Token admin fix (#5891)

* Change available fields in admin - Add 'key' when initially creating - Stops key from being created twice * Add MinLengthValidator to token key field
2024-08-30 18:33:04 +00:00 · 2023-11-09 13:59:44 +11:00 · 2023-11-09 13:59:44 +11:00 · 0597ea9216
commit 0597ea9216
parent 02320e27c1
3 changed files with 44 additions and 3 deletions
--- a/InvenTree/users/admin.py
+++ b/InvenTree/users/admin.py
@ -20,13 +20,25 @@ class ApiTokenAdmin(admin.ModelAdmin):
    list_filter = ('user', 'revoked')
    fields = ('token', 'user', 'name', 'created', 'last_seen', 'revoked', 'expiry', 'metadata')

+    def get_fields(self, request, obj=None):
+        """Return list of fields to display."""
+
+        if obj:
+            fields = ['token',]
+        else:
+            fields = ['key',]
+
+        fields += ['user', 'name', 'created', 'last_seen', 'revoked', 'expiry', 'metadata']
+
+        return fields
+
    def get_readonly_fields(self, request, obj=None):
        """Some fields are read-only after creation"""

-        ro = ['token', 'created', 'last_seen']
+        ro = ['created', 'last_seen']

        if obj:
-            ro += ['user', 'expiry', 'name']
+            ro += ['token', 'user', 'expiry', 'name']

        return ro

--- a/InvenTree/users/migrations/0010_alter_apitoken_key.py
+++ b/InvenTree/users/migrations/0010_alter_apitoken_key.py
@ -0,0 +1,20 @@
+# Generated by Django 3.2.23 on 2023-11-09 00:39
+
+import django.core.validators
+from django.db import migrations, models
+import users.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0009_auto_20231020_2356'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='apitoken',
+            name='key',
+            field=models.CharField(db_index=True, default=users.models.default_token, max_length=100, unique=True, validators=[django.core.validators.MinLengthValidator(50)], verbose_name='Key'),
+        ),
+    ]
--- a/InvenTree/users/models.py
+++ b/InvenTree/users/models.py
@ -10,6 +10,7 @@ from django.contrib.auth.models import Group, Permission
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.contrib.contenttypes.models import ContentType
 from django.core.cache import cache
+from django.core.validators import MinLengthValidator
 from django.db import models
 from django.db.models import Q, UniqueConstraint
 from django.db.models.signals import post_delete, post_save
@ -67,7 +68,15 @@ class ApiToken(AuthToken, InvenTree.models.MetadataMixin):
        return prefix + str(AuthToken.generate_key()) + suffix

    # Override the 'key' field - force it to be unique
-    key = models.CharField(default=default_token, verbose_name=_('Key'), max_length=100, db_index=True, unique=True)
+    key = models.CharField(
+        default=default_token,
+        verbose_name=_('Key'),
+        db_index=True, unique=True,
+        max_length=100,
+        validators=[
+            MinLengthValidator(50),
+        ]
+    )

    # Override the 'user' field, to allow multiple tokens per user
    user = models.ForeignKey(