rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Tokens: User improvements

Browse source
This commit is contained in:
Tom 2023-06-29 09:44:04 +02:00
parent 8ccd490bed
commit 4f4fa2b3d7
6 changed files with 117 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

30
internal/dis/component/auth/panel/templates/token_created.html Normal file
View file

@ -0,0 +1,30 @@
<div class="pure-u-1">
<p>
A new token has been created.
This token will only be shown once.
Please make sure to copy it now.
</p>
</div>
<div class="pure-u-1">
<p>
<span class="copy">{{ .Token.Token }}</span>
</p>
</div>
<div class="pure-u-1">
<p>
To test this token, you can use curl on the command line:
</p>
<code class="copy">
curl -H "Authorization: Bearer <b>{{ .Token.Token }}</b>" {{ .Domain }}api/v1/auth
</code>
<p>
You should receive a response with <code>token: true</code> inside of it.
</p>
</div>
<div class="pure-u-1">
<a href="/user/tokens/" class="pure-button">Back To Token List</a>
</div>

23
internal/dis/component/auth/panel/templates/tokens.html
View file

@ -4,7 +4,7 @@
</p>
</div>
<div class="pure-u-1">
<div class="pure-u-2-3">
<h2>My Tokens</h2>
<p>
This table shows tokens currently associated with your account.
@ -16,6 +16,9 @@
<table class="pure-table pure-table-bordered">
<thead>
<tr>
<th>
ID
</th>
<th>
Token
</th>
@ -32,7 +35,10 @@
{{ range .Tokens }}
<tr>
<td>
<code class="copy">{{ .Token }}</code>
<code class="copy">{{ .TokenID }}</code>
</td>
<td>
(only shown once)
</td>
<td>
{{ .Description }}
@ -40,7 +46,7 @@
<td>
<div class="pure-button-group" role="group">
<form action="/user/tokens/delete" method="POST" class="pure-form-group">
<input type="hidden" name="token" value="{{ .Token }}">
<input type="hidden" name="id" value="{{ .TokenID }}">
<input type="submit" class="pure-button pure-button-danger" value="Delete">
{{ $csrf }}
</form>
@ -54,3 +60,14 @@
</div>
</div>
<div class="pure-u-1-3">
<p>
To check if a token is working, you can use something like:
</p>
<code class="copy">
curl -H "Authorization: Bearer <b>&lt;token&gt;</b>" {{ .Domain }}api/v1/auth
</code>
<p>
When using a working token, you should get a response with <code>Token: true</code> in it.
</p>
</div>

51
internal/dis/component/auth/panel/tokens.go
View file

@ -2,6 +2,7 @@ package panel
import (
"context"
"html/template"
"net/http"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
@ -27,6 +28,7 @@ var tokensTemplate = templating.Parse[TokenTemplateContext](
type TokenTemplateContext struct {
templating.RuntimeFlags
Domain template.URL // server base URL
Tokens []models.Token
}
@ -49,6 +51,8 @@ func (panel *UserPanel) tokensRoute(ctx context.Context) http.Handler {
return tc, err
}
tc.Domain = template.URL(panel.Config.HTTP.JoinPath().String())
// get the tokens
tc.Tokens, err = panel.Dependencies.Tokens.Tokens(r.Context(), user.User.User)
return tc, err
@ -70,14 +74,14 @@ func (panel *UserPanel) tokensDeleteRoute(ctx context.Context) http.Handler {
return
}
token := r.PostFormValue("token")
if token == "" {
id := r.PostFormValue("id")
if id == "" {
logger.Err(err).Str("action", "delete token").Msg("failed to get token")
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
return
}
if err := panel.Dependencies.Tokens.Remove(r.Context(), user.User.User, token); err != nil {
if err := panel.Dependencies.Tokens.Remove(r.Context(), user.User.User, id); err != nil {
logger.Err(err).Str("action", "delete token").Msg("failed to delete token")
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
return
@ -101,8 +105,32 @@ type addTokenResult struct {
Scopes []string
}
//go:embed "templates/token_created.html"
var tokenCreatedHTML []byte
var tokenCreateTemplate = templating.Parse[TokenCreateContext](
"token_created.html", tokenCreatedHTML, httpx.FormTemplate,
templating.Title("Add Token"),
templating.Assets(assets.AssetsUser),
)
type TokenCreateContext struct {
templating.RuntimeFlags
Domain template.URL // server base URL
Token *models.Token
}
func (panel *UserPanel) tokensAddRoute(ctx context.Context) http.Handler {
tpl := tokensAddTemplate.Prepare(
tplForm := tokensAddTemplate.Prepare(
panel.Dependencies.Templating,
templating.Crumbs(
menuUser,
menuTokens,
menuTokensAdd,
),
)
tplDone := tokenCreateTemplate.Prepare(
panel.Dependencies.Templating,
templating.Crumbs(
menuUser,
@ -117,8 +145,8 @@ func (panel *UserPanel) tokensAddRoute(ctx context.Context) http.Handler {
},
FieldTemplate: field.PureCSSFieldTemplate,
RenderTemplate: tpl.Template(),
RenderTemplateContext: templating.FormTemplateContext(tpl),
RenderTemplate: tplForm.Template(),
RenderTemplateContext: templating.FormTemplateContext(tplForm),
Validate: func(r *http.Request, values map[string]string) (at addTokenResult, err error) {
at.User, err = panel.Dependencies.Auth.UserOfSession(r)
@ -138,16 +166,19 @@ func (panel *UserPanel) tokensAddRoute(ctx context.Context) http.Handler {
RenderSuccess: func(at addTokenResult, values map[string]string, w http.ResponseWriter, r *http.Request) error {
// add the key to the user
_, err := panel.Dependencies.Tokens.Add(r.Context(), at.User.User.User, at.Description, at.Scopes)
tok, err := panel.Dependencies.Tokens.Add(r.Context(), at.User.User.User, at.Description, at.Scopes)
if err != nil {
return err
}
if err != nil {
return errAddToken
}
// everything went fine, redirect the user back to the user page!
http.Redirect(w, r, string(menuTokens.Path), http.StatusSeeOther)
return nil
// render the created context
return httpx.WriteHTML(tplDone.Context(r, TokenCreateContext{
Domain: template.URL(panel.Config.HTTP.JoinPath().String()),
Token: tok,
}), nil, tplDone.Template(), "", w, r)
},
}
}

16
internal/dis/component/auth/panel/user.go
View file

@ -41,18 +41,22 @@ func (g GrantWithURL) AdminURL() template.URL {
}
func (panel *UserPanel) routeUser(ctx context.Context) http.Handler {
actions := []component.MenuItem{
menuChangePassword,
menuTOTPAction,
menuSSH,
}
if panel.Config.HTTP.API.Value {
actions = append(actions, menuTokens)
}
tpl := userTemplate.Prepare(
panel.Dependencies.Templating,
templating.Crumbs(
menuUser,
),
templating.Actions(
menuChangePassword,
menuTOTPAction,
menuSSH,
menuTokens,
),
templating.Actions(actions...),
)
return tpl.HTMLHandlerWithFlags(func(r *http.Request) (uc userContext, funcs []templating.FlagFunc, err error) {

15
internal/dis/component/auth/tokens/tokens.go
View file

@ -113,7 +113,16 @@ func (tok *Tokens) Add(ctx context.Context, user string, description string, sco
}
mk.SetScopes(scopes)
// generate a new random password
// generate a new id for the token
{
var err error
mk.TokenID, err = NewToken()
if err != nil {
return nil, err
}
}
// generate the actual token
var err error
mk.Token, err = NewToken()
if err != nil {
@ -136,7 +145,7 @@ func (tok *Tokens) Add(ctx context.Context, user string, description string, sco
}
// Remove removes a token with the given token from the user
func (tok *Tokens) Remove(ctx context.Context, user, token string) error {
func (tok *Tokens) Remove(ctx context.Context, user, id string) error {
// get the table
table, err := tok.table(ctx)
if err != nil {
@ -144,5 +153,5 @@ func (tok *Tokens) Remove(ctx context.Context, user, token string) error {
}
// and do the delete
return table.Where("user = ? AND token = ?", user, token).Delete(&models.Token{}).Error
return table.Where("user = ? AND id = ?", user, id).Delete(&models.Token{}).Error
}

6
internal/models/token.go
View file

@ -11,8 +11,10 @@ const TokensTable = "tokens"
type Token struct {
Pk uint `gorm:"column:pk;primaryKey"`
Token string `gorm:"column:token;unique:true;not null"`
User string `gorm:"column:user;not null"` // (distillery) username
Token string `json:"-" gorm:"column:token;unique:true;not null"` // token used by the actual api (shown only once)
TokenID string `gorm:"column:id;unique:true;not null"` // token id (displayed to user, used for finding it)
User string `gorm:"column:user;not null"` // (distillery) username
Description string `gorm:"column:description"`