Add a page that lists all authorised Micropub clients and allows a client's access to be revoked easily
This commit is contained in:
parent
bb91d3c6b6
commit
446029ce84
GPG key ID:
8EB789DDF3ABD240
9 changed files with 137 additions and 2 deletions
|
|
@ -2,3 +2,4 @@ from .login import login
|
|||
from .logout import logout
|
||||
from .indie import IndieView, approve as indie_approve
|
||||
from .token import TokenView
|
||||
from .tokens import TokensListView, TokensRevokeView
|
||||
|
|
|
|||
2
lemonauth/views/tokens/__init__.py
Normal file
2
lemonauth/views/tokens/__init__.py
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
from .list import TokensListView
|
||||
from .revoke import TokensRevokeView
|
||||
41
lemonauth/views/tokens/list.py
Normal file
41
lemonauth/views/tokens/list.py
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.views.generic import TemplateView
|
||||
from typing import Dict, Optional, Set
|
||||
from lemoncurry.requests import mf2
|
||||
|
||||
|
||||
class ClientsDict(dict):
|
||||
def __missing__(self, client_id):
|
||||
self[client_id] = Client(client_id)
|
||||
return self[client_id]
|
||||
|
||||
|
||||
class Client:
|
||||
id: str
|
||||
count: int
|
||||
scopes: Set[str]
|
||||
app: Optional[Dict[str, str]]
|
||||
|
||||
def __init__(self, client_id):
|
||||
self.id = client_id
|
||||
self.count = 0
|
||||
self.scopes = set()
|
||||
apps = mf2(self.id).to_dict(filter_by_type='h-x-app')
|
||||
try:
|
||||
self.app = apps[0]['properties']
|
||||
except IndexError:
|
||||
self.app = None
|
||||
|
||||
|
||||
class TokensListView(LoginRequiredMixin, TemplateView):
|
||||
template_name = 'lemonauth/tokens.html'
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
clients = ClientsDict()
|
||||
for token in self.request.user.token_set.all():
|
||||
client = clients[token.client_id]
|
||||
client.count += 1
|
||||
client.scopes |= set(token.scope.split(' '))
|
||||
context.update({'clients': clients, 'title': 'tokens'})
|
||||
return context
|
||||
11
lemonauth/views/tokens/revoke.py
Normal file
11
lemonauth/views/tokens/revoke.py
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
from django.http import HttpResponse
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.views import View
|
||||
|
||||
from ...models import Token
|
||||
|
||||
|
||||
class TokensRevokeView(LoginRequiredMixin, View):
|
||||
def delete(self, request, client_id: str):
|
||||
Token.objects.filter(client_id=client_id).delete()
|
||||
return HttpResponse(status=204)
|
||||
Loading…
Add table
Add a link
Reference in a new issue