Allow user to delete session key

2025-12-18 19:32:24 -06:00 · 2017-03-14 14:01:06 -04:00
parent 4cb30f1ce4
commit 3dc15068b9
6 changed files with 48 additions and 5 deletions
--- a/netbox/users/urls.py
+++ b/netbox/users/urls.py
@@ -5,7 +5,6 @@ from . import views

 urlpatterns = [

-    # User profiles
    url(r'^profile/$', views.profile, name='profile'),
    url(r'^password/$', views.change_password, name='change_password'),
    url(r'^api-tokens/$', views.TokenListView.as_view(), name='token_list'),
@@ -14,6 +13,7 @@ urlpatterns = [
    url(r'^api-tokens/(?P<pk>\d+)/delete/$', views.TokenDeleteView.as_view(), name='token_delete'),
    url(r'^user-key/$', views.userkey, name='userkey'),
    url(r'^user-key/edit/$', views.userkey_edit, name='userkey_edit'),
+    url(r'^session-key/delete/$', views.SessionKeyDeleteView.as_view(), name='sessionkey_delete'),
    url(r'^recent-activity/$', views.recent_activity, name='recent_activity'),

 ]
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@@ -9,7 +9,7 @@ from django.utils.http import is_safe_url
 from django.views.generic import View

 from secrets.forms import UserKeyForm
-from secrets.models import UserKey
+from secrets.models import SessionKey, UserKey
 from utilities.forms import ConfirmationForm
 from .forms import LoginForm, PasswordChangeForm, TokenForm
 from .models import Token
@@ -124,6 +124,42 @@ def userkey_edit(request):
    })


+class SessionKeyDeleteView(LoginRequiredMixin, View):
+
+    def get(self, request):
+
+        sessionkey = get_object_or_404(SessionKey, userkey__user=request.user)
+        form = ConfirmationForm()
+
+        return render(request, 'users/sessionkey_delete.html', {
+            'obj_type': sessionkey._meta.verbose_name,
+            'form': form,
+            'return_url': reverse('user:userkey'),
+        })
+
+    def post(self, request):
+
+        sessionkey = get_object_or_404(SessionKey, userkey__user=request.user)
+        form = ConfirmationForm(request.POST)
+        if form.is_valid():
+
+            # Delete session key
+            sessionkey.delete()
+            messages.success(request, "Session key deleted")
+
+            # Delete cookie
+            response = redirect('user:userkey')
+            response.delete_cookie('session_key', path=reverse('secrets-api:secret-list'))
+
+            return response
+
+        return render(request, 'users/sessionkey_delete.html', {
+            'obj_type': sessionkey._meta.verbose_name,
+            'form': form,
+            'return_url': reverse('user:userkey'),
+        })
+
+
@login_required()
 def recent_activity(request):