api keys: rework API key UI.

* Add an explanation of what an API key is and how to use it. * Make it possible for the site owner to view all API keys. * Remove the requirement to re-enter your password before you can view your API key (to be reworked). * Move the API key controller from maintenance/user/api_keys_controller.rb to a top level controller.
2021-02-14 02:50:03 -06:00
parent ae204df4ca
commit 37061f95a6
18 changed files with 224 additions and 167 deletions
--- a/app/controllers/api_keys_controller.rb
+++ b/app/controllers/api_keys_controller.rb
@@ -0,0 +1,26 @@
+class ApiKeysController < ApplicationController
+  respond_to :html, :json, :xml
+
+  def create
+    @api_key = authorize ApiKey.new(user: CurrentUser.user)
+    @api_key.save
+    respond_with(@api_key, location: user_api_keys_path(CurrentUser.user.id))
+  end
+
+  def index
+    params[:search][:user_id] = params[:user_id] if params[:user_id].present?
+    @api_keys = authorize ApiKey.visible(CurrentUser.user).paginated_search(params, count_pages: true)
+    respond_with(@api_keys)
+  end
+
+  def show
+    @api_key = authorize ApiKey.find(params[:id])
+    respond_with(@api_key)
+  end
+
+  def destroy
+    @api_key = authorize ApiKey.find(params[:id])
+    @api_key.destroy
+    respond_with(@api_key, location: user_api_keys_path(CurrentUser.user.id))
+  end
+end
--- a/app/controllers/maintenance/user/api_keys_controller.rb
+++ b/app/controllers/maintenance/user/api_keys_controller.rb
@@ -1,43 +0,0 @@
-module Maintenance
-  module User
-    class ApiKeysController < ApplicationController
-      before_action :check_privilege
-      before_action :authenticate!, :except => [:show]
-      rescue_from ::SessionLoader::AuthenticationFailure, :with => :authentication_failed
-      respond_to :html, :json, :xml
-
-      def view
-        respond_with(CurrentUser.user, @api_key)
-      end
-
-      def update
-        @api_key.regenerate!
-        respond_with(CurrentUser.user, @api_key) { |format| format.js }
-      end
-
-      def destroy
-        @api_key.destroy
-        respond_with(CurrentUser.user, @api_key, location: CurrentUser.user)
-      end
-
-      protected
-
-      def check_privilege
-        raise ::User::PrivilegeError unless params[:user_id].to_i == CurrentUser.id
-      end
-
-      def authenticate!
-        if CurrentUser.user.authenticate_password(params[:user][:password])
-          @api_key = CurrentUser.user.api_key || ApiKey.generate!(CurrentUser.user)
-          @password = params[:user][:password]
-        else
-          raise ::SessionLoader::AuthenticationFailure
-        end
-      end
-
-      def authentication_failed
-        redirect_to(user_api_key_path(CurrentUser.user), :notice => "Password was incorrect.")
-      end
-    end
-  end
-end