OAuthServer - hide client secret behind a "View Secret" action
Summary: ...also adds policies on who can view and who can edit an action. Fixes T6949. Test Plan: viewed a secret through the new UI and it worked Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T6949 Differential Revision: https://secure.phabricator.com/D11401
This commit is contained in:
Bob Trahan
@@ -62,6 +62,8 @@ final class PhabricatorOAuthClientViewController
|
||||
->withClientPHIDs(array($client->getPHID()))
|
||||
->executeOne();
|
||||
$is_authorized = (bool)$authorization;
|
||||
$id = $client->getID();
|
||||
$phid = $client->getPHID();
|
||||
|
||||
$view = id(new PhabricatorActionListView())
|
||||
->setUser($viewer);
|
||||
@@ -74,6 +76,14 @@ final class PhabricatorOAuthClientViewController
|
||||
->setDisabled(!$can_edit)
|
||||
->setHref($client->getEditURI()));
|
||||
|
||||
$view->addAction(
|
||||
id(new PhabricatorActionView())
|
||||
->setName(pht('Show Application Secret'))
|
||||
->setIcon('fa-eye')
|
||||
->setHref($this->getApplicationURI("client/secret/{$phid}/"))
|
||||
->setDisabled(!$can_edit)
|
||||
->setWorkflow(true));
|
||||
|
||||
$view->addAction(
|
||||
id(new PhabricatorActionView())
|
||||
->setName(pht('Delete Application'))
|
||||
@@ -88,7 +98,7 @@ final class PhabricatorOAuthClientViewController
|
||||
->setIcon('fa-wrench')
|
||||
->setWorkflow(true)
|
||||
->setDisabled($is_authorized)
|
||||
->setHref($this->getApplicationURI('test/'.$client->getID().'/')));
|
||||
->setHref($this->getApplicationURI('test/'.$id.'/')));
|
||||
|
||||
return $view;
|
||||
}
|
||||
@@ -103,10 +113,6 @@ final class PhabricatorOAuthClientViewController
|
||||
pht('Client ID'),
|
||||
$client->getPHID());
|
||||
|
||||
$view->addProperty(
|
||||
pht('Client Secret'),
|
||||
$client->getSecret());
|
||||
|
||||
$view->addProperty(
|
||||
pht('Redirect URI'),
|
||||
$client->getRedirectURI());
|
||||
|
||||
Reference in New Issue
Block a user