Bump version

Change api token field to readonly
Add password change view (#168 )
2026-03-10 03:43:12 +08:00 · 2021-10-16 05:44:05 +02:00 · 2021-10-16 05:43:35 +02:00 · 2021-10-16 05:42:04 +02:00 · 2021-10-03 15:13:45 +02:00 · 2021-10-03 09:54:10 +02:00
15 changed files with 177 additions and 80 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 ## v1.8.3 (03/10/2021)
 - [**enhancement**] Enhancement: let user configure to open links in same tab instead on a new window/tab [#27](https://github.com/sissbruecker/linkding/issues/27)
 ---
 ## v1.8.2 (02/10/2021)
 - [**bug**] Fix jumping search box [#163](https://github.com/sissbruecker/linkding/pull/163)
 ---
--- a/bookmarks/templates/registration/password_change_done.html
+++ b/bookmarks/templates/registration/password_change_done.html
@@ -0,0 +1,21 @@
 {% extends 'bookmarks/layout.html' %}
 {% load widget_tweaks %}
 {% block title %}Password changed{% endblock %}
 {% block content %}
    <div class="auth-page">
        <div class="columns">
            <section class="content-area column col-5 col-md-12">
                <div class="content-area-header">
                    <h2>Password Changed</h2>
                </div>
                <p class="text-success">
                    Your password was changed successfully.
                </p>
            </section>
        </div>
    </div>
 {% endblock %}
--- a/bookmarks/templates/registration/password_change_form.html
+++ b/bookmarks/templates/registration/password_change_form.html
@@ -0,0 +1,55 @@
 {% extends 'bookmarks/layout.html' %}
 {% load widget_tweaks %}
 {% block title %}Change Password{% endblock %}
 {% block content %}
    <div class="auth-page">
        <div class="columns">
            <section class="content-area column col-5 col-md-12">
                <div class="content-area-header">
                    <h2>Change Password</h2>
                </div>
                <form method="post" action="{% url 'change_password' %}">
                    {% csrf_token %}
                    <div class="form-group {% if form.old_password.errors %}has-error{% endif %}">
                        <label class="form-label" for="{{ form.old_password.id_for_label }}">Old password</label>
                        {{ form.old_password|add_class:'form-input'|attr:"placeholder: " }}
                        {% if form.old_password.errors %}
                            <div class="form-input-hint">
                                {{ form.old_password.errors }}
                            </div>
                        {% endif %}
                    </div>
                    <div class="form-group {% if form.new_password1.errors %}has-error{% endif %}">
                        <label class="form-label" for="{{ form.new_password1.id_for_label }}">New password</label>
                        {{ form.new_password1|add_class:'form-input'|attr:"placeholder: " }}
                        {% if form.new_password1.errors %}
                            <div class="form-input-hint">
                                {{ form.new_password1.errors }}
                            </div>
                        {% endif %}
                    </div>
                    <div class="form-group {% if form.new_password2.errors %}has-error{% endif %}">
                        <label class="form-label" for="{{ form.new_password2.id_for_label }}">Confirm new password</label>
                        {{ form.new_password2|add_class:'form-input'|attr:"placeholder: " }}
                        {% if form.new_password2.errors %}
                            <div class="form-input-hint">
                                {{ form.new_password2.errors }}
                            </div>
                        {% endif %}
                    </div>
                    <br/>
                    <div class="columns">
                        <div class="column col-3">
                            <input type="submit" value="Change Password" class="btn btn-primary">
                        </div>
                    </div>
                </form>
            </section>
        </div>
    </div>
 {% endblock %}
--- a/bookmarks/templates/settings/api.html
+++ b/bookmarks/templates/settings/api.html
@@ -1,25 +0,0 @@
 {% extends "bookmarks/layout.html" %}
 {% block content %}
    <div class="settings-page">
        {% include 'settings/nav.html' %}
        <section class="content-area">
            <h2>API Token</h2>
            <p>The following token can be used to authenticate 3rd-party applications against the REST API:</p>
            <div class="form-group">
                <div class="columns">
                    <div class="column col-6 col-md-12">
                        <input class="form-input" value="{{ api_token }}" disabled>
                    </div>
                </div>
            </div>
            <p><strong>Please treat this token as you would any other credential.</strong> Any party with access to this
                token can access and manage all your bookmarks.</p>
            <p>If you think that a token was compromised you can revoke (delete) it in the <a href="{% url 'admin:authtoken_tokenproxy_changelist' %}">admin panel</a>. After deleting the token, a new one will be generated when you reload this settings page.</p>
        </section>
    </div>
 {% endblock %}
--- a/bookmarks/templates/settings/general.html
+++ b/bookmarks/templates/settings/general.html
@@ -9,6 +9,9 @@
        {# Profile section #}
        <section class="content-area">
            <h2>Profile</h2>
            <p>
                <a href="{% url 'change_password' %}">Change password</a>
            </p>
            <form action="{% url 'bookmarks:settings.general' %}" method="post" novalidate>
                {% csrf_token %}
                <div class="form-group">
--- a/bookmarks/templates/settings/integrations.html
+++ b/bookmarks/templates/settings/integrations.html
@@ -5,7 +5,6 @@
        {% include 'settings/nav.html' %}
        {# Integrations section #}
        <section class="content-area">
            <h2>Browser Extension</h2>
            <p>The browser extension allows you to quickly add new bookmarks without leaving the page that you are on. The extension is available in the official extension stores for:</p>
@@ -29,5 +28,19 @@
               class="btn btn-primary">📎 Add bookmark</a>
        </section>
        <section class="content-area">
            <h2>REST API</h2>
            <p>The following token can be used to authenticate 3rd-party applications against the REST API:</p>
            <div class="form-group">
                <div class="columns">
                    <div class="column col-6 col-md-12">
                        <input class="form-input" value="{{ api_token }}" readonly>
                    </div>
                </div>
            </div>
            <p><strong>Please treat this token as you would any other credential.</strong> Any party with access to this
                token can access and manage all your bookmarks.</p>
            <p>If you think that a token was compromised you can revoke (delete) it in the <a href="{% url 'admin:authtoken_tokenproxy_changelist' %}">admin panel</a>. After deleting the token, a new one will be generated when you reload this settings page.</p>
        </section>
    </div>
 {% endblock %}
--- a/bookmarks/templates/settings/nav.html
+++ b/bookmarks/templates/settings/nav.html
@@ -1,7 +1,6 @@
 {% url 'bookmarks:settings.index' as index_url %}
 {% url 'bookmarks:settings.general' as general_url %}
 {% url 'bookmarks:settings.integrations' as integrations_url %}
 {% url 'bookmarks:settings.api' as api_url %}
 <ul class="tab tab-block">
    <li class="tab-item {% if request.get_full_path == index_url or request.get_full_path == general_url%}active{% endif %}">
@@ -10,9 +9,6 @@
    <li class="tab-item {% if request.get_full_path == integrations_url %}active{% endif %}">
        <a href="{% url 'bookmarks:settings.integrations' %}">Integrations</a>
    </li>
    <li class="tab-item {% if request.get_full_path == api_url %}active{% endif %}">
        <a href="{% url 'bookmarks:settings.api' %}">API</a>
    </li>
    <li class="tab-item tooltip tooltip-bottom" data-tooltip="The admin panel provides additional features &#010; such as user management and bulk operations.">
        <a href="{% url 'admin:index' %}" target="_blank">
            <span>Admin</span>
--- a/bookmarks/tests/test_password_change_view.py
+++ b/bookmarks/tests/test_password_change_view.py
@@ -0,0 +1,55 @@
 from django.contrib.auth.models import User
 from django.test import TestCase
 from django.urls import reverse
 from bookmarks.tests.helpers import BookmarkFactoryMixin
 class PasswordChangeViewTestCase(TestCase, BookmarkFactoryMixin):
    def setUp(self) -> None:
        self.user = User.objects.create_user('testuser', 'test@example.com', 'initial_password')
        self.client.force_login(self.user)
    def test_change_password(self):
        form_data = {
            'old_password': 'initial_password',
            'new_password1': 'new_password',
            'new_password2': 'new_password',
        }
        response = self.client.post(reverse('change_password'), form_data)
        self.assertRedirects(response, reverse('password_change_done'))
    def test_change_password_done(self):
        form_data = {
            'old_password': 'initial_password',
            'new_password1': 'new_password',
            'new_password2': 'new_password',
        }
        response = self.client.post(reverse('change_password'), form_data, follow=True)
        self.assertContains(response, 'Your password was changed successfully')
    def test_should_return_error_for_invalid_old_password(self):
        form_data = {
            'old_password': 'wrong_password',
            'new_password1': 'new_password',
            'new_password2': 'new_password',
        }
        response = self.client.post(reverse('change_password'), form_data)
        self.assertIn('old_password', response.context_data['form'].errors)
    def test_should_return_error_for_mismatching_new_password(self):
        form_data = {
            'old_password': 'initial_password',
            'new_password1': 'new_password',
            'new_password2': 'wrong_password',
        }
        response = self.client.post(reverse('change_password'), form_data)
        self.assertIn('new_password2', response.context_data['form'].errors)
--- a/bookmarks/tests/test_settings_api_view.py
+++ b/bookmarks/tests/test_settings_api_view.py
@@ -1,40 +0,0 @@
 from django.test import TestCase
 from django.urls import reverse
 from rest_framework.authtoken.models import Token
 from bookmarks.tests.helpers import BookmarkFactoryMixin
 class SettingsApiViewTestCase(TestCase, BookmarkFactoryMixin):
    def setUp(self) -> None:
        user = self.get_or_create_test_user()
        self.client.force_login(user)
    def test_should_render_successfully(self):
        response = self.client.get(reverse('bookmarks:settings.api'))
        self.assertEqual(response.status_code, 200)
    def test_should_check_authentication(self):
        self.client.logout()
        response = self.client.get(reverse('bookmarks:settings.api'), follow=True)
        self.assertRedirects(response, reverse('login') + '?next=' + reverse('bookmarks:settings.api'))
    def test_should_generate_api_token_if_not_exists(self):
        self.assertEqual(Token.objects.count(), 0)
        self.client.get(reverse('bookmarks:settings.api'))
        self.assertEqual(Token.objects.count(), 1)
        token = Token.objects.first()
        self.assertEqual(token.user, self.user)
    def test_should_not_generate_api_token_if_exists(self):
        Token.objects.get_or_create(user=self.user)
        self.assertEqual(Token.objects.count(), 1)
        self.client.get(reverse('bookmarks:settings.api'))
        self.assertEqual(Token.objects.count(), 1)
--- a/bookmarks/tests/test_settings_integrations_view.py
+++ b/bookmarks/tests/test_settings_integrations_view.py
@@ -1,5 +1,6 @@
 from django.test import TestCase
 from django.urls import reverse
 from rest_framework.authtoken.models import Token
 from bookmarks.tests.helpers import BookmarkFactoryMixin
@@ -20,3 +21,20 @@ class SettingsIntegrationsViewTestCase(TestCase, BookmarkFactoryMixin):
        response = self.client.get(reverse('bookmarks:settings.integrations'), follow=True)
        self.assertRedirects(response, reverse('login') + '?next=' + reverse('bookmarks:settings.integrations'))
    def test_should_generate_api_token_if_not_exists(self):
        self.assertEqual(Token.objects.count(), 0)
        self.client.get(reverse('bookmarks:settings.integrations'))
        self.assertEqual(Token.objects.count(), 1)
        token = Token.objects.first()
        self.assertEqual(token.user, self.user)
    def test_should_not_generate_api_token_if_exists(self):
        Token.objects.get_or_create(user=self.user)
        self.assertEqual(Token.objects.count(), 1)
        self.client.get(reverse('bookmarks:settings.integrations'))
        self.assertEqual(Token.objects.count(), 1)
--- a/bookmarks/urls.py
+++ b/bookmarks/urls.py
@@ -23,7 +23,6 @@ urlpatterns = [
    path('settings', views.settings.general, name='settings.index'),
    path('settings/general', views.settings.general, name='settings.general'),
    path('settings/integrations', views.settings.integrations, name='settings.integrations'),
    path('settings/api', views.settings.api, name='settings.api'),
    path('settings/import', views.settings.bookmark_import, name='settings.import'),
    path('settings/export', views.settings.bookmark_export, name='settings.export'),
    # API
--- a/bookmarks/views/settings.py
+++ b/bookmarks/views/settings.py
@@ -43,15 +43,9 @@ def general(request):
@login_required
 def integrations(request):
    application_url = request.build_absolute_uri("/bookmarks/new")
    api_token = Token.objects.get_or_create(user=request.user)[0]
    return render(request, 'settings/integrations.html', {
        'application_url': application_url,
    })
@login_required
 def api(request):
    api_token = Token.objects.get_or_create(user=request.user)[0]
    return render(request, 'settings/api.html', {
        'api_token': api_token.key
    })
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "linkding",
-  "version": "1.8.3",
+  "version": "1.8.4",
  "description": "",
  "main": "index.js",
  "scripts": {
--- a/siteroot/urls.py
+++ b/siteroot/urls.py
@@ -25,11 +25,14 @@ urlpatterns = [
                                                extra_context=dict(allow_registration=ALLOW_REGISTRATION)),
         name='login'),
    path('logout/', auth_views.LogoutView.as_view(), name='logout'),
    path('change-password/', auth_views.PasswordChangeView.as_view(), name='change_password'),
    path('password-change-done/', auth_views.PasswordChangeDoneView.as_view(), name='password_change_done'),
    path('', include('bookmarks.urls')),
 ]
 if DEBUG:
    import debug_toolbar
    urlpatterns.append(path('__debug__/', include(debug_toolbar.urls)))
 if ALLOW_REGISTRATION:
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-1.8.3
+1.8.4
Author	SHA1	Message	Date
Sascha Ißbrücker	7390fc3f4f	Bump version	2021-10-16 05:44:05 +02:00
Sascha Ißbrücker	5e003ede92	Change api token field to readonly	2021-10-16 05:43:35 +02:00
Sascha Ißbrücker	984eef92e2	Add password change view (#168 )	2021-10-16 05:42:04 +02:00
Sascha Ißbrücker	eae6ca6e07	Merge API view with integrations view (#165 )	2021-10-03 15:13:45 +02:00
Sascha Ißbrücker	a6bfaa7c78	Update CHANGELOG.md	2021-10-03 09:54:10 +02:00