From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id A80E6916AF for ; Wed, 21 Dec 2022 12:04:56 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 886AD69D6 for ; Wed, 21 Dec 2022 12:04:26 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 21 Dec 2022 12:04:25 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id AAA0644016 for ; Wed, 21 Dec 2022 12:04:25 +0100 (CET) Message-ID: Date: Wed, 21 Dec 2022 12:04:24 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Thunderbird/109.0 Content-Language: en-GB To: Proxmox Backup Server development discussion , Hannes Laimer References: <20221220145714.63985-1-h.laimer@proxmox.com> <20221220145714.63985-6-h.laimer@proxmox.com> From: Thomas Lamprecht In-Reply-To: <20221220145714.63985-6-h.laimer@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.551 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -1.161 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox-backup 5/5] fix #3887: ui: add regenerate token button X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2022 11:04:56 -0000 On 20/12/2022 15:57, Hannes Laimer wrote: > Signed-off-by: Hannes Laimer > --- > www/config/TokenView.js | 30 ++++++++++++++++++++++++++++++ > 1 file changed, 30 insertions(+) > > diff --git a/www/config/TokenView.js b/www/config/TokenView.js > index 6282a4d4..745f1378 100644 > --- a/www/config/TokenView.js > +++ b/www/config/TokenView.js > @@ -100,6 +100,30 @@ Ext.define('PBS.config.TokenView', { > }).show(); > }, > > + regenerateToken: function() { note that with using a proxmoxButton this has the signature of (button, event, rec) where the record probably should be enough to avoid pulling out the selection manually. > + let me = this; > + let view = me.getView(); > + let selection = view.getSelection(); > + if (selection.length < 1) return; > + let tokenid = selection[0].data.tokenid; > + let user = PBS.Utils.extractTokenUser(tokenid); > + let tokenname = PBS.Utils.extractTokenName(tokenid); > + Proxmox.Utils.API2Request({ > + method: "POST", > + url: `/access/users/${user}/token/${tokenname}/regenerate`, > + success: function(res, opt) { > + Ext.create("PBS.window.TokenShow", { > + autoShow: true, > + tokenid: res.result.data.tokenid, > + secret: res.result.data.value, > + }); > + }, > + failure: function(response, opt) { > + Ext.Msg.alert(gettext("Error"), response.htmlStatus); > + }, would prefer a arrow fn here: failure: res => Ext.Msg.alert(gettext("Error"), res.htmlStatus), > + }); > + }, > + > showPermissions: function() { > let me = this; > let view = me.getView(); > @@ -174,6 +198,12 @@ Ext.define('PBS.config.TokenView', { > handler: 'showPermissions', > disabled: true, > }, > + { > + xtype: 'proxmoxButton', > + text: gettext('Regenerate'), > + handler: 'regenerateToken', I'd really set the proxmoxButton's config for confirming and auto-selecting the no choice by default to avoid that an "sneeze-and-click" accident revokes access of an in-use token without any confirmation prompt at all. E.g., add something like: dangerous: true, confirmMsg: rec => Ext.String.format( gettext("Regenerate the secret of the API token '{0}'? All current use-sites will loose access!"), rec.data.tokenid, // <- just a guesstimate, didn't actually test this ), The function could also just be a plain text without referencing the token ID, but IMO it has some non-negligible value to show such things in confirmations. > + disabled: true, > + }, > ], > > viewConfig: { ))))