references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Extract Access Tokens into their own controller

Browse Source
This commit is contained in:
Klaus Zanders
2025-08-08 12:42:45 +02:00
parent 7d561fd9e6
commit 18ecb2ef8f
13 changed files with 218 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/components/my/access_token/new_access_token_form_component.html.erb
+1 -1
View File
@@ -31,7 +31,7 @@ See COPYRIGHT and LICENSE files for more details.
component_wrapper do
primer_form_with(
model: @token,
url: my_generate_api_key_path,
url: generate_api_key_my_access_tokens_path,
data: { turbo: true },
method: :post
) do |form|
app/controllers/my/access_tokens_controller.rb
+186
View File
@@ -0,0 +1,186 @@
# frozen_string_literal: true
#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++
module My
class AccessTokensController < ::ApplicationController
before_action :require_login
before_action :set_current_user
before_action :set_grouped_ical_tokens, only: %i[index]
before_action :set_ical_token, only: %i[revoke_ical_token]
before_action :set_api_token, only: %i[revoke_api_key]
menu_item :access_tokens
layout "my"
no_authorization_required! :index,
:generate_rss_key,
:revoke_rss_key,
:generate_api_key,
:revoke_api_key,
:revoke_ical_token,
:delete_storage_token
def index
@ical_meeting_tokens = current_user.ical_meeting_tokens
@storage_tokens = OAuthClientToken
.preload(:oauth_client)
.joins(:oauth_client)
.where(user: @user, oauth_client: { integration_type: "Storages::Storage" })
end
def revoke_storage_token
token = OAuthClientToken
.preload(:oauth_client)
.joins(:oauth_client)
.where(user: @user, oauth_client: { integration_type: "Storages::Storage" }).find_by(id: params[:access_token_id])
if token&.destroy
flash[:info] = I18n.t("my_account.access_tokens.storages.removed")
else
flash[:error] = I18n.t("my_account.access_tokens.storages.failed")
end
redirect_to action: :index
end
def generate_rss_key # rubocop:disable Metrics/AbcSize
token = Token::RSS.create!(user: current_user)
flash[:info] = [
t("my.access_token.notice_reset_token", type: "RSS").html_safe,
helpers.content_tag(:strong, helpers.content_tag(:code, token.plain_value)),
t("my.access_token.token_value_warning")
]
rescue StandardError => e
Rails.logger.error "Failed to reset user ##{current_user.id} RSS key: #{e}"
flash[:error] = t("my.access_token.failed_to_reset_token", error: e.message)
ensure
redirect_to action: :index
end
def revoke_rss_key
current_user.rss_token.destroy
flash[:info] = t("my.access_token.notice_rss_token_revoked")
rescue StandardError => e
Rails.logger.error "Failed to revoke rss token ##{current_user.id}: #{e}"
flash[:error] = t("my.access_token.failed_to_reset_token", error: e.message)
ensure
redirect_to action: :index
end
def generate_api_key # rubocop:disable Metrics/AbcSize
result = APITokens::CreateService.new(user: current_user).call(token_name: params[:token_api][:token_name])
result.on_success do |r|
update_via_turbo_stream(
component: My::AccessToken::APITokensSectionComponent.new(api_tokens: @user.api_tokens)
)
dialog = My::AccessToken::AccessTokenCreatedDialogComponent.new(token_value: r.result.plain_value)
modify_via_turbo_stream(component: dialog, action: :dialog, status: :ok)
end
result.on_failure do |r|
update_via_turbo_stream(
component: My::AccessToken::NewAccessTokenFormComponent.new(token: r.result),
status: :bad_request
)
end
respond_with_turbo_streams
end
def revoke_api_key # rubocop:disable Metrics/AbcSize
result = APITokens::DeleteService.new(user: current_user, model: @api_token).call
# rubocop:disable Rails/ActionControllerFlashBeforeRender
result.on_success do
flash[:notice] = t("my.access_token.notice_api_token_revoked")
end
result.on_failure do |r|
error = r.errors.map(&:message).join("; ")
Rails.logger.error("Failed to revoke api token ##{current_user.id}: #{error}")
flash[:error] = t("my.access_token.failed_to_revoke_token", error:)
end
# rubocop:enable Rails/ActionControllerFlashBeforeRender
redirect_to action: :index
end
def revoke_ical_token
message = ical_destroy_info_message
@ical_token.destroy
flash[:info] = message
rescue StandardError => e
Rails.logger.error "Failed to revoke all ical tokens for ##{current_user.id}: #{e}"
flash[:error] = t("my.access_token.failed_to_reset_token", error: e.message)
ensure
redirect_to action: :index
end
private
def set_current_user
@user = User.current
end
helper_method :has_tokens?
def has_tokens?
Setting.feeds_enabled? || Setting.rest_api_enabled? || current_user.ical_tokens.any?
end
def set_api_token
@api_token = current_user.api_tokens.find(params[:access_token_id])
end
def set_ical_token
@ical_token = current_user.ical_tokens.find(params[:access_token_id])
end
def set_grouped_ical_tokens
@ical_tokens_grouped_by_query = current_user.ical_tokens
.joins(ical_token_query_assignment: { query: :project })
.select("tokens.*, ical_token_query_assignments.query_id")
.group_by(&:query_id)
end
def ical_destroy_info_message
t(
"my.access_token.notice_ical_token_revoked",
token_name: @ical_token.ical_token_query_assignment.name,
calendar_name: @ical_token.query.name,
project_name: @ical_token.query.project.name
)
end
end
end
app/controllers/my_controller.rb
+1 -148
View File
@@ -40,9 +40,6 @@ class MyController < ApplicationController
before_action :require_login
before_action :set_current_user
before_action :check_password_confirmation, only: %i[update_account]
before_action :set_grouped_ical_tokens, only: %i[access_token]
before_action :set_ical_token, only: %i[revoke_ical_token]
before_action :set_api_token, only: %i[revoke_api_key]
no_authorization_required! :account,
:update_account,
@@ -51,21 +48,13 @@ class MyController < ApplicationController
:update_settings,
:password,
:change_password,
:access_token,
:delete_storage_token,
:notifications,
:reminders,
:generate_rss_key,
:revoke_rss_key,
:generate_api_key,
:revoke_api_key,
:revoke_ical_token
:reminders
menu_item :account, only: [:account]
menu_item :settings, only: [:settings]
menu_item :interface, only: [:interface]
menu_item :password, only: [:password]
menu_item :access_token, only: [:access_token]
menu_item :notifications, only: [:notifications]
menu_item :reminders, only: [:reminders]
@@ -96,118 +85,12 @@ class MyController < ApplicationController
end
end
# Administer access tokens
def access_token
@ical_meeting_tokens = current_user.ical_meeting_tokens
@storage_tokens = OAuthClientToken
.preload(:oauth_client)
.joins(:oauth_client)
.where(user: @user, oauth_client: { integration_type: "Storages::Storage" })
end
def delete_storage_token
token = OAuthClientToken
.preload(:oauth_client)
.joins(:oauth_client)
.where(user: @user, oauth_client: { integration_type: "Storages::Storage" }).find_by(id: params[:id])
if token&.destroy
flash[:info] = I18n.t("my_account.access_tokens.storages.removed")
else
flash[:error] = I18n.t("my_account.access_tokens.storages.failed")
end
redirect_to action: :access_token
end
# Configure user's in app notifications
def notifications; end
# Configure user's mail reminders
def reminders; end
# Create a new feeds key
def generate_rss_key
token = Token::RSS.create!(user: current_user)
flash[:info] = [
t("my.access_token.notice_reset_token", type: "RSS").html_safe,
content_tag(:strong, token.plain_value),
t("my.access_token.token_value_warning")
]
rescue StandardError => e
Rails.logger.error "Failed to reset user ##{current_user.id} RSS key: #{e}"
flash[:error] = t("my.access_token.failed_to_reset_token", error: e.message)
ensure
redirect_to action: "access_token"
end
def revoke_rss_key
current_user.rss_token.destroy
flash[:info] = t("my.access_token.notice_rss_token_revoked")
rescue StandardError => e
Rails.logger.error "Failed to revoke rss token ##{current_user.id}: #{e}"
flash[:error] = t("my.access_token.failed_to_reset_token", error: e.message)
ensure
redirect_to action: "access_token"
end
# rubocop:disable Metrics/AbcSize
def generate_api_key
result = APITokens::CreateService.new(user: current_user).call(token_name: params[:token_api][:token_name])
result.on_success do |r|
update_via_turbo_stream(
component: My::AccessToken::APITokensSectionComponent.new(api_tokens: @user.api_tokens)
)
dialog = My::AccessToken::AccessTokenCreatedDialogComponent.new(token_value: r.result.plain_value)
modify_via_turbo_stream(component: dialog, action: :dialog, status: :ok)
end
result.on_failure do |r|
update_via_turbo_stream(
component: My::AccessToken::NewAccessTokenFormComponent.new(token: r.result),
status: :bad_request
)
end
respond_with_turbo_streams
end
# rubocop:enable Metrics/AbcSize
# rubocop:disable Metrics/AbcSize
def revoke_api_key
result = APITokens::DeleteService.new(user: current_user, model: @api_token).call
# rubocop:disable Rails/ActionControllerFlashBeforeRender
result.on_success do
flash[:notice] = t("my.access_token.notice_api_token_revoked")
end
result.on_failure do |r|
error = r.errors.map(&:message).join("; ")
Rails.logger.error("Failed to revoke api token ##{current_user.id}: #{error}")
flash[:error] = t("my.access_token.failed_to_revoke_token", error:)
end
# rubocop:enable Rails/ActionControllerFlashBeforeRender
redirect_to action: "access_token"
end
# rubocop:enable Metrics/AbcSize
def revoke_ical_token
message = ical_destroy_info_message
@ical_token.destroy
flash[:info] = message
rescue StandardError => e
Rails.logger.error "Failed to revoke all ical tokens for ##{current_user.id}: #{e}"
flash[:error] = t("my.access_token.failed_to_reset_token", error: e.message)
ensure
redirect_to action: "access_token"
end
private
def redirect_if_password_change_not_allowed_for(user)
@@ -234,8 +117,6 @@ class MyController < ApplicationController
redirect_back(fallback_location: my_account_path)
end
helper_method :has_tokens?
def handle_email_changes
# If mail changed, expire all other sessions
if @user.previous_changes["mail"]
@@ -247,10 +128,6 @@ class MyController < ApplicationController
end
end
def has_tokens?
Setting.feeds_enabled? || Setting.rest_api_enabled? || current_user.ical_tokens.any?
end
def user_params
permitted_params.my_account_settings.to_h
end
@@ -273,28 +150,4 @@ class MyController < ApplicationController
def get_current_layout
@user.pref[:my_page_layout] || DEFAULT_LAYOUT.dup
end
def set_api_token
@api_token = current_user.api_tokens.find(params[:token_id])
end
def set_ical_token
@ical_token = current_user.ical_tokens.find(params[:id])
end
def set_grouped_ical_tokens
@ical_tokens_grouped_by_query = current_user.ical_tokens
.joins(ical_token_query_assignment: { query: :project })
.select("tokens.*, ical_token_query_assignments.query_id")
.group_by(&:query_id)
end
def ical_destroy_info_message
t(
"my.access_token.notice_ical_token_revoked",
token_name: @ical_token.ical_token_query_assignment.name,
calendar_name: @ical_token.query.name,
project_name: @ical_token.query.project.name
)
end
end
app/controllers/oauth/grants_controller.rb
+2 -2
View File
@@ -34,7 +34,7 @@ module OAuth
authorization_checked! :index, :revoke_application
layout "my"
menu_item :access_token
menu_item :access_tokens
def index
@applications = ::Doorkeeper::Application.authorized_for(current_user)
@@ -53,7 +53,7 @@ module OAuth
)
flash[:notice] = I18n.t("oauth.grants.successful_application_revocation", application_name: application.name)
redirect_to controller: "/my", action: :access_token
redirect_to my_access_tokens_path
end
private
app/views/my/access_token_partials/_icalendar_meeting_tokens_section.html.erb → app/views/my/access_tokens/_icalendar_meeting_tokens_section.html.erb
+1 -1
View File
@@ -41,7 +41,7 @@ See COPYRIGHT and LICENSE files for more details.
<div class="generic-table--container">
<div class="generic-table--results-container">
<table class="generic-table" data-controller="table-highlighting">
<%= render partial: "my/access_token_partials/token_table_header",
<%= render partial: "token_table_header",
locals: {
column_headers: [
t("attributes.name"),
app/views/my/access_token_partials/_icalendar_tokens_section.html.erb → app/views/my/access_tokens/_icalendar_tokens_section.html.erb
+2 -2
View File
@@ -41,7 +41,7 @@ See COPYRIGHT and LICENSE files for more details.
<div class="generic-table--container">
<div class="generic-table--results-container">
<table class="generic-table" data-controller="table-highlighting">
<%= render partial: "my/access_token_partials/token_table_header",
<%= render partial: "token_table_header",
locals: {
column_headers: [
t("attributes.name"),
@@ -74,7 +74,7 @@ See COPYRIGHT and LICENSE files for more details.
<td><%= t("my_account.access_tokens.indefinite_expiration") %></td>
<td class="buttons">
<%= link_to "",
{ action: "revoke_ical_token", id: token.id },
{ action: "revoke_ical_token", access_token_id: token.id },
data: { confirm: t("my_account.access_tokens.simple_revoke_confirmation"), test_selector: "ical-token-row-#{token.id}-revoke" },
method: :delete,
class: "icon icon-delete" %>
app/views/my/access_token_partials/_oauth_tokens_section.html.erb → app/views/my/access_tokens/_oauth_tokens_section.html.erb
+1 -1
View File
@@ -40,7 +40,7 @@ See COPYRIGHT and LICENSE files for more details.
<div class="generic-table--container">
<div class="generic-table--results-container">
<table class="generic-table" data-controller="table-highlighting">
<%= render partial: "my/access_token_partials/token_table_header",
<%= render partial: "token_table_header",
locals: {
column_headers: [
t("attributes.name"),
app/views/my/access_token_partials/_rss_tokens_section.html.erb → app/views/my/access_tokens/_rss_tokens_section.html.erb
+1 -1
View File
@@ -41,7 +41,7 @@ See COPYRIGHT and LICENSE files for more details.
<div class="generic-table--container">
<div class="generic-table--results-container">
<table class="generic-table" data-controller="table-highlighting">
<%= render partial: "my/access_token_partials/token_table_header",
<%= render partial: "token_table_header",
locals: {
column_headers: [
t("attributes.name"),
app/views/my/access_token_partials/_storage_tokens_section.html.erb → app/views/my/access_tokens/_storage_tokens_section.html.erb
+1 -1
View File
@@ -40,7 +40,7 @@ See COPYRIGHT and LICENSE files for more details.
<div class="generic-table--container">
<div class="generic-table--results-container">
<table class="generic-table" data-controller="table-highlighting">
<%= render partial: "my/access_token_partials/token_table_header",
<%= render partial: "token_table_header",
locals: {
column_headers: [
t("attributes.name"),
app/views/my/access_token_partials/_token_table_header.html.erb → app/views/my/access_tokens/_token_table_header.html.erb
View File
app/views/my/access_token.html.erb → app/views/my/access_tokens/index.html.erb
+5 -10
View File
@@ -40,16 +40,11 @@ See COPYRIGHT and LICENSE files for more details.
%>
<%= render ::My::AccessToken::APITokensSectionComponent.new(api_tokens: @user.api_tokens) %>
<%= render partial: "my/access_token_partials/icalendar_tokens_section",
locals: { ical_tokens_grouped_by_query: @ical_tokens_grouped_by_query } %>
<%= render partial: "my/access_token_partials/icalendar_meeting_tokens_section",
locals: { ical_tokens: @ical_meeting_tokens } %>
<%= render partial: "my/access_token_partials/oauth_tokens_section",
locals: { granted_applications: granted_applications } %>
<%= render partial: "my/access_token_partials/rss_tokens_section",
locals: { rss_token: @user.rss_token } %>
<%= render partial: "my/access_token_partials/storage_tokens_section",
locals: { storage_tokens: @storage_tokens } %>
<%= render partial: "icalendar_tokens_section", locals: { ical_tokens_grouped_by_query: @ical_tokens_grouped_by_query } %>
<%= render partial: "icalendar_meeting_tokens_section", locals: { ical_tokens: @ical_meeting_tokens } %>
<%= render partial: "oauth_tokens_section", locals: { granted_applications: granted_applications } %>
<%= render partial: "rss_tokens_section", locals: { rss_token: @user.rss_token } %>
<%= render partial: "storage_tokens_section", locals: { storage_tokens: @storage_tokens } %>
<div class="generic-table--container">
<div class="generic-table--results-container">
<table class="generic-table" data-controller="table-highlighting">
config/initializers/menus.rb
+2 -2
View File
@@ -240,8 +240,8 @@ Redmine::MenuManager.map :my_menu do |menu|
caption: :button_change_password,
if: ->(_) { User.current.change_password_allowed? },
icon: "lock"
menu.push :access_token,
{ controller: "/my", action: "access_token" },
menu.push :access_tokens,
{ controller: "/my/access_tokens", action: "index" },
caption: I18n.t("my_account.access_tokens.access_tokens"),
icon: "key"
menu.push :sessions,
config/routes.rb
+15 -8
View File
@@ -851,7 +851,6 @@ Rails.application.routes.draw do
scope "my" do
get "/deletion_info" => "users#deletion_info", as: "delete_my_account_info"
post "/oauth/revoke_application/:application_id" => "oauth/grants#revoke_application", as: "revoke_my_oauth_application"
delete "/storage_token/:id" => "my#delete_storage_token", as: "storage_token_delete"
resources :sessions, controller: "my/sessions", as: "my_sessions", only: %i[index show destroy]
resources :auto_login_tokens, controller: "my/auto_login_tokens", as: "my_auto_login_tokens", only: %i[destroy]
@@ -860,6 +859,21 @@ Rails.application.routes.draw do
post "/dismiss_banner" => "my/enterprise_banners#dismiss", as: "dismiss_enterprise_banner"
end
namespace :my do
resources :access_tokens, only: %i[index] do
collection do
post "generate_rss_key", action: "generate_rss_key"
delete "revoke_rss_key", action: "revoke_rss_key"
post "generate_api_key", action: "generate_api_key"
end
delete "revoke_api_key", action: "revoke_api_key"
delete "revoke_ical_token", action: "revoke_ical_token"
delete "revoke_storage_token", action: "revoke_storage_token"
end
end
scope controller: "my" do
get "/my/password", action: "password"
post "/my/change_password", action: "change_password"
@@ -872,13 +886,6 @@ Rails.application.routes.draw do
patch "/my/account", action: "update_account"
patch "/my/settings", action: "update_settings"
post "/my/generate_rss_key", action: "generate_rss_key"
delete "/my/revoke_rss_key", action: "revoke_rss_key"
post "/my/generate_api_key", action: "generate_api_key"
delete "/my/revoke_api_key", action: "revoke_api_key"
delete "/my/revoke_ical_token", action: "revoke_ical_token"
get "/my/access_token", action: "access_token"
end
scope controller: "onboarding" do