Move settings/oauth to src/Module
- Add settings_content() permission checks to Module\BaseSettings - Transform application token deletion GET links to POST forms to keep a single OAuth module class
This commit is contained in:
parent
55365aa4da
commit
3226b00995
6 changed files with 185 additions and 79 deletions
|
@ -157,31 +157,6 @@ function settings_content(App $a)
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'oauth')) {
|
|
||||||
if ((DI::args()->getArgc() > 3) && (DI::args()->getArgv()[2] === 'delete')) {
|
|
||||||
BaseModule::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth', 't');
|
|
||||||
|
|
||||||
DBA::delete('application-token', ['application-id' => DI::args()->getArgv()[3], 'uid' => DI::userSession()->getLocalUserId()]);
|
|
||||||
DI::baseUrl()->redirect('settings/oauth/', true);
|
|
||||||
return '';
|
|
||||||
}
|
|
||||||
|
|
||||||
$applications = DBA::selectToArray('application-view', ['id', 'uid', 'name', 'website', 'scopes', 'created_at'], ['uid' => DI::userSession()->getLocalUserId()]);
|
|
||||||
|
|
||||||
$tpl = Renderer::getMarkupTemplate('settings/oauth.tpl');
|
|
||||||
$o .= Renderer::replaceMacros($tpl, [
|
|
||||||
'$form_security_token' => BaseModule::getFormSecurityToken("settings_oauth"),
|
|
||||||
'$baseurl' => DI::baseUrl()->get(true),
|
|
||||||
'$title' => DI::l10n()->t('Connected Apps'),
|
|
||||||
'$name' => DI::l10n()->t('Name'),
|
|
||||||
'$website' => DI::l10n()->t('Home Page'),
|
|
||||||
'$created_at' => DI::l10n()->t('Created'),
|
|
||||||
'$delete' => DI::l10n()->t('Remove authorization'),
|
|
||||||
'$apps' => $applications,
|
|
||||||
]);
|
|
||||||
return $o;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'addon')) {
|
if ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'addon')) {
|
||||||
$addon_settings_forms = [];
|
$addon_settings_forms = [];
|
||||||
foreach (DI::dba()->selectToArray('hook', ['file', 'function'], ['hook' => 'addon_settings']) as $hook) {
|
foreach (DI::dba()->selectToArray('hook', ['file', 'function'], ['hook' => 'addon_settings']) as $hook) {
|
||||||
|
|
|
@ -21,116 +21,156 @@
|
||||||
|
|
||||||
namespace Friendica\Module;
|
namespace Friendica\Module;
|
||||||
|
|
||||||
|
use Friendica\App;
|
||||||
use Friendica\BaseModule;
|
use Friendica\BaseModule;
|
||||||
use Friendica\Content\Feature;
|
use Friendica\Content\Feature;
|
||||||
|
use Friendica\Content\Nav;
|
||||||
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Core\Renderer;
|
use Friendica\Core\Renderer;
|
||||||
use Friendica\DI;
|
use Friendica\Core\Session\Capability\IHandleUserSessions;
|
||||||
|
use Friendica\Core\System;
|
||||||
|
use Friendica\Module\Security\Login;
|
||||||
|
use Friendica\Network\HTTPException\ForbiddenException;
|
||||||
|
use Friendica\Util\Profiler;
|
||||||
|
use Psr\Log\LoggerInterface;
|
||||||
|
|
||||||
class BaseSettings extends BaseModule
|
class BaseSettings extends BaseModule
|
||||||
{
|
{
|
||||||
public static function createAside()
|
/** @var App\Page */
|
||||||
|
protected $page;
|
||||||
|
/** @var IHandleUserSessions */
|
||||||
|
protected $session;
|
||||||
|
|
||||||
|
public function __construct(IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
|
||||||
|
{
|
||||||
|
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
|
||||||
|
|
||||||
|
$this->page = $page;
|
||||||
|
$this->session = $session;
|
||||||
|
|
||||||
|
if ($this->session->getSubManagedUserId()) {
|
||||||
|
throw new ForbiddenException($this->t('Permission denied.'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function content(array $request = []): string
|
||||||
|
{
|
||||||
|
Nav::setSelected('settings');
|
||||||
|
|
||||||
|
if (!$this->session->getLocalUserId()) {
|
||||||
|
$this->session->set('return_path', $this->args->getCommand());
|
||||||
|
$this->baseUrl->redirect('login');
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->createAside();
|
||||||
|
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
|
||||||
|
public function createAside()
|
||||||
{
|
{
|
||||||
$tpl = Renderer::getMarkupTemplate('settings/head.tpl');
|
$tpl = Renderer::getMarkupTemplate('settings/head.tpl');
|
||||||
DI::page()['htmlhead'] .= Renderer::replaceMacros($tpl, [
|
$this->page['htmlhead'] .= Renderer::replaceMacros($tpl, [
|
||||||
'$ispublic' => DI::l10n()->t('everybody')
|
'$ispublic' => $this->t('everybody')
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$tabs = [];
|
$tabs = [];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Account'),
|
'label' => $this->t('Account'),
|
||||||
'url' => 'settings',
|
'url' => 'settings',
|
||||||
'selected' => ((DI::args()->getArgc() == 1) && (DI::args()->getArgv() === 'settings') ? 'active' : ''),
|
'selected' => static::class == Settings\Account::class ? 'active' : '',
|
||||||
'accesskey' => 'o',
|
'accesskey' => 'o',
|
||||||
];
|
];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Two-factor authentication'),
|
'label' => $this->t('Two-factor authentication'),
|
||||||
'url' => 'settings/2fa',
|
'url' => 'settings/2fa',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === '2fa') ? 'active' : ''),
|
'selected' => in_array(static::class, [
|
||||||
|
Settings\TwoFactor\AppSpecific::class,
|
||||||
|
Settings\TwoFactor\Index::class,
|
||||||
|
Settings\TwoFactor\Recovery::class,
|
||||||
|
Settings\TwoFactor\Trusted::class,
|
||||||
|
Settings\TwoFactor\Verify::class
|
||||||
|
]) ? 'active' : '',
|
||||||
'accesskey' => '2',
|
'accesskey' => '2',
|
||||||
];
|
];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Profile'),
|
'label' => $this->t('Profile'),
|
||||||
'url' => 'settings/profile',
|
'url' => 'settings/profile',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'profile') ? 'active' : ''),
|
'selected' => in_array(static::class, [
|
||||||
|
Settings\Profile\Index::class,
|
||||||
|
Settings\Profile\Photo\Crop::class,
|
||||||
|
Settings\Profile\Photo\Index::class,
|
||||||
|
]) ? 'active' : '',
|
||||||
'accesskey' => 'p',
|
'accesskey' => 'p',
|
||||||
];
|
];
|
||||||
|
|
||||||
if (Feature::get()) {
|
if (Feature::get()) {
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Additional features'),
|
'label' => $this->t('Additional features'),
|
||||||
'url' => 'settings/features',
|
'url' => 'settings/features',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'features') ? 'active' : ''),
|
'selected' => static::class == Settings\Features::class ? 'active' : '',
|
||||||
'accesskey' => 't',
|
'accesskey' => 't',
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Display'),
|
'label' => $this->t('Display'),
|
||||||
'url' => 'settings/display',
|
'url' => 'settings/display',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'display') ? 'active' : ''),
|
'selected' => static::class == Settings\Display::class ? 'active' : '',
|
||||||
'accesskey' => 'i',
|
'accesskey' => 'i',
|
||||||
];
|
];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Social Networks'),
|
'label' => $this->t('Social Networks'),
|
||||||
'url' => 'settings/connectors',
|
'url' => 'settings/connectors',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'connectors') ? 'active' : ''),
|
'selected' => static::class == Settings\SocialNetworks::class ? 'active' : '',
|
||||||
'accesskey' => 'w',
|
'accesskey' => 'w',
|
||||||
];
|
];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Addons'),
|
'label' => $this->t('Addons'),
|
||||||
'url' => 'settings/addon',
|
'url' => 'settings/addon',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'addon') ? 'active' : ''),
|
'selected' => static::class == Settings\Addons::class ? 'active' : '',
|
||||||
'accesskey' => 'l',
|
'accesskey' => 'l',
|
||||||
];
|
];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Manage Accounts'),
|
'label' => $this->t('Manage Accounts'),
|
||||||
'url' => 'settings/delegation',
|
'url' => 'settings/delegation',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'delegation') ? 'active' : ''),
|
'selected' => static::class == Settings\Delegation::class ? 'active' : '',
|
||||||
'accesskey' => 'd',
|
'accesskey' => 'd',
|
||||||
];
|
];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Connected apps'),
|
'label' => $this->t('Connected apps'),
|
||||||
'url' => 'settings/oauth',
|
'url' => 'settings/oauth',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'oauth') ? 'active' : ''),
|
'selected' => static::class == Settings\OAuth::class ? 'active' : '',
|
||||||
'accesskey' => 'b',
|
'accesskey' => 'b',
|
||||||
];
|
];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Export personal data'),
|
'label' => $this->t('Export personal data'),
|
||||||
'url' => 'settings/userexport',
|
'url' => 'settings/userexport',
|
||||||
'selected' => ((DI::args()->getArgc() > 1) && (DI::args()->getArgv()[1] === 'userexport') ? 'active' : ''),
|
'selected' => static::class == Settings\UserExport::class ? 'active' : '',
|
||||||
'accesskey' => 'e',
|
'accesskey' => 'e',
|
||||||
];
|
];
|
||||||
|
|
||||||
$tabs[] = [
|
$tabs[] = [
|
||||||
'label' => DI::l10n()->t('Remove account'),
|
'label' => $this->t('Remove account'),
|
||||||
'url' => 'settings/removeme',
|
'url' => 'settings/removeme',
|
||||||
'selected' => static::class === Settings\RemoveMe::class ? 'active' : '',
|
'selected' => static::class === Settings\RemoveMe::class ? 'active' : '',
|
||||||
'accesskey' => 'r',
|
'accesskey' => 'r',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
$tabtpl = Renderer::getMarkupTemplate("generic_links_widget.tpl");
|
$tabtpl = Renderer::getMarkupTemplate('generic_links_widget.tpl');
|
||||||
DI::page()['aside'] = Renderer::replaceMacros($tabtpl, [
|
$this->page['aside'] = Renderer::replaceMacros($tabtpl, [
|
||||||
'$title' => DI::l10n()->t('Settings'),
|
'$title' => $this->t('Settings'),
|
||||||
'$class' => 'settings-widget',
|
'$class' => 'settings-widget',
|
||||||
'$items' => $tabs,
|
'$items' => $tabs,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function content(array $request = []): string
|
|
||||||
{
|
|
||||||
$a = DI::app();
|
|
||||||
|
|
||||||
static::createAside();
|
|
||||||
|
|
||||||
return '';
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
80
src/Module/Settings/OAuth.php
Normal file
80
src/Module/Settings/OAuth.php
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @copyright Copyright (C) 2010-2022, the Friendica project
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Friendica\Module\Settings;
|
||||||
|
|
||||||
|
use Friendica\App;
|
||||||
|
use Friendica\Core\L10n;
|
||||||
|
use Friendica\Core\Renderer;
|
||||||
|
use Friendica\Core\Session\Capability\IHandleUserSessions;
|
||||||
|
use Friendica\Database\Database;
|
||||||
|
use Friendica\Module\BaseSettings;
|
||||||
|
use Friendica\Module\Response;
|
||||||
|
use Friendica\Util\Profiler;
|
||||||
|
use Psr\Log\LoggerInterface;
|
||||||
|
|
||||||
|
class OAuth extends BaseSettings
|
||||||
|
{
|
||||||
|
/** @var Database */
|
||||||
|
private $database;
|
||||||
|
|
||||||
|
public function __construct(Database $database, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
|
||||||
|
{
|
||||||
|
parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
|
||||||
|
|
||||||
|
$this->database = $database;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function post(array $request = [])
|
||||||
|
{
|
||||||
|
if (!$this->session->getLocalUserId()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isset($request['delete'])) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
BaseSettings::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth');
|
||||||
|
|
||||||
|
$this->database->delete('application-token', ['application-id' => $request['delete'], 'uid' => $this->session->getLocalUserId()]);
|
||||||
|
$this->baseUrl->redirect('settings/oauth', true);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function content(array $request = []): string
|
||||||
|
{
|
||||||
|
parent::content($request);
|
||||||
|
|
||||||
|
$applications = $this->database->selectToArray('application-view', ['id', 'uid', 'name', 'website', 'scopes', 'created_at'], ['uid' => $this->session->getLocalUserId()]);
|
||||||
|
|
||||||
|
$tpl = Renderer::getMarkupTemplate('settings/oauth.tpl');
|
||||||
|
return Renderer::replaceMacros($tpl, [
|
||||||
|
'$form_security_token' => BaseSettings::getFormSecurityToken('settings_oauth'),
|
||||||
|
'$baseurl' => $this->baseUrl->get(true),
|
||||||
|
'$title' => $this->t('Connected Apps'),
|
||||||
|
'$name' => $this->t('Name'),
|
||||||
|
'$website' => $this->t('Home Page'),
|
||||||
|
'$created_at' => $this->t('Created'),
|
||||||
|
'$delete' => $this->t('Remove authorization'),
|
||||||
|
'$apps' => $applications,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
}
|
|
@ -600,7 +600,8 @@ return [
|
||||||
'/trusted' => [Module\Settings\TwoFactor\Trusted::class, [R::GET, R::POST]],
|
'/trusted' => [Module\Settings\TwoFactor\Trusted::class, [R::GET, R::POST]],
|
||||||
],
|
],
|
||||||
'/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]],
|
'/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]],
|
||||||
'/display' => [Module\Settings\Display::class, [R::GET, R::POST]],
|
'/display' => [Module\Settings\Display::class, [R::GET, R::POST]],
|
||||||
|
'/oauth' => [Module\Settings\OAuth::class, [R::GET, R::POST]],
|
||||||
'/profile' => [
|
'/profile' => [
|
||||||
'[/]' => [Module\Settings\Profile\Index::class, [R::GET, R::POST]],
|
'[/]' => [Module\Settings\Profile\Index::class, [R::GET, R::POST]],
|
||||||
'/photo[/new]' => [Module\Settings\Profile\Photo\Index::class, [R::GET, R::POST]],
|
'/photo[/new]' => [Module\Settings\Profile\Photo\Index::class, [R::GET, R::POST]],
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
<div class="generic-page-wrapper">
|
<div class="generic-page-wrapper">
|
||||||
<h1>{{$title}}</h1>
|
<h1>{{$title}}</h1>
|
||||||
<form action="settings/oauth" method="post" autocomplete="off">
|
<form action="settings/oauth" method="post" autocomplete="off">
|
||||||
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
|
<input type="hidden" name="form_security_token" value="{{$form_security_token}}">
|
||||||
<table id='application-block' class='table table-condensed table-striped'>
|
<table id='application-block' class='table table-condensed table-striped'>
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th>{{$name}}</th>
|
<th>{{$name}}</th>
|
||||||
<th>{{$website}}</th>
|
<th>{{$website}}</th>
|
||||||
<th>{{$created_at}}</th>
|
<th>{{$created_at}}</th>
|
||||||
|
<th></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
|
@ -16,7 +17,11 @@
|
||||||
<td>{{$app.name}}</td>
|
<td>{{$app.name}}</td>
|
||||||
<td>{{$app.website}}</td>
|
<td>{{$app.website}}</td>
|
||||||
<td>{{$app.created_at}}</td>
|
<td>{{$app.created_at}}</td>
|
||||||
<td><a href="{{$baseurl}}/settings/oauth/delete/{{$app.id}}?t={{$form_security_token}}" class="icon s22 delete" title="{{$delete}}"> </a></td>
|
<td>
|
||||||
|
<button type="submit" class="btn" title="{{$delete}}" name="delete" value="{{$app.id}}">
|
||||||
|
<i class="icon s22 delete" aria-hidden="true"></i>
|
||||||
|
</button>
|
||||||
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{{/foreach}}
|
{{/foreach}}
|
||||||
</tbody>
|
</tbody>
|
||||||
|
|
|
@ -2,13 +2,14 @@
|
||||||
{{* include the title template for the settings title *}}
|
{{* include the title template for the settings title *}}
|
||||||
{{include file="section_title.tpl" title=$title}}
|
{{include file="section_title.tpl" title=$title}}
|
||||||
<form action="settings/oauth" method="post" autocomplete="off">
|
<form action="settings/oauth" method="post" autocomplete="off">
|
||||||
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
|
<input type="hidden" name="form_security_token" value="{{$form_security_token}}">
|
||||||
<table id='application-block' class='table table-condensed table-striped'>
|
<table id='application-block' class='table table-condensed table-striped'>
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th>{{$name}}</th>
|
<th>{{$name}}</th>
|
||||||
<th>{{$website}}</th>
|
<th>{{$website}}</th>
|
||||||
<th>{{$created_at}}</th>
|
<th>{{$created_at}}</th>
|
||||||
|
<th></th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
|
@ -17,7 +18,11 @@
|
||||||
<td>{{$app.name}}</td>
|
<td>{{$app.name}}</td>
|
||||||
<td>{{$app.website}}</td>
|
<td>{{$app.website}}</td>
|
||||||
<td>{{$app.created_at}}</td>
|
<td>{{$app.created_at}}</td>
|
||||||
<td><a href="{{$baseurl}}/settings/oauth/delete/{{$app.id}}?t={{$form_security_token}}" class="btn" title="{{$delete}}"><i class="fa fa-trash" aria-hidden="true"></i></a></td>
|
<td>
|
||||||
|
<button type="submit" class="btn" title="{{$delete}}" name="delete" value="{{$app.id}}">
|
||||||
|
<i class="fa fa-trash" aria-hidden="true"></i>
|
||||||
|
</button>
|
||||||
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{{/foreach}}
|
{{/foreach}}
|
||||||
</tbody>
|
</tbody>
|
||||||
|
|
Loading…
Reference in a new issue