feat: add token-based iCal subscription for user participations

schliz · claude · schliz · commit 3691cffca8c0 · 2026-03-15T23:57:58.000+01:00
Replace session-authenticated calendar feeds (unusable by calendar
clients) with a single token-based endpoint per user. Each user can
generate a persistent secret link that serves their shift participations
as an iCal feed without requiring a browser session.

- Add CalendarToken model with cryptographic token generation
- Add TokenAuthMixin for unauthenticated feed access via URL token
- Add calendar subscription UI card on user profile page
- Remove old session-based feed routes from accounts, events, orgs
- Remove ical export buttons from event/organization templates

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/shiftings/accounts/admin.py b/src/shiftings/accounts/admin.py
@@ -1,10 +1,17 @@
 from django.contrib import admin
 
-from shiftings.accounts.models import OIDCOfflineToken, User
+from shiftings.accounts.models import CalendarToken, OIDCOfflineToken, User
 
 admin.site.register(User)
 
 
+@admin.register(CalendarToken)
+class CalendarTokenAdmin(admin.ModelAdmin):
+    list_display = ('user', 'created')
+    search_fields = ('user__username',)
+    readonly_fields = ('token', 'created')
+
+
 @admin.register(OIDCOfflineToken)
 class OIDCOfflineTokenAdmin(admin.ModelAdmin):
     list_display = ('user', 'updated')
diff --git a/src/shiftings/accounts/migrations/0003_calendartoken.py b/src/shiftings/accounts/migrations/0003_calendartoken.py
@@ -0,0 +1,27 @@
+# Generated by Django 6.0.2 on 2026-03-15 22:51
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0002_oidcofflinetoken'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='CalendarToken',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('token', models.CharField(db_index=True, max_length=64, unique=True, verbose_name='Token')),
+                ('created', models.DateTimeField(auto_now_add=True, verbose_name='Created')),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='calendar_token', to=settings.AUTH_USER_MODEL, verbose_name='User')),
+            ],
+            options={
+                'default_permissions': (),
+            },
+        ),
+    ]
diff --git a/src/shiftings/accounts/models/__init__.py b/src/shiftings/accounts/models/__init__.py
@@ -1,2 +1,3 @@
+from .calendar_token import CalendarToken
 from .oidc_token import OIDCOfflineToken
 from .user import BaseUser, User
diff --git a/src/shiftings/accounts/models/calendar_token.py b/src/shiftings/accounts/models/calendar_token.py
@@ -0,0 +1,39 @@
+from __future__ import annotations
+
+import secrets
+from typing import Any
+
+from django.conf import settings
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+
+
+class CalendarToken(models.Model):
+    user = models.OneToOneField(
+        settings.AUTH_USER_MODEL,
+        on_delete=models.CASCADE,
+        related_name='calendar_token',
+        verbose_name=_('User'),
+    )
+    token = models.CharField(
+        max_length=64,
+        unique=True,
+        db_index=True,
+        verbose_name=_('Token'),
+    )
+    created = models.DateTimeField(auto_now_add=True, verbose_name=_('Created'))
+
+    class Meta:
+        default_permissions = ()
+
+    def __str__(self) -> str:
+        return f'{self.user} ({self.token[:8]}...)'
+
+    def save(self, *args: Any, **kwargs: Any) -> None:
+        if not self.token:
+            self.token = secrets.token_hex(32)
+        super().save(*args, **kwargs)
+
+    def regenerate(self) -> None:
+        self.token = secrets.token_hex(32)
+        self.save(update_fields=['token'])
diff --git a/src/shiftings/accounts/templates/accounts/user_detail.html b/src/shiftings/accounts/templates/accounts/user_detail.html
@@ -118,6 +118,56 @@ <h4>{% trans "Organizations" %}</h4>
 {% endblock %}
 
 {% block right %}
+  <div class="card bg-dark mt-2 mb-3">
+    <div class="card-header p-2 center-items justify-content-between">
+      <h5 class="m-0 ms-2">{% trans "Calendar Subscription" %}</h5>
+      <div class="center-items gap-1">
+        {% if calendar_token %}
+          <form action="{% url 'calendar_token_create' %}" method="post" class="d-inline">
+            {% csrf_token %}
+            <button type="submit" class="btn btn-sm btn-warning"
+                    onclick="return confirm('{% trans "Regenerating will invalidate the current link. Continue?" %}')"
+                    title="{% trans 'Regenerate' %}">
+              <i class="fa-solid fa-rotate"></i>
+            </button>
+          </form>
+          <form action="{% url 'calendar_token_delete' %}" method="post" class="d-inline">
+            {% csrf_token %}
+            <button type="submit" class="btn btn-sm btn-danger"
+                    onclick="return confirm('{% trans "Revoking will stop calendar sync. Continue?" %}')"
+                    title="{% trans 'Revoke' %}">
+              <i class="fa-solid fa-trash"></i>
+            </button>
+          </form>
+        {% else %}
+          <form action="{% url 'calendar_token_create' %}" method="post" class="d-inline">
+            {% csrf_token %}
+            <button type="submit" class="btn btn-sm btn-success"
+                    title="{% trans 'Generate calendar link' %}">
+              <i class="fa-solid fa-calendar-plus"></i>
+            </button>
+          </form>
+        {% endif %}
+      </div>
+    </div>
+    {% if calendar_token %}
+      <div class="card-body p-3">
+        <div class="input-group">
+          <a class="btn btn-outline-success" href="{{ calendar_webcal_url }}"
+             title="{% trans 'Add to Calendar' %}">
+            <i class="fa-solid fa-calendar-plus"></i>
+          </a>
+          <input type="text" class="form-control form-control-sm"
+                 value="{{ calendar_url }}" readonly id="calendarUrl">
+          <button class="btn btn-outline-secondary" type="button"
+                  onclick="navigator.clipboard.writeText(document.getElementById('calendarUrl').value)"
+                  title="{% trans 'Copy' %}">
+            <i class="fa-solid fa-copy"></i>
+          </button>
+        </div>
+      </div>
+    {% endif %}
+  </div>
   <div class="card bg-dark mt-2">
     <div class="card-header center-items justify-content-between">
       {% url "user_profile_past" as past_url %}
diff --git a/src/shiftings/accounts/urls/user.py b/src/shiftings/accounts/urls/user.py
@@ -6,9 +6,9 @@
 
 from shiftings.accounts.views.auth import UserLoginView, UserLogoutView, UserReLoginView
 from shiftings.accounts.views.password import PasswordResetConfirmView, PasswordResetView
+from shiftings.accounts.views.calendar_token import CalendarTokenCreateView, CalendarTokenDeleteView
 from shiftings.accounts.views.user import (ConfirmEMailView, UserDeleteSelfView, UserEditView, UserProfileView,
                                            UserRegisterView)
-from shiftings.cal.feed.user import OwnShiftsFeed, UserFeed
 from shiftings.utils.converters import AlphaNumericConverter
 
 register_converter(AlphaNumericConverter, 'uidb64')
@@ -28,8 +28,8 @@
     path('password_reset/<uidb64>/<token>/', PasswordResetConfirmView.as_view(), name='password_reset_confirm'),
     path('password_reset/success/', TemplateView.as_view(template_name='accounts/password_reset/success.html'),
          name='password_reset_success'),
-    path('calendar/', UserFeed(), name='user_calendar'),
-    path('participation_calendar/', OwnShiftsFeed(), name='user_participation_calendar'),
+    path('calendar_token/create/', CalendarTokenCreateView.as_view(), name='calendar_token_create'),
+    path('calendar_token/delete/', CalendarTokenDeleteView.as_view(), name='calendar_token_delete'),
 ]
 if settings.FEATURES.get('registration', False):
     urlpatterns.append(path('register/', UserRegisterView.as_view(), name='register'))
diff --git a/src/shiftings/accounts/views/calendar_token.py b/src/shiftings/accounts/views/calendar_token.py
@@ -0,0 +1,28 @@
+from __future__ import annotations
+
+from django.contrib import messages
+from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
+from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
+from django.views import View
+
+from shiftings.accounts.models import CalendarToken
+from shiftings.utils.views.base import BaseLoginMixin
+
+
+class CalendarTokenCreateView(BaseLoginMixin, View):
+    def post(self, request: HttpRequest) -> HttpResponse:
+        token, created = CalendarToken.objects.get_or_create(user=request.user)
+        if not created:
+            token.regenerate()
+            messages.success(request, _('Calendar link regenerated. Old link will stop working.'))
+        else:
+            messages.success(request, _('Calendar link generated.'))
+        return HttpResponseRedirect(reverse('user_profile'))
+
+
+class CalendarTokenDeleteView(BaseLoginMixin, View):
+    def post(self, request: HttpRequest) -> HttpResponse:
+        CalendarToken.objects.filter(user=request.user).delete()
+        messages.success(request, _('Calendar link revoked.'))
+        return HttpResponseRedirect(reverse('user_profile'))
diff --git a/src/shiftings/accounts/views/user.py b/src/shiftings/accounts/views/user.py
@@ -20,7 +20,7 @@
 from django.views.generic import CreateView, DetailView, TemplateView, UpdateView
 
 from shiftings.accounts.forms.user_form import UserCreateForm, UserUpdateForm
-from shiftings.accounts.models import User
+from shiftings.accounts.models import CalendarToken, User
 from shiftings.accounts.token import email_confirm_token_generator
 from shiftings.shifts.models import Shift
 from shiftings.shifts.utils.filter_mixin import ShiftFilterMixin
@@ -49,6 +49,18 @@ def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
                                            Q(participants__user=self.object))).distinct()
         context['shifts'] = get_pagination_context(self.request, shifts.filter(self.get_filters()), 5, 'shifts')
 
+        try:
+            calendar_token = CalendarToken.objects.get(user=self.object)
+        except CalendarToken.DoesNotExist:
+            calendar_token = None
+        context['calendar_token'] = calendar_token
+        if calendar_token:
+            calendar_url = self.request.build_absolute_uri(
+                reverse('token_participation_calendar', args=[calendar_token.token])
+            )
+            context['calendar_url'] = calendar_url
+            context['calendar_webcal_url'] = calendar_url.replace('http://', 'webcal://', 1).replace('https://', 'webcal://', 1)
+
         return context
 
 
diff --git a/src/shiftings/cal/feed/token.py b/src/shiftings/cal/feed/token.py
@@ -0,0 +1,60 @@
+from __future__ import annotations
+
+import logging
+from datetime import timedelta
+from typing import Any
+
+from django.conf import settings
+from django.http import HttpRequest, HttpResponse
+from django.utils import timezone
+
+from shiftings.accounts.models import CalendarToken
+from shiftings.cal.feed.user import OwnShiftsFeed
+from shiftings.utils.exceptions import Http403
+
+logger = logging.getLogger(__name__)
+
+OIDC_REFRESH_COOLDOWN = timedelta(minutes=10)
+
+
+class TokenAuthMixin:
+    """Authenticate iCal feed requests via a CalendarToken URL parameter."""
+
+    def __call__(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
+        token_str = kwargs.pop('token', None)
+        if not token_str or len(token_str) != 64:
+            raise Http403()
+
+        try:
+            calendar_token = CalendarToken.objects.select_related('user').get(token=token_str)
+        except CalendarToken.DoesNotExist:
+            raise Http403()
+
+        user = calendar_token.user
+
+        if settings.OAUTH_ENABLED:
+            from shiftings.accounts.models import OIDCOfflineToken
+            try:
+                offline_token = OIDCOfflineToken.objects.get(user=user)
+                if offline_token.updated < timezone.now() - OIDC_REFRESH_COOLDOWN:
+                    success = offline_token.refresh_user_info()
+                    if not success:
+                        return HttpResponse(
+                            'OIDC token expired. Please log in via browser to renew.',
+                            status=403,
+                            content_type='text/plain',
+                        )
+                    user.refresh_from_db()
+            except OIDCOfflineToken.DoesNotExist:
+                return HttpResponse(
+                    'No OIDC token stored. Please log in via browser.',
+                    status=403,
+                    content_type='text/plain',
+                )
+
+        request.user = user
+        return super().__call__(request, *args, **kwargs)
+
+
+class TokenOwnShiftsFeed(TokenAuthMixin, OwnShiftsFeed):
+    pass
diff --git a/src/shiftings/cal/urls/__init__.py b/src/shiftings/cal/urls/__init__.py
@@ -1,10 +1,12 @@
 from django.urls import path
 
+from shiftings.cal.feed.token import TokenOwnShiftsFeed
 from shiftings.cal.views.day_calendar import DetailDayView, ShiftTypesDayView
 from shiftings.cal.views.month_calendar import MonthCalenderView
 from shiftings.cal.views.list import DetailListView, ShiftTypesListView
 
 urlpatterns = [
+    path('token/<str:token>/participations/', TokenOwnShiftsFeed(), name='token_participation_calendar'),
     path('overview/day/detail/', DetailDayView.as_view(), name='overview_today'),
     path('overview/day/detail/<theday>/', DetailDayView.as_view(), name='overview_day'),
     path('overview/day/shift_types/', ShiftTypesDayView.as_view(), name='overview_today_shift_types'),
diff --git a/src/shiftings/events/templates/events/event.html b/src/shiftings/events/templates/events/event.html
@@ -68,9 +68,6 @@ <h3 class="m-0">
     <div class="card-header center-items justify-content-between">
       <h5 class="m-0">{% trans "Shifts" %}</h5>
       <div>
-        <a class="btn btn-success" href="{% url 'event_calendar' event.pk %}" title="{% trans "ical Export" %}">
-          <i class="fas fa-file-export"></i> {% trans "ical Export" %}
-        </a>
         <a class="btn btn-success" href="{% url "shift_create" event.organization.pk %}" title="{% trans "Create Shift" %}">
           <i class="fa-solid fa-calendar-plus"></i>
         </a>
diff --git a/src/shiftings/events/urls/event.py b/src/shiftings/events/urls/event.py
@@ -1,6 +1,5 @@
 from django.urls import path
 
-from shiftings.cal.feed.event import EventFeed, PublicEventsFeed
 from shiftings.events.views.event import EventDetailView, EventEditView, EventListView, FutureEventsListView, \
     MyEventsListView, MyFutureEventsListView
 
@@ -9,9 +8,7 @@
     path('upcoming/', FutureEventsListView.as_view(), name='future_events'),
     path('my/', MyEventsListView.as_view(), name='my_events'),
     path('my_upcoming/', MyFutureEventsListView.as_view(), name='my_future_events'),
-    path('calendar/', PublicEventsFeed(), name='public_events_calendar'),
     path('<int:pk>/', EventDetailView.as_view(), name='event'),
     path('create/<int:org_pk>/', EventEditView.as_view(), name='event_create'),
     path('<int:pk>/update/', EventEditView.as_view(), name='event_update'),
-    path('<int:pk>/calendar/', EventFeed(), name='event_calendar'),
 ]
diff --git a/src/shiftings/organizations/templates/organizations/organization_admin.html b/src/shiftings/organizations/templates/organizations/organization_admin.html
@@ -367,10 +367,6 @@ <h5 class="m-0">{% trans "Shifts" %}</h5>
               {% trans "Claim Legacy Shifts" %}
             </a>
           {% endif %}
-          <a class="btn btn-success" href="{% url 'organization_calendar' organization.pk %}"
-             title="{% trans "ical Export" %}">
-            <i class="fas fa-file-export"></i>
-          </a>
           {% if org_perms.edit_shifts %}
             <a class="btn btn-success" href="{% url "shift_create" organization.pk %}"
                title="{% trans "Create Shift" %}">
diff --git a/src/shiftings/organizations/templates/organizations/organization_shifts.html b/src/shiftings/organizations/templates/organizations/organization_shifts.html
@@ -108,10 +108,6 @@ <h1>{% trans "Events disabled" %}</h1>
     <div class="card-header center-items justify-content-between">
       <h5 class="m-0">{% trans "Shifts" %}</h5>
       <div>
-        <a class="btn btn-success" href="{% url 'organization_calendar' organization.pk %}"
-           title="{% trans "ical Export" %}">
-          <i class="fas fa-file-export"></i>
-        </a>
         {% if org_perms.edit_shifts %}
           <a class="btn btn-success" href="{% url "shift_create_from_template" organization.pk %}"
              title="{% trans "Create Shift from Template" %}">
diff --git a/src/shiftings/organizations/urls/organization.py b/src/shiftings/organizations/urls/organization.py
@@ -1,6 +1,5 @@
 from django.urls import include, path
 
-from shiftings.cal.feed.organization import OrganizationFeed
 from shiftings.organizations.views.organization import (
     OrganizationAdminView, OrganizationEditView, OrganizationListView, OrganizationSettingsView, OrganizationShiftsView,
     OwnOrganizationListView
@@ -17,8 +16,6 @@
     path('<int:pk>/admin/', OrganizationAdminView.as_view(), name='organization_admin'),
     path('<int:pk>/settings/', OrganizationSettingsView.as_view(), name='organization_settings'),
     path('<int:pk>/update/', OrganizationEditView.as_view(), name='organization_update'),
-    # feed
-    path('<int:pk>/calendar/', OrganizationFeed(), name='organization_calendar'),
     path('<int:pk>/permission/', OrganizationParticipationPermissionEditView.as_view(),
          name='org_part_permissions_edit'),
 

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
	`1`	`+from .calendar_token import CalendarToken`
`1`	`2`	`from .oidc_token import OIDCOfflineToken`
`2`	`3`	`from .user import BaseUser, User`