add multiple API tokens per user, removes old API tokens

2026-01-03 13:19:16 -05:00 · 2022-08-04 17:24:54 +02:00
parent 9e62d8a3a3
commit 3f77b73a61
12 changed files with 666 additions and 220 deletions
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@@ -29,6 +29,7 @@ from django.utils.translation import gettext as _
 from django_scopes import scopes_disabled
 from icalendar import Calendar, Event
 from PIL import UnidentifiedImageError
+from oauth2_provider.models import AccessToken
 from recipe_scrapers import scrape_html, scrape_me
 from recipe_scrapers._exceptions import NoSchemaFoundInWildMode
 from requests.exceptions import MissingSchema
@@ -86,7 +87,7 @@ from cookbook.serializer import (AutomationSerializer, BookmarkletImportListSeri
                                 SupermarketCategorySerializer, SupermarketSerializer,
                                 SyncLogSerializer, SyncSerializer, UnitSerializer,
                                 UserFileSerializer, UserSerializer, UserPreferenceSerializer,
-                                 UserSpaceSerializer, ViewLogSerializer)
+                                 UserSpaceSerializer, ViewLogSerializer, AccessTokenSerializer)
 from cookbook.views.import_export import get_integration
 from recipes import settings

@@ -1090,6 +1091,15 @@ class CustomFilterViewSet(viewsets.ModelViewSet, StandardFilterMixin):
        return super().get_queryset()


+class AccessTokenViewSet(viewsets.ModelViewSet):
+    queryset = AccessToken.objects
+    serializer_class = AccessTokenSerializer
+    permission_classes = [CustomIsOwner]
+
+    def get_queryset(self):
+        return self.queryset.filter(user=self.request.user)
+
+
 # -------------- DRF custom views --------------------

 class AuthTokenThrottle(AnonRateThrottle):
--- a/cookbook/views/views.py
+++ b/cookbook/views/views.py
@@ -1,5 +1,6 @@
 import os
 import re
+import uuid
 from datetime import datetime
 from uuid import UUID

@@ -18,6 +19,7 @@ from django.urls import reverse, reverse_lazy
 from django.utils import timezone
 from django.utils.translation import gettext as _
 from django_scopes import scopes_disabled
+from oauth2_provider.models import AccessToken
 from rest_framework.authtoken.models import Token

 from cookbook.forms import (CommentForm, Recipe, SearchPreferenceForm, ShoppingPreferenceForm,
@@ -338,8 +340,8 @@ def user_settings(request):
    elif not search_error:
        search_form = SearchPreferenceForm()

-    if (api_token := Token.objects.filter(user=request.user).first()) is None:
-        api_token = Token.objects.create(user=request.user)
+    if (api_token := AccessToken.objects.filter(user=request.user).first()) is None:
+        api_token = AccessToken.objects.create(user=request.user, token=f'tda_{str(uuid.uuid4()).replace("-","_")}', expires=(timezone.now() + timezone.timedelta(days=365*5)), scope='read write').token

    # these fields require postgresql - just disable them if postgresql isn't available
    if not settings.DATABASES['default']['ENGINE'] in ['django.db.backends.postgresql_psycopg2',