FEATURE: more user API flow, support key creation
This commit is contained in:
parent
0b334cdf74
commit
b7cea24d76
|
@ -81,7 +81,7 @@ class StaticController < ApplicationController
|
||||||
uri.path !~ /\./
|
uri.path !~ /\./
|
||||||
|
|
||||||
destination = uri.path
|
destination = uri.path
|
||||||
destination = "#{uri.path}?#{uri.query}" if uri.path =~ /new-topic/ || uri.path =~ /new-message/
|
destination = "#{uri.path}?#{uri.query}" if uri.path =~ /new-topic/ || uri.path =~ /new-message/ || uri.path =~ /user-api-key/
|
||||||
end
|
end
|
||||||
rescue URI::InvalidURIError
|
rescue URI::InvalidURIError
|
||||||
# Do nothing if the URI is invalid
|
# Do nothing if the URI is invalid
|
||||||
|
|
|
@ -1,22 +1,36 @@
|
||||||
class UserApiKeysController < ApplicationController
|
class UserApiKeysController < ApplicationController
|
||||||
|
|
||||||
|
layout 'no_ember'
|
||||||
|
|
||||||
skip_before_filter :redirect_to_login_if_required, only: [:new]
|
skip_before_filter :redirect_to_login_if_required, only: [:new]
|
||||||
skip_before_filter :check_xhr
|
skip_before_filter :check_xhr, :preload_json
|
||||||
before_filter :ensure_logged_in, only: [:create]
|
before_filter :ensure_logged_in, only: [:create]
|
||||||
|
|
||||||
def new
|
def new
|
||||||
|
require_params
|
||||||
|
validate_params
|
||||||
|
|
||||||
|
unless current_user
|
||||||
|
cookies[:destination_url] = request.fullpath
|
||||||
|
redirect_to path('/login')
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
@access_description = params[:access].include?("w") ? t("user_api_key.read_write") : t("user_api_key.read")
|
||||||
|
@application_name = params[:application_name]
|
||||||
|
@public_key = params[:public_key]
|
||||||
|
@nonce = params[:nonce]
|
||||||
|
@access = params[:access]
|
||||||
|
@client_id = params[:client_id]
|
||||||
|
@auth_redirect = params[:auth_redirect]
|
||||||
|
@application_name = params[:application_name]
|
||||||
|
@push_url = params[:push_url]
|
||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
|
|
||||||
[
|
require_params
|
||||||
:public_key,
|
|
||||||
:nonce,
|
|
||||||
:access,
|
|
||||||
:client_id,
|
|
||||||
:auth_redirect,
|
|
||||||
:application_name
|
|
||||||
].each{|p| params.require(p)}
|
|
||||||
|
|
||||||
unless SiteSetting.allowed_user_api_auth_redirects
|
unless SiteSetting.allowed_user_api_auth_redirects
|
||||||
.split('|')
|
.split('|')
|
||||||
|
@ -31,14 +45,7 @@ class UserApiKeysController < ApplicationController
|
||||||
request_push = params[:access].include? 'p'
|
request_push = params[:access].include? 'p'
|
||||||
request_write = params[:access].include? 'w'
|
request_write = params[:access].include? 'w'
|
||||||
|
|
||||||
raise Discourse::InvalidAccess unless request_read || request_push
|
validate_params
|
||||||
raise Discourse::InvalidAccess if request_read && !SiteSetting.allow_read_user_api_keys
|
|
||||||
raise Discourse::InvalidAccess if request_write && !SiteSetting.allow_write_user_api_keys
|
|
||||||
raise Discourse::InvalidAccess if request_push && !SiteSetting.allow_push_user_api_keys
|
|
||||||
|
|
||||||
if request_push && !SiteSetting.allowed_user_api_push_urls.split('|').any?{|u| params[:push_url] == u}
|
|
||||||
raise Discourse::InvalidAccess
|
|
||||||
end
|
|
||||||
|
|
||||||
key = UserApiKey.create!(
|
key = UserApiKey.create!(
|
||||||
application_name: params[:application_name],
|
application_name: params[:application_name],
|
||||||
|
@ -65,4 +72,33 @@ class UserApiKeysController < ApplicationController
|
||||||
redirect_to "#{params[:auth_redirect]}?payload=#{CGI.escape(payload)}"
|
redirect_to "#{params[:auth_redirect]}?payload=#{CGI.escape(payload)}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def require_params
|
||||||
|
[
|
||||||
|
:public_key,
|
||||||
|
:nonce,
|
||||||
|
:access,
|
||||||
|
:client_id,
|
||||||
|
:auth_redirect,
|
||||||
|
:application_name
|
||||||
|
].each{|p| params.require(p)}
|
||||||
|
end
|
||||||
|
|
||||||
|
def validate_params
|
||||||
|
request_read = params[:access].include? 'r'
|
||||||
|
request_push = params[:access].include? 'p'
|
||||||
|
request_write = params[:access].include? 'w'
|
||||||
|
|
||||||
|
raise Discourse::InvalidAccess unless request_read || request_push
|
||||||
|
raise Discourse::InvalidAccess if request_read && !SiteSetting.allow_read_user_api_keys
|
||||||
|
raise Discourse::InvalidAccess if request_write && !SiteSetting.allow_write_user_api_keys
|
||||||
|
raise Discourse::InvalidAccess if request_push && !SiteSetting.allow_push_user_api_keys
|
||||||
|
|
||||||
|
if request_push && !SiteSetting.allowed_user_api_push_urls.split('|').any?{|u| params[:push_url] == u}
|
||||||
|
raise Discourse::InvalidAccess
|
||||||
|
end
|
||||||
|
|
||||||
|
# our pk has got to parse
|
||||||
|
OpenSSL::PKey::RSA.new(params[:public_key])
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
<h1><%= t "user_api_key.title" %></h1>
|
||||||
|
<div>
|
||||||
|
<p>
|
||||||
|
<%= t("user_api_key.description", application_name: @application_name, access: @access_description) %>
|
||||||
|
</p>
|
||||||
|
<%= form_tag(user_api_key_path) do %>
|
||||||
|
<%= hidden_field_tag 'application_name', @application_name %>
|
||||||
|
<%= hidden_field_tag 'access', @access %>
|
||||||
|
<%= hidden_field_tag 'nonce', @nonce %>
|
||||||
|
<%= hidden_field_tag 'client_id', @client_id %>
|
||||||
|
<%= hidden_field_tag 'auth_redirect', @auth_redirect %>
|
||||||
|
<%= hidden_field_tag 'push_url', @push_url %>
|
||||||
|
<%= hidden_field_tag 'public_key', @public_key%>
|
||||||
|
<%= submit_tag t('user_api_key.authorize'), class: 'btn btn-danger' %>
|
||||||
|
<% end %>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
|
@ -640,6 +640,13 @@ en:
|
||||||
not_found_description: "Sorry, we couldn't find this unsubscribe. It's possible the link in your email has expired?"
|
not_found_description: "Sorry, we couldn't find this unsubscribe. It's possible the link in your email has expired?"
|
||||||
log_out: "Log Out"
|
log_out: "Log Out"
|
||||||
|
|
||||||
|
user_api_key:
|
||||||
|
title: "Authorize application access"
|
||||||
|
authorize: "Authorize"
|
||||||
|
read: "read"
|
||||||
|
read_write: "read/write"
|
||||||
|
description: "Would you like to grant \"%{application_name}\" %{access} access to your account?"
|
||||||
|
|
||||||
reports:
|
reports:
|
||||||
visits:
|
visits:
|
||||||
title: "User Visits"
|
title: "User Visits"
|
||||||
|
|
|
@ -663,7 +663,7 @@ Discourse::Application.routes.draw do
|
||||||
root to: "list#top", constraints: HomePageConstraint.new("top"), :as => "top_lists"
|
root to: "list#top", constraints: HomePageConstraint.new("top"), :as => "top_lists"
|
||||||
|
|
||||||
get "/user-api-key/new" => "user_api_keys#new"
|
get "/user-api-key/new" => "user_api_keys#new"
|
||||||
post "/user-api-key/new" => "user_api_keys#create"
|
post "/user-api-key" => "user_api_keys#create"
|
||||||
|
|
||||||
get "*url", to: 'permalinks#show', constraints: PermalinkConstraint.new
|
get "*url", to: 'permalinks#show', constraints: PermalinkConstraint.new
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue