored Feb 19, 2019 by James Graham
--- a/applications/models.py
+++ b/applications/models.py
@@ -130,7 +130,7 @@ class Application(BaseAppDataModel):
        proxy_user = get_user_model().objects.create_user(proxy_username)

        # Create an API access token for the proxy user
-        Token.objects.create(user=proxy_user)
+        proxy_user.create_auth_token()

        return proxy_user


--- a/applications/templates/applications/application/detail.html
+++ b/applications/templates/applications/application/detail.html
@@ -56,17 +56,41 @@
            </tr>
            <tr>
                <td>URL</td>
-                <td>{{ application.url }}</td>
+                <td>{{ application.url|default:'No URL provided' }}</td>
            </tr>
-            {% if api_key %}
+            {% if has_edit_permission %}
                <tr>
                    <td>API Key</td>
-                    <td>{{ api_key }}</td>
+                    <td>
+                        <span id="spanApiToken">
+                            {% if application.proxy_user.auth_token %}
+                                {{ application.proxy_user.auth_token }}
+
+                            {% else %}
+                                <script type="application/javascript">
+                                    function getToken() {
+                                        $.ajax({
+                                            dataType: "json",
+                                            url: "{% url 'applications:token' pk=application.pk %}",
+                                            data: null,
+                                            success: function (data) {
+                                                $('#spanApiToken').text(data.data.token.key);
+                                            }
+                                        });
+                                    }
+                                </script>
+
+                                <button onclick="getToken();" class="btn btn-default" role="button">Generate an API Token</button>
+                            {% endif %}
+                        </span>
+
+                    </td>
                </tr>
            {% endif %}
        </tbody>
    </table>

+    {% if application.url %}
        <div class="row justify-content-center pt-5">
            <div class="col-4">
                <script type="application/javascript">
@@ -79,5 +103,6 @@
                <button role="button" onclick="launchApp();" class="btn btn-info btn-lg btn-block">Launch App</button>
            </div>
        </div>
+    {% endif %}

 {% endblock %}
\ No newline at end of file
--- a/applications/urls.py
+++ b/applications/urls.py
@@ -25,6 +25,10 @@ urlpatterns = [
         views.ApplicationDeleteView.as_view(),
         name='application.delete'),

+    path('<int:pk>/token',
+         views.ApplicationGetTokenView.as_view(),
+         name='token'),
+
    path('<int:pk>/manage-access',
         views.ApplicationManageAccessView.as_view(),
         name='application.manage-access'),

--- a/applications/views.py
+++ b/applications/views.py
 from django.contrib.auth.mixins import PermissionRequiredMixin
+from django.http import JsonResponse
 from django.urls import reverse_lazy
 from django.views.generic.detail import DetailView
 from django.views.generic.edit import CreateView, DeleteView, UpdateView
@@ -67,7 +68,11 @@ class ApplicationDetailView(DetailView):
        context['has_edit_permission'] = self.request.user.is_superuser or self.request.user == self.object.owner

        if self.request.user == self.object.owner or self.request.user.is_superuser:
-            context['api_key'] = Token.objects.get(user=self.object.proxy_user)
+            try:
+                context['api_key'] = self.object.proxy_user.auth_token
+
+            except Token.DoesNotExist:
+                pass

        return context

@@ -83,3 +88,27 @@ class ApplicationManageAccessView(OwnerPermissionMixin, ManageAccessView):
    model = models.Application
    template_name = 'applications/application/manage_access.html'
    context_object_name = 'application'
+
+
+class ApplicationGetTokenView(OwnerPermissionMixin, DetailView):
+    """
+    Get an API Token for an application.
+    """
+    model = models.Application
+
+    def render_to_response(self, context, **response_kwargs):
+        """
+        Get an existing API Token or create a new one for the currently authenticated user.
+
+        :return: JSON containing Token key
+        """
+        api_token, created = Token.objects.get_or_create(user=self.object.proxy_user)
+
+        return JsonResponse({
+            'status': 'success',
+            'data': {
+                'token': {
+                    'key': api_token.key
+                }
+            }
+        })
--- a/profiles/models.py
+++ b/profiles/models.py
+"""
+Module containing models required for user profiles.
+"""
 from django.contrib.auth.models import AbstractUser
 from django.urls import reverse

+from rest_framework.authtoken.models import Token
+

 class User(AbstractUser):
    """
@@ -14,3 +19,12 @@ class User(AbstractUser):
        Used in PROV records.
        """
        return reverse('profiles:uri', kwargs={'pk': self.pk})
+
+    def create_auth_token(self) -> Token:
+        """
+        Create an API auth token for this user.
+
+        :return: API auth token instance
+        """
+        token, created = Token.objects.get_or_create(user=self)
+        return token