Personal settings auth tokens

[ChristophWurst]

requires #24686, #24677
fixes #23458

TODO:

• rebase onto add method to query all user auth tokens #24686
• rebase onto a single token provider suffices #24677
• list browser sessions and devices
• add button to invalidate token
• add button to create a new device token
• unit tests

Ideas for follow-up PRs:

• Allow omitting the dashes of device tokens, so users can use both 'ABCDEFGHIJKLMNOPQRST' and 'ABCDE-FGHIJ-KLMNO-PQRST'
• Don't allow the users to kill the active browser session as that would log them out (probably unintended)
• Convert sync client user agents like Mozilla/5.0 (Linux) mirall/2.1.1 to something like ownCloud sync client 2.1.1

cc @MorrisJobke

[nickvergessen]

Please either use the full class or import the full class

[nickvergessen]

Also only public interfaces shall be returned™

[nickvergessen]

If there is no public interface yet, because it's not yet done add a FIXME/TODO to make that clear

[MorrisJobke]

But this is an internal only method.

[nickvergessen]

Then @internal ? ;)

[MorrisJobke]

After applying this:

diff --git a/settings/css/settings.css b/settings/css/settings.css
index be61265..42e2594 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -100,21 +100,27 @@ input#identity {
 table.nostyle label { margin-right: 2em; }
 table.nostyle td { padding: 0.2em 0; }

-#sessions,
-#devices {
-   min-height: 180px;
-}
 #sessions table,
 #devices table {
    width: 100%;
-   min-height: 150px;
-   padding-top: 25px;
 }
 #sessions table th,
 #devices table th {
    font-weight: 800;
 }

+#sessions table th,
+#sessions table td,
+#devices table th,
+#devices table td {
+   padding: 10px;
+}
+
+#sessions .token-list td,
+#devices .token-list td {
+   border-top: 1px solid #DDD;
+}
+
 /* USERS */
 #newgroup-init a span { margin-left: 20px; }
 #newgroup-init a span:before {
diff --git a/settings/js/authtoken_view.js b/settings/js/authtoken_view.js
index 0ca1682..b2bdee8 100644
--- a/settings/js/authtoken_view.js
+++ b/settings/js/authtoken_view.js
@@ -50,7 +50,9 @@
            list.html('');

            tokens.forEach(function(token) {
-               var html = _this.template(token.toJSON());
+               var t = token.toJSON();
+               t.lastActivity = moment(t.lastActivity, 'X').format('LLL');
+               var html = _this.template(t);
                list.append(html);
            });
        },

It looks like this:

[MorrisJobke]

@ChristophWurst @PVince81 What is the best way in Backbone to apply the date format stuff? Should this be a template filter?

[PVince81]

So far I'd just preformat the date before passing it to the template as string.
See how it's done in here: https://github.com/owncloud/core/blob/master/apps/files/js/mainfileinfodetailview.js#L148

[nickvergessen]

if we want this information to be available on the client one day, it needs to be OCS, but I think for now it's okay

[ChristophWurst]

(Note that the token is now 4x5chars and not 5x5 like in the screenshot)

[ChristophWurst]

@MorrisJobke @LukasReschke @rullzer review please

[PVince81]

• BUG: use $(...).tooltip() on the trashbin element to make the tooltip look better

[PVince81]

• TODO: make the field for the generated token a real read-only input field + autofocus + autoselect on click, just like the permalink one, see https://github.com/owncloud/core/blob/master/apps/files/js/mainfileinfodetailview.js#L64

[PVince81]

I'd even say, as soon as the token field gets displayed, autoselect it. If the user clicks away and clicks on it again, reselect again. Goal is to be able to quickly Ctrl+C.

[PVince81]

• do we want the date in the table to be human readable, like "1 hour ago" + tooltip with full date ? Use OC.Util.relativeModifiedDate(timeStamp) for that

[PVince81]

compile the template at usage time.

See https://github.com/owncloud/core/blob/v8.2.0/apps/files_versions/js/versionstabview.js#L146

[ChristophWurst]

if someone knows a better way let me know

[PVince81]

• minor: missing empty message for the lists when empty. I'd suggest to hide the table header and the message "You've linked these devices" when the list is empty. Challenge is to make the list appear as soon as the first entry gets added

[PVince81]

• bug? I can create several devices with the same name

[ChristophWurst]

I think i broke something, no browser sessions are listed now fixed

[ChristophWurst]

bug? I can create several devices with the same name

Not a bug in my opinion, but I'll open an enhancement issue.

[PVince81]

Fair enough 👍

[PVince81]

Second review ? @nickvergessen @schiesbn @MorrisJobke @LukasReschke @Xenopathic @rullzer

[nickvergessen]

not required, because id is unique?

[nickvergessen]

Or don't you check ownership before

[ChristophWurst]

Exactly, I want to prevent users deleting other users tokens

https://github.com/owncloud/core/pull/24703/files#diff-86dbc8c463c390f9fcc767a856c332a3R147

[nickvergessen]

Works, and I agree that the same name is "not a bug"

👍

[oparoz]

Cool feature, thanks guys :)

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.