etalab · AntoineAugusti · May 28, 2025 · May 28, 2025
@@ -2,7 +2,7 @@ defmodule TransportWeb.ReuserSpaceController do
   use TransportWeb, :controller
   import Ecto.Query
 
-  plug(:find_contact when action in [:espace_reutilisateur, :settings, :new_token, :create_new_token])
+  plug(:find_contact when action in [:espace_reutilisateur, :settings, :new_token, :create_new_token, :delete_token])
   plug(:find_dataset_or_redirect when action in [:datasets_edit, :unfavorite, :add_improved_data])
 
   def espace_reutilisateur(%Plug.Conn{assigns: %{contact: %DB.Contact{} = contact}} = conn, _) do
@@ -16,19 +16,23 @@ defmodule TransportWeb.ReuserSpaceController do
 
   def settings(%Plug.Conn{assigns: %{contact: %DB.Contact{} = contact}} = conn, _) do
     contact = DB.Repo.preload(contact, :organizations)
-    organization_ids = Enum.map(contact.organizations, & &1.id)
-
-    tokens =
-      DB.Token.base_query()
-      |> where([token: t], t.organization_id in ^organization_ids)
-      |> preload(:organization)
-      |> DB.Repo.all()
 
     conn
-    |> assign(:tokens, tokens)
+    |> assign(:tokens, tokens(contact))
     |> render("settings.html")
   end
 
+  def delete_token(%Plug.Conn{assigns: %{contact: %DB.Contact{} = contact}} = conn, %{"id" => token_id}) do
+    DB.Repo.preload(contact, :organizations)
+    |> tokens()
+    |> Enum.find(&(to_string(&1.id) == token_id))
+    |> DB.Repo.delete!()
+
+    conn
+    |> put_flash(:info, dgettext("reuser-space", "Your token has been deleted"))
+    |> redirect(to: reuser_space_path(conn, :settings))
+  end
+
   def new_token(%Plug.Conn{assigns: %{contact: %DB.Contact{} = contact}} = conn, _) do
     contact = DB.Repo.preload(contact, :organizations)
 
@@ -184,4 +188,13 @@ defmodule TransportWeb.ReuserSpaceController do
   defp config_value(key) do
     Application.fetch_env!(:transport, :"data_sharing_pilot_#{key}")
   end
+
+  defp tokens(%DB.Contact{} = contact) do
+    organization_ids = Enum.map(contact.organizations, & &1.id)
+
+    DB.Token.base_query()
+    |> where([token: t], t.organization_id in ^organization_ids)
+    |> preload(:organization)
+    |> DB.Repo.all()
+  end
 end
@@ -128,6 +128,7 @@ defmodule TransportWeb.Router do
       get("/settings", ReuserSpaceController, :settings)
       get("/settings/new_token", ReuserSpaceController, :new_token)
       post("/settings/new_token", ReuserSpaceController, :create_new_token)
+      delete("/settings/tokens/:id", ReuserSpaceController, :delete_token)
 
       live_session :reuser_space, session: %{"role" => :reuser}, root_layout: {TransportWeb.LayoutView, :app} do
         live("/notifications", Live.NotificationsLive, :notifications, as: :reuser_space)

@@ -15,6 +15,7 @@
             <th><%= dgettext("reuser-space", "Organisation") %></th>
             <th><%= dgettext("reuser-space", "Name") %></th>
             <th><%= dgettext("reuser-space", "Secret") %></th>
+            <th><%= dgettext("reuser-space", "Actions") %></th>
           </tr>
         </thead>
         <tbody>
@@ -23,6 +24,13 @@
               <td><%= token.organization.name %></td>
               <td><%= token.name %></td>
               <td><code><%= token.secret %></code></td>
+              <td>
+                <%= form_for @conn, reuser_space_path(@conn, :delete_token, token.id), [method: "delete"], fn _ -> %>
+                  <button class="small button-outline no-border warning">
+                    <i class="fas fa-trash"></i>
+                  </button>
+                <% end %>
+              </td>
             </tr>
           <% end %>
         </tbody>

@@ -222,3 +222,7 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your token has been created"
 msgstr ""
+
+#, elixir-autogen, elixir-format, fuzzy
+msgid "Your token has been deleted"
+msgstr ""
@@ -222,3 +222,7 @@ msgstr "Vous devez être membre d'une organisation pour créer un nouveau token.
 #, elixir-autogen, elixir-format
 msgid "Your token has been created"
 msgstr "Votre token a bien été créé"
+
+#, elixir-autogen, elixir-format
+msgid "Your token has been deleted"
+msgstr "Votre token a bien été supprimé"
@@ -222,3 +222,7 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Your token has been created"
 msgstr ""
+
+#, elixir-autogen, elixir-format
+msgid "Your token has been deleted"
+msgstr ""
@@ -246,16 +246,22 @@ defmodule TransportWeb.ReuserSpaceControllerTest do
 
       token = insert_token(%{organization_id: organization.id, contact_id: contact.id, name: "Default"})
 
-      assert conn
-             |> Plug.Test.init_test_session(%{current_user: %{"id" => contact.datagouv_user_id}})
-             |> get(reuser_space_path(conn, :settings))
-             |> html_response(200)
-             |> Floki.parse_document!()
-             |> Floki.find("table tr td") == [
-               {"td", [], [organization.name]},
-               {"td", [], [token.name]},
-               {"td", [], [{"code", [], [token.secret]}]}
-             ]
+      organization_name = organization.name
+      token_name = token.name
+      token_secret = token.secret
+
+      assert [
+               {"td", [], [^organization_name]},
+               {"td", [], [^token_name]},
+               {"td", [], [{"code", [], [^token_secret]}]},
+               {"td", [], [_]}
+             ] =
+               conn
+               |> Plug.Test.init_test_session(%{current_user: %{"id" => contact.datagouv_user_id}})
+               |> get(reuser_space_path(conn, :settings))
+               |> html_response(200)
+               |> Floki.parse_document!()
+               |> Floki.find("table tr td")
     end
   end
 
@@ -367,4 +373,26 @@ defmodule TransportWeb.ReuserSpaceControllerTest do
       end
     end
   end
+
+  test "delete_token", %{conn: conn} do
+    organization = insert(:organization)
+
+    contact =
+      insert_contact(%{
+        datagouv_user_id: Ecto.UUID.generate(),
+        organizations: [organization |> Map.from_struct()]
+      })
+
+    token = insert_token(%{contact_id: contact.id, organization_id: organization.id})
+
+    conn =
+      conn
+      |> Plug.Test.init_test_session(%{current_user: %{"id" => contact.datagouv_user_id}})
+      |> delete(reuser_space_path(conn, :delete_token, token.id))
+
+    assert redirected_to(conn, 302) == reuser_space_path(conn, :settings)
+    assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Votre token a bien été supprimé"
+
+    assert token |> DB.Repo.reload() |> is_nil()
+  end
 end