composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-19 00:28:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°5553 - OAuth 2 : Hide Client Secret

Browse Source 
* client_id is now 255 chars (AttributeString)
 * client_secret is now 64 chars (AttributePassword) and cannot be anymore in the uniqueness rules
 * The modification of redirect_url, client_id or client_secret change the status to inactive and generate a session message to ask for token regeneration
This commit is contained in:
Eric Espie
2022-11-25 09:15:31 +01:00
parent f0141530b9
commit e518d34bc9
1 changed files with 14 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml
View File

@@ -52,12 +52,12 @@
<default_value/>
<is_null_allowed>true</is_null_allowed>
</field>
<field id="client_id" xsi:type="AttributeText">
<field id="client_id" xsi:type="AttributeString">
<sql>client_id</sql>
<default_value/>
<is_null_allowed>false</is_null_allowed>
</field>
<field id="client_secret" xsi:type="AttributeText">
<field id="client_secret" xsi:type="AttributePassword">
<sql>client_secret</sql>
<default_value/>
<is_null_allowed>false</is_null_allowed>
@@ -293,7 +293,6 @@
<attributes>
<attribute id="provider"/>
<attribute id="client_id"/>
<attribute id="client_secret"/>
</attributes>
<is_blocking>true</is_blocking>
</rule>
@@ -441,21 +440,6 @@
}
]]></code>
</method>
<method id="OnUpdate">
<static>false</static>
<access>protected</access>
<type>Overload-DBObject</type>
<code><![CDATA[
protected function OnUpdate()
{
$aChanges = $this->ListChanges();
if (array_key_exists('client_id', $aChanges) || array_key_exists('client_secret', $aChanges) || array_key_exists('redirect_url', $aChanges)) {
$sMessage = Dict::S('itop-oauth-client:Message:RegenerateToken');
self::SetSessionMessage(get_class($this), $this->GetKey(), 'RegenerateToken', $sMessage, 'info', 1);
}
}
]]></code>
</method>
<method id="DoCheckToWrite">
<static>false</static>
<access>public</access>
@@ -501,6 +485,12 @@
$this->Set('used_scope', 'advanced');
$this->Set('scope', '');
}
$aChanges = $this->ListChanges();
if (array_key_exists('client_id', $aChanges) || array_key_exists('client_secret', $aChanges) || array_key_exists('redirect_url', $aChanges)) {
$sMessage = Dict::S('itop-oauth-client:Message:RegenerateToken');
self::SetSessionMessage(get_class($this), $this->GetKey(), 'RegenerateToken', $sMessage, 'info', 1);
$this->Set('status', 'inactive');
}
}
]]></code>
</method>
@@ -604,7 +594,6 @@
<attributes>
<attribute id="provider"/>
<attribute id="client_id"/>
<attribute id="client_secret"/>
</attributes>
<is_blocking>true</is_blocking>
</rule>
@@ -799,6 +788,12 @@
$this->Set('used_scope', 'advanced');
$this->Set('scope', '');
}
$aChanges = $this->ListChanges();
if (array_key_exists('client_id', $aChanges) || array_key_exists('client_secret', $aChanges) || array_key_exists('redirect_url', $aChanges)) {
$sMessage = Dict::S('itop-oauth-client:Message:RegenerateToken');
self::SetSessionMessage(get_class($this), $this->GetKey(), 'RegenerateToken', $sMessage, 'info', 1);
$this->Set('status', 'inactive');
}
}
]]></code>
</method>
@@ -872,21 +867,6 @@
}
]]></code>
</method>
<method id="OnUpdate">
<static>false</static>
<access>protected</access>
<type>Overload-DBObject</type>
<code><![CDATA[
protected function OnUpdate()
{
$aChanges = $this->ListChanges();
if (array_key_exists('client_id', $aChanges) || array_key_exists('client_secret', $aChanges) || array_key_exists('redirect_url', $aChanges)) {
$sMessage = Dict::S('itop-oauth-client:Message:RegenerateToken');
self::SetSessionMessage(get_class($this), $this->GetKey(), 'RegenerateToken', $sMessage, 'info', 1);
}
}
]]></code>
</method>
</methods>
</class>
</classes>