client secret only visible on creation

josxha · Oct 18, 2023 · e19825f · e19825f
1 parent 1a6c60f
commit e19825f
Show file tree

Hide file tree

Showing 6 changed files with 122 additions and 70 deletions.
diff --git a/OryAdmin/Components/Pages/OAuth2/Clients/Create.razor b/OryAdmin/Components/Pages/OAuth2/Clients/Create.razor
@@ -8,44 +8,54 @@
 <PageTitle>Create Client</PageTitle>
 
 <h1 class="title">Create Client</h1>
-@if (_isLoading)
-{
-    // is loading
-    <p>Loading data...</p>
-}
-else
-{
-    <form @onsubmit="SubmitForm">
-        <div class="field">
-            <label class="label">
-                Client Name
-                <div class="control">
-                    <input type="text" class="input" value="@_client.ClientName"
-                           @onchange="args => _client.ClientName = args.Value?.ToString()"/>
-                </div>
-            </label>
-        </div>
-        <div class="field">
-            <label class="label">
-                Client Secret
-                <div class="control">
-                    <input type="text" class="input" value="@_client.ClientSecret"
-                           @onchange="args => _client.ClientSecret = args.Value?.ToString()"/>
-                </div>
-            </label>
-        </div>
-        <div class="message is-warning p-2 @(string.IsNullOrWhiteSpace(_errorMessage) ? "is-hidden" : "")">
-            @_errorMessage
-        </div>
-        <div class="mt-5">
-            <div class="buttons">
-                <a class="button" href="oauth2/clients">
-                    Cancel
-                </a>
-                <button type="submit" class="button is-success">
-                    Save
-                </button>
+<form @onsubmit="SubmitForm">
+    <div class="field">
+        <label class="label">
+            Client Name
+            <div class="control">
+                <input type="text" class="input" value="@_client.ClientName"
+                       @onchange="args => _client.ClientName = args.Value?.ToString()"/>
             </div>
+        </label>
+    </div>
+    <div class="message is-warning p-2 @(string.IsNullOrWhiteSpace(_errorMessage) ? "is-hidden" : "")">
+        @_errorMessage
+    </div>
+    <div class="mt-5">
+        <div class="buttons">
+            <a class="button" href="oauth2/clients">
+                Cancel
+            </a>
+            <button type="submit" class="button is-success">
+                Save
+            </button>
         </div>
-    </form>
-}
+    </div>
+</form>
+<div id="client-created-modal" class="modal @(_createdClient != null ? "is-active" : "")">
+    <div class="modal-background"></div>
+    <div class="modal-card">
+        <header class="modal-card-head">
+            <p class="modal-card-title">Client Created</p>
+        </header>
+        <section class="modal-card-body">
+            <p>The OAuth 2 client "@_createdClient?.ClientName" was successfully created.</p>
+            <div class="field">
+                <label class="label">
+                    Your Client Secret:
+                    <div class="control">
+                        <input type="text" class="input" readonly value="@_createdClient?.ClientSecret"/>
+                    </div>
+                </label>
+            </div>
+            <div class="message is-warning p-2 mt-3">
+                Please store your Client Secret because it can only be viewed once.
+            </div>
+        </section>
+        <footer class="modal-card-foot">
+            <div class="button is-info" @onclick="GotoIndexPage">
+                Done
+            </div>
+        </footer>
+    </div>
+</div>
diff --git a/OryAdmin/Components/Pages/OAuth2/Clients/Create.razor.cs b/OryAdmin/Components/Pages/OAuth2/Clients/Create.razor.cs
@@ -8,28 +8,25 @@ namespace OryAdmin.Components.Pages.OAuth2.Clients;
 public partial class Create
 {
     private readonly HydraOAuth2Client _client = new();
+    private HydraOAuth2Client? _createdClient;
     private string? _errorMessage;
-    private bool _isLoading = true;
 
     [Inject] private ApiService ApiService { get; set; } = default!;
 
-    protected override async Task OnInitializedAsync()
-    {
-        _isLoading = false;
-    }
-
     private async Task SubmitForm()
     {
         try
         {
-            _ = await ApiService.HydraOAuth2.CreateOAuth2ClientAsync(_client);
+            _createdClient = await ApiService.HydraOAuth2.CreateOAuth2ClientAsync(_client);
         }
         catch (ApiException exception)
         {
             _errorMessage = exception.Message;
-            return;
         }
+    }
 
+    private void GotoIndexPage()
+    {
         Navigation.NavigateTo("oauth2/clients");
     }
 }
diff --git a/OryAdmin/Components/Pages/OAuth2/Clients/Edit.razor b/OryAdmin/Components/Pages/OAuth2/Clients/Edit.razor
@@ -22,16 +22,7 @@ else
                 Client Name
                 <div class="control">
                     <input type="text" class="input" value="@_client?.ClientName"
-                           @onchange="args => AddPatch(new HydraJsonPatch())"/>
-                </div>
-            </label>
-        </div>
-        <div class="field">
-            <label class="label">
-                Client Secret
-                <div class="control">
-                    <input type="text" class="input" value="@_client?.ClientSecret"
-                           @onchange="args => AddPatch(new HydraJsonPatch())"/>
+                           @onchange="args => _client!.ClientName = args.Value?.ToString()"/>
                 </div>
             </label>
         </div>

diff --git a/OryAdmin/Components/Pages/OAuth2/Clients/Edit.razor.cs b/OryAdmin/Components/Pages/OAuth2/Clients/Edit.razor.cs
@@ -14,8 +14,6 @@ public partial class Edit
     [Parameter]
     public required string ClientId { get; set; }
 
-    private readonly List<HydraJsonPatch> _patches = new();
-
     [Inject] private ApiService ApiService { get; set; } = default!;
 
     protected override async Task OnInitializedAsync()
@@ -28,7 +26,7 @@ private async Task SubmitForm()
     {
         try
         {
-            _ = await ApiService.HydraOAuth2.PatchOAuth2ClientAsync(ClientId, _patches);
+            _ = await ApiService.HydraOAuth2.SetOAuth2ClientAsync(ClientId, _client);
         }
         catch (ApiException exception)
         {
@@ -38,9 +36,4 @@ private async Task SubmitForm()
 
         Navigation.NavigateTo("oauth2/clients");
     }
-
-    private void AddPatch(HydraJsonPatch patch)
-    {
-        _patches.Add(patch);
-    }
 }
diff --git a/OryAdmin/Components/Pages/OAuth2/Clients/View.razor b/OryAdmin/Components/Pages/OAuth2/Clients/View.razor
@@ -29,7 +29,7 @@ else
             </tr>
             <tr>
                 <td>Client Secret</td>
-                <td>@(string.IsNullOrWhiteSpace(_client.ClientSecret) ? "-" : _client.ClientSecret)</td>
+                <td>**************************</td>
             </tr>
             <tr>
                 <td>Client Secret Expires At</td>
@@ -61,12 +61,16 @@ else
             <a class="button is-info" href="oauth2/clients/@(_client!.ClientId)/edit">
                 Edit Client
             </a>
+            <button class="js-modal-trigger button is-warning" data-target="new-client-secret-modal"
+                    type="button" @onclick="() => _confirmNewSecretModal = true">
+                Reset Client Secret
+            </button>
             <button class="js-modal-trigger button is-danger" data-target="delete-client-modal"
                     type="button" @onclick="ShowDeleteModal">
                 Delete Client
             </button>
         </div>
-        <div id="delete-client-modal" class="modal @(_showDeleteModal ? "is-active" : "")">
+        <div id="delete-client-modal" class="modal @(_confirmDeleteClientModal ? "is-active" : "")">
             <div class="modal-background"></div>
             <div class="modal-card">
                 <header class="modal-card-head">
@@ -89,6 +93,54 @@ else
             </div>
         </div>
     </div>
+    <div id="delete-client-modal" class="modal @(_confirmNewSecretModal ? "is-active" : "")">
+        <div class="modal-background"></div>
+        <div class="modal-card">
+            <header class="modal-card-head">
+                <p class="modal-card-title">Reset Client Secret</p>
+                <button class="delete" aria-label="close" @onclick="() => _confirmNewSecretModal = true"></button>
+            </header>
+            <section class="modal-card-body">
+                <p>Are you sure to generate a new client secret?</p>
+                <p>This will delete the old client secret and replace it with a newly generated one.</p>
+            </section>
+            <footer class="modal-card-foot">
+                <button class="button" data-target="delete-client-modal"
+                        type="button" @onclick="() => _confirmNewSecretModal = false">
+                    Cancel
+                </button>
+                <div class="button is-danger" @onclick="CreateNewClientSecret">
+                    Accept
+                </div>
+            </footer>
+        </div>
+    </div>
+    <div id="delete-client-modal" class="modal @(_showNewSecretModal ? "is-active" : "")">
+        <div class="modal-background"></div>
+        <div class="modal-card">
+            <header class="modal-card-head">
+                        <p class="modal-card-title">New Client Secret generated</p>
+                    </header>
+                    <section class="modal-card-body">
+                        <div class="field">
+                            <label class="label">
+                                New Client Secret:
+                                <div class="control">
+                                    <input type="text" class="input" readonly value="@_client?.ClientSecret"/>
+                                </div>
+                            </label>
+                        </div>
+                        <div class="message is-warning p-2 mt-3">
+                            Please store your Client Secret because it can only be viewed once.
+                        </div>
+                    </section>
+                    <footer class="modal-card-foot">
+                        <div class="button is-info" @onclick="() => _showNewSecretModal = false">
+                            Done
+                        </div>
+                    </footer>
+        </div>
+    </div>
 
     <div class="box">
         <h1 class="title">Consent screen</h1>

diff --git a/OryAdmin/Components/Pages/OAuth2/Clients/View.razor.cs b/OryAdmin/Components/Pages/OAuth2/Clients/View.razor.cs
@@ -8,7 +8,9 @@ public partial class View
 {
     private HydraOAuth2Client? _client;
     private bool _isLoading = true;
-    private bool _showDeleteModal;
+    private bool _confirmDeleteClientModal;
+    private bool _confirmNewSecretModal;
+    private bool _showNewSecretModal;
     [Parameter] public string? ClientId { get; set; }
     [Inject] private ApiService ApiService { get; set; } = default!;
 
@@ -31,11 +33,18 @@ private async Task DeleteClient()
 
     private void ShowDeleteModal()
     {
-        _showDeleteModal = true;
+        _confirmDeleteClientModal = true;
     }
 
     private void HideDeleteModal()
     {
-        _showDeleteModal = false;
+        _confirmDeleteClientModal = false;
+    }
+
+    private async Task CreateNewClientSecret()
+    {
+        _confirmNewSecretModal = false;
+        // TODO generate new client secret
+        _showNewSecretModal = true;
     }
 }