Added confirmation page for token deletion

This commit is contained in:
Simon Pirkelmann 2021-03-21 21:45:13 +01:00
parent c981161cd7
commit e79713e094
3 changed files with 70 additions and 28 deletions

View File

@ -0,0 +1,27 @@
{% extends 'base.html' %}
{% block header %}
{% block title %}<h1>Token löschen</h1>{% endblock %}
<script src="../static/jquery-3.6.0.js"></script>
{% endblock %}
{% block content %}
<div>
Achtung, der Token von NutzerIn '{{ token['name'] }}' wird gelöscht.
Bitte zur Bestätigung den Nutzernamen eingeben:
<form method="POST">
<table>
{{ form.csrf_token }}
<tr>
<td>{{ form.name.label }}</td>
<td>{{ form.name(size=20) }}</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" value="Bestätigen">
</td>
</tr>
</table>
</form>
</div>
{% endblock %}

View File

@ -22,7 +22,7 @@
<td> <td>
<a href="{{ url_for('edit_token', token=t) }}"><img src="static/edit.png" title="Editieren" alt="Edit"></a> <a href="{{ url_for('edit_token', token=t) }}"><img src="static/edit.png" title="Editieren" alt="Edit"></a>
<a href="{{ url_for('deactivate_token', token=t) }}"><img src="static/stop.png" title="Deaktivieren" alt="Deactivate"></a> <a href="{{ url_for('deactivate_token', token=t) }}"><img src="static/stop.png" title="Deaktivieren" alt="Deactivate"></a>
<img src="static/delete.png" title="Löschen" alt="Delete" onclick="confirmDelete('{{ t }}')"> <a href="{{ url_for('delete_token', token=t) }}"><img src="static/delete.png" title="Löschen" alt="Delete"></a>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -39,20 +39,4 @@
</tr> </tr>
{% endfor %} {% endfor %}
</table> </table>
<script>
function confirmDelete(t) {
debugger
if (confirm('Token wirklich löschen?')) {
console.log('confirmed');
console.log(t);
$.post('{{ url_for('delete_token') }}', {token: t},
function (data) {
if (data === 'success') {
location.reload();
}
});
}
}
</script>
{% endblock %} {% endblock %}

View File

@ -1,9 +1,9 @@
import os import os
from flask import Flask, render_template, request, flash, redirect, session from flask import Flask, render_template, request, flash, redirect, session, url_for
from flask_wtf import FlaskForm from flask_wtf import FlaskForm
from wtforms.fields.html5 import DateField, EmailField from wtforms.fields.html5 import DateField, EmailField
from wtforms.fields import StringField, BooleanField from wtforms.fields import StringField, BooleanField
from wtforms.validators import DataRequired, ValidationError from wtforms.validators import DataRequired, ValidationError, EqualTo
from flask_sqlalchemy import SQLAlchemy from flask_sqlalchemy import SQLAlchemy
from flask_security import Security, SQLAlchemyUserDatastore, auth_required, hash_password, uia_email_mapper from flask_security import Security, SQLAlchemyUserDatastore, auth_required, hash_password, uia_email_mapper
from flask_security.models import fsqla_v2 as fsqla from flask_security.models import fsqla_v2 as fsqla
@ -36,6 +36,9 @@ class TokenForm(FlaskForm):
active = BooleanField('Aktiv?') active = BooleanField('Aktiv?')
dsgvo = BooleanField('Einwilligung Nutzungsbedingungen erfragt?', validators=[DataRequired()]) dsgvo = BooleanField('Einwilligung Nutzungsbedingungen erfragt?', validators=[DataRequired()])
class TokenDeleteForm(FlaskForm):
name = StringField('Name', validators=[DataRequired(), EqualTo('name_confirm', 'Name stimmt nicht überein')])
name_confirm = StringField('Name confirm')
def uia_username_mapper(identity): def uia_username_mapper(identity):
# we allow pretty much anything - but we bleach it. # we allow pretty much anything - but we bleach it.
@ -245,13 +248,16 @@ def create_application(config):
'valid_thru': session['valid_thru'], 'valid_thru': session['valid_thru'],
'inactive': session['inactive'], 'inactive': session['inactive'],
'organization': session['organization']} 'organization': session['organization']}
door.store_tokens(tokens) try:
door.store_tokens(tokens)
except Exception as e:
flash(f"Error during store_tokens. Exception: {e}")
return redirect('/tokens') return redirect('/tokens')
@app.route('/delete-token', methods=['POST']) @app.route('/delete-token/<token>', methods=['GET', 'POST'])
@auth_required() @auth_required()
def delete_token(): def delete_token(token):
"""Delete the given token from the token file and store the new token file to disk """Delete the given token from the token file and store the new token file to disk
Parameters Parameters
@ -259,12 +265,34 @@ def create_application(config):
token : str token : str
The token to delete from the database. The token to delete from the database.
""" """
token = request.form.get('token')
tokens = door.get_tokens() tokens = door.get_tokens()
if token in tokens: # check if token exists
tokens.pop(token) if token in tokens:
door.store_tokens(tokens) token_to_delete = tokens[token]
return "success"
# set up form for confirming deletion
form = TokenDeleteForm()
form.name_confirm.data = token_to_delete['name']
if request.method == 'GET':
# return page asking the user to confirm delete
return render_template('delete.html', token=token_to_delete, form=form)
elif form.validate():
# form validation successful -> can delete the token
tokens.pop(token)
try:
door.store_tokens(tokens)
except Exception as e:
flash(f"Error during store_tokens. Exception: {e}")
flash(f"Token {token} wurde gelöscht!")
return redirect('/tokens')
else:
# form validation failed -> return to token overview and flash message
flash(f"Der eingegebene Name stimmt nicht überein. Der Token {token} von {token_to_delete['name']} wurde nicht gelöscht.")
return redirect('/tokens')
else:
flash(f'Ungültiger Token {token} für Löschung.')
return redirect('/tokens')
@app.route('/deactivate-token/<token>') @app.route('/deactivate-token/<token>')
@ -280,7 +308,10 @@ def create_application(config):
tokens = door.get_tokens() tokens = door.get_tokens()
if token in tokens: if token in tokens:
tokens[token]['inactive'] = True tokens[token]['inactive'] = True
door.store_tokens(tokens) try:
door.store_tokens(tokens)
except Exception as e:
flash(f"Error during store_tokens. Exception: {e}")
return redirect('/tokens') return redirect('/tokens')
@app.route('/open') @app.route('/open')