Fix #1135: Runestone Issue: API keys shows two keys are added when only one is ad#1244
Conversation
…ys are added when only Signed-off-by: Mr-Neutr0n <64578610+Mr-Neutr0n@users.noreply.github.com>
|
Were you able to recreate the duplicate API key problem? If so how? I think there was an earlier fix for this and the issue did not get closed. |
|
Oh, but it also looks like you are masking the tokens server side and allowing for the deletion of a single token. Nice. |
|
Hi @bnmnetp, thanks for the quick look. I was not able to reproduce the duplicate key issue on a live Runestone instance, so I cannot claim I saw it firsthand. The guard is defensive: the form submit handler does an async POST before disabling anything, so a second Enter press while the first request is in flight could create a second token. The flag just prevents that reentry. It may not be the only cause, but it closes one plausible path. You are right that part of this was already handled. The success message wording and the delete-all button addressed a big chunk of the original report. This PR builds on that by adding the per-token list, server-side masking, and individual delete, plus the submit guard. I will run black to fix the lint failure. I can also add a test for the single-token delete endpoint, or split the per-token management pieces out if you would rather land those separately. Let me know what you prefer. |
|
This is a fine size. Once you have run black to fix the lint errors I'll merge. |
There was a problem hiding this comment.
Pull request overview
Fixes instructor API token management by preventing duplicate token creation on rapid/double form submission and adding per-token visibility + deletion controls to address issue #1135.
Changes:
- Add a client-side
submittingguard to prevent double form submission (e.g., Enter key / rapid submits). - Replace provider-level token counts with an itemized token list showing a masked token value and per-token delete button.
- Add a new
DELETE /delete_token/{token_id}instructor endpoint for deleting individual tokens.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| components/rsptx/templates/assignment/instructor/add_token.html | Adds per-token display + delete button, and introduces a submit guard to prevent duplicate creation. |
| bases/rsptx/assignment_server_api/routers/instructor.py | Builds token_list for the template and adds a new per-token DELETE endpoint. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@bnmnetp I ran black and addressed the two Copilot review items: removed the unused token_counts context and fixed the delete button spacing. Should be ready for another look. |
Fixes #1135
Fix duplicate API key creation by adding a
submittingguard to prevent double form submission on Enter key, and add individual token display with per-token delete functionality via a newDELETE /delete_token/{token_id}endpoint and per-token delete buttons in the UI.Local test infra unavailable in CI sandbox.
This change was prepared with AI assistance under human direction and review.