feat(api): move tokens/ under auth/

api/api/urls.py

@@ -3,9 +3,9 @@ from rest_framework.urlpatterns import format_suffix_patterns
 from desecapi import views
 from rest_framework.routers import SimpleRouter
 
-router = SimpleRouter()
-router.register(r'', views.TokenViewSet, base_name='token')
-token_urls = router.urls
+tokens_router = SimpleRouter()
+tokens_router.register(r'', views.TokenViewSet, base_name='token')
+tokens_urls = tokens_router.urls
 
 apiurls = [
     url(r'^$', views.Root.as_view(), name='root'),
@@ -14,7 +14,6 @@ apiurls = [
     url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/rrsets/$', views.RRsetList.as_view(), name='rrsets'),
     url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/rrsets/(?P<subname>(\*)?[a-zA-Z\.\-_0-9=]*)\.\.\./(?P<type>[A-Z][A-Z0-9]*)/$', views.RRsetDetail.as_view(), name='rrset'),
     url(r'^domains/(?P<name>[a-zA-Z\.\-_0-9]+)/rrsets/(?P<subname>[*@]|[a-zA-Z\.\-_0-9=]+)/(?P<type>[A-Z][A-Z0-9]*)/$', views.RRsetDetail.as_view(), name='rrset@'),
-    url(r'^tokens/', include(token_urls)),
     url(r'^dns$', views.DnsQuery.as_view(), name='dns-query'),
     url(r'^dyndns/update$', views.DynDNS12Update.as_view(), name='dyndns12update'),
     url(r'^donation/', views.DonationList.as_view(), name='donation'),
@@ -29,6 +28,7 @@ urlpatterns = [
     url(r'^api/v1/auth/users/$', views.UserCreateView.as_view(), name='register'),
     url(r'^api/v1/auth/token/login/$', views.TokenCreateView.as_view(), name='login'),
     url(r'^api/v1/auth/token/logout/$', views.TokenDestroyView.as_view(), name='logout'),
+    url(r'^api/v1/auth/tokens/', include(tokens_urls)),
     url(r'^api/v1/auth/', include('djoser.urls')),
     url(r'^api/v1/auth/', include('djoser.urls.authtoken')),
     url(r'^api/v1/', include(apiurls)),

docs/authentication.rst

@@ -42,7 +42,7 @@ Most interactions with the API require authentication of the domain owner using
 this token. To authenticate, the token is transmitted via the HTTP
 ``Authorization`` header, as shown in the examples in this document.
 
-Additionally, the API provides you with the ``tokens/`` endpoint which you can
+Additionally, the API provides you with the ``/auth/tokens/`` endpoint which you can
 use to create and destroy additional tokens (see below). Such token can be used
 to authenticate devices independently of your current login session, such as
 routers. They can be revoked individually.
@@ -261,7 +261,7 @@ Retrieving All Current Tokens
 To retrieve a list of currently valid tokens, issue a ``GET`` request::
 
     http \
-        https://desec.io/api/v1/tokens/ \
+        https://desec.io/api/v1/auth/tokens/ \
         Authorization:"Token mu4W4MHuSc0HyrGD1h/dnKuZBond"
 
 The server will respond with a list of token objects, each containing a
@@ -296,7 +296,7 @@ To create another token using the token management interface, issue a
 ``POST`` request to the same endpoint::
 
     http POST \
-        https://desec.io/api/v1/tokens/ \
+        https://desec.io/api/v1/auth/tokens/ \
         Authorization:"Token mu4W4MHuSc0HyrGD1h/dnKuZBond" \
         name:='"my new token"'
 
@@ -318,7 +318,7 @@ To delete an existing token via the token management endpoints, issue a
 ``DELETE`` request on the token's endpoint::
 
     http DELETE \
-        https://desec.io/api/v1/tokens/:id/ \
+        https://desec.io/api/v1/auth/tokens/:id/ \
         Authorization:"Token mu4W4MHuSc0HyrGD1h/dnKuZBond"
 
 The server will reply with ``204 No Content``, even if the token was not found.

docs/endpoint-reference.rst

@@ -21,11 +21,11 @@ for `User Registration and Management`_.
 +------------------------------------------------+------------+---------------------------------------------+
 | ...\ ``/auth/token/logout/``                   | ``POST``   | Log out and destroy authentication token    |
 +------------------------------------------------+------------+---------------------------------------------+
-| ...\ ``/tokens/``                              | ``GET``    | Retrieve all current tokens                 |
+| ...\ ``/auth/tokens/``                         | ``GET``    | Retrieve all current tokens                 |
 |                                                +------------+---------------------------------------------+
 |                                                | ``POST``   | Create new token                            |
 +------------------------------------------------+------------+---------------------------------------------+
-| ...\ ``/tokens/:id/``                          | ``DELETE`` | Delete token                                |
+| ...\ ``/auth/tokens/:id/``                     | ``DELETE`` | Delete token                                |
 +------------------------------------------------+------------+---------------------------------------------+
 
 The following table summarizes basic information about the deSEC API endpoints used

docs/rrsets.rst

@@ -261,7 +261,7 @@ value ``@``.  This is a common placeholder for this use case (see RFC 1035).
 As an example, you can retrieve the IPv4 address(es) of your domain root by
 querying ``/api/v1/domains/:name/rrsets/@/A/``.
 
-**Pro tip:**: If you like to have the convenience of simple string expansion
+**Pro tip:** If you like to have the convenience of simple string expansion
 in the URL, you can add three dots after ``:subname``, like so::
 
     http GET \

test/e2e/spec/api_spec.js

@@ -1064,14 +1064,14 @@ describe("API", function () {
 
             });
 
-            describe("tokens/ endpoint", function () {
+            describe("auth/tokens/ endpoint", function () {
 
                 var tokenId;
                 var tokenValue;
 
                 function createTokenWithName () {
                     var tokenname = "e2e-token-" + require("uuid").v4();
-                    return chakram.post('/tokens/', { name: tokenname }).then(function (response) {
+                    return chakram.post('/auth/tokens/', { name: tokenname }).then(function (response) {
                         expect(response).to.have.status(201);
                         expect(response).to.have.json('name', tokenname);
                         tokenId = response.body['id'];
@@ -1079,7 +1079,7 @@ describe("API", function () {
                 }
 
                 function createToken () {
-                    return chakram.post('/tokens/').then(function (response) {
+                    return chakram.post('/auth/tokens/').then(function (response) {
                         expect(response).to.have.status(201);
                         tokenId = response.body['id'];
                         tokenValue = response.body['value'];
@@ -1094,19 +1094,19 @@ describe("API", function () {
                     before(createToken)
 
                     it("a list of tokens can be retrieved", function () {
-                        var response = chakram.get('/tokens/');
+                        var response = chakram.get('/auth/tokens/');
                         return expect(response).to.have.schema(schemas.tokens);
                     });
 
                     describe("can delete token", function () {
 
                         before( function () {
-                            var response = chakram.delete('/tokens/' + tokenId + '/');
+                            var response = chakram.delete('/auth/tokens/' + tokenId + '/');
                             return expect(response).to.have.status(204);
                         });
 
                         it("deactivates the token", function () {
-                            return expect(chakram.get('/tokens/', {
+                            return expect(chakram.get('/auth/tokens/', {
                                 headers: {'Authorization': 'Token ' + tokenValue }
                             })).to.have.status(401);
                         });
@@ -1114,7 +1114,7 @@ describe("API", function () {
                     });
 
                     it("deleting nonexistent tokens yields 204", function () {
-                        var response = chakram.delete('/tokens/wedonthavethisid/');
+                        var response = chakram.delete('/auth/tokens/wedonthavethisid/');
                         return expect(response).to.have.status(204);
                     });