Skip to content

Commit

Permalink
[GT-184] Add support for renewing API credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
@Sae126V
Sae126V committed Aug 7, 2023
1 parent a8d8285 commit 6f26459
Show file tree
Hide file tree
Showing 13 changed files with 457 additions and 115 deletions.
100 changes: 75 additions & 25 deletions htdocs/web_portal/controllers/site/edit_api_auth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,23 +21,41 @@
* See the License for the specific language governing permissions and
* limitations under the License.
/*======================================================*/
require_once __DIR__.'/../../../web_portal/components/Get_User_Principle.php';
require_once __DIR__.'/../utils.php';
require_once __DIR__.'/../../../../lib/Gocdb_Services/Factory.php';
require_once __DIR__ . '/../../../web_portal/components/Get_User_Principle.php';
require_once __DIR__ . '/../utils.php';
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';

use Exception;

/**
* Controller to edit authentication entity request
* Controller to either edit authentication entity request or renewal request.
*
* @global array $_POST only set if the browser has POSTed data
* @return null
*/
function edit_entity() {
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
function edit_entity()
{
list($user, $authEnt, $site, $serv) = initialize();

if ($_POST) {
submit($user, $authEnt, $site, $serv);
} else {
draw($user, $authEnt, $site);
}
}

//Check the portal is not in read only mode, returns exception if it is and user is not an admin
function initialize()
{
$identifier = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($identifier);

/**
* Check the portal is not in read only mode,
* returns exception if it is and user is not an admin.
*/
checkPortalIsNotReadOnlyOrUserIsAdmin($user);

if (!isset($_REQUEST['authentityid']) || !is_numeric($_REQUEST['authentityid']) ){
if (!isset($_REQUEST['authentityid']) || !is_numeric($_REQUEST['authentityid'])) {
throw new Exception("A authentication entity id must be specified in the url");
}

Expand All @@ -47,48 +65,80 @@ function edit_entity() {

// Validate the user has permission to edit properties
if (!$serv->userCanEditSite($user, $site)) {
throw new \Exception("Permission denied: a site role is required to edit authentication entities at " . $site->getShortName());
throw new \Exception(
"Permission denied: a site role is required to edit authentication entities at " .
$site->getShortName()
);
}

if($_POST) { // If we receive a POST request it's to edit an authentication entity
submit($user, $authEnt, $site, $serv);
} else { // If there is no post data, draw the edit authentication entity form
draw($user, $authEnt, $site);
}
return [$user, $authEnt, $site, $serv];
}

function draw(\User $user = null, \APIAuthentication $authEnt = null, \Site $site = null) {
if(is_null($user)){
/**
* Helper to draw either the edit or renewal authentication entity form.
*
* @param \User|null $user
* @param \APIAuthentication|null $authEntity
* @param \Site|null $site
* @throws \Exception
*/
function draw(
\User $user = null,
\APIAuthentication $authEnt = null,
\Site $site = null
) {
if (is_null($user)) {
throw new Exception("Unregistered users can't edit authentication credentials");
}

$params = array();
$params['site'] = $site;
$params['authEnt'] = $authEnt;
$params['authTypes'] = array();
$params['authTypes'][]='X.509';
$params['authTypes'][]='OIDC Subject';
$params['authTypes'][] = 'X.509';
$params['authTypes'][] = 'OIDC Subject';
$params['user'] = $user;

if ($_REQUEST['isRenewalRequest']) {
$params['isRenewalRequest'] = true;
}
show_view("site/edit_api_auth.php", $params);
die();
}

function submit(\User $user, \APIAuthentication $authEnt, \Site $site, org\gocdb\services\Site $serv) {
$newValues = getAPIAuthenticationFromWeb();
/**
* If this receives a POST request, it can be either to edit an API authentication entity
* or to update the `$lastRenewTime` in `APIAuthentication`.
*
* @param \User $user
* @param \APIAuthentication $authEntity
* @param \Site $site
* @param org\gocdb\services\Site $service
*/
function submit(
\User $user,
\APIAuthentication $authEnt,
\Site $site,
org\gocdb\services\Site $serv
) {
$params = array();

if ($_REQUEST['isRenewalRequest']) {
$newValues['isRenewalRequest'] = $params['isRenewalRequest'] = true;
} else {
$newValues = getAPIAuthenticationFromWeb();
}

try {
$authEnt = $serv->editAPIAuthEntity($authEnt, $user, $newValues);
} catch(Exception $e) {
} catch (Exception $e) {
show_view('error.php', $e->getMessage());
die();
}

$params = array();
$params['apiAuthenticationEntity'] = $authEnt;
$params['site'] = $site;

show_view("site/edited_api_auth.php", $params);
die();


}
1 change: 1 addition & 0 deletions htdocs/web_portal/img/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,4 @@
|trash.png|[Link](http://www.softicons.com/business-icons/ecommerce-and-business-icons-by-designcontest.com/trash-icon)|CC Attribution 3.0 Unported|DesignContest.com|
|user.png|[Link](http://www.iconarchive.com/show/ravenna-3d-icons-by-double-j-design/Users-icon.html)|CC Attribution 4.0|Double-J Design|
|virtualsite.png|[Link](http://www.softicons.com/android-icons/mobile-icon-set-by-webiconset.com/maps-icon)|Free Use of icon| WebIconSet.com|
|refresh_key.png|[Link](https://www.softicons.com/toolbar-icons/free-mobile-icon-kit-by-happy-icon-studio/refresh-key-silver-icon)|Free Use of icon| WebIconSet.com|
Binary file added htdocs/web_portal/img/refresh_key.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
57 changes: 46 additions & 11 deletions htdocs/web_portal/views/site/edit_api_auth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,16 @@
$user = $params['user'];
$entUser = $params['authEnt']->getUser();

echo('<h1>Edit API credential for ');
echo('<h1>');
if ($params['isRenewalRequest']) {
echo('Renew API credential for ');
} else {
echo('Edit API credential for ');
}
xecho($params['site']->getName());
echo('</h1>');

if (!is_null($entUser)) {

echo('<h4>This credential is linked to GOCDB user ');
echo('<a href="');
xecho(\GocContextPath::getPath());
Expand All @@ -22,14 +26,22 @@
// entities created prior to GOCDB5.8 have a null owning user
if ($entUser->getId() != $user->getId()) {
echo('<div class="input_warning">');
echo("WARNING: editing will change the linked user from '");
if ($params['isRenewalRequest']) {
echo("WARNING: Renewing this will change the linked user from '");
} else {
echo("WARNING: Editing will change the linked user from '");
}
xecho($entUser->getFullname());
echo("' to '");
xecho($user->getFullname());
echo("'. Click the browser Back button to cancel the edit.</div>");
echo("'. Click the browser Back button to cancel the");
if ($params['isRenewalRequest']) {
echo(' renewal.</div>');
} else {
echo(' edit.</div>');
}

} else {
}
} else {
// This clause should be deleted or replaced with exception after all
// authentication entities are assigned a user.
echo('<div class="input_warning">');
Expand All @@ -41,23 +53,36 @@
<form class="inputForm" method="post" action="index.php?Page_Type=Edit_API_Authentication_Entity&parentid=<?php echo($params['site']->getId())?>&authentityid=<?php xecho($params['authEnt']->getId())?>" name="addAPIAuthenticationEntity">
<div style="margin-bottom: 0.5em;">
<span class="input_name">Identifier (e.g. Certificate DN or OIDC Subject)*</span>
<input type="text" value="<?php xecho($params['authEnt']->getIdentifier()) ?>" name="IDENTIFIER" class="input_input_text">
<input
type="text"
value="<?php xecho($params['authEnt']->getIdentifier()) ?>"
name="IDENTIFIER"
class="input_input_text"
<?php echo $params['isRenewalRequest'] ? 'disabled' : ''; ?>
>
</div>

<div style="margin-bottom: 0.5em;">
<span class="input_name">Credential type*</span>
<select name="TYPE" class="input_input_text">
<select
name="TYPE"
class="input_input_text"
<?php echo $params['isRenewalRequest'] ? 'disabled' : ''; ?>
>
<?php foreach($params['authTypes'] as $authType) {?>
<option value="<?php xecho($authType) ?>"<?php if ($params['authEnt']->getType() == $authType) {echo " selected=\"selected\"";} ?>>
<?php xecho($authType) ?>
</option>
<?php } ?>
</select>
</div>
<?php if (!($params['isRenewalRequest'])) {?>
<div style="margin-bottom: 1em">
<div class="input_warning">
WARNING: it is possible to delete information using the write functionality of the API. Leave Allow API write unchecked if
you do not need to write data.
WARNING: It is possible to delete information using the write functionality of the API.
Leave Allow API write unchecked if you do not need to write data.
</div>

<div class="input_checkbox">
<input type="checkbox" name="ALLOW_WRITE" id="ALLOW_WRITE" value="checked"
<?php
Expand All @@ -67,6 +92,16 @@
<label class="input_label" for="ALLOW_WRITE">Allow API write</label>
</div>
</div>
<input type="submit" value="Edit credential" class="input_button">
<?php } ?>

<?php if ($params['isRenewalRequest']) {
echo '<br><p> Are you sure you want to continue? </P>';
echo '<input class="input_input_hidden" type="hidden" name="isRenewalRequest" value=true />';
} ?>
<input
type="submit"
value="<?php echo $params['isRenewalRequest'] ? 'Renew credential' : 'Edit credential'; ?>"
class="input_button"
>
</form>
</div>
12 changes: 11 additions & 1 deletion htdocs/web_portal/views/site/edited_api_auth.php
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
<div class="rightPageContainer">
<h1 class="Success">Success</h1><br />
The API authenication credential has now been updated. Type:<?php xecho($params['apiAuthenticationEntity']->getType()) ?>, identifier: <?php xecho($params['apiAuthenticationEntity']->getIdentifier()) ?>.
The API authenication credential has now been
<?php if ($params['isRenewalRequest']) {
echo 'renewed for';
} else {
echo 'updated. Type: ';
xecho($params['apiAuthenticationEntity']->getType());
echo ',';
}
?>
identifier:
<?php xecho($params['apiAuthenticationEntity']->getIdentifier()) ?>.
<br />
<a href="index.php?Page_Type=Site&amp;id=<?php echo $params['site']->getID(); ?>">
View site</a>
Expand Down
27 changes: 27 additions & 0 deletions htdocs/web_portal/views/site/view_site.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -607,6 +607,7 @@ class="header"
<th>Type</th>
<th>Identifier</th>
<th>User</th>
<th style="text-align:center;white-space: nowrap">Last Renewed</th>
<th style="text-align:center;white-space: nowrap">Last Used</th>
<th style="text-align:center">Write</th>
<th style="text-align:center;">Edit</th>
Expand Down Expand Up @@ -649,6 +650,32 @@ class="header"
}
?>
</td>
<td style="text-align:center">
<?php
$useTime = $APIAuthEnt->getLastRenewTime();
$titleStr = 'Last renewed ' . $useTime->format('d-m-Y H:iTP');
echo '<div title="' . $titleStr . '">';
?>
<?php if (!$portalIsReadOnly) :?>
<form action="index.php?Page_Type=Edit_API_Authentication_Entity&amp;
authentityid=<?php echo $APIAuthEnt->getId();?>&amp;
isRenewalRequest=true"
method="post">
<button type="submit">
<?php
echo '<img height="18px" src="'
. \GocContextPath::getPath()
. 'img/refresh_key.png"';
echo 'title="Renew the API credentials"' . '/>';
?>
</button>
<?php
echo $useTime->format('d-m-y');
echo '</div>';
?>
</form>
<?php endif;?>
</td>
<td style="text-align:center">
<?php
$useTime = $APIAuthEnt->getLastUseTime();
Expand Down
Loading

0 comments on commit 6f26459

Please sign in to comment.