Reorganize OAuth endpoints
Change-Id: I691d8b819fa1109bdb7f758800044e55150ffcb2
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index 66e4d2f..dba5181 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -717,6 +717,7 @@
}
)->name('logout');
+
# If "experimental_registration" is set, open
# OAuth registration dialogues.
if ($param->{experimental_client_registration}) {
@@ -845,8 +846,8 @@
)->name('oauth-register');
- # Unregister client
- $r->get('/settings/oauth/unregister/:client_id')->to(
+ # Unregister client page
+ $r->get('/settings/oauth/:client_id/unregister')->to(
cb => sub {
shift->render(template => 'auth/unregister');
}
@@ -854,7 +855,7 @@
# Unregister client
- $r->post('/settings/oauth/unregister')->to(
+ $r->post('/settings/oauth/:client_id/unregister')->to(
cb => sub {
my $c = shift;
@@ -869,8 +870,6 @@
$v->csrf_protect;
$v->required('client-name', 'trim')->size(3, 255);
- $v->required('client-id', 'trim')->size(3, 255);
- $v->optional('client-secret');
# Render with error
if ($v->has_error) {
@@ -883,7 +882,7 @@
return $c->redirect_to('oauth-settings');
};
- my $client_id = $v->param('client-id');
+ my $client_id = $c->stash('client_id');
my $client_name = $v->param('client-name');
my $client_secret = $v->param('client-secret');
@@ -927,7 +926,7 @@
# Show information of a client
- $r->get('/settings/oauth/client/:client_id')->to(
+ $r->get('/settings/oauth/:client_id')->to(
cb => sub {
my $c = shift;
@@ -977,7 +976,7 @@
# Ask if new token should be issued
- $r->get('/settings/oauth/client/:client_id/token/issue')->to(
+ $r->get('/settings/oauth/:client_id/token')->to(
cb => sub {
shift->render(template => 'auth/issue-token');
}
@@ -985,7 +984,7 @@
# Ask if a token should be revoked
- $r->post('/settings/oauth/client/:client_id/token/revoke')->to(
+ $r->post('/settings/oauth/:client_id/token/revoke')->to(
cb => sub {
shift->render(template => 'auth/revoke-token');
}
@@ -993,7 +992,7 @@
# Issue new token
- $r->post('/settings/oauth/client/:client_id/token')->to(
+ $r->post('/settings/oauth/:client_id/token')->to(
cb => sub {
my $c = shift;
@@ -1133,7 +1132,7 @@
# Revoke token
- $r->delete('/settings/oauth/client/:client_id/token')->to(
+ $r->delete('/settings/oauth/:client_id/token')->to(
cb => sub {
my $c = shift;
diff --git a/lib/Kalamar/Plugin/Auth/templates/auth/unregister.html.ep b/lib/Kalamar/Plugin/Auth/templates/auth/unregister.html.ep
index 508d23f..2bf66a9 100644
--- a/lib/Kalamar/Plugin/Auth/templates/auth/unregister.html.ep
+++ b/lib/Kalamar/Plugin/Auth/templates/auth/unregister.html.ep
@@ -6,9 +6,7 @@
%= form_for 'oauth-unregister-post', class => 'form-table', begin
%= csrf_field
- %= hidden_field 'client-id' => stash('client_id')
%= hidden_field 'client-name' => param('name')
- %#= hidden_field 'client-secret'
<input type="submit" value="Unregister" />
%= link_to 'Abort' => 'oauth-settings' => {} => (class => 'form-button button-abort')
% end
diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index 4bdfe54..a531bc5 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -474,25 +474,23 @@
->text_is('ul.client-list > li > span.client-url a', '')
;
-$t->get_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
->status_is(200)
->text_is('ul.client-list > li.client > span.client-name', 'MyApp')
->text_is('ul.client-list > li.client > span.client-desc', 'This is my application')
->text_is('a.client-unregister', 'Unregister')
- ->attr_is('a.client-unregister', 'href', '/settings/oauth/unregister/fCBbQkA2NDA3MzM1Yw==?name=MyApp')
+ ->attr_is('a.client-unregister', 'href', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister?name=MyApp')
;
-$csrf = $t->get_ok('/settings/oauth/unregister/fCBbQkA2NDA3MzM1Yw==?name=MyApp')
+$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister?name=MyApp')
->content_like(qr!Do you really want to unregister \<span class="client-name"\>MyApp\<\/span\>?!)
- ->attr_is('.form-table input[name=client-id]', 'value', 'fCBbQkA2NDA3MzM1Yw==')
->attr_is('.form-table input[name=client-name]', 'value', 'MyApp')
->tx->res->dom->at('input[name="csrf_token"]')
->attr('value')
;
-$t->post_ok('/settings/oauth/unregister' => form => {
+$t->post_ok('/settings/oauth/xxxx==/unregister' => form => {
'client-name' => 'MyApp',
- 'client-id' => 'xxxx==',
'csrf_token' => $csrf
})->status_is(302)
->content_is('')
@@ -506,9 +504,8 @@
->text_is('div.notify', 'Unknown client with xxxx==.')
;
-$t->post_ok('/settings/oauth/unregister' => form => {
+$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/unregister' => form => {
'client-name' => 'MyApp',
- 'client-id' => 'fCBbQkA2NDA3MzM1Yw==',
'csrf_token' => $csrf
})->status_is(302)
->content_is('')
@@ -535,93 +532,93 @@
->element_exists_not('input[name=client_secret][readonly][value]')
;
-$t->get_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
->text_is('.client-name', 'MyApp2')
->text_is('.client-desc', 'This is my application')
->text_is('.client-issue-token', 'IssueToken')
- ->attr_is('.client-issue-token', 'href', '/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token/issue?name=MyApp2')
+ ->attr_is('.client-issue-token', 'href', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?name=MyApp2')
;
-$csrf = $t->get_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token/issue?name=MyApp2')
+$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?name=MyApp2')
->status_is(200)
- ->attr_is('#issue-token','action', '/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token')
+ ->attr_is('#issue-token','action', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token')
->attr_is('input[name=client-id]', 'value', 'fCBbQkA2NDA3MzM1Yw==')
->attr_is('input[name=name]', 'value', 'MyApp2')
->tx->res->dom->at('input[name="csrf_token"]')
->attr('value')
;
-$t->post_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token' => form => {
+$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token' => form => {
csrf_token => $csrf,
name => 'MyApp2',
'client-id' => 'fCBbQkA2NDA3MzM1Yw=='
})
->status_is(302)
- ->header_is('Location','/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+ ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
;
-
-$t->get_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
+ ->status_is(200)
->text_is('div.notify-success', 'New access token created')
;
-$csrf = $t->get_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+$csrf = $t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
->status_is(200)
- ->attr_is('form.token-revoke', 'action', '/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token/revoke')
+ ->attr_is('form.token-revoke', 'action', '/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token/revoke')
->attr_is('form.token-revoke input[name=token]', 'value', 'jhkhkjhk_hjgjsfz67i')
->attr_is('form.token-revoke input[name=name]', 'value', 'MyApp2')
->tx->res->dom->at('input[name="csrf_token"]')
->attr('value')
;
-$t->post_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token/revoke' => form => {
+$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token/revoke' => form => {
csrf_token => $csrf,
name => 'MyApp2',
token => 'jhkhkjhk_hjgjsfz67i'
})
->status_is(200)
- ->attr_is('form#revoke-token','action','/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE')
+ ->attr_is('form#revoke-token','action','/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE')
->attr_is('form#revoke-token','method','POST')
->attr_is('form#revoke-token input[name=token]','value','jhkhkjhk_hjgjsfz67i')
;
# CSRF missing
-$t->post_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
+$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
name => 'MyApp2',
token => 'jhkhkjhk_hjgjsfz67i'
})->status_is(302)
- ->header_is('Location','/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+ ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
;
-$t->get_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
->element_exists_not('div.notify-success')
->text_is('div.notify-error', 'Bad CSRF token')
;
# Token missing
-$t->post_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
+$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
name => 'MyApp2',
csrf_token => $csrf,
})->status_is(302)
- ->header_is('Location','/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+ ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
;
-$t->get_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
->element_exists_not('div.notify-success')
->text_is('div.notify-error', 'Some fields are invalid')
;
-$t->post_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
+$t->post_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==/token?_method=DELETE' => form => {
name => 'MyApp2',
csrf_token => $csrf,
token => 'jhkhkjhk_hjgjsfz67i'
})->status_is(302)
- ->header_is('Location','/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+ ->header_is('Location','/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
;
-$t->get_ok('/settings/oauth/client/fCBbQkA2NDA3MzM1Yw==')
+$t->get_ok('/settings/oauth/fCBbQkA2NDA3MzM1Yw==')
->element_exists_not('div.notify-error')
->text_is('div.notify-success', 'Token was revoked successfully')
;