Add regenerate secret feature for oauth2 (#6291)

jonasfranz · web-flow · commit 8fffb0616866 · 2019-03-09T17:29:58.000+01:00
* Add regenerate secret functionality

* Fix lint
diff --git a/routers/routes/routes.go b/routers/routes/routes.go
@@ -302,6 +302,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 		m.Group("/applications/oauth2", func() {
 			m.Get("/:id", userSetting.OAuth2ApplicationShow)
 			m.Post("/:id", bindIgnErr(auth.EditOAuth2ApplicationForm{}), userSetting.OAuthApplicationsEdit)
+			m.Post("/:id/regenerate_secret", userSetting.OAuthApplicationsRegenerateSecret)
 			m.Post("", bindIgnErr(auth.EditOAuth2ApplicationForm{}), userSetting.OAuthApplicationsPost)
 			m.Post("/delete", userSetting.DeleteOAuth2Application)
 		})
diff --git a/routers/user/setting/oauth2.go b/routers/user/setting/oauth2.go
@@ -78,6 +78,34 @@ func OAuthApplicationsEdit(ctx *context.Context, form auth.EditOAuth2Application
 	ctx.HTML(200, tplSettingsOAuthApplications)
 }
 
+// OAuthApplicationsRegenerateSecret handles the post request for regenerating the secret
+func OAuthApplicationsRegenerateSecret(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("settings")
+	ctx.Data["PageIsSettingsApplications"] = true
+
+	app, err := models.GetOAuth2ApplicationByID(ctx.ParamsInt64("id"))
+	if err != nil {
+		if models.IsErrOAuthApplicationNotFound(err) {
+			ctx.NotFound("Application not found", err)
+			return
+		}
+		ctx.ServerError("GetOAuth2ApplicationByID", err)
+		return
+	}
+	if app.UID != ctx.User.ID {
+		ctx.NotFound("Application not found", nil)
+		return
+	}
+	ctx.Data["App"] = app
+	ctx.Data["ClientSecret"], err = app.GenerateClientSecret()
+	if err != nil {
+		ctx.ServerError("GenerateClientSecret", err)
+		return
+	}
+	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
+	ctx.HTML(200, tplSettingsOAuthApplications)
+}
+
 // OAuth2ApplicationShow displays the given application
 func OAuth2ApplicationShow(ctx *context.Context) {
 	app, err := models.GetOAuth2ApplicationByID(ctx.ParamsInt64("id"))
diff --git a/templates/user/settings/applications_oauth2_edit.tmpl b/templates/user/settings/applications_oauth2_edit.tmpl
@@ -30,7 +30,10 @@
 			<div class="item">
 				<!-- TODO add regenerate secret functionality */ -->
 				{{.i18n.Tr "settings.oauth2_regenerate_secret_hint"}}
-				<a onclick="alert('Not yet implemented.')">{{.i18n.Tr "settings.oauth2_regenerate_secret"}}</a>
+				<form class="ui form ignore-dirty" action="{{$.AppSubURL}}/user/settings/applications/oauth2/{{.App.ID}}/regenerate_secret" method="post">
+					{{.CsrfTokenHtml}}
+					<a href="#" onclick="event.target.parentNode.submit()">{{.i18n.Tr "settings.oauth2_regenerate_secret"}}</a>
+				</form>
 			</div>
 		</div>
 		<div class="ui attached bottom segment">
