delete clients
This commit is contained in:
parent
97fe447a43
commit
42d0f302bf
GPG Key ID:
1688DA83D222D0B5
@ -53,7 +53,7 @@ const SET_CLIENT_FIELDS = [
|
||||
|
||||
const URL_TYPES = ['redirect_uri', 'terms', 'privacy', 'website'];
|
||||
|
||||
const REQUIRED_CLIENT_FIELDS = ['title', 'scope', 'grants', 'activated'];
|
||||
const REQUIRED_CLIENT_FIELDS = ['title', 'grants', 'activated'];
|
||||
|
||||
@ApiBearerAuth()
|
||||
@ApiTags('admin')
|
||||
@ -141,6 +141,71 @@ export class OAuth2AdminController {
|
||||
};
|
||||
}
|
||||
|
||||
// New client
|
||||
@Post('clients')
|
||||
@Scopes('management')
|
||||
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
|
||||
async createNewClient(
|
||||
@Body() setter: Partial<OAuth2Client>,
|
||||
@CurrentUser() user: User,
|
||||
) {
|
||||
const allowedFieldsOnly = this._form.pluckObject(setter, SET_CLIENT_FIELDS);
|
||||
const reducedPermissions = !this._service.userHasPrivilege(
|
||||
user,
|
||||
'admin:oauth2',
|
||||
);
|
||||
|
||||
if (!Object.keys(allowedFieldsOnly).length) {
|
||||
throw new BadRequestException('Required fields are missing');
|
||||
}
|
||||
|
||||
if (REQUIRED_CLIENT_FIELDS.some((field) => setter[field] === undefined)) {
|
||||
throw new BadRequestException('Required fields are missing');
|
||||
}
|
||||
|
||||
const splitGrants = (allowedFieldsOnly.grants || '')
|
||||
.trim()
|
||||
.split(' ')
|
||||
.filter((item) => item);
|
||||
const splitScopes = (allowedFieldsOnly.scope || '')
|
||||
.trim()
|
||||
.split(' ')
|
||||
.filter((item) => item);
|
||||
let availableGrantTypes = this._oaClient.availableGrantTypes;
|
||||
let availableScopes = this._oaClient.availableScopes;
|
||||
|
||||
if (reducedPermissions) {
|
||||
availableGrantTypes =
|
||||
this._service.removeUnprivileged(availableGrantTypes);
|
||||
availableScopes = this._service.removeUnprivileged(availableScopes);
|
||||
allowedFieldsOnly.activated = true;
|
||||
}
|
||||
|
||||
if (!splitGrants.every((grant) => availableGrantTypes.includes(grant))) {
|
||||
throw new BadRequestException('Bad grant types');
|
||||
}
|
||||
|
||||
if (!splitScopes.every((scope) => availableScopes.includes(scope))) {
|
||||
throw new BadRequestException('Bad scopes');
|
||||
}
|
||||
|
||||
const urls = setter.urls?.slice();
|
||||
delete allowedFieldsOnly.urls;
|
||||
|
||||
const client = new OAuth2Client();
|
||||
Object.assign(client, allowedFieldsOnly);
|
||||
client.client_id = this._token.createUUID();
|
||||
client.client_secret = this._token.generateSecret();
|
||||
client.owner = user;
|
||||
await this._oaClient.updateClient(client);
|
||||
|
||||
if (urls?.length) {
|
||||
await this._oaClient.upsertURLs(client, urls);
|
||||
}
|
||||
|
||||
return this._oaClient.stripClientInfo(client);
|
||||
}
|
||||
|
||||
@Get('clients/:id')
|
||||
@Scopes('management')
|
||||
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
|
||||
@ -196,8 +261,14 @@ export class OAuth2AdminController {
|
||||
return this._oaClient.stripClientInfo(client);
|
||||
}
|
||||
|
||||
const splitGrants = allowedFieldsOnly.grants.trim().split(' ');
|
||||
const splitScopes = allowedFieldsOnly.scope.trim().split(' ');
|
||||
const splitGrants = (allowedFieldsOnly.grants || '')
|
||||
.trim()
|
||||
.split(' ')
|
||||
.filter((item) => item);
|
||||
const splitScopes = (allowedFieldsOnly.scope || '')
|
||||
.trim()
|
||||
.split(' ')
|
||||
.filter((item) => item);
|
||||
let availableGrantTypes = this._oaClient.availableGrantTypes;
|
||||
let availableScopes = this._oaClient.availableScopes;
|
||||
|
||||
@ -226,6 +297,29 @@ export class OAuth2AdminController {
|
||||
return this._oaClient.stripClientInfo(client);
|
||||
}
|
||||
|
||||
@Delete('clients/:id')
|
||||
@Scopes('management')
|
||||
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
|
||||
async deleteOauth2Client(@Param('id') id: string, @CurrentUser() user: User) {
|
||||
const client = await this._oaClient.getById(parseInt(id, 10), []);
|
||||
if (!client) {
|
||||
throw new NotFoundException('Client not found');
|
||||
}
|
||||
|
||||
if (!this._service.userCanEditClient(user, client)) {
|
||||
throw new UnauthorizedException(
|
||||
'You do not have permission to edit this client',
|
||||
);
|
||||
}
|
||||
|
||||
if (client.activated) {
|
||||
throw new BadRequestException('Please deactivate the client first.');
|
||||
}
|
||||
|
||||
await this._oaClient.deleteClient(client);
|
||||
return { success: true };
|
||||
}
|
||||
|
||||
@Post('clients/:id/new-secret')
|
||||
@Scopes('management')
|
||||
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
|
||||
@ -472,63 +566,4 @@ export class OAuth2AdminController {
|
||||
|
||||
return this._oaClient.stripClientInfo(client);
|
||||
}
|
||||
|
||||
// New client
|
||||
@Post('/clients')
|
||||
@Scopes('management')
|
||||
@Privileges(['admin', 'admin:oauth2'], 'self:oauth2')
|
||||
async createNewClient(
|
||||
@Body() setter: Partial<OAuth2Client>,
|
||||
@CurrentUser() user: User,
|
||||
) {
|
||||
const allowedFieldsOnly = this._form.pluckObject(setter, SET_CLIENT_FIELDS);
|
||||
const reducedPermissions = !this._service.userHasPrivilege(
|
||||
user,
|
||||
'admin:oauth2',
|
||||
);
|
||||
|
||||
if (!Object.keys(allowedFieldsOnly).length) {
|
||||
throw new BadRequestException('Required fields are missing');
|
||||
}
|
||||
|
||||
if (REQUIRED_CLIENT_FIELDS.some((field) => setter[field] === undefined)) {
|
||||
throw new BadRequestException('Required fields are missing');
|
||||
}
|
||||
|
||||
const splitGrants = allowedFieldsOnly.grants.split(' ');
|
||||
const splitScopes = allowedFieldsOnly.scope.split(' ');
|
||||
let availableGrantTypes = this._oaClient.availableGrantTypes;
|
||||
let availableScopes = this._oaClient.availableScopes;
|
||||
|
||||
if (reducedPermissions) {
|
||||
availableGrantTypes =
|
||||
this._service.removeUnprivileged(availableGrantTypes);
|
||||
availableScopes = this._service.removeUnprivileged(availableScopes);
|
||||
allowedFieldsOnly.activated = true;
|
||||
}
|
||||
|
||||
if (!splitGrants.every((grant) => availableGrantTypes.includes(grant))) {
|
||||
throw new BadRequestException('Bad grant types');
|
||||
}
|
||||
|
||||
if (!splitScopes.every((scope) => availableScopes.includes(scope))) {
|
||||
throw new BadRequestException('Bad scopes');
|
||||
}
|
||||
|
||||
const urls = setter.urls?.slice();
|
||||
delete allowedFieldsOnly.urls;
|
||||
|
||||
const client = new OAuth2Client();
|
||||
Object.assign(client, allowedFieldsOnly);
|
||||
client.client_id = this._token.createUUID();
|
||||
client.client_secret = this._token.generateSecret();
|
||||
client.owner = user;
|
||||
await this._oaClient.updateClient(client);
|
||||
|
||||
if (urls?.length) {
|
||||
await this._oaClient.upsertURLs(client, urls);
|
||||
}
|
||||
|
||||
return this._oaClient.stripClientInfo(client);
|
||||
}
|
||||
}
|
||||
|
||||
@ -281,6 +281,10 @@ export class OAuth2ClientService {
|
||||
await this.clientUrlRepository.remove(url);
|
||||
}
|
||||
|
||||
public async deleteClient(client: OAuth2Client): Promise<void> {
|
||||
await this.clientRepository.remove(client);
|
||||
}
|
||||
|
||||
public async updatePicture(
|
||||
client: OAuth2Client,
|
||||
upload: Upload,
|
||||
|
||||
Reference in New Issue
Block a user