def delete_macaroon(self): form = DeleteMacaroonForm(**self.request.POST, macaroon_service=self.macaroon_service) if form.validate(): description = self.macaroon_service.find_macaroon( form.macaroon_id.data).description self.macaroon_service.delete_macaroon(form.macaroon_id.data) self.request.session.flash(f"Deleted API token '{description}'.", queue="success") redirect_to = self.request.referer if not is_safe_url(redirect_to, host=self.request.host): redirect_to = self.request.route_path("manage.account") return HTTPSeeOther(redirect_to)
def delete_macaroon(self): form = DeleteMacaroonForm( password=self.request.POST["confirm_password"], macaroon_id=self.request.POST["macaroon_id"], macaroon_service=self.macaroon_service, username=self.request.user.username, user_service=self.user_service, ) if form.validate(): macaroon = self.macaroon_service.find_macaroon( form.macaroon_id.data) self.macaroon_service.delete_macaroon(form.macaroon_id.data) self.user_service.record_event( self.request.user.id, tag="account:api_token:removed", ip_address=self.request.remote_addr, additional={"macaroon_id": form.macaroon_id.data}, ) if "projects" in macaroon.caveats["permissions"]: projects = [ project for project in self.request.user.projects if project.normalized_name in macaroon.caveats["permissions"]["projects"] ] for project in projects: project.record_event( tag="project:api_token:removed", ip_address=self.request.remote_addr, additional={ "description": macaroon.description, "user": self.request.user.username, }, ) self.request.session.flash( f"Deleted API token '{macaroon.description}'.", queue="success") else: self.request.session.flash("Invalid credentials. Try again", queue="error") redirect_to = self.request.referer if not is_safe_url(redirect_to, host=self.request.host): redirect_to = self.request.route_path("manage.account") return HTTPSeeOther(redirect_to)