Add revoking reddit account access

2020-09-17 21:37:02 +02:00 · 2020-09-17 21:37:02 +02:00 · 655e641213
commit 655e641213
parent cdc7ca90da
6 changed files with 102 additions and 18 deletions
--- a/src/newsreader/accounts/templates/accounts/views/integrations.html
+++ b/src/newsreader/accounts/templates/accounts/views/integrations.html
@ -9,33 +9,52 @@
      <div class="integrations">
        <h3 class="integrations__title">Reddit</h3>
        <div class="integrations__controls">
-          <button class="link button button--reddit {% if not reddit_authorization_url %}button--disabled{% endif %}" href="{% if reddit_authorization_url %}{{ reddit_authorization_url }}{% else %}#{% endif %}"{% if not reddit_authorization_url %} disabled{% endif %}>
-            {% trans "Authorize account" %}
-          </button>
+          {% if reddit_authorization_url %}
+            <a class="link button button--reddit" href="{{ reddit_authorization_url }}">
+              {% trans "Authorize account" %}
+            </a>
+          {% else %}
+            <button class="button button--reddit button--disabled" disabled>
+              {% trans "Authorize account" %}
+            </button>
+          {% endif %}

-          <button class="link button button--reddit {% if not reddit_refresh_url %}button--disabled{% endif %}" href="{% if reddit_refresh_url %}{{ reddit_refresh_url }}{% else %}#{% endif %}"{% if not reddit_refresh_token %} disabled {% endif %}>
-            {% trans "Refresh credentials" %}
-          </button>
+          {% if reddit_refresh_url %}
+            <a class="link button button--reddit" href="{{ reddit_refresh_url }}">
+              {% trans "Refresh token" %}
+            </a>
+          {% else %}
+            <button class="button button--reddit button--disabled" disabled>
+              {% trans "Refresh token" %}
+            </button>
+          {% endif %}

-          <button class="link button button--reddit">
-            {% trans "Deauthorize account" %}
-          </button>
+          {% if reddit_revoke_url %}
+            <a class="link button button--reddit" href="{{ reddit_revoke_url }}">
+              {% trans "Deauthorize account" %}
+            </a>
+          {% else %}
+            <button class="button button--reddit button--disabled" disabled>
+              {% trans "Deauthorize account" %}
+            </button>
+          {% endif %}
        </div>
      </div>
+
      <div class="integrations">
        <h3 class="integrations__title">Twitter</h3>
        <div class="integrations__controls">
-          <button class="link button button--twitter" href="#">
+          <a class="link button button--twitter" href="#">
            {% trans "Authorize account" %}
-          </button>
+          </a>

-          <button class="link button button--twitter" href="#">
-            {% trans "Refresh credentials" %}
-          </button>
+          <a class="link button button--twitter" href="#">
+            {% trans "Refresh token" %}
+          </a>

-          <button class="link button button--twitter" href="#">
+          <a class="link button button--twitter" href="#">
            {% trans "Deauthorize account" %}
-          </button>
+          </a>
        </div>
      </div>
    </section>
--- a/src/newsreader/accounts/templates/accounts/views/reddit.html
+++ b/src/newsreader/accounts/templates/accounts/views/reddit.html
@ -13,7 +13,7 @@
        {% endif %}

        <p>
-          <a class="link" href="{% url 'accounts:settings' %}">{% trans "Return to integrations page" %}</a>
+          <a class="link" href="{% url 'accounts:integrations' %}">{% trans "Return to integrations page" %}</a>
        </p>
    </section>
  </main>
--- a/src/newsreader/accounts/urls.py
+++ b/src/newsreader/accounts/urls.py
@ -13,6 +13,7 @@ from newsreader.accounts.views import (
    PasswordResetConfirmView,
    PasswordResetDoneView,
    PasswordResetView,
+    RedditRevokeRedirectView,
    RedditTemplateView,
    RedditTokenRedirectView,
    RegistrationClosedView,
@ -78,6 +79,11 @@ urlpatterns = [
        login_required(RedditTokenRedirectView.as_view()),
        name="reddit-refresh",
    ),
+    path(
+        "settings/integrations/reddit/revoke/",
+        login_required(RedditRevokeRedirectView.as_view()),
+        name="reddit-revoke",
+    ),
    path(
        "settings/integrations",
        login_required(IntegrationsView.as_view()),
--- a/src/newsreader/accounts/views/init.py
+++ b/src/newsreader/accounts/views/init.py
@ -1,6 +1,7 @@
 from newsreader.accounts.views.auth import LoginView, LogoutView
 from newsreader.accounts.views.integrations import (
    IntegrationsView,
+    RedditRevokeRedirectView,
    RedditTemplateView,
    RedditTokenRedirectView,
 )
--- a/src/newsreader/accounts/views/integrations.py
+++ b/src/newsreader/accounts/views/integrations.py
@ -1,3 +1,5 @@
+import logging
+
 from django.contrib import messages
 from django.core.cache import cache
 from django.urls import reverse_lazy
@ -8,10 +10,14 @@ from newsreader.news.collection.exceptions import StreamException
 from newsreader.news.collection.reddit import (
    get_reddit_access_token,
    get_reddit_authorization_url,
+    revoke_reddit_token,
 )
 from newsreader.news.collection.tasks import RedditTokenTask


+logger = logging.getLogger(__name__)
+
+
 class IntegrationsView(TemplateView):
    template_name = "accounts/views/integrations.html"

@ -41,6 +47,11 @@ class IntegrationsView(TemplateView):
        return {
            "reddit_authorization_url": reddit_authorization_url,
            "reddit_refresh_url": reddit_refresh_url,
+            "reddit_revoke_url": (
+                reverse_lazy("accounts:reddit-revoke")
+                if not reddit_authorization_url
+                else None
+            ),
        }


@ -89,7 +100,7 @@ class RedditTemplateView(TemplateView):


 class RedditTokenRedirectView(RedirectView):
-    url = reverse_lazy("accounts:settings")
+    url = reverse_lazy("accounts:integrations")

    def get(self, request, *args, **kwargs):
        response = super().get(request, *args, **kwargs)
@ -105,3 +116,35 @@ class RedditTokenRedirectView(RedirectView):

        messages.error(request, _("Unable to retrieve token"))
        return response
+
+
+class RedditRevokeRedirectView(RedirectView):
+    url = reverse_lazy("accounts:integrations")
+
+    def get(self, request, *args, **kwargs):
+        response = super().get(request, *args, **kwargs)
+
+        user = request.user
+
+        if not user.reddit_refresh_token:
+            messages.error(request, _("No reddit account is linked to this account"))
+            return response
+
+        try:
+            is_revoked = revoke_reddit_token(user)
+        except StreamException:
+            logger.exception(f"Unable to revoke reddit token for {user.pk}")
+
+            messages.error(request, _("Unable to revoke reddit token"))
+            return response
+
+        if not is_revoked:
+            messages.error(request, _("Unable to revoke reddit token"))
+            return response
+
+        user.reddit_access_token = None
+        user.reddit_refresh_token = None
+        user.save()
+
+        messages.success(request, _("Reddit account deathorized"))
+        return response
--- a/src/newsreader/news/collection/reddit.py
+++ b/src/newsreader/news/collection/reddit.py
@ -98,6 +98,21 @@ def get_reddit_access_token(code, user):
    return response_data["access_token"], response_data["refresh_token"]


+# Note that the API always returns 204's with correct basic auth headers
+def revoke_reddit_token(user):
+    client_auth = requests.auth.HTTPBasicAuth(
+        settings.REDDIT_CLIENT_ID, settings.REDDIT_CLIENT_SECRET
+    )
+
+    response = post(
+        f"{REDDIT_URL}/api/v1/revoke_token",
+        data={"token": user.reddit_refresh_token, "token_type_hint": "refresh_token"},
+        auth=client_auth,
+    )
+
+    return response.status_code == 204
+
+
 class RedditBuilder(PostBuilder):
    rule_type = RuleTypeChoices.subreddit