Allow generating and re-generating tokens from the new UI

Author: ipeterov

aiarena/frontend-spa/src/_components/_actions/RegenerateTokenButton.tsx

@@ -0,0 +1,78 @@
+import { graphql, useFragment, useMutation } from "react-relay";
+
+import useSnackbarErrorHandlers from "@/_lib/useSnackbarErrorHandlers";
+import SquareButton from "@/_components/_actions/SquareButton";
+import { RegenerateTokenButtonMutation } from "./__generated__/RegenerateTokenButtonMutation.graphql";
+import { RegenerateTokenButton_viewer$key } from "./__generated__/RegenerateTokenButton_viewer.graphql";
+
+interface RegenerateTokenButtonProps {
+  viewer: RegenerateTokenButton_viewer$key;
+  outerClassName?: string;
+}
+
+export default function RegenerateTokenButton({
+  viewer,
+  outerClassName,
+}: RegenerateTokenButtonProps) {
+  const data = useFragment(
+    graphql`
+      fragment RegenerateTokenButton_viewer on Viewer {
+        apiToken
+      }
+    `,
+    viewer,
+  );
+  const hasToken = Boolean(data.apiToken);
+
+  const [regenerateToken, regenerating] =
+    useMutation<RegenerateTokenButtonMutation>(
+      graphql`
+        mutation RegenerateTokenButtonMutation {
+          regenerateApiToken {
+            viewer {
+              ...TokenReveal_viewer
+            }
+            errors {
+              messages
+              field
+            }
+          }
+        }
+      `,
+    );
+
+  const { onCompleted, onError } = useSnackbarErrorHandlers(
+    "regenerateApiToken",
+    hasToken
+      ? "API token regenerated successfully!"
+      : "API token generated successfully!",
+  );
+
+  const handleRegenerate = () => {
+    if (
+      hasToken &&
+      !window.confirm(
+        "Regenerate your API token? Your current token will stop working immediately.",
+      )
+    ) {
+      return;
+    }
+    regenerateToken({
+      variables: {},
+      onCompleted: (response, errors) => {
+        onCompleted(response, errors);
+      },
+      onError,
+    });
+  };
+
+  return (
+    <SquareButton
+      onClick={handleRegenerate}
+      isLoading={regenerating}
+      disabled={regenerating}
+      text={hasToken ? "Regenerate" : "Generate"}
+      outerClassName={outerClassName}
+    />
+  );
+}

aiarena/frontend-spa/src/_components/_actions/TokenReveal.tsx

@@ -5,23 +5,49 @@ import {
   EyeSlashIcon,
 } from "@heroicons/react/20/solid";
 import { useSnackbar } from "notistack";
+import { graphql, useFragment } from "react-relay";
+
+import { TokenReveal_viewer$key } from "./__generated__/TokenReveal_viewer.graphql";
 
 interface TokenRevealProps {
-  token: string | null | undefined;
+  viewer: TokenReveal_viewer$key;
   className?: string;
 }
 
 const MASK = "•••••••••••••••••••••••••••••••••••••••";
 
-export default function TokenReveal({ token, className }: TokenRevealProps) {
+export default function TokenReveal({ viewer, className }: TokenRevealProps) {
   const { enqueueSnackbar } = useSnackbar();
   const [visible, setVisible] = useState(false);
 
+  const data = useFragment(
+    graphql`
+      fragment TokenReveal_viewer on Viewer {
+        apiToken
+      }
+    `,
+    viewer,
+  );
+  const token = data.apiToken;
+
   const handleCopy = () => {
     navigator.clipboard.writeText(token ?? "");
     enqueueSnackbar("API token copied to clipboard!");
   };
 
+  if (!token) {
+    return (
+      <div
+        className={
+          "flex items-center bg-black text-gray-400 px-2 py-1 rounded font-mono text-xs italic " +
+          (className ?? "")
+        }
+      >
+        No API token yet.
+      </div>
+    );
+  }
+
   return (
     <div
       className={

aiarena/frontend-spa/src/_pages/Developers/Developers.tsx

@@ -8,7 +8,7 @@ export default function Developers() {
     graphql`
       query DevelopersQuery {
         viewer {
-          apiToken
+          ...DevelopersContent_viewer
           user {
             username
           }
@@ -29,7 +29,7 @@ export default function Developers() {
 
   return (
     <DevelopersContent
-      apiToken={data.viewer?.apiToken ?? null}
+      viewer={data.viewer ?? null}
       isLoggedIn={Boolean(data.viewer?.user)}
       sampleRoundId={sampleRoundId}
     />

aiarena/frontend-spa/src/_pages/Developers/DevelopersContent.tsx

@@ -1,8 +1,11 @@
 import { useMemo, useState } from "react";
+import { graphql, useFragment } from "react-relay";
 
+import { DevelopersContent_viewer$key } from "./__generated__/DevelopersContent_viewer.graphql";
 import WrappedTitle from "@/_components/_display/WrappedTitle";
 import CodeBlock from "@/_components/_display/CodeBlock";
 import TokenReveal from "@/_components/_actions/TokenReveal";
+import RegenerateTokenButton from "@/_components/_actions/RegenerateTokenButton";
 import TabNav from "@/_components/_nav/TabNav";
 import SquareButton from "@/_components/_actions/SquareButton";
 import LanguagePicker from "@/_components/_actions/LanguagePicker";
@@ -251,21 +254,32 @@ function playgroundUrl(example: Example): string {
 }
 
 interface DevelopersContentProps {
-  apiToken: string | null;
+  viewer: DevelopersContent_viewer$key | null;
   isLoggedIn: boolean;
   sampleRoundId: string | null;
 }
 
 export default function DevelopersContent({
-  apiToken,
+  viewer,
   isLoggedIn,
   sampleRoundId,
 }: DevelopersContentProps) {
+  const data = useFragment(
+    graphql`
+      fragment DevelopersContent_viewer on Viewer {
+        apiToken
+        ...TokenReveal_viewer
+        ...RegenerateTokenButton_viewer
+      }
+    `,
+    viewer,
+  );
+
   const examples = useMemo(() => buildExamples(sampleRoundId), [sampleRoundId]);
   const [activeExample, setActiveExample] = useState(examples[0].name);
 
   const example = examples.find((e) => e.name === activeExample) ?? examples[0];
-  const tokenForSnippet = apiToken ?? TOKEN_PLACEHOLDER;
+  const tokenForSnippet = data?.apiToken ?? TOKEN_PLACEHOLDER;
 
   return (
     <div className="max-w-5xl mx-auto">
@@ -299,9 +313,10 @@ export default function DevelopersContent({
 
       <div className="bg-darken-2 border border-neutral-600 rounded-md p-4 mb-8">
         <h3 className="text-base font-semibold mb-2">Your API token</h3>
-        {isLoggedIn ? (
+        {isLoggedIn && data ? (
           <>
-            <TokenReveal token={apiToken} />
+            <TokenReveal viewer={data} />
+            <RegenerateTokenButton viewer={data} outerClassName="mt-2" />
             <p className="text-xs text-gray-400 mt-2">
               For non-browser clients (scripts, servers, bots), send it as the{" "}
               <span className="font-mono">Authorization: Token &lt;key&gt;</span>{" "}

aiarena/frontend-spa/src/_pages/UserSettings/UserSettingsSection.tsx

@@ -12,6 +12,7 @@ import LoadingSpinner from "@/_components/_display/LoadingSpinnerGray";
 import useStateWithLocalStorage from "@/_components/_hooks/useStateWithLocalStorage";
 import SimpleToggle from "@/_components/_actions/_toggle/SimpleToggle";
 import TokenReveal from "@/_components/_actions/TokenReveal";
+import RegenerateTokenButton from "@/_components/_actions/RegenerateTokenButton";
 import SquareButton from "@/_components/_actions/SquareButton";
 interface UserSettingsSectionProps {
   viewer: UserSettingsSection_viewer$key;
@@ -21,7 +22,8 @@ export default function UserSettingsSection(props: UserSettingsSectionProps) {
   const viewer = useFragment(
     graphql`
       fragment UserSettingsSection_viewer on Viewer {
-        apiToken
+        ...TokenReveal_viewer
+        ...RegenerateTokenButton_viewer
         receiveEmailComms
         lastLogin
         dateJoined
@@ -222,7 +224,9 @@ export default function UserSettingsSection(props: UserSettingsSectionProps) {
             <div className="bg-darken-2 border border-neutral-600 shadow-lg shadow-black rounded-md backdrop-blur-sm">
               <h3 className="mt-1 ml-2 text-base font-semibold ">API Token</h3>
               <div className=" p-4">
-                <TokenReveal token={viewer.apiToken} />
+                <TokenReveal viewer={viewer} />
+
+                <RegenerateTokenButton viewer={viewer} outerClassName="mt-3" />
 
                 <p className="text-sm text-gray-300 mt-3">
                   For deeper queries, fewer requests, and an interactive

aiarena/graphql/mutations.py

@@ -16,6 +16,7 @@
 from graphene_django.types import ErrorType
 from graphene_file_upload.scalars import Upload
 from graphql import GraphQLError
+from rest_framework.authtoken.models import Token
 
 from aiarena.api.arenaclient.common.ac_coordinator import ACCoordinator
 from aiarena.api.arenaclient.common.exceptions import LadderDisabled
@@ -46,6 +47,7 @@
     ResultType,
     TemporaryUploadID,
     TemporaryUploadType,
+    Viewer,
 )
 
 
@@ -334,6 +336,28 @@ def mutate(self, info: graphene.ResolveInfo) -> "SignOut":
         return SignOut(errors=[])
 
 
+class RegenerateApiToken(graphene.Mutation):
+    errors = graphene.List(ErrorType)
+    viewer = graphene.Field(Viewer)
+
+    def mutate(self, info: graphene.ResolveInfo) -> "RegenerateApiToken":
+        if not info.context.user.is_authenticated:
+            return RegenerateApiToken(
+                errors=[
+                    ErrorType(
+                        field="__all__",
+                        messages=["You are not signed in"],
+                    )
+                ]
+            )
+
+        with transaction.atomic():
+            Token.objects.filter(user=info.context.user).delete()
+            Token.objects.create(user=info.context.user)
+
+        return RegenerateApiToken(errors=[], viewer=info.context.user)
+
+
 # =============================================================================
 # Arena Client Mutations
 # =============================================================================
@@ -558,6 +582,7 @@ class Mutation(graphene.ObjectType):
     update_competition_participation = UpdateCompetitionParticipation.Field()
     password_sign_in = PasswordSignIn.Field()
     sign_out = SignOut.Field()
+    regenerate_api_token = RegenerateApiToken.Field()
 
     # Arena Client mutations
     request_upload_urls = RequestUploadUrls.Field()

aiarena/graphql/tests/test_mutations.py

@@ -1,6 +1,7 @@
 from django.conf import settings
 
 import pytest
+from rest_framework.authtoken.models import Token
 
 from aiarena.core.models import Bot, CompetitionParticipation, Match, MatchParticipation
 from aiarena.core.tests.base import GraphQLTest
@@ -895,3 +896,68 @@ def test_cannot_specify_attributes_not_in_input(self, user, bot):
         # Verify bot was not updated
         bot.refresh_from_db()
         assert bot.bot_zip_publicly_downloadable != "new name pls"
+
+
+class TestRegenerateApiToken(GraphQLTest):
+    mutation_name = "regenerateApiToken"
+    mutation = """
+        mutation {
+            regenerateApiToken {
+                viewer {
+                    apiToken
+                }
+                errors {
+                    messages
+                    field
+                }
+            }
+        }
+    """
+
+    def test_generates_token_when_missing(self, user):
+        """A user with no token gets one created, and it's returned to them."""
+        assert not Token.objects.filter(user=user).exists()
+
+        response = self.mutate(login_user=user, expected_status=200)
+
+        token = Token.objects.get(user=user)
+        returned_token = response["regenerateApiToken"]["viewer"]["apiToken"]
+        assert returned_token == token.key
+
+    def test_regenerates_existing_token(self, user):
+        """Regenerating replaces the existing token: old key gone, new key differs, still exactly one."""
+        old_token = Token.objects.create(user=user)
+        old_key = old_token.key
+
+        response = self.mutate(login_user=user, expected_status=200)
+
+        assert Token.objects.filter(user=user).count() == 1
+        new_token = Token.objects.get(user=user)
+        assert new_token.key != old_key
+        assert not Token.objects.filter(key=old_key).exists()
+        assert response["regenerateApiToken"]["viewer"]["apiToken"] == new_token.key
+
+    def test_not_logged_in_does_not_create_token(self, user):
+        """An unauthenticated caller cannot mint a token."""
+        assert not Token.objects.filter(user=user).exists()
+
+        self.mutate(
+            expected_status=200,
+            expected_validation_errors={"__all__": ["You are not signed in"]},
+        )
+
+        assert not Token.objects.exists()
+
+    def test_only_affects_own_token(self, user, other_user):
+        """Regenerating one user's token must not touch another user's token."""
+        other_token = Token.objects.create(user=other_user)
+        other_key = other_token.key
+
+        self.mutate(login_user=user, expected_status=200)
+
+        # The caller got a fresh token...
+        assert Token.objects.filter(user=user).exists()
+        # ...and the other user's token is completely untouched.
+        other_token.refresh_from_db()
+        assert other_token.key == other_key
+        assert Token.objects.filter(user=other_user).count() == 1

aiarena/graphql/types.py

@@ -1389,9 +1389,9 @@ def resolve_api_token(root: models.User, info):
         try:
             token = Token.objects.get(user=info.context.user)
         except Token.DoesNotExist:
-            token = "no token - contact us"
+            return None
 
-        return token
+        return token.key
 
     @staticmethod
     def resolve_email(root: models.User, info):