api keys: rework API key UI.

* Add an explanation of what an API key is and how to use it. * Make it possible for the site owner to view all API keys. * Remove the requirement to re-enter your password before you can view your API key (to be reworked). * Move the API key controller from maintenance/user/api_keys_controller.rb to a top level controller.
2021-02-14 02:50:03 -06:00
parent ae204df4ca
commit 37061f95a6
18 changed files with 224 additions and 167 deletions
--- a/app/controllers/maintenance/user/api_keys_controller.rb
+++ b/app/controllers/maintenance/user/api_keys_controller.rb
@@ -1,43 +0,0 @@
-module Maintenance
-  module User
-    class ApiKeysController < ApplicationController
-      before_action :check_privilege
-      before_action :authenticate!, :except => [:show]
-      rescue_from ::SessionLoader::AuthenticationFailure, :with => :authentication_failed
-      respond_to :html, :json, :xml
-
-      def view
-        respond_with(CurrentUser.user, @api_key)
-      end
-
-      def update
-        @api_key.regenerate!
-        respond_with(CurrentUser.user, @api_key) { |format| format.js }
-      end
-
-      def destroy
-        @api_key.destroy
-        respond_with(CurrentUser.user, @api_key, location: CurrentUser.user)
-      end
-
-      protected
-
-      def check_privilege
-        raise ::User::PrivilegeError unless params[:user_id].to_i == CurrentUser.id
-      end
-
-      def authenticate!
-        if CurrentUser.user.authenticate_password(params[:user][:password])
-          @api_key = CurrentUser.user.api_key || ApiKey.generate!(CurrentUser.user)
-          @password = params[:user][:password]
-        else
-          raise ::SessionLoader::AuthenticationFailure
-        end
-      end
-
-      def authentication_failed
-        redirect_to(user_api_key_path(CurrentUser.user), :notice => "Password was incorrect.")
-      end
-    end
-  end
-end