Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GT-184] Add support for renewing API credentials #464

Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 23 additions & 3 deletions htdocs/web_portal/controllers/site/edit_api_auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,11 @@
require_once __DIR__.'/../utils.php';
require_once __DIR__.'/../../../../lib/Gocdb_Services/Factory.php';

use Exception;

/**
* Controller to edit authentication entity request
* Controller to either edit authentication entity request or renewal request.
*
* @global array $_POST only set if the browser has POSTed data
* @return null
*/
Expand Down Expand Up @@ -70,12 +73,30 @@ function draw(\User $user = null, \APIAuthentication $authEnt = null, \Site $sit
$params['authTypes'][]='OIDC Subject';
$params['user'] = $user;

if ($_REQUEST['isRenewalRequest']) {
$params['isRenewalRequest'] = true;
}

show_view("site/edit_api_auth.php", $params);
die();
}

/**
* If this receives a POST request,
* it can be either to edit an API authentication entity or
* to update the `$lastRenewTime` in `APIAuthentication`.
*/
function submit(\User $user, \APIAuthentication $authEnt, \Site $site, org\gocdb\services\Site $serv) {
$newValues = getAPIAuthenticationFromWeb();

$params = array();

if ($_REQUEST['isRenewalRequest']) {
// Need this variable to call `editAPIAuthEntity` function.
$newValues['isRenewalRequest'] = true;
$params['isRenewalRequest'] = true;
} else {
$newValues = getAPIAuthenticationFromWeb();
}

try {
$authEnt = $serv->editAPIAuthEntity($authEnt, $user, $newValues);
Expand All @@ -84,7 +105,6 @@ function submit(\User $user, \APIAuthentication $authEnt, \Site $site, org\gocdb
die();
}

$params = array();
$params['apiAuthenticationEntity'] = $authEnt;
$params['site'] = $site;
show_view("site/edited_api_auth.php", $params);
Expand Down
84 changes: 75 additions & 9 deletions htdocs/web_portal/views/site/edit_api_auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,16 @@
$user = $params['user'];
$entUser = $params['authEnt']->getUser();

echo('<h1>Edit API credential for ');
echo('<h1>');
if ($params['isRenewalRequest']) {
echo('Renew API credential for ');
} else {
echo('Edit API credential for ');
}
xecho($params['site']->getName());
echo('</h1>');

if (!is_null($entUser)) {

echo('<h4>This credential is linked to GOCDB user ');
echo('<a href="');
xecho(\GocContextPath::getPath());
Expand All @@ -22,14 +26,24 @@
// entities created prior to GOCDB5.8 have a null owning user
if ($entUser->getId() != $user->getId()) {
echo('<div class="input_warning">');
echo("WARNING: editing will change the linked user from '");
if ($params['isRenewalRequest']) {
echo(
"WARNING: Renewing this will change the linked user from '"
);
} else {
echo("WARNING: Editing will change the linked user from '");
}
xecho($entUser->getFullname());
echo("' to '");
xecho($user->getFullname());
echo("'. Click the browser Back button to cancel the edit.</div>");
echo("'. Click the browser Back button to cancel the");
if ($params['isRenewalRequest']) {
echo(' renewal.</div>');
} else {
echo(' edit.</div>');
}

} else {
}
} else {
// This clause should be deleted or replaced with exception after all
// authentication entities are assigned a user.
echo('<div class="input_warning">');
Expand All @@ -41,18 +55,31 @@
<form class="inputForm" method="post" action="index.php?Page_Type=Edit_API_Authentication_Entity&parentid=<?php echo($params['site']->getId())?>&authentityid=<?php xecho($params['authEnt']->getId())?>" name="addAPIAuthenticationEntity">
<div style="margin-bottom: 0.5em;">
<span class="input_name">Identifier (e.g. Certificate DN or OIDC Subject)*</span>
<input type="text" value="<?php xecho($params['authEnt']->getIdentifier()) ?>" name="IDENTIFIER" class="input_input_text">
<input
type="text"
value="<?php xecho($params['authEnt']->getIdentifier()); ?>"
name="IDENTIFIER"
class="input_input_text"
<?= $params['isRenewalRequest'] ? 'disabled' : ''; ?>
>
</div>

<div style="margin-bottom: 0.5em;">
<span class="input_name">Credential type*</span>
<select name="TYPE" class="input_input_text">
<select
name="TYPE"
class="input_input_text"
<?= $params['isRenewalRequest'] ? 'disabled' : ''; ?>
>
<?php foreach($params['authTypes'] as $authType) {?>
<option value="<?php xecho($authType) ?>"<?php if ($params['authEnt']->getType() == $authType) {echo " selected=\"selected\"";} ?>>
<?php xecho($authType) ?>
</option>
<?php } ?>
</select>
</div>

<?php if (!($params['isRenewalRequest'])) { ?>
<div style="margin-bottom: 1em">
<div class="input_warning">
WARNING: it is possible to delete information using the write functionality of the API. Leave Allow API write unchecked if
Expand All @@ -67,6 +94,45 @@
<label class="input_label" for="ALLOW_WRITE">Allow API write</label>
</div>
</div>
<input type="submit" value="Edit credential" class="input_button">
<?php } else { ?>
<div>
<p>
Note: If you wish to edit the content for either Identifier
or Credential type. Please, visit the
<?php
echo('<a href="');
xecho(\GocContextPath::getPath());
echo('index.php?Page_Type=Edit_API_Authentication_Entity');
echo('&authentityid=');
echo($params['authEnt']->getId());
echo('">');
echo('Edit API credential');
echo('</a>');
?> page.
</p>
</div>
<?php } ?>

<br><p> Are you sure you want to continue? </P>

<div>
<?php if ($params['isRenewalRequest']) { ?>
<input
class="input_input_hidden"
type="hidden"
name="isRenewalRequest"
value=true />
<?php } ?>
<input
type="submit"
class="input_button"
value="<?php
if ($params['isRenewalRequest']) {
echo 'Renew credential';
} else {
echo 'Edit credential';
} ?>"
/>
</div>
</form>
</div>
13 changes: 12 additions & 1 deletion htdocs/web_portal/views/site/edited_api_auth.php
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
<div class="rightPageContainer">
<h1 class="Success">Success</h1><br />
The API authenication credential has now been updated. Type:<?php xecho($params['apiAuthenticationEntity']->getType()) ?>, identifier: <?php xecho($params['apiAuthenticationEntity']->getIdentifier()) ?>.
The API authenication credential has now been
<?php
if ($params['isRenewalRequest']) {
echo 'renewed,';
} else {
echo 'updated. Type: ';
xecho($params['apiAuthenticationEntity']->getType());
echo ',';
}
?>
identifier:
<?php xecho($params['apiAuthenticationEntity']->getIdentifier()) ?>.
<br />
<a href="index.php?Page_Type=Site&amp;id=<?php echo $params['site']->getID(); ?>">
View site</a>
Expand Down
31 changes: 31 additions & 0 deletions htdocs/web_portal/views/site/view_site.php
Original file line number Diff line number Diff line change
Expand Up @@ -607,8 +607,12 @@ class="header"
<th>Type</th>
<th>Identifier</th>
<th>User</th>
<th style="text-align:center;white-space: nowrap">
Last Renewed
</th>
<th style="text-align:center;white-space: nowrap">Last Used</th>
<th style="text-align:center">Write</th>
<th style="text-align:center;">Renew</th>
<th style="text-align:center;">Edit</th>
<th style="text-align:center">Delete</th>
</tr>
Expand Down Expand Up @@ -649,6 +653,17 @@ class="header"
}
?>
</td>
<td style="text-align:center">
<?php
$useTime = $APIAuthEnt->getLastRenewTime();
$titleStr = 'Last renewed '
. $useTime->format('d-m-Y H:iTP');

echo '<div title="' . $titleStr . '">';
echo $useTime->format('d-m-y');
echo '</div>';
?>
</td>
<td style="text-align:center">
<?php
$useTime = $APIAuthEnt->getLastUseTime();
Expand All @@ -672,6 +687,22 @@ class="header"
} ?>
/>
</td>
<td style="width: 8%; text-align: center;">
<?php if (!$portalIsReadOnly) : ?>
<?php
$searchName = 'Edit_API_Authentication_Entity';
$actionURLPath = "index.php"
. "?Page_Type=" . $searchName
. "&amp;"
. "authentityid=" . $APIAuthEnt->getId()
. "&amp;"
. "isRenewalRequest=true";
?>
<form action=<?= $actionURLPath; ?> method="post">
<button type="submit">Renew</button>
</form>
<?php endif;?>
</td>
<td style="width: 8%;"align = "center">
<?php if (!$portalIsReadOnly) :?>
<form action="index.php?Page_Type=Edit_API_Authentication_Entity&amp;
Expand Down
Loading
Loading