Allow deleting ImplicitBearerTokens via the API

Signed-off-by: Olivier Léobal <[email protected]>
Substra · Aug 8, 2023 · 02c0e59 · 02c0e59
1 parent 3950bae
commit 02c0e59
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 11 deletions.
diff --git a/backend/backend/views.py b/backend/backend/views.py
@@ -80,13 +80,11 @@ def get(self, request, *args, **kwargs):
         )
 
     def delete(self, request, *args, **kwargs):
-        try:
-            token = BearerToken.objects.get(id=request.GET.get("id"))
-            if request.user == token.user:
-                token.delete()
+        for model in [BearerToken, ImplicitBearerToken]:
+            tokens = model.objects.filter(id=request.GET.get("id"))
+            if len(tokens) == 1 and request.user == tokens[0].user:
+                tokens[0].delete()
                 return ApiResponse(data={"message": "Token removed"}, status=status.HTTP_200_OK)
-        except BearerToken.ObjectDoesNotExist or BearerToken.MultipleObjectsReturned:
-            pass
         return ApiResponse(data={"message": "Token not found"}, status=status.HTTP_404_NOT_FOUND)
 
 

diff --git a/...ns/0007_alter_implicitbearertoken_user.py → ...s/0007_implicitbearertoken_id_and_more.py b/...ns/0007_alter_implicitbearertoken_user.py → ...s/0007_implicitbearertoken_id_and_more.py
@@ -1,9 +1,9 @@
-# Generated by Django 4.2.1 on 2023-07-28 09:54
+# Generated by Django 4.2.1 on 2023-08-08 09:38
 
-import django.db.models.deletion
 from django.conf import settings
-from django.db import migrations
-from django.db import models
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
 
 
 class Migration(migrations.Migration):
@@ -13,6 +13,11 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
+        migrations.AddField(
+            model_name="implicitbearertoken",
+            name="id",
+            field=models.UUIDField(default=uuid.uuid4, editable=False),
+        ),
         migrations.AlterField(
             model_name="implicitbearertoken",
             name="user",

diff --git a/backend/users/models/token.py b/backend/users/models/token.py
@@ -28,6 +28,7 @@ class ImplicitBearerToken(Token):
     """
 
     user = models.ForeignKey(settings.AUTH_USER_MODEL, related_name="implicit_bearer_tokens", on_delete=models.CASCADE)
+    id = models.UUIDField(default=uuid.uuid4, editable=False)
 
     @property
     def expires_at(self) -> datetime:

diff --git a/backend/users/serializers/token.py b/backend/users/serializers/token.py
@@ -29,7 +29,7 @@ class ImplicitBearerTokenSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = ImplicitBearerToken
-        fields = ["expires_at", "created_at", "token"]
+        fields = ["id", "expires_at", "created_at", "token"]
 
     def __init__(self, *args, **kwargs):
         include_payload = kwargs.pop("include_payload", False)