API Token Changes (#9202)

* hide API token by default

* wip

* add route to reset the api token

* remove dead code

website/client/components/settings/api.vue

@@ -2,14 +2,18 @@
 .row.standard-page
   .col-6
     h2 {{ $t('API') }}
-    small {{ $t('APIText') }}
+    p {{ $t('APIText') }}
 
     .section
       h6 {{ $t('userId') }}
       pre.prettyprint {{user.id}}
       h6 {{ $t('APIToken') }}
-      pre.prettyprint {{apiToken}}
+      .d-flex.align-items-center.mb-3
-      small(v-html='$t("APITokenWarning", { hrefTechAssistanceEmail })')
+        button.btn.btn-secondary(
+          @click="showApiToken = !showApiToken"
+        ) {{ $t(`${showApiToken ? 'hide' : 'show'}APIToken`) }}
+        pre.prettyprint.ml-4.mb-0(v-if="showApiToken") {{apiToken}}
+      p(v-html='$t("APITokenWarning", { hrefTechAssistanceEmail })')
 
     .section
       h3 {{ $t('thirdPartyApps') }}
@@ -78,6 +82,7 @@ export default {
         url: '',
       },
       hrefTechAssistanceEmail: `<a href="mailto:${TECH_ASSISTANCE_EMAIL}">${TECH_ASSISTANCE_EMAIL}</a>`,
+      showApiToken: false,
     };
   },
   computed: {

website/client/components/settings/site.vue

@@ -115,7 +115,8 @@
         div
           ul.list-inline
             li(v-for='network in SOCIAL_AUTH_NETWORKS')
-              button.btn.btn-primary(v-if='!user.auth[network.key].id', @click='socialLogin(network.key, user)') {{ $t('registerWithSocial', {network: network.name}) }}
+              // @TODO this is broken
+              button.btn.btn-primary(v-if='!user.auth[network.key].id', @click='socialAuth(network.key, user)') {{ $t('registerWithSocial', {network: network.name}) }}
               button.btn.btn-primary(disabled='disabled', v-if='!hasBackupAuthOption(network.key) && user.auth[network.key].id') {{ $t('registeredWithSocial', {network: network.name}) }}
               button.btn.btn-danger(@click='deleteSocialAuth(network.key)', v-if='hasBackupAuthOption(network.key) && user.auth[network.key].id') {{ $t('detachSocial', {network: network.name}) }}
           hr
@@ -377,7 +378,7 @@ export default {
         auth,
       });
 
-      this.$router.go('/tasks');
+      window.location.href = '/';
     },
     async changeClassForUser (confirmationNeeded) {
       if (confirmationNeeded && !confirm(this.$t('changeClassConfirmCost'))) return;

website/common/locales/en/settings.json

@@ -72,7 +72,9 @@
     "APIv3": "API v3",
     "APIText": "Copy these for use in third party applications. However, think of your API Token like a password, and do not share it publicly. You may occasionally be asked for your User ID, but never post your API Token where others can see it, including on Github.",
     "APIToken": "API Token (this is a password - see warning above!)",
-    "APITokenWarning": "If you need a new API Token (e.g., if you accidentally shared it), email <%= hrefTechAssistanceEmail %> with your User ID and current Token. Once it is reset you will need to re-authorize everything by logging out of the website and mobile app and by providing the new Token to any other Habitica tools that you use.",
+    "showAPIToken": "Show API Token",
+    "hideAPIToken": "Hide API Token",
+    "APITokenWarning": "If you need a new API Token (e.g., if you accidentally shared it), email <%= hrefTechAssistanceEmail %> with your User ID and current Token. Once it is reset you will need to re-authorize everything by logging out of the website and mobile app and by providing the new Token to any other Habitica tools that you use.",    
     "thirdPartyApps": "Third Party Apps",
     "dataToolDesc": "A webpage that shows you certain information from your Habitica account, such as statistics about your tasks, equipment, and skills.",
     "beeminder": "Beeminder",