flake8
passed.
JSHint
passed.
Update APITokenResource for API Tokens v2
Review Request #12474 — Created July 15, 2022 and submitted
This change updates the
APITokenResourceaccording to the newWebAPIToken
fields addded as part of our move to API Tokens v2. The API now creates tokens
in the vendor checksum format rather than the legacy SHA1 format. Users can also
invalidate tokens via the API.This change also corrects some PUT, POST and DELETE tests for for the
APITokenResource. These tests were all callingself.api_getinstead of the
appropriate HTTP method.It also updates test utilities that are related to
WebAPITokens.
Ran unit tests in
reviewboard/webapi/tests.
| Summary | ID |
|---|---|
| 6c5d95516bc6417b362923f5ae4a4f0f7ffca848 |
| Description | From | Last Updated |
|---|---|---|
|
Can we update this to use the imperative mood? ("Creates" -> "Create") |
 david
|
|
|
'django.utils.timezone' imported but unused Column: 1 Error code: F401 |
 reviewbot
|
|
|
Can you alphabetize all the keys? Helps keep it clear where new ones go. Also, all these should have a … |
 chipx86
|
|
|
This has to go before Args. Under the hood, Version Added is a .. versionadded::, which is a paragraph-following/generating construct. … |
chipx86
|
|
|
For the else clause, are we handling None/''? We should probably just be explicit with one or the other (probably … |
chipx86
|
|
|
Let's be explicit and say invalid_date here. |
david
|
|
|
Let's be explicit and say last_updated here. |
david
|
|
|
Same here. |
david
|
|
|
Same here. |
david
|
|
|
If we're not modifying this, we should provide it inline where we're using it. |
chipx86
|
|
|
We should maybe create some central concept of what the default token generator is. Maybe this lives in Djblets, as … |
chipx86
|
|
|
Let's simplify this a bit. valid = kwargs.get('valid') if valid is True: return INVALID_FORM_DATA, .... elif value is False: ... |
chipx86
|
|
|
I know we should already have some validation from the field type, but can we explicitly do kwargs['valid'] != False? |
david
|
|
|
Let's avoid setting the key twice and instead compute as one statement. |
chipx86
|
|
|
Paren should be on the previous line, with no trailing , (given that it's a function call). |
chipx86
|
|
|
Let's make this part of the call, so we have that state all together. Same below. |
chipx86
|
|
|
"expiration date" is more in line with the language we tend to use in the docs (I just found out, … |
chipx86
|
|
|
This form for function definitions should only be used if we can't fit argument names and values on a single … |
chipx86
|
|
|
Rather than this form, let's pull this out and pre-compute the generator ID. In fact, we should allow the caller … |
chipx86
|
|
|
As above, we standardize on "expiration date." |
chipx86
|
|
|
No blank line here. |
chipx86
|
|
|
Let's pull out the ID before we call this, to avoid the chaining. |
chipx86
|
|
|
Rather than True or False (here and in the resulting errors), we should use true or false, because these will … |
chipx86
|
|
|
Let's pull this out to avoid the chaining. |
chipx86
|
|
|
We try hard to avoid the ternary if .. else in statements. They're a bit harder to read and format. … |
chipx86
|
- Change Summary:
-
- Serialize the DateTime fields to ISO format.
- Uses
WebAPITokenManagerto handle invalidating tokens.
- Commits:
-
Summary ID 3008c645dfec118e41186664e2df56564a27413b 815e7c9dcfad53f78f3576f77dee392aa4f44b3f
Checks run (1 failed, 1 succeeded)
flake8
failed.
JSHint
passed.
flake8
-
-
Can you alphabetize all the keys? Helps keep it clear where new ones go.
Also, all these should have a
'added_in': '5.0'. Same with all places where we describe a new field. -
This has to go before
Args.Under the hood,
Version Addedis a.. versionadded::, which is a paragraph-following/generating construct.Args,Returns, andRaisesare special block-generating directives meant to appear after the paragraph-generating content is done.Same below.
-
For the
elseclause, are we handlingNone/''? We should probably just be explicit with one or the other (probablyNone).Same below.
-
-
We should maybe create some central concept of what the default token generator is. Maybe this lives in Djblets, as a
DJBLETS_DEFAULT_API_TOKEN_GENERATOR, and a function for getting it from the registry?This can be a follow-up. Not a P0 for this change or related changes. Given time constraints, this can also just be tracked in Asana for now.
-
Let's simplify this a bit.
valid = kwargs.get('valid') if valid is True: return INVALID_FORM_DATA, .... elif value is False: ... -
-
-
- Description:
-
This change updates the
APITokenResourceaccording to the newWebAPITokenfields addded as part of our move to API Tokens v2. The API now creates tokens in the vendor checksum format rather than the legacy SHA1 format. Users can also invalidate tokens via the API. This change also corrects some PUT, POST and DELETE tests for for the
APITokenResource. These tests were all callingself.api_getinstead of theappropriate HTTP method. + + It also updates test utilities that are related to
WebAPITokens. - Commits:
-
Summary ID 815e7c9dcfad53f78f3576f77dee392aa4f44b3f da6392b43c29d09c073e8db3b29cb03ba7d67638
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
-
-
"expiration date" is more in line with the language we tend to use in the docs (I just found out, this is a regional difference).
-
This form for function definitions should only be used if we can't fit argument names and values on a single line. These will all fit, so let's start them off on the
create_webapi_tokenline and then align each next one with that. -
Rather than this form, let's pull this out and pre-compute the generator ID.
In fact, we should allow the caller to specify a generator ID and token info (default to None, set to these if not specified), so that we can more easily test with variations on the tokens.
-
-
-
-
Rather than
TrueorFalse(here and in the resulting errors), we should usetrueorfalse, because these will be values going into the API rather than the Python constants for them. -
-
We try hard to avoid the ternary
if .. elsein statements. They're a bit harder to read and format.Instead, can we pre-compute the expected values at the top of the function, and compare against those?