From 98e1689aabb1f779657f572dabb819360197ca71 Mon Sep 17 00:00:00 2001
From: Adarnof <adarnof@gmail.com>
Date: Tue, 1 Nov 2016 23:22:15 -0400
Subject: [PATCH] Record API SSO status (#568)

Added sso_verified flag to EveApiKeyPair
Set sso_verified flag when user validates API key
Allow users to SSO validate existing API keys
---
 .../0004_eveapikeypair_sso_verified.py        | 20 +++++++++++++++++++
 eveonline/models.py                           |  1 +
 eveonline/views.py                            | 16 +++++++++++----
 .../templates/registered/apikeymanagment.html | 19 ++++++++++++++++++
 4 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 eveonline/migrations/0004_eveapikeypair_sso_verified.py

diff --git a/eveonline/migrations/0004_eveapikeypair_sso_verified.py b/eveonline/migrations/0004_eveapikeypair_sso_verified.py
new file mode 100644
index 00000000..38a196c0
--- /dev/null
+++ b/eveonline/migrations/0004_eveapikeypair_sso_verified.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.2 on 2016-11-01 04:20
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('eveonline', '0003_auto_20161026_0149'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='eveapikeypair',
+            name='sso_verified',
+            field=models.BooleanField(default=False),
+        ),
+    ]
diff --git a/eveonline/models.py b/eveonline/models.py
index 77684100..74b26d48 100644
--- a/eveonline/models.py
+++ b/eveonline/models.py
@@ -25,6 +25,7 @@ class EveApiKeyPair(models.Model):
     api_id = models.CharField(max_length=254)
     api_key = models.CharField(max_length=254)
     user = models.ForeignKey(User, blank=True, null=True)
+    sso_verified = models.BooleanField(default=False)
 
     def __str__(self):
         return self.api_id
diff --git a/eveonline/views.py b/eveonline/views.py
index 1e8cd63d..51727f3b 100755
--- a/eveonline/views.py
+++ b/eveonline/views.py
@@ -73,15 +73,20 @@ def add_api_key(request):
 def api_sso_validate(request, tokens, api_id):
     logger.debug('api_sso_validate called by user %s for api %s' % (request.user, api_id))
     api = get_object_or_404(EveApiKeyPair, api_id=api_id)
-    if api.user:
+    if api.user and api.user != request.user:
         logger.warning('User %s attempting to take ownership of api %s from %s' % (request.user, api_id, api.user))
         messages.warning(request, 'API %s already claimed by user %s' % (api_id, api.user))
         return redirect('auth_api_key_management')
+    elif api.sso_verified:
+        logger.debug('API %s has already been verified.' % api_id)
+        messages.info(request, 'API %s has already been verified' % api_id)
+        return redirect('auth_api_key_management')
     token = tokens[0]
-    logger.debug('API %s has no owner. Checking if token for %s matches.' % (api_id, token.character_name))
+    logger.debug('API %s has not been verified. Checking if token for %s matches.' % (api_id, token.character_name))
     characters = EveApiManager.get_characters_from_api(api.api_id, api.api_key).result
     if token.character_id in characters:
         api.user = request.user
+        api.sso_verified = True
         api.save()
         EveCharacter.objects.filter(character_id__in=characters).update(user=request.user, api_id=api_id)
         messages.success(request, 'Confirmed ownership of API %s' % api.api_id)
@@ -92,12 +97,15 @@ def api_sso_validate(request, tokens, api_id):
     else:
         messages.warning(request, '%s not found on API %s. Please SSO as a character on the API.' % (token.character_name, api.api_id))
     return render(request, 'registered/apisso.html', context={'api':api})
-    
+
 
 @login_required
 def api_key_management_view(request):
     logger.debug("api_key_management_view called by user %s" % request.user)
-    context = {'apikeypairs': EveManager.get_api_key_pairs(request.user.id)}
+    context = {
+        'apikeypairs': EveManager.get_api_key_pairs(request.user.id),
+        'api_sso_validation': settings.API_SSO_VALIDATION or False
+    }
 
     return render(request, 'registered/apikeymanagment.html', context=context)
 
diff --git a/stock/templates/registered/apikeymanagment.html b/stock/templates/registered/apikeymanagment.html
index c6de2c29..66272d06 100644
--- a/stock/templates/registered/apikeymanagment.html
+++ b/stock/templates/registered/apikeymanagment.html
@@ -20,11 +20,24 @@
                 <table class="table">
                     <tr>
                         <th class="text-center">{% trans "API ID" %}</th>
+                        {% if api_sso_validation %}
+                        <th class="text-center">{% trans "SSO Verified" %}</th>
+                        {% endif %}
                         <th class="text-center">{% trans "Action" %}</th>
                     </tr>
                     {% for pair in apikeypairs %}
                         <tr>
                             <td class="text-center">{{ pair.api_id }}</td>
+                            {% if api_sso_validation %}
+                            <th class="text-center" style="font-size: 2em;">
+                                {% if pair.sso_verified %}
+                                <span class="glyphicon glyphicon-ok text-success" title="API key verified"></span>
+                                {% else %}
+                                <span class="glyphicon glyphicon-remove text-danger" title="API key not verified">
+                                </span>
+                                {% endif %}
+                            </th>
+                            {% endif %}
                             <td class="text-center">
                                 <a href="{% url 'auth_user_refresh_api' pair.api_id %}" class="btn btn-success">
                                     <span class="glyphicon glyphicon-refresh"></span>
@@ -32,6 +45,12 @@
                                 <a href="{% url 'auth_api_key_removal' pair.api_id %}" class="btn btn-danger">
                                     <span class="glyphicon glyphicon-remove"></span>
                                 </a>
+                                {% if api_sso_validation and not pair.sso_verified %}
+                                <a href="{% url 'auth_api_sso' pair.api_id %}" class="btn btn-info"
+                                   title="EVE SSO verify this key">
+                                    <i class="fa fa-shield" aria-hidden="true"></i>
+                                </a>
+                                {% endif %}
                             </td>
                         </tr>
                     {% endfor %}