public inbox for
 help / color / mirror / Atom feed
From: "Fabian Grünbichler" <>
Subject: [pbs-devel] [PATCH proxmox-backup 14/16] gui: add API token UI
Date: Wed, 28 Oct 2020 12:37:15 +0100	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

Signed-off-by: Fabian Grünbichler <>
 www/Makefile            |   2 +
 www/NavigationTree.js   |   6 ++
 www/Utils.js            |   8 ++
 www/config/TokenView.js | 218 ++++++++++++++++++++++++++++++++++++++++
 www/window/TokenEdit.js | 213 +++++++++++++++++++++++++++++++++++++++
 5 files changed, 447 insertions(+)
 create mode 100644 www/config/TokenView.js
 create mode 100644 www/window/TokenEdit.js

diff --git a/www/Makefile b/www/Makefile
index 75d389d9..ab056c8c 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -13,12 +13,14 @@ JSSRC=							\
 	data/RunningTasksStore.js			\
 	button/TaskButton.js				\
 	config/UserView.js				\
+	config/TokenView.js				\
 	config/RemoteView.js				\
 	config/ACLView.js				\
 	config/SyncView.js				\
 	config/VerifyView.js				\
 	window/UserEdit.js				\
 	window/UserPassword.js				\
+	window/TokenEdit.js				\
 	window/VerifyJobEdit.js				\
 	window/RemoteEdit.js				\
 	window/SyncJobEdit.js				\
diff --git a/www/NavigationTree.js b/www/NavigationTree.js
index 6524a5c3..d4e5d966 100644
--- a/www/NavigationTree.js
+++ b/www/NavigationTree.js
@@ -34,6 +34,12 @@ Ext.define('', {
 			path: 'pbsUserView',
 			leaf: true,
+		    {
+			text: gettext('API Token'),
+			iconCls: 'fa fa-user-o',
+			path: 'pbsTokenView',
+			leaf: true,
+		    },
 			text: gettext('Permissions'),
 			iconCls: 'fa fa-unlock',
diff --git a/www/Utils.js b/www/Utils.js
index 221a2f2b..58319345 100644
--- a/www/Utils.js
+++ b/www/Utils.js
@@ -84,6 +84,14 @@ Ext.define('PBS.Utils', {
 	return `Datastore ${what} ${id}`;
+    extractTokenUser: function(tokenid) {
+	return tokenid.match(/^(.+)!([^!]+)$/)[1];
+    },
+    extractTokenName: function(tokenid) {
+	return tokenid.match(/^(.+)!([^!]+)$/)[2];
+    },
     constructor: function() {
 	var me = this;
diff --git a/www/config/TokenView.js b/www/config/TokenView.js
new file mode 100644
index 00000000..88b3f194
--- /dev/null
+++ b/www/config/TokenView.js
@@ -0,0 +1,218 @@
+Ext.define('pbs-tokens', {
+    extend: '',
+    fields: [
+	'tokenid', 'tokenname', 'user', 'comment',
+	{ type: 'boolean', name: 'enable', defaultValue: true },
+	{ type: 'date', dateFormat: 'timestamp', name: 'expire' },
+    ],
+    idProperty: 'tokenid',
+Ext.define('pbs-users-with-tokens', {
+    extend: '',
+    fields: [
+	'userid', 'firstname', 'lastname', 'email', 'comment',
+	{ type: 'boolean', name: 'enable', defaultValue: true },
+	{ type: 'date', dateFormat: 'timestamp', name: 'expire' },
+	'tokens',
+    ],
+    idProperty: 'userid',
+    proxy: {
+	type: 'proxmox',
+	url: '/api2/json/access/users/?include_tokens=1',
+    },
+Ext.define('PBS.config.TokenView', {
+    extend: 'Ext.grid.GridPanel',
+    alias: 'widget.pbsTokenView',
+    stateful: true,
+    stateId: 'grid-tokens',
+    title: gettext('API Tokens'),
+    controller: {
+	xclass: '',
+	init: function(view) {
+	    view.userStore = Ext.create('', {
+		autoStart: true,
+		interval: 5 * 1000,
+		storeId: 'pbs-users-with-tokens',
+		storeid: 'pbs-users-with-tokens',
+		model: 'pbs-users-with-tokens',
+	    });
+	    view.userStore.on('load', this.onLoad, this);
+	    view.on('destroy', view.userStore.stopUpdate);
+	    Proxmox.Utils.monStoreErrors(view, view.userStore);
+	},
+	reload: function() { this.getView().userStore.load(); },
+	onLoad: function(store, data, success) {
+	    if (!success) return;
+	    let tokenStore = this.getView().store.rstore;
+	    let records = [];
+	    Ext.Array.each(data, function(user) {
+		let tokens = || [];
+		Ext.Array.each(tokens, function(token) {
+		    let r = {};
+		    r.tokenid = token.tokenid;
+		    r.comment = token.comment;
+		    r.expire = token.expire;
+		    r.enable = token.enable;
+		    records.push(r);
+		});
+	    });
+	    tokenStore.loadData(records);
+	    tokenStore.fireEvent('load', tokenStore, records, true);
+	},
+	addToken: function() {
+	    let me = this;
+	    Ext.create('PBS.window.TokenEdit', {
+		isCreate: true,
+		listeners: {
+		    destroy: function() {
+			me.reload();
+		    },
+		},
+	    }).show();
+	},
+	editToken: function() {
+	    let me = this;
+	    let view = me.getView();
+	    let selection = view.getSelection();
+	    if (selection.length < 1) return;
+	    Ext.create('PBS.window.TokenEdit', {
+		user: PBS.Utils.extractTokenUser(selection[0].data.tokenid),
+		tokenname: PBS.Utils.extractTokenName(selection[0].data.tokenid),
+		listeners: {
+		    destroy: function() {
+			me.reload();
+		    },
+		},
+	    }).show();
+	},
+	showPermissions: function() {
+	    let me = this;
+	    let view = me.getView();
+	    let selection = view.getSelection();
+	    if (selection.length < 1) return;
+	    Ext.create('Proxmox.PermissionView', {
+		auth_id: selection[0].data.tokenid,
+		auth_id_name: 'auth_id',
+	    }).show();
+	},
+	renderUser: function(tokenid) {
+	    return Ext.String.htmlEncode(PBS.Utils.extractTokenUser(tokenid));
+	},
+	renderTokenname: function(tokenid) {
+	    return Ext.String.htmlEncode(PBS.Utils.extractTokenName(tokenid));
+	},
+    },
+    listeners: {
+	activate: 'reload',
+	itemdblclick: 'editToken',
+    },
+    store: {
+	type: 'diff',
+	autoDestroy: true,
+	autoDestroyRstore: true,
+	sorters: 'tokenid',
+	model: 'pbs-tokens',
+	rstore: {
+	    type: 'store',
+	    proxy: 'memory',
+	    storeid: 'pbs-tokens',
+	    model: 'pbs-tokens',
+	},
+    },
+    tbar: [
+	{
+	    xtype: 'proxmoxButton',
+	    text: gettext('Add'),
+	    handler: 'addToken',
+	    selModel: false,
+	},
+	{
+	    xtype: 'proxmoxButton',
+	    text: gettext('Edit'),
+	    handler: 'editToken',
+	    disabled: true,
+	},
+	{
+	    xtype: 'proxmoxStdRemoveButton',
+	    baseurl: '/access/users/',
+	    callback: 'reload',
+	    getUrl: function(rec) {
+		let tokenid = rec.getId();
+		let user = PBS.Utils.extractTokenUser(tokenid);
+		let tokenname = PBS.Utils.extractTokenName(tokenid);
+		return '/access/users/' + encodeURIComponent(user) + '/token/' + encodeURIComponent(tokenname);
+	    },
+	},
+	{
+	    xtype: 'proxmoxButton',
+	    text: gettext('Permissions'),
+	    handler: 'showPermissions',
+	    disabled: true,
+	},
+    ],
+    viewConfig: {
+	trackOver: false,
+    },
+    columns: [
+	{
+	    header: gettext('User'),
+	    width: 200,
+	    sortable: true,
+	    renderer: 'renderUser',
+	    dataIndex: 'tokenid',
+	},
+	{
+	    header: gettext('Token name'),
+	    width: 100,
+	    sortable: true,
+	    renderer: 'renderTokenname',
+	    dataIndex: 'tokenid',
+	},
+	{
+	    header: gettext('Enabled'),
+	    width: 80,
+	    sortable: true,
+	    renderer: Proxmox.Utils.format_boolean,
+	    dataIndex: 'enable',
+	},
+	{
+	    header: gettext('Expire'),
+	    width: 80,
+	    sortable: true,
+	    renderer: Proxmox.Utils.format_expire,
+	    dataIndex: 'expire',
+	},
+	{
+	    header: gettext('Comment'),
+	    sortable: false,
+	    renderer: Ext.String.htmlEncode,
+	    dataIndex: 'comment',
+	    flex: 1,
+	},
+    ],
diff --git a/www/window/TokenEdit.js b/www/window/TokenEdit.js
new file mode 100644
index 00000000..6b41ae9d
--- /dev/null
+++ b/www/window/TokenEdit.js
@@ -0,0 +1,213 @@
+Ext.define('PBS.window.TokenEdit', {
+    extend: 'Proxmox.window.Edit',
+    alias: 'widget.pbsTokenEdit',
+    mixins: ['Proxmox.Mixin.CBind'],
+    onlineHelp: 'user_mgmt',
+    user: undefined,
+    tokenname: undefined,
+    isAdd: true,
+    isCreate: false,
+    fixedUser: false,
+    subject: gettext('API token'),
+    fieldDefaults: { labelWidth: 120 },
+    items: {
+	xtype: 'inputpanel',
+	column1: [
+	    {
+		xtype: 'pmxDisplayEditField',
+		cbind: {
+		    editable: (get) => get('isCreate') && !get('fixedUser'),
+		},
+		editConfig: {
+		    xtype: 'pbsUserSelector',
+		    allowBlank: false,
+		},
+		name: 'user',
+		value: Proxmox.UserName,
+		renderer: Ext.String.htmlEncode,
+		fieldLabel: gettext('User'),
+	    },
+	    {
+		xtype: 'pmxDisplayEditField',
+		cbind: {
+		    editable: '{isCreate}',
+		},
+		name: 'tokenname',
+		fieldLabel: gettext('Token Name'),
+		minLength: 2,
+		allowBlank: false,
+	    },
+	],
+	column2: [
+	    {
+                xtype: 'datefield',
+                name: 'expire',
+		emptyText: Proxmox.Utils.neverText,
+		format: 'Y-m-d',
+		submitFormat: 'U',
+                fieldLabel: gettext('Expire'),
+            },
+	    {
+		xtype: 'proxmoxcheckbox',
+		fieldLabel: gettext('Enabled'),
+		name: 'enable',
+		uncheckedValue: 0,
+		defaultValue: 1,
+		checked: true,
+	    },
+	],
+	columnB: [
+	    {
+		xtype: 'proxmoxtextfield',
+		name: 'comment',
+		fieldLabel: gettext('Comment'),
+	    },
+	],
+    },
+    getValues: function(dirtyOnly) {
+	var me = this;
+	var values = me.callParent(arguments);
+	// hack: ExtJS datefield does not submit 0, so we need to set that
+	if (!values.expire) {
+	    values.expire = 0;
+	}
+	if (me.isCreate) {
+	    me.url = '/api2/extjs/access/users/';
+	    let uid = encodeURIComponent(values.user);
+	    let tid = encodeURIComponent(values.tokenname);
+	    delete values.user;
+	    delete values.tokenname;
+	    me.url += `${uid}/token/${tid}`;
+	}
+	return values;
+    },
+    setValues: function(values) {
+	var me = this;
+	if (Ext.isDefined(values.expire)) {
+	    if (values.expire) {
+		values.expire = new Date(values.expire * 1000);
+	    } else {
+		// display 'never' instead of '1970-01-01'
+		values.expire = null;
+	    }
+	}
+	me.callParent([values]);
+    },
+    initComponent: function() {
+	let me = this;
+	me.url = '/api2/extjs/access/users/';
+	me.callParent();
+	if (me.isCreate) {
+	    me.method = 'POST';
+	} else {
+	    me.method = 'PUT';
+	    let uid = encodeURIComponent(me.user);
+	    let tid = encodeURIComponent(me.tokenname);
+	    me.url += `${uid}/token/${tid}`;
+	    me.load({
+		success: function(response, options) {
+		    let values =;
+		    values.user = me.user;
+		    values.tokenname = me.tokenname;
+		    me.setValues(values);
+		},
+	    });
+	}
+    },
+    apiCallDone: function(success, response, options) {
+	let res =;
+	if (!success || !res || !res.value) {
+	    return;
+	}
+	Ext.create('PBS.window.TokenShow', {
+	    autoShow: true,
+	    tokenid: res.tokenid,
+	    secret: res.value,
+	});
+    },
+Ext.define('PBS.window.TokenShow', {
+    extend: 'Ext.window.Window',
+    alias: ['widget.pbsTokenShow'],
+    mixins: ['Proxmox.Mixin.CBind'],
+    width: 600,
+    modal: true,
+    resizable: false,
+    title: gettext('Token Secret'),
+    items: [
+	{
+	    xtype: 'container',
+	    layout: 'form',
+	    bodyPadding: 10,
+	    border: false,
+	    fieldDefaults: {
+		labelWidth: 100,
+		anchor: '100%',
+            },
+	    padding: '0 10 10 10',
+	    items: [
+		{
+		    xtype: 'textfield',
+		    fieldLabel: gettext('Token ID'),
+		    cbind: {
+			value: '{tokenid}',
+		    },
+		    editable: false,
+		},
+		{
+		    xtype: 'textfield',
+		    fieldLabel: gettext('Secret'),
+		    inputId: 'token-secret-value',
+		    cbind: {
+			value: '{secret}',
+		    },
+		    editable: false,
+		},
+	    ],
+	},
+	{
+	    xtype: 'component',
+	    border: false,
+	    padding: '10 10 10 10',
+	    userCls: 'pmx-hint',
+	    html: gettext('Please record the API token secret - it will only be displayed now'),
+	},
+    ],
+    buttons: [
+	{
+	    handler: function(b) {
+		document.getElementById('token-secret-value').select();
+		document.execCommand("copy");
+	    },
+	    text: gettext('Copy Secret Value'),
+	},
+    ],

  parent reply	other threads:[~2020-10-28 11:37 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-28 11:36 [pbs-devel] [PATCH proxmox-backup 00/16] API tokens Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-widget-toolkit] add PermissionView Fabian Grünbichler
2020-10-28 16:18   ` [pbs-devel] applied: " Thomas Lamprecht
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 01/16] api: add Authid as wrapper around Userid Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox] rpcenv: rename user to auth_id Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 02/16] config: add token.shadow file Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 03/16] replace Userid with Authid Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 04/16] REST: extract and handle API tokens Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 05/16] api: add API token endpoints Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 06/16] api: allow listing users + tokens Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 07/16] api: add permissions endpoint Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 08/16] client/remote: allow using ApiToken + secret Fabian Grünbichler
2020-10-28 11:36 ` [pbs-devel] [PATCH proxmox-backup 09/16] owner checks: handle backups owned by API tokens Fabian Grünbichler
2020-10-28 11:37 ` [pbs-devel] [PATCH proxmox-backup 10/16] tasks: allow unpriv users to read their tokens' tasks Fabian Grünbichler
2020-10-28 11:37   ` [pbs-devel] [PATCH proxmox-backup 11/16] manager: add token commands Fabian Grünbichler
2020-10-28 11:37   ` [pbs-devel] [PATCH proxmox-backup 12/16] manager: add user permissions command Fabian Grünbichler
2020-10-28 11:37   ` [pbs-devel] [PATCH proxmox-backup 13/16] gui: add permissions button to user view Fabian Grünbichler
2020-10-28 11:37   ` Fabian Grünbichler [this message]
2020-10-28 11:37   ` [pbs-devel] [PATCH proxmox-backup 15/16] acls: allow viewing/editing user's token ACLs Fabian Grünbichler
2020-10-28 11:37   ` [pbs-devel] [PATCH proxmox-backup 16/16] gui: add API " Fabian Grünbichler
2020-10-29 14:23 ` [pbs-devel] applied: [PATCH proxmox-backup 00/16] API tokens Wolfgang Bumiller
2020-10-29 19:50 ` [pbs-devel] " Thomas Lamprecht
2020-10-30  8:03   ` Fabian Grünbichler
2020-10-30  8:48     ` Thomas Lamprecht
2020-10-30  9:55       ` Fabian Grünbichler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal