~sircmpwn/sr.ht-dev

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
2 2

[PATCH meta.sr.ht v2] Add query param to select oauth2 token grants

Details
Message ID
<20211124104021.83438-1-contact@emersion.fr>
DKIM signature
pass
Download raw message
Patch: +54 -43
---

Changes in v2: add info alert when query param is used, don't allow the
user to change the grant string.

 metasrht/blueprints/oauth2.py                 |  7 +-
 .../oauth2-personal-token-registration.html   | 90 ++++++++++---------
 2 files changed, 54 insertions(+), 43 deletions(-)

diff --git a/metasrht/blueprints/oauth2.py b/metasrht/blueprints/oauth2.py
index 55351d4d409a..a488570c4fdc 100644
--- a/metasrht/blueprints/oauth2.py
+++ b/metasrht/blueprints/oauth2.py
@@ -109,7 +109,8 @@ def dashboard():
@loginrequired
def personal_token_GET():
    return render_template("oauth2-personal-token-registration.html",
            access_grants=access_grants)
            access_grants=access_grants,
            fixed_literal_grants=request.args.get("grants"))

@oauth2.route("/oauth2/personal-token", methods=["POST"])
@loginrequired
@@ -134,7 +135,9 @@ def personal_token_POST():
        kwargs = valid.kwargs
        kwargs["grants"] = grants
        return render_template("oauth2-personal-token-registration.html",
                access_grants=access_grants, **valid.kwargs)
                access_grants=access_grants,
                fixed_literal_grants=request.args.get("grants"),
                **valid.kwargs)

    issue_token = """
    mutation IssueToken($grants: String, $comment: String) {
diff --git a/metasrht/templates/oauth2-personal-token-registration.html b/metasrht/templates/oauth2-personal-token-registration.html
index 2f9d066ad06b..78b760e509b3 100644
--- a/metasrht/templates/oauth2-personal-token-registration.html
+++ b/metasrht/templates/oauth2-personal-token-registration.html
@@ -15,49 +15,57 @@
      Personal access tokens are used by third-party applications and scripts
      to access to your {{cfg('sr.ht', 'site-name')}} account.
    </p>
    <details class=".details" {% if valid and not valid.ok %}open{% endif %}>
      <summary>Limit scope of access grant</summary>
      <div class="form-group">
        <label for="grants">Select access grants (multiple selections are permitted)</label>
        <select id="grants" name="grants" size="8" class="form-control" multiple>
          {% for group in access_grants %}
          <optgroup label="{{group['name']}}">
            {% for scope in group['scopes'] %}
            {% set val = group['name'] + "/" + scope %}
            <option
              value="{{val}}"
              {% if grants and (val + ":RO" in grants or val + ":RW" in grants) %}
              selected
              {% endif %}
            >{{scope}}</option>
            {% endfor %}
          </optgroup>
          {% endfor %}
        </select>
    {% if fixed_literal_grants %}
      <div class="alert alert-info">
        The access token will be restricted to the grant string
        <strong>{{fixed_literal_grants}}</strong>.
      </div>
      <div class="form-group">
        <label class="checkbox">
      <input type="hidden" name="literal_grants" value="{{fixed_literal_grants}}"/>
    {% else %}
      <details class=".details" {% if valid and not valid.ok %}open{% endif %}>
        <summary>Limit scope of access grant</summary>
        <div class="form-group">
          <label for="grants">Select access grants (multiple selections are permitted)</label>
          <select id="grants" name="grants" size="8" class="form-control" multiple>
            {% for group in access_grants %}
            <optgroup label="{{group['name']}}">
              {% for scope in group['scopes'] %}
              {% set val = group['name'] + "/" + scope %}
              <option
                value="{{val}}"
                {% if grants and (val + ":RO" in grants or val + ":RW" in grants) %}
                selected
                {% endif %}
              >{{scope}}</option>
              {% endfor %}
            </optgroup>
            {% endfor %}
          </select>
        </div>
        <div class="form-group">
          <label class="checkbox">
            <input
              type="checkbox"
              name="read_only"
              {% if read_only and read_only == "on" %}
              checked
              {% endif %} />
            Generate read-only access token
          </label>
        </div>
        <div class="form-group">
          <label for="literal_grants">Or use grant string</label>
          <input
            type="checkbox"
            name="read_only"
            {% if read_only and read_only == "on" %}
            checked
            {% endif %} />
          Generate read-only access token
        </label>
      </div>
      <div class="form-group">
        <label for="literal_grants">Or use grant string</label>
        <input
          type="text"
          name="literal_grants"
          id="literal_grants"
          class="form-control {{valid.cls("literal_grants")}}"
          placeholder="meta.sr.ht/BILLING:RW meta.sr.ht/PROFILE"
          value="{{literal_grants or ""}}" />
        {{valid.summary("literal_grants")}}
      </div>
    </details>
            type="text"
            name="literal_grants"
            id="literal_grants"
            class="form-control {{valid.cls("literal_grants")}}"
            placeholder="meta.sr.ht/BILLING:RW meta.sr.ht/PROFILE"
            value="{{literal_grants or ""}}" />
          {{valid.summary("literal_grants")}}
        </div>
      </details>
    {% endif %}
    <div class="form-group">
      <label for="comment">Comment</label>
      <input

base-commit: cd0ef906447aa086f2ffbec80ceaf581a39e943c
-- 
2.34.0

[meta.sr.ht/patches] build success

builds.sr.ht
Details
Message ID
<CFXY5PMYCY0V.5VDO1J18OW8V@cirno>
In-Reply-To
<20211124104021.83438-1-contact@emersion.fr> (view parent)
DKIM signature
missing
Download raw message
meta.sr.ht/patches: SUCCESS in 3m55s

[Add query param to select oauth2 token grants][0] v2 from [Simon Ser][1]

[0]: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/26800
[1]: contact@emersion.fr

✓ #634543 SUCCESS meta.sr.ht/patches/alpine.yml    https://builds.sr.ht/~sircmpwn/job/634543
✓ #634545 SUCCESS meta.sr.ht/patches/debian.yml    https://builds.sr.ht/~sircmpwn/job/634545
✓ #634544 SUCCESS meta.sr.ht/patches/archlinux.yml https://builds.sr.ht/~sircmpwn/job/634544
Details
Message ID
<CFY1D5BQ2TI0.C3VGKOBFWA9V@taiga>
In-Reply-To
<20211124104021.83438-1-contact@emersion.fr> (view parent)
DKIM signature
fail
Download raw message
DKIM signature: fail
Pushed with some minor rewording. Thanks!

To git@git.sr.ht:~sircmpwn/meta.sr.ht
   cd0ef90..6e21a69  master -> master
Reply to thread Export thread (mbox)