5 files changed, 36 insertions, 7 deletions

diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index bf2f0a54..a721ff2b 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -37,6 +37,22 @@ class Rest_Controller extends Controller {
     rest::reply(rest::access_key());
   }
 
+  public function reset_api_key_confirm() {
+    $form = new Forge("rest/reset_api_key", "", "post", array("id" => "g-reset-api-key"));
+    $group = $form->group("confirm_reset")->label(t("Confirm resetting your REST API key"));
+    $group->submit("")->value(t("Reset"));
+    $v = new View("reset_api_key_confirm.html");
+    $v->form = $form;
+    print $v;
+  }
+
+  public function reset_api_key() {
+    access::verify_csrf();
+    rest::reset_access_key();
+    message::success(t("Your REST API key has been reset."));
+    json::reply(array("result" => "success"));
+  }
+
   public function __call($function, $args) {
     try {
       $input = Input::instance();
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 73d09c64..333daf95 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -87,6 +87,16 @@ class rest_Core {
     identity::set_active_user($user);
   }
 
+  static function reset_access_key() {
+    $key = ORM::factory("user_access_key")
+      ->where("user_id", "=", identity::active_user()->id)
+      ->find();
+    if ($key->loaded()) {
+      $key->delete();
+    }
+    return rest::access_key();
+  }
+
   static function access_key() {
     $key = ORM::factory("user_access_key")
       ->where("user_id", "=", identity::active_user()->id)
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index f23b9a58..6a42e893 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -55,13 +55,6 @@ class rest_event {
   }
 
   /**
-   * Called when user is editing their own form
-   */
-  static function user_edit_form($user, $form) {
-    self::_get_access_key_form($user, $form);
-  }
-
-  /**
    * Get the form fields for user edit
    */
   static function _get_access_key_form($user, $form) {
diff --git a/modules/rest/views/reset_api_key_confirm.html.php b/modules/rest/views/reset_api_key_confirm.html.php
new file mode 100644
index 00000000..3aae2a9a
--- /dev/null
+++ b/modules/rest/views/reset_api_key_confirm.html.php
@@ -0,0 +1,7 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-rest-reset-api-key" class="ui-helper-clearfix">
+  <p>
+    <?= t("Do you really want to reset your REST API key?  Any clients that use this key will need to be updated with the new value.") ?>
+  </p>
+  <?= $form ?>
+</div>
diff --git a/modules/rest/views/user_profile_rest.html.php b/modules/rest/views/user_profile_rest.html.php
index e81f3d0b..3e5d3dbf 100644
--- a/modules/rest/views/user_profile_rest.html.php
+++ b/modules/rest/views/user_profile_rest.html.php
@@ -4,6 +4,9 @@
     <li id="g-rest-key">
       <p>
         <?= t("<b>Key</b>: %key", array("key" => $rest_key)) ?>
+        <a class="g-button ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("rest/reset_api_key_confirm") ?>">
+          <?= t("reset") ?>
+        </a>
       </p>
     </li>
   </ul>