Fix token modal and session token issues

- Fix create token modal z-index so it's not covered by backdrop - Rename session tokens from "login" to "Web Session" for clarity - Delete old session tokens when logging in (prevents accumulation) - Filter out session tokens from dashboard display (users only see their manually created API tokens) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-13 21:27:01 -04:00 · 2026-01-13 21:27:01 -04:00 · a70267cf53
parent e18a575f76
commit a70267cf53
3 changed files with 14 additions and 6 deletions
--- a/src/cmdforge/registry/app.py
+++ b/src/cmdforge/registry/app.py
@ -1226,13 +1226,19 @@ def create_app() -> Flask:
            [publisher["id"]],
        )

+        # Delete any existing session tokens for this user (cleanup)
+        g.db.execute(
+            "DELETE FROM api_tokens WHERE publisher_id = ? AND name = 'Web Session'",
+            [publisher["id"]],
+        )
+
        token, token_hash = generate_token()
        g.db.execute(
            """
            INSERT INTO api_tokens (publisher_id, token_hash, name, created_at)
            VALUES (?, ?, ?, ?)
            """,
-            [publisher["id"], token_hash, "login", datetime.utcnow().isoformat()],
+            [publisher["id"], token_hash, "Web Session", datetime.utcnow().isoformat()],
        )
        g.db.commit()

--- a/src/cmdforge/web/routes.py
+++ b/src/cmdforge/web/routes.py
@ -470,7 +470,9 @@ def dashboard_tokens():
    tools_status, tools_payload = _api_get("/api/v1/me/tools", token=token)
    tools = tools_payload.get("data", []) if tools_status == 200 else []
    token_status, token_payload = _api_get("/api/v1/tokens", token=token)
-    tokens = token_payload.get("data", []) if token_status == 200 else []
+    all_tokens = token_payload.get("data", []) if token_status == 200 else []
+    # Filter out session tokens (auto-created on login) from display
+    tokens = [t for t in all_tokens if t.get("name") not in ("Web Session", "login")]
    for item in tokens:
        token_id = str(item.get("id", ""))
        item["token_suffix"] = token_id[-6:] if token_id else ""
--- a/src/cmdforge/web/templates/dashboard/tokens.html
+++ b/src/cmdforge/web/templates/dashboard/tokens.html
@ -129,9 +129,9 @@

 <!-- Create Token Modal -->
 <div id="create-token-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog">
-    <div class="min-h-screen px-4 text-center">
+    <div class="min-h-screen px-4 text-center flex items-center justify-center">
        <div class="fixed inset-0 bg-black bg-opacity-50" onclick="closeCreateTokenModal()"></div>
-        <div class="inline-block w-full max-w-md my-8 text-left align-middle bg-white shadow-xl rounded-lg">
+        <div class="relative z-10 w-full max-w-md text-left bg-white shadow-xl rounded-lg">
            <form id="create-token-form" onsubmit="createToken(event)">
                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">

@ -172,9 +172,9 @@

 <!-- Token Created Modal (shows the token once) -->
 <div id="token-created-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog">
-    <div class="min-h-screen px-4 text-center">
+    <div class="min-h-screen px-4 text-center flex items-center justify-center">
        <div class="fixed inset-0 bg-black bg-opacity-50"></div>
-        <div class="inline-block w-full max-w-lg my-8 text-left align-middle bg-white shadow-xl rounded-lg">
+        <div class="relative z-10 w-full max-w-lg text-left bg-white shadow-xl rounded-lg">
            <div class="p-6">
                <div class="flex items-center mb-4">
                    <div class="w-10 h-10 bg-green-100 rounded-full flex items-center justify-center">