Rather than checking if the name is unique include issued_time

There's a little complexity involved in making sure a user doesn't create (or update) an access token resulting in two of the user's tokens having a duplicate name. We opt instead to include an issued_time in the api response. This will allow the end-user to discern duplicates. Also, since these tokens do not expire, it's convenient to at least see when the tokens were created.
cyverse · Aug 27, 2018 · 45d1457 · 45d1457
1 parent e14e001
commit 45d1457
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 18 deletions.
diff --git a/api/tests/v2/test_access_tokens.py b/api/tests/v2/test_access_tokens.py
@@ -56,31 +56,26 @@ def test_list_response_contains_expected_fields(self):
         force_authenticate(self.list_request, user=self.user)
         response = self.list_view(self.list_request)
         data = response.data.get('results')[0]
-        self.assertEquals(len(data), 2)
+        self.assertEquals(len(data), 3)
         self.assertIn('name', data)
         self.assertIn('id', data)
+        self.assertIn('issued_time', data)
 
     def test_create_response_contains_expected_fields(self):
         force_authenticate(self.create_request, user=self.user)
         response = self.create_view(self.create_request)
         data = response.data
-        self.assertEquals(len(data), 3)
+        self.assertEquals(len(data), 4)
         self.assertIn('id', data)
         self.assertIn('token', data)
+        self.assertIn('issued_time', data)
         self.assertIn('name', data)
 
     def test_create_not_public(self):
         force_authenticate(self.create_request, user=self.anonymous_user)
         response = self.create_view(self.create_request)
         self.assertEquals(response.status_code, 403)
 
-    def test_create_same_name(self):
-        create_access_token(self.user, "Test Token Creation", issuer="Testing")
-        force_authenticate(self.create_request, user=self.user)
-        response = self.create_view(self.create_request)
-        self.assertEquals(response.status_code, 400)
-        self.assertEquals(response.data, {'detail': u'Token with name "Test Token Creation" exists.'})
-
     def test_edit(self):
         force_authenticate(self.edit_request, user=self.user)
         edit_response = self.edit_view(self.edit_request, pk=self.access_token.id)

diff --git a/api/v2/serializers/details/access_token.py b/api/v2/serializers/details/access_token.py
@@ -4,7 +4,8 @@
 
 
 class AccessTokenSerializer(serializers.ModelSerializer):
+    issued_time = serializers.DateTimeField(read_only=True, source='token.issuedTime')
 
     class Meta:
         model = AccessToken
-        fields = ('name', 'id')
+        fields = ('name', 'id', 'issued_time')
diff --git a/api/v2/views/access_token.py b/api/v2/views/access_token.py
@@ -27,15 +27,11 @@ def create(self, request):
         name = request.data.get('name', None)
         user = request.user
         access_token = create_access_token(user, name, issuer="Personal-Access-Token")
-        if not access_token:
-            raise exceptions.ValidationError({
-                'detail':
-                'Token with name "{}" exists.'.format(name)
-            })
 
         json_response = {
             'token': access_token.token_id,
             'id': access_token.id,
-            'name': name
+            'name': name,
+            'issued_time': access_token.token.issuedTime
         }
         return Response(json_response, status=status.HTTP_201_CREATED)
diff --git a/core/models/access_token.py b/core/models/access_token.py
@@ -18,8 +18,6 @@ class Meta:
         app_label = "core"
 
 def create_access_token(user, token_name=None, token_expire=None, remote_ip=None, issuer=None):
-    if AccessToken.objects.filter(name=token_name, token__user=user):
-        return None
     token = Token.objects.create(user=user, issuer=issuer)
     access_token = AccessToken.objects.create(token=token, name=token_name)
     return access_token