IcyNetwork/icynet-auth-server
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

delete clients

Browse Source
This commit is contained in:
Evert Prants 2022-09-09 17:37:21 +03:00
parent 97fe447a43
commit 42d0f302bf
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
2 changed files with 101 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
src/modules/api/admin/oauth2-admin.controller.ts
View File

@ -53,7 +53,7 @@ const SET_CLIENT_FIELDS = [
const URL_TYPES = ['redirect_uri', 'terms', 'privacy', 'website']; const URL_TYPES = ['redirect_uri', 'terms', 'privacy', 'website'];
const REQUIRED_CLIENT_FIELDS = ['title', 'scope', 'grants', 'activated']; const REQUIRED_CLIENT_FIELDS = ['title', 'grants', 'activated'];
@ApiBearerAuth() @ApiBearerAuth()
@ApiTags('admin') @ApiTags('admin')
@ -141,6 +141,71 @@ export class OAuth2AdminController {
}; };
} }
// New client
@Post('clients')
@Scopes('management')
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
async createNewClient(
@Body() setter: Partial<OAuth2Client>,
@CurrentUser() user: User,
) {
const allowedFieldsOnly = this._form.pluckObject(setter, SET_CLIENT_FIELDS);
const reducedPermissions = !this._service.userHasPrivilege(
user,
'admin:oauth2',
);
if (!Object.keys(allowedFieldsOnly).length) {
throw new BadRequestException('Required fields are missing');
}
if (REQUIRED_CLIENT_FIELDS.some((field) => setter[field] === undefined)) {
throw new BadRequestException('Required fields are missing');
}
const splitGrants = (allowedFieldsOnly.grants || '')
.trim()
.split(' ')
.filter((item) => item);
const splitScopes = (allowedFieldsOnly.scope || '')
.trim()
.split(' ')
.filter((item) => item);
let availableGrantTypes = this._oaClient.availableGrantTypes;
let availableScopes = this._oaClient.availableScopes;
if (reducedPermissions) {
availableGrantTypes =
this._service.removeUnprivileged(availableGrantTypes);
availableScopes = this._service.removeUnprivileged(availableScopes);
allowedFieldsOnly.activated = true;
}
if (!splitGrants.every((grant) => availableGrantTypes.includes(grant))) {
throw new BadRequestException('Bad grant types');
}
if (!splitScopes.every((scope) => availableScopes.includes(scope))) {
throw new BadRequestException('Bad scopes');
}
const urls = setter.urls?.slice();
delete allowedFieldsOnly.urls;
const client = new OAuth2Client();
Object.assign(client, allowedFieldsOnly);
client.client_id = this._token.createUUID();
client.client_secret = this._token.generateSecret();
client.owner = user;
await this._oaClient.updateClient(client);
if (urls?.length) {
await this._oaClient.upsertURLs(client, urls);
}
return this._oaClient.stripClientInfo(client);
}
@Get('clients/:id') @Get('clients/:id')
@Scopes('management') @Scopes('management')
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2') @Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
@ -196,8 +261,14 @@ export class OAuth2AdminController {
return this._oaClient.stripClientInfo(client); return this._oaClient.stripClientInfo(client);
} }
const splitGrants = allowedFieldsOnly.grants.trim().split(' '); const splitGrants = (allowedFieldsOnly.grants || '')
const splitScopes = allowedFieldsOnly.scope.trim().split(' '); .trim()
.split(' ')
.filter((item) => item);
const splitScopes = (allowedFieldsOnly.scope || '')
.trim()
.split(' ')
.filter((item) => item);
let availableGrantTypes = this._oaClient.availableGrantTypes; let availableGrantTypes = this._oaClient.availableGrantTypes;
let availableScopes = this._oaClient.availableScopes; let availableScopes = this._oaClient.availableScopes;
@ -226,6 +297,29 @@ export class OAuth2AdminController {
return this._oaClient.stripClientInfo(client); return this._oaClient.stripClientInfo(client);
} }
@Delete('clients/:id')
@Scopes('management')
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
async deleteOauth2Client(@Param('id') id: string, @CurrentUser() user: User) {
const client = await this._oaClient.getById(parseInt(id, 10), []);
if (!client) {
throw new NotFoundException('Client not found');
}
if (!this._service.userCanEditClient(user, client)) {
throw new UnauthorizedException(
'You do not have permission to edit this client',
);
}
if (client.activated) {
throw new BadRequestException('Please deactivate the client first.');
}
await this._oaClient.deleteClient(client);
return { success: true };
}
@Post('clients/:id/new-secret') @Post('clients/:id/new-secret')
@Scopes('management') @Scopes('management')
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2') @Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
@ -472,63 +566,4 @@ export class OAuth2AdminController {
return this._oaClient.stripClientInfo(client); return this._oaClient.stripClientInfo(client);
} }
// New client
@Post('/clients')
@Scopes('management')
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
async createNewClient(
@Body() setter: Partial<OAuth2Client>,
@CurrentUser() user: User,
) {
const allowedFieldsOnly = this._form.pluckObject(setter, SET_CLIENT_FIELDS);
const reducedPermissions = !this._service.userHasPrivilege(
user,
'admin:oauth2',
);
if (!Object.keys(allowedFieldsOnly).length) {
throw new BadRequestException('Required fields are missing');
}
if (REQUIRED_CLIENT_FIELDS.some((field) => setter[field] === undefined)) {
throw new BadRequestException('Required fields are missing');
}
const splitGrants = allowedFieldsOnly.grants.split(' ');
const splitScopes = allowedFieldsOnly.scope.split(' ');
let availableGrantTypes = this._oaClient.availableGrantTypes;
let availableScopes = this._oaClient.availableScopes;
if (reducedPermissions) {
availableGrantTypes =
this._service.removeUnprivileged(availableGrantTypes);
availableScopes = this._service.removeUnprivileged(availableScopes);
allowedFieldsOnly.activated = true;
}
if (!splitGrants.every((grant) => availableGrantTypes.includes(grant))) {
throw new BadRequestException('Bad grant types');
}
if (!splitScopes.every((scope) => availableScopes.includes(scope))) {
throw new BadRequestException('Bad scopes');
}
const urls = setter.urls?.slice();
delete allowedFieldsOnly.urls;
const client = new OAuth2Client();
Object.assign(client, allowedFieldsOnly);
client.client_id = this._token.createUUID();
client.client_secret = this._token.generateSecret();
client.owner = user;
await this._oaClient.updateClient(client);
if (urls?.length) {
await this._oaClient.upsertURLs(client, urls);
}
return this._oaClient.stripClientInfo(client);
}
} }

4
src/modules/objects/oauth2-client/oauth2-client.service.ts
View File

@ -281,6 +281,10 @@ export class OAuth2ClientService {
await this.clientUrlRepository.remove(url); await this.clientUrlRepository.remove(url);
} }
public async deleteClient(client: OAuth2Client): Promise<void> {
await this.clientRepository.remove(client);
}
public async updatePicture( public async updatePicture(
client: OAuth2Client, client: OAuth2Client,
upload: Upload, upload: Upload,