[PATCH] views: Don't render token section of user profile if REST API disabled

[PATCH] views: Don't render token section of user profile if REST API disabled

[Andrew Donnellan]

In profile.html, if settings.ENABLE_REST_API == False, trying to render a
link to the generate_token page will raise a NoReverseMatch exception, so
we shouldn't render that. In any case, if the REST API is disabled, we
really shouldn't render the API token section of the page at all.

Only render the API token and generation link if settings.ENABLE_REST_API
is True.

Cc: stable
Reported-by: Tomas Novotny <tomas@novotny.cz>
Closes: #138 ("NoReverseMatch exception on user login with disabled REST API")
Fixes: 85c8f369204a ("views: Provide a way to view, (re)generate tokens")
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
---
 patchwork/templates/patchwork/profile.html | 2 ++
 patchwork/views/user.py                    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/patchwork/templates/patchwork/profile.html b/patchwork/templates/patchwork/profile.html
index 75c4f59..4ca78da 100644
--- a/patchwork/templates/patchwork/profile.html
+++ b/patchwork/templates/patchwork/profile.html
@@ -140,6 +140,7 @@ address.</p>
   <th>Password:</th>
   <td><a href="{% url 'password_change' %}">Change password</a>
  </tr>
+{% if rest_api_enabled %}
  <tr>
   <th>API Token:</th>
   <td>
@@ -162,6 +163,7 @@ address.</p>
    </form>
   </td>
  </tr>
+{% endif %}
 </table>
 </div>
 
diff --git a/patchwork/views/user.py b/patchwork/views/user.py
index d99fedf..693c02d 100644
--- a/patchwork/views/user.py
+++ b/patchwork/views/user.py
@@ -128,6 +128,8 @@ def profile(request):
     context['linked_emails'] = people
     context['linkform'] = EmailForm()
     context['api_token'] = request.user.profile.token
+    if settings.ENABLE_REST_API:
+        context['rest_api_enabled'] = True
 
     return render(request, 'patchwork/profile.html', context)
 
-- 
2.11.0

Re: [PATCH] views: Don't render token section of user profile if REST API disabled

[Andrew Donnellan]

On 19/12/17 16:41, Andrew Donnellan wrote:
> In profile.html, if settings.ENABLE_REST_API == False, trying to render a
> link to the generate_token page will raise a NoReverseMatch exception, so
> we shouldn't render that. In any case, if the REST API is disabled, we
> really shouldn't render the API token section of the page at all.
> 
> Only render the API token and generation link if settings.ENABLE_REST_API
> is True.
> 
> Cc: stable

Gah, my git mailrc strikes again and Ccs this to stable@vger... please 
drop them on replies.

Sorry for the noise, kernel people!


Andrew



> Reported-by: Tomas Novotny <tomas@novotny.cz>
> Closes: #138 ("NoReverseMatch exception on user login with disabled REST API")
> Fixes: 85c8f369204a ("views: Provide a way to view, (re)generate tokens")
> Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
> ---
>   patchwork/templates/patchwork/profile.html | 2 ++
>   patchwork/views/user.py                    | 2 ++
>   2 files changed, 4 insertions(+)
> 
> diff --git a/patchwork/templates/patchwork/profile.html b/patchwork/templates/patchwork/profile.html
> index 75c4f59..4ca78da 100644
> --- a/patchwork/templates/patchwork/profile.html
> +++ b/patchwork/templates/patchwork/profile.html
> @@ -140,6 +140,7 @@ address.</p>
>     <th>Password:</th>
>     <td><a href="{% url 'password_change' %}">Change password</a>
>    </tr>
> +{% if rest_api_enabled %}
>    <tr>
>     <th>API Token:</th>
>     <td>
> @@ -162,6 +163,7 @@ address.</p>
>      </form>
>     </td>
>    </tr>
> +{% endif %}
>   </table>
>   </div>
>   
> diff --git a/patchwork/views/user.py b/patchwork/views/user.py
> index d99fedf..693c02d 100644
> --- a/patchwork/views/user.py
> +++ b/patchwork/views/user.py
> @@ -128,6 +128,8 @@ def profile(request):
>       context['linked_emails'] = people
>       context['linkform'] = EmailForm()
>       context['api_token'] = request.user.profile.token
> +    if settings.ENABLE_REST_API:
> +        context['rest_api_enabled'] = True
>   
>       return render(request, 'patchwork/profile.html', context)
>   
> 

-- 
Andrew Donnellan              OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com  IBM Australia Limited

Re: [PATCH] views: Don't render token section of user profile if REST API disabled

[Stephen Finucane]

On Tue, 2017-12-19 at 16:41 +1100, Andrew Donnellan wrote:
> In profile.html, if settings.ENABLE_REST_API == False, trying to
> render a
> link to the generate_token page will raise a NoReverseMatch
> exception, so
> we shouldn't render that. In any case, if the REST API is disabled,
> we
> really shouldn't render the API token section of the page at all.
> 
> Only render the API token and generation link if
> settings.ENABLE_REST_API
> is True.
> 
> Cc: stable
> Reported-by: Tomas Novotny <tomas@novotny.cz>
> Closes: #138 ("NoReverseMatch exception on user login with disabled
> REST API")
> Fixes: 85c8f369204a ("views: Provide a way to view, (re)generate
> tokens")
> Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>

Looks good to me. Merged and backported to 'stable/2.0'.

Reviewed-by: Stephen Finucane <stephen@that.guru>