diff --git a/app/controllers/api_settings_controller.rb b/app/controllers/api_settings_controller.rb index 4013dd42..7d5c33e2 100644 --- a/app/controllers/api_settings_controller.rb +++ b/app/controllers/api_settings_controller.rb @@ -4,4 +4,14 @@ class ApiSettingsController < ApplicationController def index authorize!(:read, current_user.access_token) end + + def create + authorize!(:manage, current_user.access_token) + + current_user.access_token.token = SecureRandom.base58(AccessToken::TOKEN_LENGTH) + + current_user.access_token.save! + + redirect_back(fallback_location: settings_api_index_path, notice: 'API token as been updated.') + end end diff --git a/app/views/api_settings/index.html.erb b/app/views/api_settings/index.html.erb index 35fcdeb5..cae10942 100644 --- a/app/views/api_settings/index.html.erb +++ b/app/views/api_settings/index.html.erb @@ -8,6 +8,7 @@
<%= render 'shared/clipboard_copy', icon: 'copy', text: current_user.access_token.token, class: 'base-button', icon_class: 'w-6 h-6 text-white', copy_title: 'Copy', copied_title: 'Copied' %> + <%= button_to button_title(title: 'Rotate', disabled_with: 'Rotate', icon: svg_icon('reload', class: 'w-6 h-6')), settings_api_index_path, class: 'white-button', data: { turbo_confirm: 'Remove existing API token and generated a new one. Are you sure?' } %>
diff --git a/config/routes.rb b/config/routes.rb index 6cd7e0ae..a6446af1 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -109,7 +109,7 @@ Rails.application.routes.draw do resources :users, only: %i[index] resource :personalization, only: %i[show create], controller: 'personalization_settings' if !Docuseal.multitenant? || Docuseal.demo? - resources :api, only: %i[index], controller: 'api_settings' + resources :api, only: %i[index create], controller: 'api_settings' resource :webhooks, only: %i[show create update], controller: 'webhook_settings' end resource :account, only: %i[show update]