Implement token generation check in CloudManager and update user token handling in saveChangesAPIAccess. Ensure users are prompted to reset their password if a valid API token is not present when enabling API access.

2025-11-06 21:35:55 +01:00 · 2025-09-21 19:38:02 +02:00
parent 54da24dd55
commit 8b34833534
3 changed files with 11 additions and 0 deletions
--- a/cloudAPI/cloudManager.py
+++ b/cloudAPI/cloudManager.py
@@ -43,6 +43,10 @@ class CloudManager:

    def verifyLogin(self, request):
        try:
+            # Check if token needs to be generated
+            if self.admin.token == 'TOKEN_NEEDS_GENERATION':
+                return 0, self.ajaxPre(0, 'API token needs to be generated. Please reset your password to generate a valid API token.')
+            
            if request.META['HTTP_AUTHORIZATION'] == self.admin.token:
                return 1, self.ajaxPre(1, None)
            else:
--- a/to-do/Skjermbilde
+++ b/to-do/Skjermbilde
--- a/userManagment/views.py
+++ b/userManagment/views.py
@@ -99,6 +99,13 @@ def saveChangesAPIAccess(request):

            if access == "Enable":
                userAcct.api = 1
+                # When enabling API access, ensure the user has a proper token
+                # The token should be generated based on username:password format
+                # If no token exists, we'll need the user to reset their password
+                if not userAcct.token or userAcct.token == 'None' or userAcct.token == '':
+                    # Token will be generated when user changes their password
+                    # For now, set a placeholder that indicates API access is enabled but token needs generation
+                    userAcct.token = 'TOKEN_NEEDS_GENERATION'
            else:
                userAcct.api = 0