Updated OAuth Client editor

5fc545d8 · Matija Obreza · afe49708 · 5fc545d8 · 5fc545d8 · 5fc545d8
Commit 5fc545d8 authored May 17, 2018 by Matija Obreza
4 changed files
--- a/src/main/java/org/genesys2/server/servlet/controller/admin/OAuthManagementController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/admin/OAuthManagementController.java
@@ -144,6 +144,23 @@ public class OAuthManagementController extends BaseController {
 		return oauthClient;
 	}

+	@PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
+	@RequestMapping(value = "/save-client", method = RequestMethod.POST, params = "action-secret")
+	public String generateSecret(Model model, @RequestParam("id") String clientId) {
+		OAuthClient oauthClient = clientDetailsService.getClient(clientId);
+		String clientSecret = clientDetailsService.resetSecret(oauthClient);
+		model.addAttribute("clientSecret", clientSecret);
+		return clientDetailsInfo(model, clientId);
+	}
+
+	@PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
+	@RequestMapping(value = "/save-client", method = RequestMethod.POST, params = "action-nosecret")
+	public String removeSecret(Model model, @RequestParam("id") String clientId) {
+		OAuthClient oauthClient = clientDetailsService.getClient(clientId);
+		clientDetailsService.removeSecret(oauthClient);
+		return clientDetailsInfo(model, clientId);
+	}
+
 	@PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
 	@RequestMapping(value = "/save-client", method = RequestMethod.POST, params = { "id", "action-delete" })
 	public String deleteClient(Model model, @RequestParam("id") String clientId) {

--- a/src/main/webapp/WEB-INF/jsp/admin/oauth/clientslist.jsp
+++ b/src/main/webapp/WEB-INF/jsp/admin/oauth/clientslist.jsp
@@ -12,15 +12,24 @@
 	<a href="<c:url value="/admin/oauth-clients/add-client" />" class="close"><spring:message code="add" /></a>
 </security:authorize>

-<table class="accessions">
+<table class="table table-striped">
+	<thead>
+			<tr>
+				<th class="col-xs-4">Client ID</th>
+				<th class="">Title &amp; Description</th>
+			</tr>
+		</thead>
    <tbody>
    <c:forEach items="${clientDetailsList}" var="clientDetail">
        <tr>
-            <td>
+            <td class="col-xs-4">
                <a href="<c:url value="/admin/oauth-clients/${clientDetail.clientId}/"/>"><c:out
-                        value="${clientDetail.title}"/></a>
+                        value="${clientDetail.clientId}"/></a>
+            </td>
+            <td>
+            	<div><c:out value="${clientDetail.title}" /></div>
+            	<div><c:out value="${clientDetail.description}" /></div>
            </td>
-            <td><c:out value="${clientDetail.clientId}" /></td>
        </tr>
    </c:forEach>
    </tbody>

--- a/src/main/webapp/WEB-INF/jsp/admin/oauth/detailsinfo.jsp
+++ b/src/main/webapp/WEB-INF/jsp/admin/oauth/detailsinfo.jsp
@@ -31,9 +31,22 @@
    <label class="col-lg-3 col-md-4 control-label"><spring:message code="oauth-client.id"/></label>
    <div class="col-lg-9 col-md-8"><c:out value="${clientDetails.clientId}" /></div>
 </div>
-<div class="row">
+<%-- <div class="row">
    <label class="col-lg-3 col-md-4 control-label"><spring:message code="oauth-client.secret"/></label>
    <div class="col-lg-9 col-md-8"><c:out value="${clientDetails.clientSecret}" /></div>
+</div> --%>
+<div class="row">
+    <label class="col-lg-3 col-md-4 control-label"><spring:message code="oauth-client.secret"/></label>
+    <div class="col-lg-9 col-md-8">
+    	<c:choose>
+			<c:when test="${clientDetails.clientSecret ne null}">Encrypted</c:when>
+			<c:when test="${clientDetails.clientSecret eq null}">No secret</c:when>
+		</c:choose>
+		<gui:alert type="info" display="${clientSecret ne null}">
+			This is the only time we display the secret. It's your responsibility from here on!
+			<div style="font-weight: bold"><c:out value="${clientSecret}" /></div>
+		</gui:alert>
+	</div>
 </div>

 <!-- Extras -->
@@ -66,6 +79,20 @@
    <div class="col-lg-9 col-md-8"><c:out value="${clientDetails.autoApproveScopes}" /></div>
 </div>

+<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(#clientDetails, 'ADMINISTRATION')">
+	<form method="post" action="<c:url value='/admin/oauth-clients/save-client' />">
+	<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+	<input type="hidden" name="id" value="${clientDetails.clientId}"/>
+	<div class="form-group">
+		<div class="col-lg-offset-3 col-lg-9">
+			<button class="btn btn-default" type="submit" name="action-secret" value="1">New Client Secret</button>
+			<button class="btn btn-default" type="submit" name="action-nosecret" value="1">No Secret</button>
+			<a class="btn btn-default" href="<c:url value='/admin/oauth-clients/' />"><spring:message code="cancel"/></a>
+		</div>
+	</div>
+	</form>
+</security:authorize>
+
 <security:authorize access="hasRole('ADMINISTRATOR')">
    <h3><spring:message code="client.details.token.list"/></h3>


--- a/src/main/webapp/WEB-INF/jsp/admin/oauth/edit.jsp
+++ b/src/main/webapp/WEB-INF/jsp/admin/oauth/edit.jsp
@@ -21,13 +21,18 @@
 			<div class="form-group">
 				<label for="clientId" class="col-lg-3 col-md-4 control-label"><spring:message code="oauth-client.id"/></label>
 				<div class="col-lg-9 col-md-8">
-					<span class="form-control"><c:out value="${clientDetails.clientId}"/></span>
+					<span class="control-label"><c:out value="${clientDetails.clientId}"/></span>
 				</div>
 			</div>
 			<div class="form-group">
 				<label for="secret" class="col-lg-3 col-md-4 control-label"><spring:message code="oauth-client.secret"/></label>
 				<div class="col-lg-9 col-md-8">
-					<input type="text" name="clientSecret" class="form-control" value="<c:out value='${clientDetails.clientSecret}' />"/>
+					<span class="control-label" style="">
+						<c:choose>
+							<c:when test="${clientDetails.clientSecret ne null}">Encrypted</c:when>
+							<c:when test="${clientDetails.clientSecret eq null}">No secret</c:when>
+						</c:choose>
+					</span>
 				</div>
 			</div>
 			<div class="form-group">