Use AJAX to revoke GitHub app token

dregad · dregad · commit 497bbe58b4f1 · 2019-02-11T02:18:59.000+01:00
Fixes #303
diff --git a/SourceGithub/SourceGithub.php b/SourceGithub/SourceGithub.php
@@ -65,11 +65,41 @@ public function routes( $p_event_name, $p_event_args ) {
 		$t_app->group(
 			plugin_route_group(),
 			function() use ( $t_app, $t_plugin ) {
+				$t_app->delete( '/{id}/token', [$t_plugin, 'route_token_revoke'] );
 				$t_app->post( '/{id}/webhook', [$t_plugin, 'route_webhook'] );
 			}
 		);
 	}
 
+	/**
+	 * RESTful route to revoke GitHub application token
+	 *
+	 * @param Slim\Http\Request  $p_request
+	 * @param Slim\Http\Response $p_response
+	 * @param array              $p_args
+	 *
+	 * @return Slim\Http\Response
+	 */
+	public function route_token_revoke( $p_request, $p_response, $p_args ) {
+		# Make sure the given repository exists
+		$t_repo_id = isset( $p_args['id'] ) ? $p_args['id'] : $p_request->getParam( 'id' );
+		if( !SourceRepo::exists( $t_repo_id ) ) {
+			return $p_response->withStatus( HTTP_STATUS_BAD_REQUEST, 'Invalid Repository Id' );
+		}
+
+		# Check that the repo is of GitHub type
+		$t_repo = SourceRepo::load( $t_repo_id );
+		if( $t_repo->type != $this->type ) {
+			return $p_response->withStatus( HTTP_STATUS_BAD_REQUEST, "Id $t_repo_id is not a GitHub repository" );
+		}
+
+		# Clear the token
+		unset( $t_repo->info['hub_app_access_token'] );
+		$t_repo->save();
+
+		return $p_response->withStatus( HTTP_STATUS_NO_CONTENT );
+	}
+
 	/**
 	 * RESTful route to create GitHub checkin webhook
 	 *
@@ -271,49 +301,63 @@ public function update_repo_form( $p_repo ) {
 <tr>
 	<td class="category"><?php echo plugin_lang_get( 'hub_app_client_id' ) ?></td>
 	<td>
-		<input type="text" name="hub_app_client_id" maxlength="250" size="40" value="<?php echo string_attribute( $t_hub_app_client_id ) ?>"/>
+		<input name="hub_app_client_id" id="hub_app_client_id"
+			   type="text" maxlength="250" size="40"
+			   value="<?php echo string_attribute( $t_hub_app_client_id ) ?>"
+			   data-original="<?php echo string_attribute( $t_hub_app_client_id ) ?>"
+		/>
 	</td>
 </tr>
 
 <tr>
 	<td class="category"><?php echo plugin_lang_get( 'hub_app_secret' ) ?></td>
 	<td>
-		<input type="text" name="hub_app_secret" maxlength="250" size="40" value="<?php echo string_attribute( $t_hub_app_secret ) ?>"/>
+		<input name="hub_app_secret" id="hub_app_secret"
+			   type="text" maxlength="250" size="40"
+			   value="<?php echo string_attribute( $t_hub_app_secret ) ?>"
+			   data-original="<?php echo string_attribute( $t_hub_app_secret ) ?>"
+		/>
 	</td>
 </tr>
 
 <tr>
 	<td class="category"><?php echo plugin_lang_get( 'hub_app_access_token' ) ?></td>
 	<td>
-		<?php
-		$t_hide_webhook_create = true;
+		<div id="id_secret_missing" class="hidden">
+			<?php echo plugin_lang_get( 'hub_app_client_id_secret_missing' ); ?>
+		</div>
 
-		if( empty( $t_hub_app_client_id ) || empty( $t_hub_app_secret ) ) {
-			echo plugin_lang_get( 'hub_app_client_id_secret_missing' );
-		} elseif( empty( $t_hub_app_access_token ) ) {
-			print_link( $this->oauth_authorize_uri( $p_repo ), plugin_lang_get( 'hub_app_authorize' ) );
-		} else {
-			$t_hide_webhook_create = false;
-			echo plugin_lang_get( 'hub_app_authorized' );
-			# @TODO This would be better with an AJAX, but this will do for now
-			?>
-			<input type="submit" class="btn btn-xs btn-primary btn-white btn-round" name="revoke" value="<?php echo plugin_lang_get( 'hub_app_revoke' ) ?>"/>
+		<div id="token_missing" class="sourcegithub_token hidden">
 			<?php
-		}
+			print_small_button(
+				$this->oauth_authorize_uri( $p_repo ),
+				plugin_lang_get( 'hub_app_authorize' )
+			);
+			?>
+		</div>
+
+		<div id="token_authorized" class="sourcegithub_token hidden">
+			<input name="hub_app_access_token" id="hub_app_access_token"
+				   type="hidden" maxlength="250" size="40"
+				   value="<?php echo string_attribute( $t_hub_app_access_token ) ?>"
+			/>
+			<?php echo plugin_lang_get( 'hub_app_authorized' ); ?>&nbsp;
+			<button id="btn_auth_revoke" type="button"
+					class="btn btn-primary btn-white btn-round btn-sm"
+					data-token-set="<?php echo $t_hub_app_access_token ? 'true' : 'false' ?>"
+			>
+				<?php echo plugin_lang_get( 'hub_app_revoke' ) ?>
+			</button>
+		</div>
 
-		# Only show the webhook creation div when the app has been authorized
-		if( $t_hide_webhook_create ) {
-			$t_webhook_create_css = ' class="hidden"';
-		}
-		?>
 	</td>
 </tr>
 
 <tr>
 	<td class="category"><?php echo plugin_lang_get( 'hub_webhook_secret' ) ?></td>
 	<td>
 		<input type="text" name="hub_webhook_secret" maxlength="250" size="40" value="<?php echo string_attribute( $t_hub_webhook_secret ) ?>"/>
-		<div id="webhook_create"<?php echo $t_webhook_create_css; ?>>
+		<div id="webhook_create" class="sourcegithub_token hidden">
 			<div class="space-2"></div>
 			<button type="button" class="btn btn-primary btn-white btn-round btn-sm">
 				<?php echo plugin_lang_get( 'webhook_create' ); ?>
@@ -337,12 +381,6 @@ public function update_repo_form( $p_repo ) {
 	}
 
 	public function update_repo( $p_repo ) {
-		# Revoking previously authorized Github access token
-		if( gpc_isset( 'revoke' ) ) {
-			unset( $p_repo->info['hub_app_access_token'] );
-			return $p_repo;
-		}
-
 		$f_hub_username = gpc_get_string( 'hub_username' );
 		$f_hub_reponame = gpc_get_string( 'hub_reponame' );
 		$f_hub_app_client_id = gpc_get_string( 'hub_app_client_id' );
@@ -651,7 +689,16 @@ private function oauth_authorize_uri( $p_repo ) {
 		}
 
 		if ( !empty( $t_hub_app_client_id ) && !empty( $t_hub_app_secret ) ) {
-			return 'https://github.com/login/oauth/authorize?client_id=' . $t_hub_app_client_id . '&redirect_uri=' . urlencode(config_get('path') . 'plugin.php?page=SourceGithub/oauth_authorize&id=' . $p_repo->id ) . '&scope=repo';
+			$t_redirect_uri = config_get( 'path' )
+				. plugin_page( 'oauth_authorize', true ) . '&'
+				. http_build_query( array( 'id' => $p_repo->id ) );
+			$t_param = array(
+				'client_id' => $t_hub_app_client_id,
+				'redirect_uri' => $t_redirect_uri,
+				'scope' => 'repo',
+				'allow_signup' => false,
+			);
+			return 'https://github.com/login/oauth/authorize?' . http_build_query( $t_param );
 		} else {
 			return '';
 		}
diff --git a/SourceGithub/files/sourcegithub.js b/SourceGithub/files/sourcegithub.js
@@ -18,8 +18,61 @@ SourceGithub.rest_api = function(endpoint) {
 };
 
 jQuery(document).ready(function($) {
+	$('#hub_app_client_id, #hub_app_secret').change(set_visibility);
+	$('#btn_auth_revoke').click(revoke_token);
 	$('#webhook_create > button').click(webhook_create);
 
+	// The PHP code initially hides all token authorization elements using the.
+	// 'hidden' class, which we need to remove so we can set visibility using
+	// show/hide functions
+	set_visibility();
+	$('.sourcegithub_token, #id_secret_missing').removeClass('hidden');
+
+	function set_visibility() {
+		var div_id_secret_missing = $('#id_secret_missing');
+		var client_id = $('#hub_app_client_id');
+		var secret = $('#hub_app_secret');
+
+		// If Client ID and secret are set and equal to the recorded values
+		// for the repository, we hide the information message and display the
+		// authorize or revoke button and authorization status as needed.
+		if (   client_id.val() !== ''
+			&& client_id.val() === client_id.data('original')
+			&& secret.val() !== ''
+			&& secret.val() === secret.data('original')
+		) {
+			var div_token_authorized = $('#token_authorized');
+			var div_token_missing = $('#token_missing');
+			var div_webhook = $('#webhook_create');
+			var token = div_token_authorized.children('input');
+
+			div_id_secret_missing.hide();
+			if (token.val() !== '') {
+				div_token_authorized.add(div_webhook).show();
+				div_token_missing.hide();
+			} else {
+				div_token_authorized.add(div_webhook).hide();
+				div_token_missing.show();
+			}
+		} else {
+			div_id_secret_missing.show();
+			$('.sourcegithub_token').hide();
+		}
+	}
+
+	function revoke_token() {
+		var repo_id = $('#repo_id').val();
+
+		$.ajax({
+			type: 'DELETE',
+			url: SourceGithub.rest_api(repo_id + '/token'),
+			success: function(data, textStatus, xhr) {
+					$('#hub_app_access_token').val('');
+					set_visibility();
+				}
+		});
+	}
+
 	function webhook_create() {
 		var repo_id = $('#repo_id').val();
 		var status_icon = $('#webhook_status > i');
diff --git a/SourceGithub/lang/strings_english.txt b/SourceGithub/lang/strings_english.txt
@@ -13,7 +13,7 @@ $s_plugin_SourceGithub_hub_reponame = 'GitHub Repository Name<br/><span class="s
 $s_plugin_SourceGithub_hub_app_client_id = 'GitHub Application Client ID<br><span class="small">This is required for private repositories and also allows to get around the <a href="https://developer.github.com/v3/#rate-limiting">Rate Limit</a> when importing data.<br>Create a new <a href="https://github.com/settings/applications">GitHub Application</a> if needed.</span>';
 $s_plugin_SourceGithub_hub_app_secret = 'GitHub Application Secret';
 $s_plugin_SourceGithub_hub_app_access_token = 'GitHub Application Access Token';
-$s_plugin_SourceGithub_hub_webhook_secret = 'GitHub Webhook Secret';
+$s_plugin_SourceGithub_hub_webhook_secret = 'GitHub Webhook Secret<br/><span class="small">This must match the <em>Secret</em> set in the webhook\'s definition, and is used to validate the payload\'s signature.</span>';
 $s_plugin_SourceGithub_master_branch = 'Primary Branches<br/><span class="small">(comma-separated list or "*" for all branches)</span>';
 
 $s_plugin_SourceGithub_hub_app_client_id_secret_missing = '<span class="small">You must first enter the GitHub Application <em>Client ID</em> &amp; <em>Secret</em> and update the repository before you can authorize.</span>';
