From 4f4fa2b3d7a2d997a9c5f9c9100532e2517cb95e Mon Sep 17 00:00:00 2001
From: Tom <tkw01536@gmail.com>
Date: Thu, 29 Jun 2023 09:44:04 +0200
Subject: [PATCH] Tokens: User improvements

---
 .../auth/panel/templates/token_created.html   | 30 +++++++++++
 .../auth/panel/templates/tokens.html          | 23 +++++++--
 internal/dis/component/auth/panel/tokens.go   | 51 +++++++++++++++----
 internal/dis/component/auth/panel/user.go     | 16 +++---
 internal/dis/component/auth/tokens/tokens.go  | 15 ++++--
 internal/models/token.go                      |  6 ++-
 6 files changed, 117 insertions(+), 24 deletions(-)
 create mode 100644 internal/dis/component/auth/panel/templates/token_created.html

diff --git a/internal/dis/component/auth/panel/templates/token_created.html b/internal/dis/component/auth/panel/templates/token_created.html
new file mode 100644
index 0000000..43a0f85
--- /dev/null
+++ b/internal/dis/component/auth/panel/templates/token_created.html
@@ -0,0 +1,30 @@
+<div class="pure-u-1">
+    <p>
+        A new token has been created.
+        This token will only be shown once.
+        Please make sure to copy it now.
+    </p>
+</div>
+
+<div class="pure-u-1">
+    <p>
+        <span class="copy">{{ .Token.Token }}</span>
+    </p>
+</div>
+
+<div class="pure-u-1">
+    <p>
+        To test this token, you can use curl on the command line:
+    </p>
+    <code class="copy">
+        curl -H "Authorization: Bearer <b>{{ .Token.Token }}</b>" {{ .Domain }}api/v1/auth
+    </code>
+    <p>
+        You should receive a response with <code>token: true</code> inside of it.
+    </p>
+</div>
+
+<div class="pure-u-1">
+    <a href="/user/tokens/" class="pure-button">Back To Token List</a>
+</div>
+
diff --git a/internal/dis/component/auth/panel/templates/tokens.html b/internal/dis/component/auth/panel/templates/tokens.html
index 6c4172c..405444b 100644
--- a/internal/dis/component/auth/panel/templates/tokens.html
+++ b/internal/dis/component/auth/panel/templates/tokens.html
@@ -4,7 +4,7 @@
     </p>
 </div>
 
-<div class="pure-u-1">
+<div class="pure-u-2-3">
     <h2>My Tokens</h2>
     <p>
         This table shows tokens currently associated with your account.
@@ -16,6 +16,9 @@
             <table class="pure-table pure-table-bordered">
                 <thead>
                     <tr>
+                        <th>
+                            ID
+                        </th>
                         <th>
                             Token
                         </th>
@@ -32,7 +35,10 @@
                     {{ range .Tokens }}
                         <tr>
                             <td>
-                                <code class="copy">{{ .Token }}</code>
+                                <code class="copy">{{ .TokenID }}</code>
+                            </td>
+                            <td>
+                                (only shown once)
                             </td>
                             <td>
                                 {{ .Description }}
@@ -40,7 +46,7 @@
                             <td>
                                 <div class="pure-button-group" role="group">
                                     <form action="/user/tokens/delete" method="POST" class="pure-form-group">
-                                        <input type="hidden" name="token" value="{{ .Token }}">
+                                        <input type="hidden" name="id" value="{{ .TokenID }}">
                                         <input type="submit" class="pure-button pure-button-danger" value="Delete">
                                         {{ $csrf }}
                                     </form>
@@ -54,3 +60,14 @@
     </div>
 </div>
 
+<div class="pure-u-1-3">
+    <p>
+        To check if a token is working, you can use something like:
+    </p>
+    <code class="copy">
+        curl -H "Authorization: Bearer <b>&lt;token&gt;</b>" {{ .Domain }}api/v1/auth
+    </code>
+    <p>
+        When using a working token, you should get a response with <code>Token: true</code> in it.
+    </p>
+</div>
\ No newline at end of file
diff --git a/internal/dis/component/auth/panel/tokens.go b/internal/dis/component/auth/panel/tokens.go
index e32f0c5..5481577 100644
--- a/internal/dis/component/auth/panel/tokens.go
+++ b/internal/dis/component/auth/panel/tokens.go
@@ -2,6 +2,7 @@ package panel
 
 import (
 	"context"
+	"html/template"
 	"net/http"
 
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
@@ -27,6 +28,7 @@ var tokensTemplate = templating.Parse[TokenTemplateContext](
 type TokenTemplateContext struct {
 	templating.RuntimeFlags
 
+	Domain template.URL // server base URL
 	Tokens []models.Token
 }
 
@@ -49,6 +51,8 @@ func (panel *UserPanel) tokensRoute(ctx context.Context) http.Handler {
 			return tc, err
 		}
 
+		tc.Domain = template.URL(panel.Config.HTTP.JoinPath().String())
+
 		// get the tokens
 		tc.Tokens, err = panel.Dependencies.Tokens.Tokens(r.Context(), user.User.User)
 		return tc, err
@@ -70,14 +74,14 @@ func (panel *UserPanel) tokensDeleteRoute(ctx context.Context) http.Handler {
 			return
 		}
 
-		token := r.PostFormValue("token")
-		if token == "" {
+		id := r.PostFormValue("id")
+		if id == "" {
 			logger.Err(err).Str("action", "delete token").Msg("failed to get token")
 			httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
 			return
 		}
 
-		if err := panel.Dependencies.Tokens.Remove(r.Context(), user.User.User, token); err != nil {
+		if err := panel.Dependencies.Tokens.Remove(r.Context(), user.User.User, id); err != nil {
 			logger.Err(err).Str("action", "delete token").Msg("failed to delete token")
 			httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
 			return
@@ -101,8 +105,32 @@ type addTokenResult struct {
 	Scopes      []string
 }
 
+//go:embed "templates/token_created.html"
+var tokenCreatedHTML []byte
+var tokenCreateTemplate = templating.Parse[TokenCreateContext](
+	"token_created.html", tokenCreatedHTML, httpx.FormTemplate,
+	templating.Title("Add Token"),
+	templating.Assets(assets.AssetsUser),
+)
+
+type TokenCreateContext struct {
+	templating.RuntimeFlags
+
+	Domain template.URL // server base URL
+	Token  *models.Token
+}
+
 func (panel *UserPanel) tokensAddRoute(ctx context.Context) http.Handler {
-	tpl := tokensAddTemplate.Prepare(
+	tplForm := tokensAddTemplate.Prepare(
+		panel.Dependencies.Templating,
+		templating.Crumbs(
+			menuUser,
+			menuTokens,
+			menuTokensAdd,
+		),
+	)
+
+	tplDone := tokenCreateTemplate.Prepare(
 		panel.Dependencies.Templating,
 		templating.Crumbs(
 			menuUser,
@@ -117,8 +145,8 @@ func (panel *UserPanel) tokensAddRoute(ctx context.Context) http.Handler {
 		},
 		FieldTemplate: field.PureCSSFieldTemplate,
 
-		RenderTemplate:        tpl.Template(),
-		RenderTemplateContext: templating.FormTemplateContext(tpl),
+		RenderTemplate:        tplForm.Template(),
+		RenderTemplateContext: templating.FormTemplateContext(tplForm),
 
 		Validate: func(r *http.Request, values map[string]string) (at addTokenResult, err error) {
 			at.User, err = panel.Dependencies.Auth.UserOfSession(r)
@@ -138,16 +166,19 @@ func (panel *UserPanel) tokensAddRoute(ctx context.Context) http.Handler {
 
 		RenderSuccess: func(at addTokenResult, values map[string]string, w http.ResponseWriter, r *http.Request) error {
 			// add the key to the user
-			_, err := panel.Dependencies.Tokens.Add(r.Context(), at.User.User.User, at.Description, at.Scopes)
+			tok, err := panel.Dependencies.Tokens.Add(r.Context(), at.User.User.User, at.Description, at.Scopes)
 			if err != nil {
 				return err
 			}
 			if err != nil {
 				return errAddToken
 			}
-			// everything went fine, redirect the user back to the user page!
-			http.Redirect(w, r, string(menuTokens.Path), http.StatusSeeOther)
-			return nil
+
+			// render the created context
+			return httpx.WriteHTML(tplDone.Context(r, TokenCreateContext{
+				Domain: template.URL(panel.Config.HTTP.JoinPath().String()),
+				Token:  tok,
+			}), nil, tplDone.Template(), "", w, r)
 		},
 	}
 }
diff --git a/internal/dis/component/auth/panel/user.go b/internal/dis/component/auth/panel/user.go
index 017db1f..cceb7c2 100644
--- a/internal/dis/component/auth/panel/user.go
+++ b/internal/dis/component/auth/panel/user.go
@@ -41,18 +41,22 @@ func (g GrantWithURL) AdminURL() template.URL {
 }
 
 func (panel *UserPanel) routeUser(ctx context.Context) http.Handler {
+	actions := []component.MenuItem{
+		menuChangePassword,
+		menuTOTPAction,
+		menuSSH,
+	}
+
+	if panel.Config.HTTP.API.Value {
+		actions = append(actions, menuTokens)
+	}
 
 	tpl := userTemplate.Prepare(
 		panel.Dependencies.Templating,
 		templating.Crumbs(
 			menuUser,
 		),
-		templating.Actions(
-			menuChangePassword,
-			menuTOTPAction,
-			menuSSH,
-			menuTokens,
-		),
+		templating.Actions(actions...),
 	)
 
 	return tpl.HTMLHandlerWithFlags(func(r *http.Request) (uc userContext, funcs []templating.FlagFunc, err error) {
diff --git a/internal/dis/component/auth/tokens/tokens.go b/internal/dis/component/auth/tokens/tokens.go
index b77f8e2..52ca676 100644
--- a/internal/dis/component/auth/tokens/tokens.go
+++ b/internal/dis/component/auth/tokens/tokens.go
@@ -113,7 +113,16 @@ func (tok *Tokens) Add(ctx context.Context, user string, description string, sco
 	}
 	mk.SetScopes(scopes)
 
-	// generate a new random password
+	// generate a new id for the token
+	{
+		var err error
+		mk.TokenID, err = NewToken()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// generate the actual token
 	var err error
 	mk.Token, err = NewToken()
 	if err != nil {
@@ -136,7 +145,7 @@ func (tok *Tokens) Add(ctx context.Context, user string, description string, sco
 }
 
 // Remove removes a token with the given token from the user
-func (tok *Tokens) Remove(ctx context.Context, user, token string) error {
+func (tok *Tokens) Remove(ctx context.Context, user, id string) error {
 	// get the table
 	table, err := tok.table(ctx)
 	if err != nil {
@@ -144,5 +153,5 @@ func (tok *Tokens) Remove(ctx context.Context, user, token string) error {
 	}
 
 	// and do the delete
-	return table.Where("user = ? AND token = ?", user, token).Delete(&models.Token{}).Error
+	return table.Where("user = ? AND id = ?", user, id).Delete(&models.Token{}).Error
 }
diff --git a/internal/models/token.go b/internal/models/token.go
index 9c50b22..5123437 100644
--- a/internal/models/token.go
+++ b/internal/models/token.go
@@ -11,8 +11,10 @@ const TokensTable = "tokens"
 type Token struct {
 	Pk uint `gorm:"column:pk;primaryKey"`
 
-	Token string `gorm:"column:token;unique:true;not null"`
-	User  string `gorm:"column:user;not null"` // (distillery) username
+	Token   string `json:"-" gorm:"column:token;unique:true;not null"` // token used by the actual api (shown only once)
+	TokenID string `gorm:"column:id;unique:true;not null"`             // token id (displayed to user, used for finding it)
+
+	User string `gorm:"column:user;not null"` // (distillery) username
 
 	Description string `gorm:"column:description"`