From 08fe37fe4ba1729708579c0b53fa9d503b4f2753 Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Thu, 7 Jul 2011 19:37:11 +0100
Subject: [PATCH] Fixed API key updating, removed the ability for people to
 remove API keys

---
 app/eve_api/forms.py               | 23 +++++++++++++++++------
 app/eve_api/tasks/account.py       |  6 ++++--
 app/eve_api/urls.py                |  2 +-
 app/eve_api/views.py               |  6 +++---
 app/sso/templates/sso/profile.html |  2 +-
 5 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/app/eve_api/forms.py b/app/eve_api/forms.py
index bbe7e52..4180bfa 100644
--- a/app/eve_api/forms.py
+++ b/app/eve_api/forms.py
@@ -12,6 +12,14 @@ class EveAPIForm(forms.ModelForm):
         fields = ('api_user_id', 'api_key', 'description', 'user')
         widgets = {'user': forms.HiddenInput()}
 
+    def __init__(self, *args, **kwargs):
+        super(EveAPIForm, self).__init__(*args, **kwargs)
+        instance = getattr(self, 'instance', None)
+
+        if instance and instance.pk:
+            # We're editing a existing instance, readonly the userid
+            self.fields['api_user_id'].widget.attrs['readonly'] = True
+
     def clean_api_key(self):
 
         if not len(self.cleaned_data['api_key']) == 64:
@@ -22,22 +30,25 @@ class EveAPIForm(forms.ModelForm):
 
         return self.cleaned_data['api_key']
 
-    def clean_user_id(self):
+    def clean_api_user_id(self):
 
-        if not 'user_id' in self.cleaned_data or self.cleaned_data['user_id'] == '':
+        if not 'api_user_id' in self.cleaned_data or self.cleaned_data['api_user_id'] == '':
             raise forms.ValidationError("Please provide a valid User ID")
 
         try:
-            int(self.cleaned_data['user_id'])
+            int(self.cleaned_data['api_user_id'])
         except ValueError:
             raise forms.ValidationError("Please provide a valid user ID.")
 
-        if not self.update:
+        if not getattr(self, 'instance', None):
             try:
-                eaccount = EVEAccount.objects.get(api_user_id=self.cleaned_data['user_id'])
+                eaccount = EVEAccount.objects.get(api_user_id=self.cleaned_data['api_user_id'])
             except EVEAccount.DoesNotExist:
                 pass
             else:
                 raise forms.ValidationError("This API User ID is already registered")
+        else:
+            if not int(self.cleaned_data['api_user_id']) == self.instance.api_user_id:
+                raise forms.ValidationError("You cannot change your API User ID")
 
-        return self.cleaned_data['user_id']
+        return self.cleaned_data['api_user_id']
diff --git a/app/eve_api/tasks/account.py b/app/eve_api/tasks/account.py
index d40f787..7eb412a 100644
--- a/app/eve_api/tasks/account.py
+++ b/app/eve_api/tasks/account.py
@@ -102,8 +102,10 @@ def import_apikey_func(api_userid, api_key, user=None, force_cache=False, log=lo
 
     # Create or retrieve the account last to make sure everything
     # before here is good to go.
-    account, created = EVEAccount.objects.get_or_create(api_key=api_key, api_user_id=api_userid)
-    account.api_key = api_key
+    account, created = EVEAccount.objects.get_or_create(api_user_id=api_userid)
+    if not created and not account.api_key == api_key:
+        account.api_key = api_key
+        account.api_keytype = API_KEYTYPE_UNKNOWN
     account.api_status = API_STATUS_OK
     if user and created:
         account.user = User.objects.get(id=user)
diff --git a/app/eve_api/urls.py b/app/eve_api/urls.py
index ed61f68..052f367 100644
--- a/app/eve_api/urls.py
+++ b/app/eve_api/urls.py
@@ -6,7 +6,7 @@ from eve_api import views
 urlpatterns = patterns('',
     url(r'^eveapi/add/', views.eveapi_add, name="eveapi-add"),
     url(r'^eveapi/update/(?P<userid>\d+)/$', views.eveapi_update, name="eveapi-update"),
-    url(r'^eveapi/delete/(?P<userid>\d+)/$', views.eveapi_del, name="eveapi-delete"),
+    #url(r'^eveapi/delete/(?P<userid>\d+)/$', views.eveapi_del, name="eveapi-delete"),
     url(r'^eveapi/refresh/(?P<userid>\d+)/$', views.eveapi_refresh, name="eveapi-refresh"),
     url(r'^eveapi/log/(?P<userid>\d+)/$', views.eveapi_log, name="eveapi-log"),
 
diff --git a/app/eve_api/views.py b/app/eve_api/views.py
index d2227c3..f5b3627 100644
--- a/app/eve_api/views.py
+++ b/app/eve_api/views.py
@@ -56,11 +56,11 @@ def eveapi_update(request, userid, post_save_redirect='/'):
     if request.method == 'POST':
         form = EveAPIForm(request.POST, instance=acc)
         if form.is_valid():
-            if form.has_changed() and ('api_key' in form.changed_data or 'api_user_id' in form.changed_data):
-                acc = form.save()
+            if form.has_changed() and ('api_key' in form.changed_data):
+                #acc = form.save()
                 task = import_apikey_result.delay(api_key=acc.api_key, api_userid=acc.api_user_id, user=request.user.id)
                 try:
-                    task.wait(10)
+                    task.wait(30)
                 except celery.exceptions.TimeoutError:
                     msg = "The addition of your API key is still processing, please check back in a minute or so."
                 except DocumentRetrievalError:
diff --git a/app/sso/templates/sso/profile.html b/app/sso/templates/sso/profile.html
index 43281be..c270252 100644
--- a/app/sso/templates/sso/profile.html
+++ b/app/sso/templates/sso/profile.html
@@ -114,7 +114,7 @@ setup.</p>
     <td><a href="{% url eve_api.views.eveapi_refresh acc.api_user_id %}"  onclick="javascript:refresh_apikey({{ acc.api_user_id }}); return false;">Refresh</a>,&nbsp;
         <a href="{% url eve_api.views.eveapi_update acc.api_user_id %}">Update Key</a>,&nbsp;
         <a href="{% url eve_api.views.eveapi_log acc.api_user_id %}">Logs</a>,&nbsp;
-        <a href="{% url eve_api.views.eveapi_del acc.api_user_id %}">Delete</a></td>
+        <!--<a href="{% url eve_api.views.eveapi_del acc.api_user_id %}">Delete</a></td>-->
 </tr>
 {% endfor %}
 </table>