WIP Move to SSP UI

public/assets/css/src/default.css

@@ -112,3 +112,5 @@ table.client-table {
     width: 25%;
     font-weight: bolder;
 }
+
+.confirm-action {}

public/assets/js/src/default.js

@@ -0,0 +1,22 @@
+
+(function() {
+
+    // Attach `confirm-action` click event to all elements with the `confirm-action` class.
+    document.querySelectorAll('.confirm-action').forEach(button => {
+        button.addEventListener('click', function (event) {
+            // Get custom confirmation text
+            const confirmText = this.getAttribute('data-confirm-text') ?? 'Are you sure?';
+            // Optional: Retrieve additional data
+            const itemId = this.getAttribute('data-confirm-id') ?? 'N/A';
+
+            if (!confirm(confirmText)) {
+                // Prevent the default action if the user cancels
+                event.preventDefault();
+            } else {
+                // Optional: Handle confirmed action
+                console.log(
+                    `Confirmed action "${confirmText}" for item with ID "${itemId}"`);
+            }
+        });
+    });
+})();

routing/routes/routes.php

@@ -43,6 +43,9 @@
         ->controller([ClientController::class, 'index']);
     $routes->add(RoutesEnum::AdminClientsShow->name, RoutesEnum::AdminClientsShow->value)
         ->controller([ClientController::class, 'show']);
+    $routes->add(RoutesEnum::AdminClientsResetSecret->name, RoutesEnum::AdminClientsResetSecret->value)
+        ->controller([ClientController::class, 'resetSecret'])
+        ->methods([HttpMethodsEnum::POST->value]);
 
     /*****************************************************************************************************************
      * OpenID Connect

src/Codebooks/ParametersEnum.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Codebooks;
+
+enum ParametersEnum: string
+{
+    case ClientId = 'client_id';
+}

src/Codebooks/RoutesEnum.php

@@ -19,6 +19,7 @@ enum RoutesEnum: string
 
     case AdminClients = 'admin/clients';
     case AdminClientsShow = 'admin/clients/show';
+    case AdminClientsResetSecret = 'admin/clients/reset-secret';
 
     /*****************************************************************************************************************
      * OpenID Connect

src/Controllers/Admin/ClientController.php

@@ -4,14 +4,19 @@
 
 namespace SimpleSAML\Module\oidc\Controllers\Admin;
 
+use SimpleSAML\Locale\Translate;
 use SimpleSAML\Module\oidc\Admin\Authorization;
+use SimpleSAML\Module\oidc\Bridges\SspBridge;
+use SimpleSAML\Module\oidc\Codebooks\ParametersEnum;
 use SimpleSAML\Module\oidc\Codebooks\RoutesEnum;
 use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface;
 use SimpleSAML\Module\oidc\Exceptions\OidcException;
 use SimpleSAML\Module\oidc\Factories\TemplateFactory;
 use SimpleSAML\Module\oidc\Repositories\AllowedOriginRepository;
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Services\AuthContextService;
+use SimpleSAML\Module\oidc\Services\SessionMessagesService;
+use SimpleSAML\Module\oidc\Utils\Routes;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -22,6 +27,9 @@ public function __construct(
         protected readonly Authorization $authorization,
         protected readonly ClientRepository $clientRepository,
         protected readonly AllowedOriginRepository $allowedOriginRepository,
+        protected readonly SspBridge $sspBridge,
+        protected readonly SessionMessagesService $sessionMessagesService,
+        protected readonly Routes $routes,
     ) {
         $this->authorization->requireAdminOrUserWithPermission(AuthContextService::PERM_CLIENT);
     }
@@ -33,7 +41,7 @@ public function __construct(
      */
     protected function getClientFromRequest(Request $request): ClientEntityInterface
     {
-        ($clientId = $request->query->getString('client_id'))
+        ($clientId = $request->query->getString(ParametersEnum::ClientId->value))
         || throw new OidcException('Client ID not provided.');
 
         $authedUserId = $this->authorization->isAdmin() ? null : $this->authorization->getUserId();
@@ -50,7 +58,6 @@ public function index(Request $request): Response
 
         $pagination = $this->clientRepository->findPaginated($page, $query, $authedUserId);
 
-
         return $this->templateFactory->build(
             'oidc:clients.twig',
             [
@@ -71,14 +78,39 @@ public function show(Request $request): Response
         $client = $this->getClientFromRequest($request);
         $allowedOrigins = $this->allowedOriginRepository->get($client->getIdentifier());
 
-        // TODO mivanci rename *-ssp.twig templates after removing old ones.
         return $this->templateFactory->build(
-            'oidc:clients/show-ssp.twig',
+            'oidc:clients/show.twig',
             [
                 'client' => $client,
                 'allowedOrigins' => $allowedOrigins,
             ],
             RoutesEnum::AdminClients->value,
         );
     }
+
+    /**
+     * @throws \SimpleSAML\Module\oidc\Exceptions\OidcException
+     */
+    public function resetSecret(Request $request): Response
+    {
+        $client = $this->getClientFromRequest($request);
+
+        $oldSecret = $request->request->get('secret');
+
+        if ($oldSecret !== $client->getSecret()) {
+            throw new OidcException('Client secret does not match.');
+        }
+
+        $client->restoreSecret($this->sspBridge->utils()->random()->generateID());
+        $authedUserId = $this->authorization->isAdmin() ? null : $this->authorization->getUserId();
+        $this->clientRepository->update($client, $authedUserId);
+
+        $message = Translate::noop('Client secret has been reset.');
+        $this->sessionMessagesService->addMessage($message);
+
+        return $this->routes->getRedirectResponseToModuleUrl(
+            RoutesEnum::AdminClientsShow->value,
+            [ParametersEnum::ClientId->value => $client->getIdentifier()],
+        );
+    }
 }

src/Controllers/Admin/ConfigController.php

@@ -11,8 +11,8 @@
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Services\DatabaseMigration;
 use SimpleSAML\Module\oidc\Services\SessionMessagesService;
+use SimpleSAML\Module\oidc\Utils\Routes;
 use SimpleSAML\OpenID\Federation;
-use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Response;
 
 class ConfigController
@@ -24,6 +24,7 @@ public function __construct(
         protected readonly DatabaseMigration $databaseMigration,
         protected readonly SessionMessagesService $sessionMessagesService,
         protected readonly Federation $federation,
+        protected readonly Routes $routes,
     ) {
         $this->authorization->requireAdmin(true);
     }
@@ -44,14 +45,14 @@ public function runMigrations(): Response
         if ($this->databaseMigration->isMigrated()) {
             $message = Translate::noop('Database is already migrated.');
             $this->sessionMessagesService->addMessage($message);
-            return new RedirectResponse($this->moduleConfig->getModuleUrl(RoutesEnum::AdminMigrations->value));
+            return $this->routes->getRedirectResponseToModuleUrl(RoutesEnum::AdminMigrations->value);
         }
 
         $this->databaseMigration->migrate();
         $message = Translate::noop('Database migrated successfully.');
         $this->sessionMessagesService->addMessage($message);
 
-        return new RedirectResponse($this->moduleConfig->getModuleUrl(RoutesEnum::AdminMigrations->value));
+        return $this->routes->getRedirectResponseToModuleUrl(RoutesEnum::AdminMigrations->value);
     }
 
     public function protocolSettings(): Response

src/Controllers/Client/ShowController.php

@@ -49,7 +49,7 @@ public function __invoke(ServerRequest $request): Template
         $client = $this->getClientFromRequest($request);
         $allowedOrigins = $this->allowedOriginRepository->get($client->getIdentifier());
 
-        return $this->templateFactory->build('oidc:clients/show.twig', [
+        return $this->templateFactory->build('oidc:clients/show-old.twig', [
             'client' => $client,
             'allowedOrigins' => $allowedOrigins,
         ]);

src/Utils/Routes.php

@@ -7,6 +7,7 @@
 use SimpleSAML\Module\oidc\Bridges\SspBridge;
 use SimpleSAML\Module\oidc\Codebooks\RoutesEnum;
 use SimpleSAML\Module\oidc\ModuleConfig;
+use Symfony\Component\HttpFoundation\RedirectResponse;
 
 class Routes
 {
@@ -23,6 +24,19 @@ public function getModuleUrl(string $resource = '', array $parameters = []): str
         return $this->sspBridge->module()->getModuleUrl($resource, $parameters);
     }
 
+    public function getRedirectResponseToModuleUrl(
+        string $resource = '',
+        array $parameters = [],
+        int $status = 302,
+        array $headers = [],
+    ): RedirectResponse {
+        return new RedirectResponse(
+            $this->getModuleUrl($resource, $parameters),
+            $status,
+            $headers,
+        );
+    }
+
     /*****************************************************************************************************************
      * Admin area
      ****************************************************************************************************************/
@@ -60,6 +74,12 @@ public function urlAdminClientsShow(string $clientId, array $parameters = []): s
         return $this->getModuleUrl(RoutesEnum::AdminClientsShow->value, $parameters);
     }
 
+    public function urlAdminClientsResetSecret(string $clientId, array $parameters = []): string
+    {
+        $parameters['client_id'] = $clientId;
+        return $this->getModuleUrl(RoutesEnum::AdminClientsResetSecret->value, $parameters);
+    }
+
     /*****************************************************************************************************************
      * OpenID Connect
      ****************************************************************************************************************/

templates/base.twig

@@ -38,6 +38,11 @@
 
 {% endblock content -%}
 
-{% block postload %}{% endblock postload %}
+{% block postload %}
+
+    {{ parent() }}
+
+    <script src="{{ asset('js/src/default.js', 'oidc') }}"></script>
+{% endblock postload %}
 
 {% block oidcPostload %}{% endblock %}

templates/clients.twig

@@ -67,7 +67,10 @@
                         <a class="pure-button" href="#">
                             <i class="fa fa-pen-to-square"></i>
                         </a>
-                        <a class="pure-button" href="#">
+                        <a class="pure-button confirm-action"
+                           data-confirm="{{ 'Are you sure you want to delete this client?'|trans }}"
+                           data-id="{{ client.getIdentifier }}"
+                           href="#">
                             <i class="fa fa-trash-can"></i>
                         </a>
                     </div>