Add a description field to api tokens and make api tokens start with a 'ctfd_' prefix (#2337)

* Add a description field for API tokens * API tokens now start with a `ctfd_` prefix to make them easier to identify * Closes #2184
2025-12-17 05:54:19 +01:00 · 2023-06-22 00:20:32 -04:00
parent e5518b54bd
commit eac44adf69
7 changed files with 51 additions and 8 deletions
--- a/CTFd/api/v1/tokens.py
+++ b/CTFd/api/v1/tokens.py
@@ -85,11 +85,14 @@ class TokenList(Resource):
    def post(self):
        req = request.get_json()
        expiration = req.get("expiration")
        description = req.get("description")
        if expiration:
            expiration = datetime.datetime.strptime(expiration, "%Y-%m-%d")
        user = get_current_user()
-        token = generate_user_token(user, expiration=expiration)
+        token = generate_user_token(
            user, expiration=expiration, description=description
        )
        # Explicitly use admin view so that user's can see the value of their token
        schema = TokenSchema(view="admin")
--- a/CTFd/forms/self.py
+++ b/CTFd/forms/self.py
@@ -1,6 +1,6 @@
 from flask import session
 from flask_babel import lazy_gettext as _l
-from wtforms import PasswordField, SelectField, StringField
+from wtforms import PasswordField, SelectField, StringField, TextAreaField
 from wtforms.fields.html5 import DateField, URLField
 from CTFd.constants.languages import SELECT_LANGUAGE_LIST
@@ -50,4 +50,5 @@ def SettingsForm(*args, **kwargs):
 class TokensForm(BaseForm):
    expiration = DateField(_l("Expiration"))
    description = TextAreaField("Usage Description")
    submit = SubmitField(_l("Generate"))
--- a/CTFd/models/init.py
+++ b/CTFd/models/init.py
@@ -916,6 +916,7 @@ class Tokens(db.Model):
        db.DateTime,
        default=lambda: datetime.datetime.utcnow() + datetime.timedelta(days=30),
    )
    description = db.Column(db.Text)
    value = db.Column(db.String(128), unique=True)
    user = db.relationship("Users", foreign_keys="Tokens.user_id", lazy="select")
--- a/CTFd/schemas/tokens.py
+++ b/CTFd/schemas/tokens.py
@@ -9,8 +9,16 @@ class TokenSchema(ma.ModelSchema):
        dump_only = ("id", "expiration", "type")
    views = {
-        "admin": ["id", "type", "user_id", "created", "expiration", "value"],
+        "admin": [
-        "user": ["id", "type", "created", "expiration"],
+            "id",
            "type",
            "user_id",
            "created",
            "expiration",
            "description",
            "value",
        ],
        "user": ["id", "type", "created", "expiration", "description"],
    }
    def __init__(self, view=None, *args, **kwargs):
--- a/CTFd/themes/core/templates/settings.html
+++ b/CTFd/themes/core/templates/settings.html
@@ -81,7 +81,10 @@
 							<b>{{ form.expiration.label }}</b>
 							{{ form.expiration(class="form-control") }}
 						</div>
-
+						<div class="form-group">
 							<b>{{ form.description.label }}</b>
 							{{ form.description(class="form-control", rows="3") }}
 						</div>
 						<div class="form-group text-right">
 							{{ form.submit(class="btn btn-md btn-primary btn-outlined") }}
 						</div>
@@ -96,6 +99,7 @@
 							<tr>
 								<td class="text-center"><b>Created</b></td>
 								<td class="text-center"><b>Expiration</b></td>
 								<td class="text-center"><b>Description</b></td>
 								<td class="text-center"><b>Delete</b></td>
 							</tr>
 						</thead>
@@ -104,6 +108,7 @@
 							<tr>
 								<td><span data-time="{{ token.created | isoformat }}"></span></td>
 								<td><span data-time="{{ token.expiration | isoformat }}"></span></td>
 								<td><span>{{ token.description | default('', true) }}</span></td>
 								<td class="text-center">
 									<span class="delete-token" role="button" data-token-id="{{ token.id }}">
 										<i class="btn-fa fas fa-times"></i>
--- a/CTFd/utils/security/auth.py
+++ b/CTFd/utils/security/auth.py
@@ -34,13 +34,15 @@ def logout_user():
    session.clear()
-def generate_user_token(user, expiration=None):
+def generate_user_token(user, expiration=None, description=None):
    temp_token = True
    while temp_token is not None:
-        value = hexencode(os.urandom(32))
+        value = "ctfd_" + hexencode(os.urandom(32))
        temp_token = UserTokens.query.filter_by(value=value).first()
-    token = UserTokens(user_id=user.id, expiration=expiration, value=value)
+    token = UserTokens(
        user_id=user.id, expiration=expiration, description=description, value=value
    )
    db.session.add(token)
    db.session.commit()
    return token
--- a/migrations/versions/9e6f6578ca84_add_description_column_to_tokens_table.py
+++ b/migrations/versions/9e6f6578ca84_add_description_column_to_tokens_table.py
@@ -0,0 +1,23 @@
 """Add description column to tokens table
 Revision ID: 9e6f6578ca84
 Revises: 0def790057c1
 Create Date: 2023-06-21 23:22:34.179636
 """
 import sqlalchemy as sa
 from alembic import op
 # revision identifiers, used by Alembic.
 revision = "9e6f6578ca84"
 down_revision = "0def790057c1"
 branch_labels = None
 depends_on = None
 def upgrade():
    op.add_column("tokens", sa.Column("description", sa.Text(), nullable=True))
 def downgrade():
    op.drop_column("tokens", "description")