From 42d0f302bfafd798db59d5dd5863540123dbcdf6 Mon Sep 17 00:00:00 2001
From: Evert Prants <evert@lunasqu.ee>
Date: Fri, 9 Sep 2022 17:37:21 +0300
Subject: [PATCH] delete clients

---
 .../api/admin/oauth2-admin.controller.ts      | 159 +++++++++++-------
 .../oauth2-client/oauth2-client.service.ts    |   4 +
 2 files changed, 101 insertions(+), 62 deletions(-)

diff --git a/src/modules/api/admin/oauth2-admin.controller.ts b/src/modules/api/admin/oauth2-admin.controller.ts
index f464032..23f239c 100644
--- a/src/modules/api/admin/oauth2-admin.controller.ts
+++ b/src/modules/api/admin/oauth2-admin.controller.ts
@@ -53,7 +53,7 @@ const SET_CLIENT_FIELDS = [
 
 const URL_TYPES = ['redirect_uri', 'terms', 'privacy', 'website'];
 
-const REQUIRED_CLIENT_FIELDS = ['title', 'scope', 'grants', 'activated'];
+const REQUIRED_CLIENT_FIELDS = ['title', 'grants', 'activated'];
 
 @ApiBearerAuth()
 @ApiTags('admin')
@@ -141,6 +141,71 @@ export class OAuth2AdminController {
     };
   }
 
+  // New client
+  @Post('clients')
+  @Scopes('management')
+  @Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
+  async createNewClient(
+    @Body() setter: Partial<OAuth2Client>,
+    @CurrentUser() user: User,
+  ) {
+    const allowedFieldsOnly = this._form.pluckObject(setter, SET_CLIENT_FIELDS);
+    const reducedPermissions = !this._service.userHasPrivilege(
+      user,
+      'admin:oauth2',
+    );
+
+    if (!Object.keys(allowedFieldsOnly).length) {
+      throw new BadRequestException('Required fields are missing');
+    }
+
+    if (REQUIRED_CLIENT_FIELDS.some((field) => setter[field] === undefined)) {
+      throw new BadRequestException('Required fields are missing');
+    }
+
+    const splitGrants = (allowedFieldsOnly.grants || '')
+      .trim()
+      .split(' ')
+      .filter((item) => item);
+    const splitScopes = (allowedFieldsOnly.scope || '')
+      .trim()
+      .split(' ')
+      .filter((item) => item);
+    let availableGrantTypes = this._oaClient.availableGrantTypes;
+    let availableScopes = this._oaClient.availableScopes;
+
+    if (reducedPermissions) {
+      availableGrantTypes =
+        this._service.removeUnprivileged(availableGrantTypes);
+      availableScopes = this._service.removeUnprivileged(availableScopes);
+      allowedFieldsOnly.activated = true;
+    }
+
+    if (!splitGrants.every((grant) => availableGrantTypes.includes(grant))) {
+      throw new BadRequestException('Bad grant types');
+    }
+
+    if (!splitScopes.every((scope) => availableScopes.includes(scope))) {
+      throw new BadRequestException('Bad scopes');
+    }
+
+    const urls = setter.urls?.slice();
+    delete allowedFieldsOnly.urls;
+
+    const client = new OAuth2Client();
+    Object.assign(client, allowedFieldsOnly);
+    client.client_id = this._token.createUUID();
+    client.client_secret = this._token.generateSecret();
+    client.owner = user;
+    await this._oaClient.updateClient(client);
+
+    if (urls?.length) {
+      await this._oaClient.upsertURLs(client, urls);
+    }
+
+    return this._oaClient.stripClientInfo(client);
+  }
+
   @Get('clients/:id')
   @Scopes('management')
   @Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
@@ -196,8 +261,14 @@ export class OAuth2AdminController {
       return this._oaClient.stripClientInfo(client);
     }
 
-    const splitGrants = allowedFieldsOnly.grants.trim().split(' ');
-    const splitScopes = allowedFieldsOnly.scope.trim().split(' ');
+    const splitGrants = (allowedFieldsOnly.grants || '')
+      .trim()
+      .split(' ')
+      .filter((item) => item);
+    const splitScopes = (allowedFieldsOnly.scope || '')
+      .trim()
+      .split(' ')
+      .filter((item) => item);
     let availableGrantTypes = this._oaClient.availableGrantTypes;
     let availableScopes = this._oaClient.availableScopes;
 
@@ -226,6 +297,29 @@ export class OAuth2AdminController {
     return this._oaClient.stripClientInfo(client);
   }
 
+  @Delete('clients/:id')
+  @Scopes('management')
+  @Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
+  async deleteOauth2Client(@Param('id') id: string, @CurrentUser() user: User) {
+    const client = await this._oaClient.getById(parseInt(id, 10), []);
+    if (!client) {
+      throw new NotFoundException('Client not found');
+    }
+
+    if (!this._service.userCanEditClient(user, client)) {
+      throw new UnauthorizedException(
+        'You do not have permission to edit this client',
+      );
+    }
+
+    if (client.activated) {
+      throw new BadRequestException('Please deactivate the client first.');
+    }
+
+    await this._oaClient.deleteClient(client);
+    return { success: true };
+  }
+
   @Post('clients/:id/new-secret')
   @Scopes('management')
   @Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
@@ -472,63 +566,4 @@ export class OAuth2AdminController {
 
     return this._oaClient.stripClientInfo(client);
   }
-
-  // New client
-  @Post('/clients')
-  @Scopes('management')
-  @Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
-  async createNewClient(
-    @Body() setter: Partial<OAuth2Client>,
-    @CurrentUser() user: User,
-  ) {
-    const allowedFieldsOnly = this._form.pluckObject(setter, SET_CLIENT_FIELDS);
-    const reducedPermissions = !this._service.userHasPrivilege(
-      user,
-      'admin:oauth2',
-    );
-
-    if (!Object.keys(allowedFieldsOnly).length) {
-      throw new BadRequestException('Required fields are missing');
-    }
-
-    if (REQUIRED_CLIENT_FIELDS.some((field) => setter[field] === undefined)) {
-      throw new BadRequestException('Required fields are missing');
-    }
-
-    const splitGrants = allowedFieldsOnly.grants.split(' ');
-    const splitScopes = allowedFieldsOnly.scope.split(' ');
-    let availableGrantTypes = this._oaClient.availableGrantTypes;
-    let availableScopes = this._oaClient.availableScopes;
-
-    if (reducedPermissions) {
-      availableGrantTypes =
-        this._service.removeUnprivileged(availableGrantTypes);
-      availableScopes = this._service.removeUnprivileged(availableScopes);
-      allowedFieldsOnly.activated = true;
-    }
-
-    if (!splitGrants.every((grant) => availableGrantTypes.includes(grant))) {
-      throw new BadRequestException('Bad grant types');
-    }
-
-    if (!splitScopes.every((scope) => availableScopes.includes(scope))) {
-      throw new BadRequestException('Bad scopes');
-    }
-
-    const urls = setter.urls?.slice();
-    delete allowedFieldsOnly.urls;
-
-    const client = new OAuth2Client();
-    Object.assign(client, allowedFieldsOnly);
-    client.client_id = this._token.createUUID();
-    client.client_secret = this._token.generateSecret();
-    client.owner = user;
-    await this._oaClient.updateClient(client);
-
-    if (urls?.length) {
-      await this._oaClient.upsertURLs(client, urls);
-    }
-
-    return this._oaClient.stripClientInfo(client);
-  }
 }
diff --git a/src/modules/objects/oauth2-client/oauth2-client.service.ts b/src/modules/objects/oauth2-client/oauth2-client.service.ts
index ea6e532..eef0db1 100644
--- a/src/modules/objects/oauth2-client/oauth2-client.service.ts
+++ b/src/modules/objects/oauth2-client/oauth2-client.service.ts
@@ -281,6 +281,10 @@ export class OAuth2ClientService {
     await this.clientUrlRepository.remove(url);
   }
 
+  public async deleteClient(client: OAuth2Client): Promise<void> {
+    await this.clientRepository.remove(client);
+  }
+
   public async updatePicture(
     client: OAuth2Client,
     upload: Upload,