From 45d1457feaffdf84350e5412cdeabcc26c357a3c Mon Sep 17 00:00:00 2001
From: Connor Osborn <cdosborn@email.arizona.edu>
Date: Mon, 27 Aug 2018 12:27:56 -0700
Subject: [PATCH] Rather than checking if the name is unique include
 issued_time

There's a little complexity involved in making sure a user doesn't create (or
update) an access token resulting in two of the user's tokens having a
duplicate name. We opt instead to include an issued_time in the api response.
This will allow the end-user to discern duplicates. Also, since these tokens
do not expire, it's convenient to at least see when the tokens were created.
---
 api/tests/v2/test_access_tokens.py         | 13 ++++---------
 api/v2/serializers/details/access_token.py |  3 ++-
 api/v2/views/access_token.py               |  8 ++------
 core/models/access_token.py                |  2 --
 4 files changed, 8 insertions(+), 18 deletions(-)

diff --git a/api/tests/v2/test_access_tokens.py b/api/tests/v2/test_access_tokens.py
index 27ef6ca61..4273781aa 100644
--- a/api/tests/v2/test_access_tokens.py
+++ b/api/tests/v2/test_access_tokens.py
@@ -56,17 +56,19 @@ def test_list_response_contains_expected_fields(self):
         force_authenticate(self.list_request, user=self.user)
         response = self.list_view(self.list_request)
         data = response.data.get('results')[0]
-        self.assertEquals(len(data), 2)
+        self.assertEquals(len(data), 3)
         self.assertIn('name', data)
         self.assertIn('id', data)
+        self.assertIn('issued_time', data)
 
     def test_create_response_contains_expected_fields(self):
         force_authenticate(self.create_request, user=self.user)
         response = self.create_view(self.create_request)
         data = response.data
-        self.assertEquals(len(data), 3)
+        self.assertEquals(len(data), 4)
         self.assertIn('id', data)
         self.assertIn('token', data)
+        self.assertIn('issued_time', data)
         self.assertIn('name', data)
 
     def test_create_not_public(self):
@@ -74,13 +76,6 @@ def test_create_not_public(self):
         response = self.create_view(self.create_request)
         self.assertEquals(response.status_code, 403)
 
-    def test_create_same_name(self):
-        create_access_token(self.user, "Test Token Creation", issuer="Testing")
-        force_authenticate(self.create_request, user=self.user)
-        response = self.create_view(self.create_request)
-        self.assertEquals(response.status_code, 400)
-        self.assertEquals(response.data, {'detail': u'Token with name "Test Token Creation" exists.'})
-
     def test_edit(self):
         force_authenticate(self.edit_request, user=self.user)
         edit_response = self.edit_view(self.edit_request, pk=self.access_token.id)
diff --git a/api/v2/serializers/details/access_token.py b/api/v2/serializers/details/access_token.py
index 1f1783edf..f881f5826 100644
--- a/api/v2/serializers/details/access_token.py
+++ b/api/v2/serializers/details/access_token.py
@@ -4,7 +4,8 @@
 
 
 class AccessTokenSerializer(serializers.ModelSerializer):
+    issued_time = serializers.DateTimeField(read_only=True, source='token.issuedTime')
 
     class Meta:
         model = AccessToken
-        fields = ('name', 'id')
+        fields = ('name', 'id', 'issued_time')
diff --git a/api/v2/views/access_token.py b/api/v2/views/access_token.py
index 03976ecd8..1f0680897 100644
--- a/api/v2/views/access_token.py
+++ b/api/v2/views/access_token.py
@@ -27,15 +27,11 @@ def create(self, request):
         name = request.data.get('name', None)
         user = request.user
         access_token = create_access_token(user, name, issuer="Personal-Access-Token")
-        if not access_token:
-            raise exceptions.ValidationError({
-                'detail':
-                'Token with name "{}" exists.'.format(name)
-            })
 
         json_response = {
             'token': access_token.token_id,
             'id': access_token.id,
-            'name': name
+            'name': name,
+            'issued_time': access_token.token.issuedTime
         }
         return Response(json_response, status=status.HTTP_201_CREATED)
diff --git a/core/models/access_token.py b/core/models/access_token.py
index f8deb37a0..0878ee813 100644
--- a/core/models/access_token.py
+++ b/core/models/access_token.py
@@ -18,8 +18,6 @@ class Meta:
         app_label = "core"
 
 def create_access_token(user, token_name=None, token_expire=None, remote_ip=None, issuer=None):
-    if AccessToken.objects.filter(name=token_name, token__user=user):
-        return None
     token = Token.objects.create(user=user, issuer=issuer)
     access_token = AccessToken.objects.create(token=token, name=token_name)
     return access_token