Added an API token for each User to use when making API requests. (#3920)

The API key will be displayed on My Account page with a link to reset or generate a new one. All existing users will have a token generated by the migration. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3217 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Eric Davis <edavis@littlestreamsoftware.com> 2009-12-23 06:27:28 +0000
committer: Eric Davis <edavis@littlestreamsoftware.com> 2009-12-23 06:27:28 +0000
commit: aa9951b38b27c7465a313fc72b73b819b292e9b2 (patch)
tree: ff112e75cb81a66d7ae0568003f6bb81dc303e35 /app
parent: 9f59cd64ab9fd10668cad6bbeae3c4daadb0325a (diff)
download: redmine-aa9951b38b27c7465a313fc72b73b819b292e9b2.tar.gz
redmine-aa9951b38b27c7465a313fc72b73b819b292e9b2.zip
4 files changed, 57 insertions, 2 deletions
diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index 64687d87e..f68675991 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -108,6 +108,19 @@ class MyController < ApplicationController
     redirect_to :action => 'account'
   end
 
+  # Create a new API key
+  def reset_api_key
+    if request.post?
+      if User.current.api_token
+        User.current.api_token.destroy
+        User.current.reload
+      end
+      User.current.api_key
+      flash[:notice] = l(:notice_api_access_key_reseted)
+    end
+    redirect_to :action => 'account'
+  end
+
   # User's page layout configuration
   def page_layout
     @user = User.current
diff --git a/app/models/user.rb b/app/models/user.rb
index 4cfa2b47b..39fdb165a 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -39,6 +39,7 @@ class User < Principal
   has_many :changesets, :dependent => :nullify
   has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
   has_one :rss_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='feeds'"
+  has_one :api_token, :dependent => :destroy, :class_name => 'Token', :conditions => "action='api'"
   belongs_to :auth_source
   
   # Active non-anonymous users scope
@@ -192,6 +193,12 @@ class User < Principal
     token = self.rss_token || Token.create(:user => self, :action => 'feeds')
     token.value
   end
+
+  # Return user's API key (a 40 chars long string), used to access the API
+  def api_key
+    token = self.api_token || Token.create(:user => self, :action => 'api')
+    token.value
+  end
   
   # Return an array of project ids for which the user has explicitly turned mail notifications on
   def notified_projects_ids
@@ -210,6 +217,11 @@ class User < Principal
     token && token.user.active? ? token.user : nil
   end
   
+  def self.find_by_api_key(key)
+    token = Token.find_by_action_and_value('api', key)
+    token && token.user.active? ? token.user : nil
+  end
+  
   # Makes find_by_mail case-insensitive
   def self.find_by_mail(mail)
     find(:first, :conditions => ["LOWER(mail) = ?", mail.to_s.downcase])
diff --git a/app/views/my/_sidebar.rhtml b/app/views/my/_sidebar.rhtml
index d30eacf90..1f511bdd2 100644
--- a/app/views/my/_sidebar.rhtml
+++ b/app/views/my/_sidebar.rhtml
@@ -2,7 +2,25 @@
 
 <p><%=l(:field_login)%>: <strong><%= @user.login %></strong><br />
 <%=l(:field_created_on)%>: <%= format_time(@user.created_on) %></p>
+
+
+<h4><%= l(:label_feeds_access_key) %></h4>
+
+<p>
 <% if @user.rss_token %>
-<p><%= l(:label_feeds_access_key_created_on, distance_of_time_in_words(Time.now, @user.rss_token.created_on)) %>
-(<%= link_to l(:button_reset), {:action => 'reset_rss_key'}, :method => :post %>)</p>
+<%= l(:label_feeds_access_key_created_on, distance_of_time_in_words(Time.now, @user.rss_token.created_on)) %>
+<% else %>
+<%= l(:label_missing_feeds_access_key) %>
+<% end %>
+(<%= link_to l(:button_reset), {:action => 'reset_rss_key'}, :method => :post %>)
+</p>
+
+<h4><%= l(:label_api_access_key) %></h4>
+<p>
+<% if @user.api_token %>
+<%= l(:label_api_access_key_created_on, distance_of_time_in_words(Time.now, @user.api_token.created_on)) %>
+<% else %>
+<%= l(:label_missing_api_access_key) %>
 <% end %>
+(<%= link_to l(:button_reset), {:action => 'reset_api_key'}, :method => :post %>)
+</p>
diff --git a/app/views/my/account.rhtml b/app/views/my/account.rhtml
index 018414ee2..1b8347ccd 100644
--- a/app/views/my/account.rhtml
+++ b/app/views/my/account.rhtml
@@ -51,6 +51,18 @@
 <p><%= pref_fields.select :comments_sorting, [[l(:label_chronological_order), 'asc'], [l(:label_reverse_chronological_order), 'desc']] %></p>
 <% end %>
 </div>
+
+<% if @user.api_token %>
+<h3><%=l(:label_api_access_key) %></h3>
+<div class="box">
+  <p>
+    <%= link_to_function(l(:text_show), "$('api-access-key').show();")%>
+    <pre id='api-access-key'><%= @user.api_key %></pre>
+  </p>
+  <%= javascript_tag("$('api-access-key').hide();") %>
+</div>
+<% end %>
+
 </div>
 <% end %>
author	Eric Davis <edavis@littlestreamsoftware.com>	2009-12-23 06:27:28 +0000
committer	Eric Davis <edavis@littlestreamsoftware.com>	2009-12-23 06:27:28 +0000
commit	aa9951b38b27c7465a313fc72b73b819b292e9b2 (patch)
tree	ff112e75cb81a66d7ae0568003f6bb81dc303e35 /app
parent	9f59cd64ab9fd10668cad6bbeae3c4daadb0325a (diff)
download	redmine-aa9951b38b27c7465a313fc72b73b819b292e9b2.tar.gz redmine-aa9951b38b27c7465a313fc72b73b819b292e9b2.zip