def post(self, *args: Any, **kwargs: Any) -> None:
name = self.get_path_argument("name")
password_id = int(self.get_path_argument("password_id"))
user = User.get(self.session, name=name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
password = UserPassword.get(self.session, user=user, id=password_id)
try:
delete_user_password(self.session, password.name, user.id)
except PasswordDoesNotExist:
# if the password doesn't exist, we can pretend like it did and that we deleted it
return self.redirect("/users/{}?refresh=yes".format(user.username))
AuditLog.log(
self.session,
self.current_user.id,
"delete_password",
"Deleted password: {}".format(password.name),
on_user_id=user.id,
)
self.session.commit()
return self.redirect("/users/{}?refresh=yes".format(user.username))
def get(self, user_id=None, name=None, pass_id=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
password = UserPassword.get(self.session, user=user, id=pass_id)
return self.render("user-password-delete.html", user=user, password=password)
def get(self, *args: Any, **kwargs: Any) -> None:
name = self.get_path_argument("name")
password_id = int(self.get_path_argument("password_id"))
user = User.get(self.session, name=name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
password = UserPassword.get(self.session, user=user, id=password_id)
return self.render("user-password-delete.html",
user=user,
password=password)
def post(self, user_id=None, name=None, pass_id=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
password = UserPassword.get(self.session, user=user, id=pass_id)
try:
delete_user_password(self.session, password.name, user.id)
except PasswordDoesNotExist:
# if the password doesn't exist, we can pretend like it did and that we deleted it
return self.redirect("/users/{}?refresh=yes".format(user.id))
AuditLog.log(self.session, self.current_user.id, 'delete_password',
'Deleted password: {}'.format(password.name),
on_user_id=user.id)
self.session.commit()
return self.redirect("/users/{}?refresh=yes".format(user.id))