Fix #2785: Allow changing API key; require password to view or change key.

app/views/api_keys/new.html.erb

@@ -1,19 +0,0 @@
-<div id="c-api-keys">
-  <div id="a-new">
-    <h1>New API Key</h1>
-
-    <p>You can generate a new API key to authenticate against <%= Danbooru.config.app_name %>.</p>
-
-    <%= error_messages_for :api_key %>
-
-    <%= simple_form_for(@api_key) do |f| %>
-      <%= submit_tag "Generate" %>
-    <% end %>
-  </div>
-</div>
-
-<%= render "users/secondary_links" %>
-
-<% content_for(:page_title) do %>
-  New API Key - <%= Danbooru.config.app_name %>
-<% end %>

app/views/maintenance/user/api_keys/show.html.erb

@@ -0,0 +1,15 @@
+<div id="c-maintenance-user-api-keys">
+  <div id="a-show">
+    <h1>API Key</h1>
+    <p>You must re-enter your password to view or change your API key.</p>
+
+    <%= simple_form_for CurrentUser.user, url: view_user_api_key_path(CurrentUser.user), method: :post do |f| %>
+      <%= f.input :password, :as => :password, :input_html => {:autocomplete => "off"} %>
+      <%= f.button :submit, "Submit" %>
+    <% end %>
+  </div>
+</div>
+
+<% content_for(:page_title) do %>
+  API Key - <%= Danbooru.config.app_name %>
+<% end %>

app/views/maintenance/user/api_keys/update.js.erb

@@ -0,0 +1,9 @@
+<% if @api_key.errors.any? %>
+  Danbooru.error("<%= j @api_key.errors.full_messages.join(', ') %>");
+<% else %>
+  $("#api-key").text("<%= j @api_key.key %>");
+  $("#api-key-created").html("<%= j compact_time @api_key.created_at %>");
+  $("#api-key-updated").html("<%= j compact_time @api_key.updated_at %>");
+
+  Danbooru.notice("API key regenerated.");
+<% end %>

app/views/maintenance/user/api_keys/view.html.erb

@@ -0,0 +1,32 @@
+<div id="c-maintenance-user-api-keys">
+  <div id="a-view">
+    <h1>API Key</h1>
+
+    <table class="striped" width="100%">
+      <thead>
+        <tr>
+          <th>API Key</th>
+          <th>Created</th>
+          <th>Updated</th>
+          <th>Actions</th>
+        </tr>
+      </thead>
+
+      <tbody>
+        <tr>
+          <td id="api-key"><%= @api_key.key %></td>
+          <td id="api-key-created"><%= compact_time @api_key.created_at %></td>
+          <td id="api-key-updated"><%= compact_time @api_key.updated_at %></td>
+          <td>
+            <%= button_to "Regenerate", user_api_key_path(CurrentUser.user), method: :put, params: { 'user[password]': @password }, remote: true %>
+            <%= button_to "Delete", user_api_key_path(CurrentUser.user), method: :delete, params: { 'user[password]': @password } %>
+          </td>
+        </tr>
+      </tbody>
+    </table>
+  </div>
+</div>
+
+<% content_for(:page_title) do %>
+  API Key - <%= Danbooru.config.app_name %>
+<% end %>

app/views/users/_statistics.html.erb

@@ -147,11 +147,8 @@
         <tr>
           <th>API Key</th>
           <td>
-            <% if CurrentUser.user.api_key %>
-              <%= CurrentUser.user.api_key.key %>
-            <% else %>
-              <%= link_to "Generate key", new_api_key_path %>
-            <% end %>
+            <%= link_to (CurrentUser.api_key ? "View" : "Generate"), user_api_key_path(CurrentUser.user) %>
+            (<%= link_to "help", wiki_pages_path(title: "help:api") %>)
           </td>
         </tr>
       <% end %>