Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide admins with a way to regenerate their API token #2718

Merged
merged 8 commits into from
Nov 11, 2020
Merged

Provide admins with a way to regenerate their API token #2718

merged 8 commits into from
Nov 11, 2020

Conversation

briri
Copy link
Contributor

@briri briri commented Nov 6, 2020

Fixes #2410 .

Added ability for user to regenerate their own API token (or create one if it was not initialized for some reason when they became an Org admin). Also updated the application.js to make jQuery and the notificationHelper functions available within the js.erb files.

Changes proposed in this PR:

  • Move API token and link to wiki documentation to its own tab on Edit Profile page
  • Update initializer to provide both v0 and v1 API urls
  • Add a 'Regenerate token' button to new tab and brief explanation of v0 and v1 with links to their wiki pages
  • Add route, controller and js.erb to regerate the user's token
  • Update User model to separate out the create token functionality from the create_or_update method
  • Update the application.js to make jQuery and the renderNotice and renderAlert helper functions available to the js.erb files
  • Update api_client credentials mailer to use updated initializer values
  • Update the refresh api client credentials js.erb

xsrust
xsrust suggested changes Nov 10, 2020
View reviewed changes
app/javascript/packs/application.js
Comment on lines +96 to +102
// Setup JS functions/libraries so that they're available within the js.erb templates
window.$ = jQuery;
window.jQuery = jQuery;

// Allow js.erb files to access the notificationHelper functions
window.renderAlert = renderAlert;
window.renderNotice = renderNotice;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll need to make a mental-note this is how you can expose stuff like jQuery.
Thanks for getting this hooked up

app/policies/user_policy.rb Outdated
Comment on lines 62 to 64
def refresh_token?
true
end
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to validate that the user has either permission to use the API or an existing API token?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the button should not appear unless they're an Org admin but it would make sense to add logic to the policy

app/views/super_admin/api_clients/email_credentials.js.erb Outdated
<%# TODO: replace this with the notificationHelper.js once we move to Rails 5 %>
var notification = document.getElementById("notification-area");
notification.append(msg);
notification.classList.remove('hide'); No newline at end of file
renderNotice(msg);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great to see these TODO's going away:)

@briri
Copy link
Contributor Author

briri commented Nov 10, 2020

Ok @xsrust I added some permission checks to that policy

xsrust
xsrust approved these changes Nov 11, 2020
View reviewed changes
Copy link
Contributor

@xsrust xsrust left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for updating

@xsrust xsrust merged commit 6d3e5b0 into development Nov 11, 2020
@briri briri deleted the api-token-refresh branch December 18, 2020 17:00
portagenetwork pushed a commit to portagenetwork/roadmap that referenced this pull request Feb 24, 2022
@briri
Provide admins with a way to regenerate their API token (DMPRoadmap#2718
ed48f2f 
)

* added ability for user to refresh their API token. moved api token to separate profile tab

* updated client credentials email to work with updated api wiki docs definition in initializer

* fixed eslinter issue

* fixed eslinter issue

* updated refresh_token policy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xsrust xsrust xsrust approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@briri @xsrust