Authentication-Results: mail-b.sr.ht; dkim=pass header.d=emersion.fr header.i=@emersion.fr
Received: from mail-4018.proton.ch (mail-4018.proton.ch [185.70.40.18])
	by mail-b.sr.ht (Postfix) with ESMTPS id 6E21A11F2CA
	for <~sircmpwn/sr.ht-dev@lists.sr.ht>; Wed, 24 Nov 2021 10:40:28 +0000 (UTC)
Date: Wed, 24 Nov 2021 10:40:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=emersion.fr;
	s=protonmail; t=1637750425;
	bh=VuHvqStdAjrR+6RFKvaMmDAUZXjxjJX6VMwwNIUmIYs=;
	h=Date:To:From:Reply-To:Subject:From;
	b=nAhLuaOEbtjyntCol3ircOU4YunWKM25MppmIM8rb5QqZU94iNsuzHzQeOnKOGbOQ
	 pzIFxC95vewXrUiad/6bpVwj7TMNvq2+RfHUyfPvVx+A15EEQ5ZoJKlXuF4iOalnmM
	 hchgctch8MTd8oA+R+VsDBc/7P6njJYrzdm3pV66vTMB0uLuLYRcx28jZbmpghYtds
	 mRoIhuQsf1PWzLJ4iplnWjR57n1NZsPR7rgo9KWBFMKb1JNclyvMCPTm2W+cF+ikaM
	 4Xn0nKlPLG1VObLl1Kd2V3Oon3w8FFt3cE3EFRktLsKEiRQ6hbWf7y6RmxbVvAQE3V
	 G7XXDZQtMRtOw==
To: ~sircmpwn/sr.ht-dev@lists.sr.ht
From: Simon Ser <contact@emersion.fr>
Reply-To: Simon Ser <contact@emersion.fr>
Subject: [PATCH meta.sr.ht v2] Add query param to select oauth2 token grants
Message-ID: <20211124104021.83438-1-contact@emersion.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
	autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
	mailout.protonmail.ch

---

Changes in v2: add info alert when query param is used, don't allow the
user to change the grant string.

 metasrht/blueprints/oauth2.py                 |  7 +-
 .../oauth2-personal-token-registration.html   | 90 ++++++++++---------
 2 files changed, 54 insertions(+), 43 deletions(-)

diff --git a/metasrht/blueprints/oauth2.py b/metasrht/blueprints/oauth2.py
index 55351d4d409a..a488570c4fdc 100644
--- a/metasrht/blueprints/oauth2.py
+++ b/metasrht/blueprints/oauth2.py
@@ -109,7 +109,8 @@ def dashboard():
 @loginrequired
 def personal_token_GET():
     return render_template("oauth2-personal-token-registration.html",
-            access_grants=3Daccess_grants)
+            access_grants=3Daccess_grants,
+            fixed_literal_grants=3Drequest.args.get("grants"))
=20
 @oauth2.route("/oauth2/personal-token", methods=3D["POST"])
 @loginrequired
@@ -134,7 +135,9 @@ def personal_token_POST():
         kwargs =3D valid.kwargs
         kwargs["grants"] =3D grants
         return render_template("oauth2-personal-token-registration.html",
-                access_grants=3Daccess_grants, **valid.kwargs)
+                access_grants=3Daccess_grants,
+                fixed_literal_grants=3Drequest.args.get("grants"),
+                **valid.kwargs)
=20
     issue_token =3D """
     mutation IssueToken($grants: String, $comment: String) {
diff --git a/metasrht/templates/oauth2-personal-token-registration.html b/m=
etasrht/templates/oauth2-personal-token-registration.html
index 2f9d066ad06b..78b760e509b3 100644
--- a/metasrht/templates/oauth2-personal-token-registration.html
+++ b/metasrht/templates/oauth2-personal-token-registration.html
@@ -15,49 +15,57 @@
       Personal access tokens are used by third-party applications and scri=
pts
       to access to your {{cfg('sr.ht', 'site-name')}} account.
     </p>
-    <details class=3D".details" {% if valid and not valid.ok %}open{% endi=
f %}>
-      <summary>Limit scope of access grant</summary>
-      <div class=3D"form-group">
-        <label for=3D"grants">Select access grants (multiple selections ar=
e permitted)</label>
-        <select id=3D"grants" name=3D"grants" size=3D"8" class=3D"form-con=
trol" multiple>
-          {% for group in access_grants %}
-          <optgroup label=3D"{{group['name']}}">
-            {% for scope in group['scopes'] %}
-            {% set val =3D group['name'] + "/" + scope %}
-            <option
-              value=3D"{{val}}"
-              {% if grants and (val + ":RO" in grants or val + ":RW" in gr=
ants) %}
-              selected
-              {% endif %}
-            >{{scope}}</option>
-            {% endfor %}
-          </optgroup>
-          {% endfor %}
-        </select>
+    {% if fixed_literal_grants %}
+      <div class=3D"alert alert-info">
+        The access token will be restricted to the grant string
+        <strong>{{fixed_literal_grants}}</strong>.
       </div>
-      <div class=3D"form-group">
-        <label class=3D"checkbox">
+      <input type=3D"hidden" name=3D"literal_grants" value=3D"{{fixed_lite=
ral_grants}}"/>
+    {% else %}
+      <details class=3D".details" {% if valid and not valid.ok %}open{% en=
dif %}>
+        <summary>Limit scope of access grant</summary>
+        <div class=3D"form-group">
+          <label for=3D"grants">Select access grants (multiple selections =
are permitted)</label>
+          <select id=3D"grants" name=3D"grants" size=3D"8" class=3D"form-c=
ontrol" multiple>
+            {% for group in access_grants %}
+            <optgroup label=3D"{{group['name']}}">
+              {% for scope in group['scopes'] %}
+              {% set val =3D group['name'] + "/" + scope %}
+              <option
+                value=3D"{{val}}"
+                {% if grants and (val + ":RO" in grants or val + ":RW" in =
grants) %}
+                selected
+                {% endif %}
+              >{{scope}}</option>
+              {% endfor %}
+            </optgroup>
+            {% endfor %}
+          </select>
+        </div>
+        <div class=3D"form-group">
+          <label class=3D"checkbox">
+            <input
+              type=3D"checkbox"
+              name=3D"read_only"
+              {% if read_only and read_only =3D=3D "on" %}
+              checked
+              {% endif %} />
+            Generate read-only access token
+          </label>
+        </div>
+        <div class=3D"form-group">
+          <label for=3D"literal_grants">Or use grant string</label>
           <input
-            type=3D"checkbox"
-            name=3D"read_only"
-            {% if read_only and read_only =3D=3D "on" %}
-            checked
-            {% endif %} />
-          Generate read-only access token
-        </label>
-      </div>
-      <div class=3D"form-group">
-        <label for=3D"literal_grants">Or use grant string</label>
-        <input
-          type=3D"text"
-          name=3D"literal_grants"
-          id=3D"literal_grants"
-          class=3D"form-control {{valid.cls("literal_grants")}}"
-          placeholder=3D"meta.sr.ht/BILLING:RW meta.sr.ht/PROFILE"
-          value=3D"{{literal_grants or ""}}" />
-        {{valid.summary("literal_grants")}}
-      </div>
-    </details>
+            type=3D"text"
+            name=3D"literal_grants"
+            id=3D"literal_grants"
+            class=3D"form-control {{valid.cls("literal_grants")}}"
+            placeholder=3D"meta.sr.ht/BILLING:RW meta.sr.ht/PROFILE"
+            value=3D"{{literal_grants or ""}}" />
+          {{valid.summary("literal_grants")}}
+        </div>
+      </details>
+    {% endif %}
     <div class=3D"form-group">
       <label for=3D"comment">Comment</label>
       <input

base-commit: cd0ef906447aa086f2ffbec80ceaf581a39e943c
--=20
2.34.0