From 63aed4af8bd1dac9ca730b31ced517c54ca49388 Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Mon, 19 Feb 2024 17:27:10 +0100 Subject: [PATCH] Add button to rotate client secret --- client.go | 68 +++++++++++++++++++++++++++++++++-------------------- template/manage-client.html | 3 +++ diff --git a/client.go b/client.go index 3a02d0cddc78908c1829557c16d533c301c4cadd..dc7068584a0214a9f3da35700fcd980560f082c2 100644 --- a/client.go +++ b/client.go @@ -66,39 +66,29 @@ http.Redirect(w, req, "/", http.StatusFound) return } - client.ClientName = req.PostFormValue("client_name") - client.ClientURI = req.PostFormValue("client_uri") - client.RedirectURIs = req.PostFormValue("redirect_uris") - isPublic := req.PostFormValue("client_type") == "public" + _, rotate := req.PostForm["rotate"] - for _, s := range strings.Split(client.RedirectURIs, "\n") { - if s == "" { - continue - } - u, err := url.Parse(s) - if err != nil { + var isPublic bool + if client.ID != 0 { + isPublic = client.IsPublic() + } else { + isPublic = req.PostFormValue("client_type") == "public" + } + + if !rotate { + client.ClientName = req.PostFormValue("client_name") + client.ClientURI = req.PostFormValue("client_uri") + client.RedirectURIs = req.PostFormValue("redirect_uris") + + if err := validateAllowedRedirectURIs(client.RedirectURIs); err != nil { // TODO: nicer error message - http.Error(w, fmt.Sprintf("Invalid redirect URI %q: %v", s, err), http.StatusBadRequest) + http.Error(w, err.Error(), http.StatusBadRequest) return } - switch u.Scheme { - case "https": - // ok - case "http": - if u.Host != "localhost" { - http.Error(w, "Only http://localhost is allowed for insecure HTTP URIs", http.StatusBadRequest) - return - } - default: - if !strings.Contains(u.Scheme, ".") { - http.Error(w, "Only private-use URIs referring to domain names are allowed", http.StatusBadRequest) - return - } - } } var clientSecret string - if client.ID == 0 { + if client.ID == 0 || rotate { clientSecret, err = client.Generate(isPublic) if err != nil { httpError(w, err) @@ -126,6 +116,32 @@ } if err := tpl.ExecuteTemplate(w, "client-secret.html", &data); err != nil { panic(err) } +} + +func validateAllowedRedirectURIs(rawRedirectURIs string) error { + for _, s := range strings.Split(rawRedirectURIs, "\n") { + if s == "" { + continue + } + u, err := url.Parse(s) + if err != nil { + // TODO: nicer error message + return fmt.Errorf("Invalid redirect URI %q: %v", s, err) + } + switch u.Scheme { + case "https": + // ok + case "http": + if u.Host != "localhost" { + return fmt.Errorf("Only http://localhost is allowed for insecure HTTP URIs") + } + default: + if !strings.Contains(u.Scheme, ".") { + return fmt.Errorf("Only private-use URIs referring to domain names are allowed") + } + } + } + return nil } func revokeClient(w http.ResponseWriter, req *http.Request) { diff --git a/template/manage-client.html b/template/manage-client.html index 5d785735424e3f94ef70dea78ded97680b99bf6d..3e087999adc5d15622988db9bf5503b1bac261d0 100644 --- a/template/manage-client.html +++ b/template/manage-client.html @@ -46,6 +46,9 @@ Create client {{ end }} {{ if .Client.ID }} + {{ if not .Client.IsPublic }} + + {{ end }} {{ end }} -- 2.48.1