feat(api): simply call exposed field 'token' instead of 'auth_token'

README.md

@@ -261,7 +261,7 @@ While there are certainly many ways to get started hacking desec-stack, here is
        EMAIL=john@example.com
        PASSWORD=insecure
        http POST https://desec.${DOMAIN}/api/v1/auth/users/ email:=\"${EMAIL}\" password:=\"${PASSWORD}\"
-       TOKEN=$(http POST https://desec.${DOMAIN}/api/v1/auth/token/login/ email:=\"${EMAIL}\" password:=\"${PASSWORD}\" | jq -r .auth_token)
+       TOKEN=$(http POST https://desec.${DOMAIN}/api/v1/auth/token/login/ email:=\"${EMAIL}\" password:=\"${PASSWORD}\" | jq -r .token)
        http POST https://desec.${DOMAIN}/api/v1/domains/ Authorization:"Token ${TOKEN}" name:='"test.example"'
        http POST https://desec.${DOMAIN}/api/v1/domains/test.example/rrsets/ Authorization:"Token ${TOKEN}" type:=\"A\" ttl:=60 records:='["127.0.0.254"]'
 

api/desecapi/serializers.py

@@ -45,14 +45,14 @@ class CaptchaSolutionSerializer(serializers.Serializer):
 
 
 class TokenSerializer(serializers.ModelSerializer):
-    auth_token = serializers.ReadOnlyField(source='key')
+    token = serializers.ReadOnlyField(source='key')
     # note this overrides the original "id" field, which is the db primary key
     id = serializers.ReadOnlyField(source='user_specific_id')
 
     class Meta:
         model = models.Token
-        fields = ('id', 'created', 'name', 'auth_token',)
-        read_only_fields = ('created', 'auth_token', 'id')
+        fields = ('id', 'created', 'name', 'token',)
+        read_only_fields = ('created', 'token', 'id')
 
 
 class RequiredOnPartialUpdateCharField(serializers.CharField):

api/desecapi/tests/test_user_management.py

@@ -95,7 +95,7 @@ class UserManagementTestCase(DesecTestCase, PublicSuffixMockMixin):
 
     def login_user(self, email, password):
         response = self.client.login_user(email, password)
-        token = response.data.get('auth_token')
+        token = response.data.get('token')
         return token, response
 
     def reset_password(self, email):
@@ -210,7 +210,7 @@ class UserManagementTestCase(DesecTestCase, PublicSuffixMockMixin):
     def assertLoginSuccessResponse(self, response):
         return self.assertContains(
             response=response,
-            text="auth_token",
+            text="token",
             status_code=status.HTTP_200_OK
         )
 
@@ -257,7 +257,7 @@ class UserManagementTestCase(DesecTestCase, PublicSuffixMockMixin):
         if domain and self.has_local_suffix(domain):
             body = self.assertEmailSent('', body_contains=domain, recipient=email)
             self.assertTrue(any(token.key in body for token in Token.objects.filter(user__email=email).all()))
-            text = 'Success! Here is the password'
+            text = 'Success! Here is the secret token'
         else:
             self.assertNoEmailSent()
             text = 'Success! Please check the docs for the next steps'

api/desecapi/views.py

@@ -581,8 +581,10 @@ class AuthenticatedActivateUserActionView(AuthenticatedActionView):
             PDNSChangeTracker.track(lambda: DomainList.auto_delegate(domain))
             token = models.Token.objects.create(user=action.user, name='dyndns')
             return Response({
-                'detail': 'Success! Here is the password ("auth_token") to configure your router (or any other dynDNS '
-                          'client). This password is different from your account password for security reasons.',
+                'detail': "Success! Here is the secret token required for updating your domain's DNS information. When "
+                          "configuring a router (or other DNS client), place it into the password field of the "
+                          "configuration. Do not confuse the secret token with your account password! Your password is "
+                          "not needed for DNS configuration, and you should not store it anywhere in plain text.",
                 **serializers.TokenSerializer(token).data,
             })
         else:

docs/quickstart.rst

@@ -40,7 +40,7 @@ Here's a quick intro how to get started:
         --header "Content-Type: application/json" --data @- <<< \
         '{"email": "youremailaddress@example.com", "password": "yourpassword"}'
 
-   The response body will contain an ``auth_token`` which is used to
+   The response body will contain an ``token`` which is used to
    authenticate requests to the DNS management endpoints as demonstrated in
    the next step.
 

test/e2e/schemas.js

@@ -87,12 +87,12 @@ exports.rrsets = {
 
 exports.token = {
     properties: {
-        auth_token: { type: "string" },
+        token: { type: "string" },
         name: { type: "string" },
         created: { type: "string" },
         id: { type: "integer" },
     },
-    required: ["auth_token", "name", "created", "id"]
+    required: ["token", "name", "created", "id"]
 };
 
 exports.tokens = {

test/e2e/spec/api_spec.js

@@ -63,7 +63,7 @@ describe("API v1", function () {
                         return chakram.post('/domains/', {
                             name: publicSuffix,
                         }, {
-                            headers: {'Authorization': 'Token ' + loginResponse.body.auth_token }
+                            headers: {'Authorization': 'Token ' + loginResponse.body.token }
                         }); // note that we ignore errors here
                     });
             });
@@ -130,7 +130,7 @@ describe("API v1", function () {
                 "email": email,
                 "password": password,
             }).then(function (loginResponse) {
-                expect(loginResponse.body.auth_token).to.match(schemas.TOKEN_REGEX);
+                expect(loginResponse.body.token).to.match(schemas.TOKEN_REGEX);
             });
         });
 
@@ -152,7 +152,7 @@ describe("API v1", function () {
                             "email": email2,
                             "password": password2,
                         }).then(function (response) {
-                            token2 = response.body.auth_token
+                            token2 = response.body.token
                         });
                     });
                 });
@@ -215,8 +215,8 @@ describe("API v1", function () {
                         "email": email,
                         "password": password,
                     }).then(function (loginResponse) {
-                        expect(loginResponse.body.auth_token).to.match(schemas.TOKEN_REGEX);
-                        token = loginResponse.body.auth_token;
+                        expect(loginResponse.body.token).to.match(schemas.TOKEN_REGEX);
+                        token = loginResponse.body.token;
                         chakram.setRequestHeader('Authorization', 'Token ' + token);
                     });
                 });

test/e2e/spec/dyndns_spec.js

@@ -37,8 +37,8 @@ describe("dyndns service", function () {
                         "email": email,
                         "password": password,
                     }).then(function (loginResponse) {
-                        expect(loginResponse.body.auth_token).to.match(schemas.TOKEN_REGEX);
-                        token = loginResponse.body.auth_token;
+                        expect(loginResponse.body.token).to.match(schemas.TOKEN_REGEX);
+                        token = loginResponse.body.token;
                         chakram.setRequestHeader('Authorization', 'Token ' + token);
                     });
                 });