Code and documentation cleanup

API.md

@@ -1495,10 +1495,10 @@ data.
 
     Deletes existing user.
 
-## Listing tokens
+## Listing user tokens
 - **Request**
 
-    `GET /user-tokens/`
+    `GET /user-tokens/<user_name>`
 
 - **Output**
 
@@ -1513,15 +1513,19 @@ data.
 
     Searches for users tokens for the currently logged in user.
 
-## Creating token
+## Creating a user token
 - **Request**
 
-    `POST /user-token`
+    `POST /user-token/<user_name>`
 
 - **Input**
 
     ```json5
-    {}
+    {
+        "enabled":    <enabled>, // optional
+        "note":       <note>, // optional
+        "expiration": <expiration>, // optional
+    }
     ```
 
 - **Output**
@@ -1537,10 +1541,10 @@ data.
     Creates a new user token that can be used for authentication of api
     endpoints instead of a password.
     
-## Updating user
+## Updating a user token
 - **Request**
 
-    `PUT /user-token/<token>`
+    `PUT /user-token/<user_name>/<token>`
 
 - **Input**
 
@@ -1548,6 +1552,8 @@ data.
     {
         "version":    <version>,
         "enabled":    <enabled>, // optional
+        "note":       <note>, // optional
+        "expiration": <expiration>, // optional
     }
     ```
 
@@ -1567,15 +1573,17 @@ data.
     except the [`version`](#versioning) are optional - update concerns only 
     provided fields.
 
-## Deleting token
+## Deleting a user token
 - **Request**
 
-    `DELETE /user-token/<token>`
+    `DELETE /user-token/<user_name>/<token>`
 
 - **Input**
 
     ```json5
-    {}
+    {
+        "version":    <version>,
+    }
     ```
 
 - **Output**
@@ -1836,7 +1844,9 @@ A single user token.
 {
     "user":         <user>,
     "token":        <token>,
+    "note":         <token>,
     "enabled":      <enabled>,
+    "expiration":   <expiration>,
     "version":      <version>,
     "creationTime": <creation-time>,
     "lastEditTime": <last-edit-time>,
@@ -1846,7 +1856,9 @@ A single user token.
 **Field meaning**
 - `<user>`: micro user. See [micro user](#micro-user).
 - `<token>`: the token that can be used to authenticate the user.
+- `<note>`: a note that describes the token.
 - `<enabled>`: whether the token is still valid for authentication.
+- `<expiration>`: time when the token expires.
 - `<version>`: resource version. See [versioning](#versioning).
 - `<creation-time>`: time the user token was created , formatted as per RFC 3339.
 - `<last-edit-time>`: time the user token was edited, formatted as per RFC 3339.

server/szurubooru/func/users.py

@@ -1,9 +1,7 @@
 from datetime import datetime
 from typing import Any, Optional, Union, List, Dict, Callable
-
 import re
 import sqlalchemy as sa
-
 from szurubooru import config, db, model, errors, rest
 from szurubooru.func import auth, util, serialization, files, images
 

server/szurubooru/migrations/versions/a39c7f98a7fa_add_user_token_table.py

@@ -26,11 +26,11 @@ def upgrade():
                     sa.Column('creation_time', sa.DateTime(), nullable=False),
                     sa.Column('last_edit_time', sa.DateTime(), nullable=True),
                     sa.Column('version', sa.Integer(), nullable=False),
-                    sa.ForeignKeyConstraint(['user_id'], ['user.id'],
+                    sa.ForeignKeyConstraint(
-                                            ondelete='CASCADE'),
+                        ['user_id'], ['user.id'], ondelete='CASCADE'),
                     sa.PrimaryKeyConstraint('id'))
-    op.create_index(op.f('ix_user_token_user_id'), 'user_token',
+    op.create_index(
-                    ['user_id'], unique=False)
+        op.f('ix_user_token_user_id'), 'user_token', ['user_id'], unique=False)
 
 
 def downgrade():

server/szurubooru/model/__init__.py

@@ -1,5 +1,5 @@
 from szurubooru.model.base import Base
-from szurubooru.model.user import (User, UserToken)
+from szurubooru.model.user import User, UserToken
 from szurubooru.model.tag_category import TagCategory
 from szurubooru.model.tag import Tag, TagName, TagSuggestion, TagImplication
 from szurubooru.model.post import (

server/szurubooru/tests/func/test_user_tokens.py

@@ -12,14 +12,16 @@ def test_serialize_user_token(user_token_factory):
     with patch('szurubooru.func.users.get_avatar_url'):
         users.get_avatar_url.return_value = 'https://example.com/avatar.png'
         result = user_tokens.serialize_user_token(user_token, user_token.user)
-        assert result == {'creationTime': datetime(1997, 1, 1, 0, 0),
+        assert result == {
+            'creationTime': datetime(1997, 1, 1, 0, 0),
             'enabled': True,
             'lastEditTime': None,
             'token': 'dummy',
             'user': {
                 'avatarUrl': 'https://example.com/avatar.png',
                 'name': user_token.user.name},
-                          'version': 1}
+            'version': 1
+        }
 
 
 def test_serialize_user_token_none():

server/szurubooru/tests/middleware/test_authenticator.py

@@ -14,7 +14,8 @@ def test_process_request_no_header(context_factory):
 
 def test_process_request_basic_auth_valid(context_factory, user_factory):
     user = user_factory()
-    ctx = context_factory(headers={
+    ctx = context_factory(
+        headers={
             'Authorization': "Basic dGVzdFVzZXI6dGVzdFBhc3N3b3Jk"
         })
     with patch('szurubooru.func.auth.is_valid_password'), \
@@ -27,7 +28,8 @@ def test_process_request_basic_auth_valid(context_factory, user_factory):
 
 def test_process_request_token_auth_valid(context_factory, user_token_factory):
     user_token = user_token_factory()
-    ctx = context_factory(headers={
+    ctx = context_factory(
+        headers={
             'Authorization': "Token dGVzdFVzZXI6dGVzdFRva2Vu"
         })
     with patch('szurubooru.func.auth.is_valid_token'), \
@@ -41,7 +43,8 @@ def test_process_request_token_auth_valid(context_factory, user_token_factory):
 
 
 def test_process_request_bad_header(context_factory):
-    ctx = context_factory(headers={
+    ctx = context_factory(
+        headers={
             'Authorization': "Secret SuperSecretValue"
         })
     with pytest.raises(errors.HttpBadRequest):