| Message ID | 20171219054127.26494-1-andrew.donnellan@au1.ibm.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | views: Don't render token section of user profile if REST API disabled | expand |
On 19/12/17 16:41, Andrew Donnellan wrote: > In profile.html, if settings.ENABLE_REST_API == False, trying to render a > link to the generate_token page will raise a NoReverseMatch exception, so > we shouldn't render that. In any case, if the REST API is disabled, we > really shouldn't render the API token section of the page at all. > > Only render the API token and generation link if settings.ENABLE_REST_API > is True. > > Cc: stable Gah, my git mailrc strikes again and Ccs this to stable@vger... please drop them on replies. Sorry for the noise, kernel people! Andrew > Reported-by: Tomas Novotny <tomas@novotny.cz> > Closes: #138 ("NoReverseMatch exception on user login with disabled REST API") > Fixes: 85c8f369204a ("views: Provide a way to view, (re)generate tokens") > Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com> > --- > patchwork/templates/patchwork/profile.html | 2 ++ > patchwork/views/user.py | 2 ++ > 2 files changed, 4 insertions(+) > > diff --git a/patchwork/templates/patchwork/profile.html b/patchwork/templates/patchwork/profile.html > index 75c4f59..4ca78da 100644 > --- a/patchwork/templates/patchwork/profile.html > +++ b/patchwork/templates/patchwork/profile.html > @@ -140,6 +140,7 @@ address.</p> > <th>Password:</th> > <td><a href="{% url 'password_change' %}">Change password</a> > </tr> > +{% if rest_api_enabled %} > <tr> > <th>API Token:</th> > <td> > @@ -162,6 +163,7 @@ address.</p> > </form> > </td> > </tr> > +{% endif %} > </table> > </div> > > diff --git a/patchwork/views/user.py b/patchwork/views/user.py > index d99fedf..693c02d 100644 > --- a/patchwork/views/user.py > +++ b/patchwork/views/user.py > @@ -128,6 +128,8 @@ def profile(request): > context['linked_emails'] = people > context['linkform'] = EmailForm() > context['api_token'] = request.user.profile.token > + if settings.ENABLE_REST_API: > + context['rest_api_enabled'] = True > > return render(request, 'patchwork/profile.html', context) > >
On Tue, 2017-12-19 at 16:41 +1100, Andrew Donnellan wrote: > In profile.html, if settings.ENABLE_REST_API == False, trying to > render a > link to the generate_token page will raise a NoReverseMatch > exception, so > we shouldn't render that. In any case, if the REST API is disabled, > we > really shouldn't render the API token section of the page at all. > > Only render the API token and generation link if > settings.ENABLE_REST_API > is True. > > Cc: stable > Reported-by: Tomas Novotny <tomas@novotny.cz> > Closes: #138 ("NoReverseMatch exception on user login with disabled > REST API") > Fixes: 85c8f369204a ("views: Provide a way to view, (re)generate > tokens") > Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com> Looks good to me. Merged and backported to 'stable/2.0'. Reviewed-by: Stephen Finucane <stephen@that.guru>
On Tue, 2017-12-19 at 16:41 +1100, Andrew Donnellan wrote: > In profile.html, if settings.ENABLE_REST_API == False, trying to > render a > link to the generate_token page will raise a NoReverseMatch > exception, so > we shouldn't render that. In any case, if the REST API is disabled, > we > really shouldn't render the API token section of the page at all. > > Only render the API token and generation link if > settings.ENABLE_REST_API > is True. > > Cc: stable > Reported-by: Tomas Novotny <tomas@novotny.cz> > Closes: #138 ("NoReverseMatch exception on user login with disabled > REST API") > Fixes: 85c8f369204a ("views: Provide a way to view, (re)generate > tokens") > Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com> Looks good to me. Merged and backported to 'stable/2.0'. Reviewed-by: Stephen Finucane <stephen@that.guru>
diff --git a/patchwork/templates/patchwork/profile.html b/patchwork/templates/patchwork/profile.html index 75c4f59..4ca78da 100644 --- a/patchwork/templates/patchwork/profile.html +++ b/patchwork/templates/patchwork/profile.html @@ -140,6 +140,7 @@ address.</p> <th>Password:</th> <td><a href="{% url 'password_change' %}">Change password</a> </tr> +{% if rest_api_enabled %} <tr> <th>API Token:</th> <td> @@ -162,6 +163,7 @@ address.</p> </form> </td> </tr> +{% endif %} </table> </div> diff --git a/patchwork/views/user.py b/patchwork/views/user.py index d99fedf..693c02d 100644 --- a/patchwork/views/user.py +++ b/patchwork/views/user.py @@ -128,6 +128,8 @@ def profile(request): context['linked_emails'] = people context['linkform'] = EmailForm() context['api_token'] = request.user.profile.token + if settings.ENABLE_REST_API: + context['rest_api_enabled'] = True return render(request, 'patchwork/profile.html', context)
In profile.html, if settings.ENABLE_REST_API == False, trying to render a link to the generate_token page will raise a NoReverseMatch exception, so we shouldn't render that. In any case, if the REST API is disabled, we really shouldn't render the API token section of the page at all. Only render the API token and generation link if settings.ENABLE_REST_API is True. Cc: stable Reported-by: Tomas Novotny <tomas@novotny.cz> Closes: #138 ("NoReverseMatch exception on user login with disabled REST API") Fixes: 85c8f369204a ("views: Provide a way to view, (re)generate tokens") Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com> --- patchwork/templates/patchwork/profile.html | 2 ++ patchwork/views/user.py | 2 ++ 2 files changed, 4 insertions(+)