diff --git a/client/html/user_tokens.tpl b/client/html/user_tokens.tpl
index a433d55c..cd5901ce 100644
--- a/client/html/user_tokens.tpl
+++ b/client/html/user_tokens.tpl
@@ -22,6 +22,11 @@
Expires:
<%= new Date(token.expirationTime).toLocaleDateString() %>
+ <% } else { %>
+
+
Expires:
+
No Expiration
+
diff --git a/client/js/api.js b/client/js/api.js
index 411cbb1d..efb4c4b0 100644
--- a/client/js/api.js
+++ b/client/js/api.js
@@ -16,7 +16,7 @@ class Api extends events.EventTarget {
this.user = null;
this.userName = null;
this.userPassword = null;
- this.userToken = null;
+ this.token = null;
this.cache = {};
this.allRanks = [
'anonymous',
@@ -98,7 +98,7 @@ class Api extends events.EventTarget {
this.cache = {};
return new Promise((resolve, reject) => {
this.userName = userName;
- this.userToken = token;
+ this.token = token;
this.get('/user/' + userName + '?bump-login=true')
.then(response => {
const options = {};
@@ -135,7 +135,7 @@ class Api extends events.EventTarget {
{'user': userName, 'token': response.token},
options);
this.userName = userName;
- this.userToken = response.token;
+ this.token = response.token;
this.userPassword = null;
}, error => {
reject(error);
@@ -183,7 +183,7 @@ class Api extends events.EventTarget {
logout() {
let self = this;
- this.deleteToken(this.userName, this.userToken)
+ this.deleteToken(this.userName, this.token)
.then(response => {
self._logout();
}, error => {
@@ -195,7 +195,7 @@ class Api extends events.EventTarget {
this.user = null;
this.userName = null;
this.userPassword = null;
- this.userToken = null;
+ this.token = null;
this.dispatchEvent(new CustomEvent('logout'));
}
@@ -333,10 +333,10 @@ class Api extends events.EventTarget {
}
try {
- if (this.userName && this.userToken) {
+ if (this.userName && this.token) {
req.auth = null;
req.set('Authorization', 'Token '
- + new Buffer(this.userName + ":" + this.userToken).toString('base64'))
+ + new Buffer(this.userName + ":" + this.token).toString('base64'))
} else if (this.userName && this.userPassword) {
req.auth(
this.userName,
diff --git a/client/js/controllers/user_controller.js b/client/js/controllers/user_controller.js
index a66f4f93..786fb729 100644
--- a/client/js/controllers/user_controller.js
+++ b/client/js/controllers/user_controller.js
@@ -216,14 +216,18 @@ class UserController {
_evtDeleteToken(e) {
this._view.clearMessages();
this._view.disableForm();
- e.detail.userToken.delete(e.detail.user.name)
- .then(() => {
- const ctx = router.show(uri.formatClientLink('user', e.detail.user.name, 'list-tokens'));
- ctx.controller.showSuccess('Token ' + e.detail.userToken.token + ' deleted.');
- }, error => {
- this._view.showError(error.message);
- this._view.enableForm();
- });
+ if (e.detail.userToken.token === api.token) {
+ router.show(uri.formatClientLink('logout'));
+ } else {
+ e.detail.userToken.delete(e.detail.user.name)
+ .then(() => {
+ const ctx = router.show(uri.formatClientLink('user', e.detail.user.name, 'list-tokens'));
+ ctx.controller.showSuccess('Token ' + e.detail.userToken.token + ' deleted.');
+ }, error => {
+ this._view.showError(error.message);
+ this._view.enableForm();
+ });
+ }
}
}
diff --git a/server/szurubooru/func/auth.py b/server/szurubooru/func/auth.py
index 606d13f5..7de12bfb 100644
--- a/server/szurubooru/func/auth.py
+++ b/server/szurubooru/func/auth.py
@@ -86,7 +86,8 @@ def is_valid_token(user_token: model.UserToken) -> bool:
Token must be enabled and if it has an expiration, it must be
greater than now.
'''
- assert user_token
+ if user_token is None:
+ return False
if not user_token.enabled:
return False
if (user_token.expiration_time is not None
diff --git a/server/szurubooru/tests/func/test_auth.py b/server/szurubooru/tests/func/test_auth.py
index bf22c8d2..6dc79bb5 100644
--- a/server/szurubooru/tests/func/test_auth.py
+++ b/server/szurubooru/tests/func/test_auth.py
@@ -1,5 +1,5 @@
-import pytest
from datetime import datetime, timedelta
+import pytest
from szurubooru.func import auth