From 0597ea9216758b0ab0ee556ab4635589d70b94cc Mon Sep 17 00:00:00 2001 From: Oliver Date: Thu, 9 Nov 2023 13:59:44 +1100 Subject: [PATCH] Token admin fix (#5891) * Change available fields in admin - Add 'key' when initially creating - Stops key from being created twice * Add MinLengthValidator to token key field --- InvenTree/users/admin.py | 16 +++++++++++++-- .../migrations/0010_alter_apitoken_key.py | 20 +++++++++++++++++++ InvenTree/users/models.py | 11 +++++++++- 3 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 InvenTree/users/migrations/0010_alter_apitoken_key.py diff --git a/InvenTree/users/admin.py b/InvenTree/users/admin.py index 95d59a6e82..2b77421ce8 100644 --- a/InvenTree/users/admin.py +++ b/InvenTree/users/admin.py @@ -20,13 +20,25 @@ class ApiTokenAdmin(admin.ModelAdmin): list_filter = ('user', 'revoked') fields = ('token', 'user', 'name', 'created', 'last_seen', 'revoked', 'expiry', 'metadata') + def get_fields(self, request, obj=None): + """Return list of fields to display.""" + + if obj: + fields = ['token',] + else: + fields = ['key',] + + fields += ['user', 'name', 'created', 'last_seen', 'revoked', 'expiry', 'metadata'] + + return fields + def get_readonly_fields(self, request, obj=None): """Some fields are read-only after creation""" - ro = ['token', 'created', 'last_seen'] + ro = ['created', 'last_seen'] if obj: - ro += ['user', 'expiry', 'name'] + ro += ['token', 'user', 'expiry', 'name'] return ro diff --git a/InvenTree/users/migrations/0010_alter_apitoken_key.py b/InvenTree/users/migrations/0010_alter_apitoken_key.py new file mode 100644 index 0000000000..ab45a9fa47 --- /dev/null +++ b/InvenTree/users/migrations/0010_alter_apitoken_key.py @@ -0,0 +1,20 @@ +# Generated by Django 3.2.23 on 2023-11-09 00:39 + +import django.core.validators +from django.db import migrations, models +import users.models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0009_auto_20231020_2356'), + ] + + operations = [ + migrations.AlterField( + model_name='apitoken', + name='key', + field=models.CharField(db_index=True, default=users.models.default_token, max_length=100, unique=True, validators=[django.core.validators.MinLengthValidator(50)], verbose_name='Key'), + ), + ] diff --git a/InvenTree/users/models.py b/InvenTree/users/models.py index 803ed1c614..19bc91f611 100644 --- a/InvenTree/users/models.py +++ b/InvenTree/users/models.py @@ -10,6 +10,7 @@ from django.contrib.auth.models import Group, Permission from django.contrib.contenttypes.fields import GenericForeignKey from django.contrib.contenttypes.models import ContentType from django.core.cache import cache +from django.core.validators import MinLengthValidator from django.db import models from django.db.models import Q, UniqueConstraint from django.db.models.signals import post_delete, post_save @@ -67,7 +68,15 @@ class ApiToken(AuthToken, InvenTree.models.MetadataMixin): return prefix + str(AuthToken.generate_key()) + suffix # Override the 'key' field - force it to be unique - key = models.CharField(default=default_token, verbose_name=_('Key'), max_length=100, db_index=True, unique=True) + key = models.CharField( + default=default_token, + verbose_name=_('Key'), + db_index=True, unique=True, + max_length=100, + validators=[ + MinLengthValidator(50), + ] + ) # Override the 'user' field, to allow multiple tokens per user user = models.ForeignKey(