fix(Workspaces): Always generate an access_token per workspace member…

…ship

Also migrate all memberships to create a access_token

hexa/workspaces/migrations/0037_auto_20230921_1452.py

@@ -0,0 +1,25 @@
+# Generated by Django 4.1.7 on 2023-09-21 14:52
+
+from django.db import migrations
+
+
+def generate_tokens(apps, schema_editor):
+    # Get the model from the versioned app registry
+    WorkspaceMembership = apps.get_model("workspaces", "WorkspaceMembership")
+
+    # Filter the instances without access_token
+    memberships_without_token = WorkspaceMembership.objects.filter(
+        access_token__isnull=True
+    )
+
+    for membership in memberships_without_token:
+        membership.generate_access_token()
+        membership.save()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("workspaces", "0036_service_account_key_migration"),
+    ]
+
+    operations = []

hexa/workspaces/models.py

@@ -260,9 +260,12 @@ class Meta:
     updated_at = models.DateTimeField(auto_now=True)
     objects = WorkspaceMembershipManager.from_queryset(WorkspaceMembershipQuerySet)()
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.generate_access_token()
+
     def generate_access_token(self):
         self.access_token = uuid.uuid4()
-        self.save()
 
     def save(self, *args, **kwargs):
         if self.notebooks_server_hash == "":

hexa/workspaces/schema/mutations.py

@@ -427,6 +427,7 @@ def resolve_generate_workspace_token(_, info, **kwargs):
 
     if not membership.access_token:
         membership.generate_access_token()
+        membership.save()
 
     token = Signer().sign_object(str(membership.access_token))
     return {"success": True, "errors": [], "token": token}