diff --git a/netbox/project-static/js/secrets.js b/netbox/project-static/js/secrets.js
index 895ea5695..82bb1790e 100644
--- a/netbox/project-static/js/secrets.js
+++ b/netbox/project-static/js/secrets.js
@@ -14,8 +14,10 @@ $(document).ready(function() {
// Retrieve a session key
$('#request_session_key').click(function() {
- var private_key = $('#user_privkey').val();
+ var private_key_field = $('#user_privkey');
+ var private_key = private_key_field.val();
get_session_key(private_key);
+ private_key_field.val("");
});
// Retrieve a secret via the API
diff --git a/netbox/secrets/models.py b/netbox/secrets/models.py
index 07e57796c..1761094fc 100644
--- a/netbox/secrets/models.py
+++ b/netbox/secrets/models.py
@@ -198,7 +198,7 @@ class SessionKey(models.Model):
ordering = ['user__username']
def __str__(self):
- return self.user.username
+ return self.userkey.user.username
def save(self, master_key=None, *args, **kwargs):
diff --git a/netbox/templates/users/sessionkey_delete.html b/netbox/templates/users/sessionkey_delete.html
new file mode 100644
index 000000000..c91956b79
--- /dev/null
+++ b/netbox/templates/users/sessionkey_delete.html
@@ -0,0 +1,5 @@
+{% extends 'utilities/obj_delete.html' %}
+
+{% block message %}
+ <p>Are you sure you want to delete your session key?</p>
+{% endblock %}
diff --git a/netbox/templates/users/userkey.html b/netbox/templates/users/userkey.html
index eb2f7d2e5..f34d8769b 100644
--- a/netbox/templates/users/userkey.html
+++ b/netbox/templates/users/userkey.html
@@ -23,7 +23,7 @@
<hr />
{% if userkey.session_key %}
<div class="pull-right">
- <a href="#" class="btn btn-danger">
+ <a href="{% url 'user:sessionkey_delete' %}" class="btn btn-danger">
<span class="fa fa-trash" aria-hidden="true"></span>
Delete session key
</a>
diff --git a/netbox/users/urls.py b/netbox/users/urls.py
index a56635f18..6ec8e21ba 100644
--- a/netbox/users/urls.py
+++ b/netbox/users/urls.py
@@ -5,7 +5,6 @@ from . import views
urlpatterns = [
- # User profiles
url(r'^profile/$', views.profile, name='profile'),
url(r'^password/$', views.change_password, name='change_password'),
url(r'^api-tokens/$', views.TokenListView.as_view(), name='token_list'),
@@ -14,6 +13,7 @@ urlpatterns = [
url(r'^api-tokens/(?P<pk>\d+)/delete/$', views.TokenDeleteView.as_view(), name='token_delete'),
url(r'^user-key/$', views.userkey, name='userkey'),
url(r'^user-key/edit/$', views.userkey_edit, name='userkey_edit'),
+ url(r'^session-key/delete/$', views.SessionKeyDeleteView.as_view(), name='sessionkey_delete'),
url(r'^recent-activity/$', views.recent_activity, name='recent_activity'),
]
diff --git a/netbox/users/views.py b/netbox/users/views.py
index bf5706617..41cecb96a 100644
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@@ -9,7 +9,7 @@ from django.utils.http import is_safe_url
from django.views.generic import View
from secrets.forms import UserKeyForm
-from secrets.models import UserKey
+from secrets.models import SessionKey, UserKey
from utilities.forms import ConfirmationForm
from .forms import LoginForm, PasswordChangeForm, TokenForm
from .models import Token
@@ -124,6 +124,42 @@ def userkey_edit(request):
})
+class SessionKeyDeleteView(LoginRequiredMixin, View):
+
+ def get(self, request):
+
+ sessionkey = get_object_or_404(SessionKey, userkey__user=request.user)
+ form = ConfirmationForm()
+
+ return render(request, 'users/sessionkey_delete.html', {
+ 'obj_type': sessionkey._meta.verbose_name,
+ 'form': form,
+ 'return_url': reverse('user:userkey'),
+ })
+
+ def post(self, request):
+
+ sessionkey = get_object_or_404(SessionKey, userkey__user=request.user)
+ form = ConfirmationForm(request.POST)
+ if form.is_valid():
+
+ # Delete session key
+ sessionkey.delete()
+ messages.success(request, "Session key deleted")
+
+ # Delete cookie
+ response = redirect('user:userkey')
+ response.delete_cookie('session_key', path=reverse('secrets-api:secret-list'))
+
+ return response
+
+ return render(request, 'users/sessionkey_delete.html', {
+ 'obj_type': sessionkey._meta.verbose_name,
+ 'form': form,
+ 'return_url': reverse('user:userkey'),
+ })
+
+
@login_required()
def recent_activity(request):