API key management tweaks [SCI-10763]

2025-09-06 21:24:23 +08:00 · 2024-06-03 13:47:00 +02:00 · 2024-06-03 13:47:00 +02:00 · 23d311473e
commit 23d311473e
parent 1b730a8977
6 changed files with 29 additions and 5 deletions
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@ -210,13 +210,19 @@ class Users::RegistrationsController < Devise::RegistrationsController
  def regenerate_api_key
    current_user.regenerate_api_key!

-    redirect_to edit_user_registration_path
+    redirect_to(edit_user_registration_path(anchor: 'api-key'),
+                flash: {
+                  success: t('users.registrations.edit.api_key.generated')
+                })
  end

  def revoke_api_key
    current_user.revoke_api_key!

-    redirect_to edit_user_registration_path
+    redirect_to(edit_user_registration_path(anchor: 'api-key'),
+                flash: {
+                  success: t('users.registrations.edit.api_key.revoked')
+                })
  end

  protected
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -516,6 +516,7 @@ class User < ApplicationRecord
  def regenerate_api_key!
    update!(
      api_key: SecureRandom.urlsafe_base64(33),
+      api_key_created_at: Time.current,
      api_key_expires_at: Constants::API_KEY_EXPIRES_IN.from_now
    )
  end
--- a/app/views/users/registrations/edit_partials/_api_key.html.erb
+++ b/app/views/users/registrations/edit_partials/_api_key.html.erb
@ -1,11 +1,19 @@
 <div class="mb-8">
-  <h3><%= t("users.registrations.edit.api_key.title") %></h3>
+  <h3 id="api-key"><%= t("users.registrations.edit.api_key.title") %></h3>
  <p>
    <%= t("users.registrations.edit.api_key.description") %>
  </p>
  <% if current_user.api_key %>
    <div class="api-key-display">
-      <%= text_field_tag :api_key, current_user.api_key, class: "p-3 mb-2 w-full", disabled: "disabled"  %>
+      <div class="form-group sci-input-container right-icon !w-1/2">
+        <%= password_field_tag :api_key,
+                               current_user.api_key,
+                               name: 'api_key',
+                               class: 'form-control sci-input-field !text-sn-black !font-mono !cursor-text',
+                               disabled: 'disabled'
+        %>
+        <i class="sn-icon sn-icon-visibility-show show-password" style="cursor: pointer; z-index: 10"></i>
+      </div>
      <% if current_user.api_key_expires_at < Time.current %>
        <p class="">
          <%= t("users.registrations.edit.api_key.expired") %>
--- a/config/initializers/api.rb
+++ b/config/initializers/api.rb
@ -13,5 +13,5 @@ Rails.application.configure do

  config.x.core_api_v2_enabled = ENV['CORE_API_V2_ENABLED'] || false

-  config.x.core_api_key_enabled = ENV['CORE_API_KEY_ENABLED'] || false
+  config.x.core_api_key_enabled = ENV['CORE_API_KEY_ENABLED'] == 'true'
 end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -2832,6 +2832,8 @@ en:
          regenerate: "Regenerate"
          revoke: "Revoke"
          expired: "This key has expired!"
+          generated: "API key generated!"
+          revoked: "API key revoked!"
      new:
        head_title: "Sign up"
        team_name_label: "Team name"
--- a/db/migrate/20240603101357_add_api_key_created_at_to_users.rb
+++ b/db/migrate/20240603101357_add_api_key_created_at_to_users.rb
@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddApiKeyCreatedAtToUsers < ActiveRecord::Migration[7.0]
+  def change
+    add_column :users, :api_key_created_at, :timestamp
+  end
+end