diff options
4 files changed, 109 insertions, 3 deletions
diff --git a/gn_auth/auth/authentication/oauth2/models/oauth2client.py b/gn_auth/auth/authentication/oauth2/models/oauth2client.py index 8fac648..2c36f45 100644 --- a/gn_auth/auth/authentication/oauth2/models/oauth2client.py +++ b/gn_auth/auth/authentication/oauth2/models/oauth2client.py @@ -3,9 +3,9 @@ import json import logging import datetime from uuid import UUID -from dataclasses import dataclass from functools import cached_property -from typing import Sequence, Optional +from dataclasses import asdict, dataclass +from typing import Any, Sequence, Optional import requests from requests.exceptions import JSONDecodeError @@ -289,3 +289,22 @@ def delete_client( cursor.execute("DELETE FROM oauth2_tokens WHERE client_id=?", params) cursor.execute("DELETE FROM oauth2_clients WHERE client_id=?", params) return the_client + + +def update_client_attribute( + client: OAuth2Client, attribute: str, value: Any) -> OAuth2Client: + """Return a new OAuth2Client with the given attribute updated/changed.""" + attrs = { + attr: type(value) + for attr, value in asdict(client).items() + if attr != "client_id" + } + assert ( + attribute in attrs.keys() and isinstance(value, attrs[attribute])), ( + "Invalid attribute/value provided!") + return OAuth2Client( + client_id=client.client_id, + **{ + attr: (value if attr==attribute else getattr(client, attr)) + for attr in attrs + }) diff --git a/gn_auth/auth/authorisation/users/admin/views.py b/gn_auth/auth/authorisation/users/admin/views.py index 85aeb50..1dd2f1f 100644 --- a/gn_auth/auth/authorisation/users/admin/views.py +++ b/gn_auth/auth/authorisation/users/admin/views.py @@ -30,6 +30,7 @@ from ....authentication.oauth2.models.oauth2client import ( save_client, OAuth2Client, oauth2_clients, + update_client_attribute, client as oauth2_client, delete_client as _delete_client) from ....authentication.users import ( @@ -321,3 +322,36 @@ def delete_client(): "successfully."), "alert-success") return redirect(url_for("oauth2.admin.list_clients")) + + +@admin.route("/clients/<uuid:client_id>/change-secret", methods=["GET", "POST"]) +@is_admin +def change_client_secret(client_id: uuid.UUID): + def __no_client__(): + # Calling the function causes the flash to be evaluated + # flash("No such client was found!", "alert-danger") + return redirect(url_for("oauth2.admin.list_clients")) + + with db.connection(app.config["AUTH_DB"]) as conn: + if request.method == "GET": + return oauth2_client( + conn, client_id=client_id + ).maybe(__no_client__(), lambda _client: render_template( + "admin/confirm-change-client-secret.html", + client=_client + )) + + _raw = random_string() + return oauth2_client( + conn, client_id=client_id + ).then( + lambda _client: save_client( + conn, + update_client_attribute( + _client, "client_secret", hash_password(_raw))) + ).then( + lambda _client: render_template( + "admin/registered-client.html", + client=_client, + client_secret=_raw) + ).maybe(__no_client__(), lambda resp: resp) diff --git a/gn_auth/templates/admin/confirm-change-client-secret.html b/gn_auth/templates/admin/confirm-change-client-secret.html new file mode 100644 index 0000000..aa8ef81 --- /dev/null +++ b/gn_auth/templates/admin/confirm-change-client-secret.html @@ -0,0 +1,45 @@ +{%extends "base.html"%} + +{%block title%}gn-auth: View OAuth2 Client{%endblock%} + +{%block pagetitle%}View OAuth2 Client{%endblock%} + +{%block content%} +{{flash_messages()}} + +<h2>Change Oauth2 Client Secret</h2> + +<p>You are attempting to change the <strong>CLIENT_SECRET</strong> value for the + following client:</p> + +<table class="table"> + <tbody> + <tr> + <td><strong>Client ID</strong></td> + <td>{{client.client_id}}</td> + </tr> + <tr> + <td><strong>Client Name</strong></td> + <td>{{client.client_metadata.client_name}}</td> + </tr> + </tbody> +</table> + +<p>Are you absolutely sure you want to do this?<br /> + <small>Note that you'll need to update your configurations for the client and + restart it for the settings to take effect!</small></p> + +<form id="frm-change-client-secret" + method="POST" + action="{{url_for('oauth2.admin.change_client_secret', + client_id=client.client_id)}}"> + + <input type="hidden" name="client_id" value="{{client.client_id}}" /> + <input type="hidden" name="client_name" value="{{client.client_metadata.client_name}}" /> + + <div class="form-group"> + <input type="submit" class="btn btn-danger" value="generate new secret" /> + </div> +</form> + +{%endblock%} diff --git a/gn_auth/templates/admin/list-oauth2-clients.html b/gn_auth/templates/admin/list-oauth2-clients.html index ca0ee6d..6da5b2f 100644 --- a/gn_auth/templates/admin/list-oauth2-clients.html +++ b/gn_auth/templates/admin/list-oauth2-clients.html @@ -15,7 +15,7 @@ <th>Client Name</th> <th>Default Redirect URI</th> <th>Owner</th> - <th colspan="2">Actions</th> + <th colspan="3">Actions</th> </tr> </thead> @@ -43,6 +43,14 @@ class="btn btn-danger" /> </form> </td> + <td> + <a href="{{url_for('oauth2.admin.change_client_secret', + client_id=client.client_id)}}" + title="Change the client secret!" + class="btn btn-danger"> + Change Secret + </a> + </td> </tr> {%else%} <tr> |