Change button style and fix pytest

Small pytest fix

Small pytest fix

Small pytest fix

Small pytest fix

Small pytest fix

Author: BenjaminCharmes

pydatalab/src/pydatalab/routes/v0_1/admin.py

@@ -99,15 +99,10 @@ def save_role(user_id):
 
 @ADMIN.route("/items/<refcode>/invalidate-access-token", methods=["POST"])
 def invalidate_access_token(refcode: str):
-    request_json = request.get_json(silent=True) or {}
-
     if len(refcode.split(":")) != 2:
         refcode = f"{CONFIG.IDENTIFIER_PREFIX}:{refcode}"
 
-    if request_json.get("token") == "admin-invalidation":
-        query = {"refcode": refcode, "active": True, "type": "access_token"}
-    else:
-        query = {"refcode": refcode, "active": True, "type": "access_token"}
+    query = {"refcode": refcode, "active": True, "type": "access_token"}
 
     response = flask_mongo.db.api_keys.update_one(
         query,
@@ -155,7 +150,7 @@ def list_access_tokens():
                 "active": 1,
                 "created_at": 1,
                 "invalidated_at": 1,
-                "token": {"$substr": ["$token", 0, 16]},
+                "token": "$token",
                 "item_name": {
                     "$cond": {
                         "if": {"$gt": [{"$size": "$item_info"}, 0]},

pydatalab/src/pydatalab/routes/v0_1/items.py

@@ -754,7 +754,6 @@ def update_item_permissions(refcode: str):
 
 
 @ITEMS.route("/items/<refcode>/issue-access-token", methods=["POST"])
-@active_users_or_get_only
 def issue_physical_token(refcode: str):
     """Issue a token that will give semi-permanent access to an
     item with this refcode. This should be used when generating
@@ -872,14 +871,9 @@ def get_item_data(item_id: str | None = None, refcode: str | None = None):
             redirect_url += f"?at={access_token}"
         return redirect(redirect_url, code=307)
 
-    valid_access_token: bool = False
+    valid_access_token = False
     if refcode and access_token:
         valid_access_token = check_access_token(refcode, access_token)
-        if not valid_access_token:
-            return (
-                jsonify({"status": "error", "message": "Invalid access token"}),
-                401,
-            )
 
     if item_id:
         match = {"item_id": item_id}
@@ -932,24 +926,6 @@ def get_item_data(item_id: str | None = None, refcode: str | None = None):
             404,
         )
 
-    if valid_access_token:
-        pass
-
-    elif (
-        not current_user.is_authenticated
-        and not CONFIG.TESTING
-        and doc["type"] != "starting_materials"
-    ):
-        return (
-            jsonify(
-                {
-                    "status": "error",
-                    "message": "Authentication required or invalid access token.",
-                }
-            ),
-            401,
-        )
-
     # determine the item type and validate according to the appropriate schema
     try:
         ItemModel = ITEM_MODELS[doc["type"]]

pydatalab/tests/server/test_permissions.py

@@ -89,25 +89,25 @@ def test_basic_permissions_update(admin_client, admin_user_id, client, user_id):
 def test_access_token_permissions(client, unauthenticated_client, admin_client, database):
     response = client.post("/new-sample/", json={"type": "samples", "item_id": "private-sample"})
     assert response.status_code == 201
-    response = response.json()
+    response = response.json
 
     refcode = response["sample_list_entry"]["refcode"]
     assert refcode
 
-    response = client.get(f"/items/{refcode}/issue-access-token")
-    response = response.json()
+    response = client.post(f"/items/{refcode}/issue-access-token")
+    response = response.json
     assert response["status"] == "success"
     token = response["token"]
     assert token
 
     response = unauthenticated_client.get(f"/items/{refcode}")
-    assert response.status_code == 404
+    assert response.status_code == 401
 
     response = unauthenticated_client.get(f"/items/{refcode}?at={token}")
     assert response.status_code == 200
 
     response = unauthenticated_client.get(f"/items/{refcode}?at={token}123")
-    assert response.status_code == 200
+    assert response.status_code == 401
 
     response = admin_client.get(f"/items/{refcode}")
     assert response.status_code == 200

webapp/src/components/QRCode.vue

@@ -40,13 +40,22 @@
 
   <div v-else-if="!isPublicMode" class="mt-3">
     <div class="alert alert-info">
-      <strong>Generate Public QR Code:</strong><br />
-      This QR code requires authentication to access. You can generate a public QR code that allows
-      access without login.
+      <strong v-if="hasExistingToken">Public QR Code Available:</strong>
+      <strong v-else>Generate Public QR Code:</strong>
+      <br />
+      <span v-if="hasExistingToken">
+        A public QR code already exists for this item. You can view it or generate a new one if
+        needed.
+      </span>
+      <span v-else>
+        This QR code requires authentication to access. You can generate a public QR code that
+        allows access without login.
+      </span>
     </div>
 
     <button
-      class="btn btn-warning w-100"
+      class="btn w-100"
+      :class="hasExistingToken ? 'btn-info' : 'btn-warning'"
       :disabled="isGenerating"
       @click.prevent="hasExistingToken ? switchToPublic() : generatePublicQRCode()"
     >
@@ -68,17 +77,21 @@
       </div>
     </div>
 
-    <div class="d-flex justify-content-center">
-      <button class="btn btn-sm btn-outline-primary mr-2" @click="switchToPrivate">
-        <i class="fas fa-eye me-1"></i>View Private QRCode
-      </button>
-      <button
-        class="btn btn-sm btn-outline-danger"
-        :disabled="isInvalidating"
-        @click.stop.prevent="invalidateToken"
-      >
-        <i class="fas fa-trash me-1"></i>Delete Token
-      </button>
+    <div class="row g-2">
+      <div class="col-6">
+        <button class="btn btn-outline-info w-100" @click="switchToPrivate">
+          <i class="fas fa-eye me-1"></i>View Private QRCode
+        </button>
+      </div>
+      <div class="col-6">
+        <button
+          class="btn btn-outline-danger w-100"
+          :disabled="isInvalidating"
+          @click.stop.prevent="invalidateToken"
+        >
+          <i class="fas fa-trash me-1"></i>Delete Token
+        </button>
+      </div>
     </div>
   </div>
 
@@ -164,7 +177,7 @@ export default {
       }
     },
     hasExistingToken() {
-      return this.tokenInfo && this.publicToken && this.publicToken !== "existing-token";
+      return this.tokenInfo && this.publicToken === "existing-token";
     },
   },
   mounted() {
@@ -196,8 +209,7 @@ export default {
         if (response.ok && data.status === "success") {
           if (data.has_token) {
             this.tokenInfo = data.token_info;
-            this.isPublicMode = true;
-            this.publicToken = data.token_info.token;
+            this.publicToken = "existing-token";
           }
         } else if (response.status === 404) {
           console.debug("No access to item or item not found");

webapp/src/components/TokenTable.vue

@@ -14,9 +14,7 @@
     <tbody>
       <tr v-if="isLoading">
         <td colspan="6" class="text-center">
-          <div class="spinner-border spinner-border-sm" role="status">
-            <span class="visually-hidden">Loading...</span>
-          </div>
+          <div class="spinner-border spinner-border-sm" role="status"></div>
           Loading tokens...
         </td>
       </tr>

webapp/src/views/EditPage.vue

@@ -91,7 +91,7 @@
       </div>
     </div>
 
-    <FileSelectModal v-if="isAuthenticated" :item_id="item_id" />
+    <FileSelectModal :item_id="item_id" />
   </div>
 </template>
 
@@ -212,9 +212,6 @@ export default {
     itemApiUrl() {
       return API_URL + "/items/" + this.refcode;
     },
-    isAuthenticated() {
-      return this.$store.state.currentUserID != null;
-    },
   },
   watch: {
     // add a warning before leaving page if unsaved