Chore: OAuth authorization pages reconditioned

apps/meteor/app/api/server/v1/oauthapps.ts

@@ -3,7 +3,7 @@ import { OAuthApps } from '@rocket.chat/models';
 
 import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 import { API } from '../api';
-import { addOAuthApp } from '../../../oauth2-server-config/server/admin/methods/addOAuthApp';
+import { addOAuthApp } from '../../../oauth2-server-config/server/admin/functions/addOAuthApp';
 
 API.v1.addRoute(
 	'oauth-apps.list',

apps/meteor/app/oauth2-server-config/server/admin/functions/addOAuthApp.ts

@@ -0,0 +1,68 @@
+import { Meteor } from 'meteor/meteor';
+import { Random } from 'meteor/random';
+import { OAuthApps, Users } from '@rocket.chat/models';
+import type { OauthAppsAddParams } from '@rocket.chat/rest-typings';
+import type { IOAuthApps, IUser } from '@rocket.chat/core-typings';
+
+import { hasPermission } from '../../../../authorization/server';
+import { parseUriList } from './parseUriList';
+
+export async function addOAuthApp(applicationParams: OauthAppsAddParams, uid: IUser['_id'] | undefined): Promise<IOAuthApps> {
+	if (!uid) {
+		throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'addOAuthApp' });
+	}
+
+	const user = await Users.findOne(uid, { projection: { username: 1 } });
+
+	if (!user || !user.username) {
+		// TODO: username is required, but not always present
+		throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'addOAuthApp' });
+	}
+
+	if (!hasPermission(uid, 'manage-oauth-apps')) {
+		throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'addOAuthApp' });
+	}
+
+	if (!applicationParams.name || typeof applicationParams.name.valueOf() !== 'string' || applicationParams.name.trim() === '') {
+		throw new Meteor.Error('error-invalid-name', 'Invalid name', { method: 'addOAuthApp' });
+	}
+
+	if (
+		!applicationParams.redirectUri ||
+		typeof applicationParams.redirectUri.valueOf() !== 'string' ||
+		applicationParams.redirectUri.trim() === ''
+	) {
+		throw new Meteor.Error('error-invalid-redirectUri', 'Invalid redirectUri', {
+			method: 'addOAuthApp',
+		});
+	}
+
+	if (typeof applicationParams.active !== 'boolean') {
+		throw new Meteor.Error('error-invalid-arguments', 'Invalid arguments', {
+			method: 'addOAuthApp',
+		});
+	}
+
+	const application = {
+		...applicationParams,
+		redirectUri: parseUriList(applicationParams.redirectUri),
+		clientId: Random.id(),
+		clientSecret: Random.secret(),
+		_createdAt: new Date(),
+		_updatedAt: new Date(),
+		_createdBy: {
+			_id: user._id,
+			username: user.username,
+		},
+		_id: '',
+	};
+
+	if (application.redirectUri.length === 0) {
+		throw new Meteor.Error('error-invalid-redirectUri', 'Invalid redirectUri', {
+			method: 'addOAuthApp',
+		});
+	}
+
+	application._id = (await OAuthApps.insertOne(application)).insertedId;
+	return application;
+}

apps/meteor/app/oauth2-server-config/server/admin/functions/parseUriList.js → apps/meteor/app/oauth2-server-config/server/admin/functions/parseUriList.ts

@@ -1,9 +1,9 @@
-export const parseUriList = (userUri) => {
+export const parseUriList = (userUri: string) => {
 	if (userUri.indexOf('\n') < 0 && userUri.indexOf(',') < 0) {
 		return userUri;
 	}
 
-	const uriList = [];
+	const uriList: string[] = [];
 	userUri.split(/[,\n]/).forEach((item) => {
 		const uri = item.trim();
 		if (uri === '') {
@@ -13,5 +13,5 @@ export const parseUriList = (userUri) => {
 		uriList.push(uri);
 	});
 
-	return uriList;
+	return uriList.join(','); // TODO: This is a hack because the original code was returning a string or an array of strings
 };

apps/meteor/app/oauth2-server-config/server/admin/methods/addOAuthApp.ts

@@ -0,0 +1,21 @@
+import type { IOAuthApps } from '@rocket.chat/core-typings';
+import type { OauthAppsAddParams } from '@rocket.chat/rest-typings';
+import { Meteor } from 'meteor/meteor';
+
+import { methodDeprecationLogger } from '../../../../lib/server/lib/deprecationWarningLogger';
+import { addOAuthApp } from '../functions/addOAuthApp';
+
+declare module '@rocket.chat/ui-contexts' {
+	// eslint-disable-next-line @typescript-eslint/naming-convention
+	interface ServerMethods {
+		addOAuthApp: (application: OauthAppsAddParams) => { application: IOAuthApps };
+	}
+}
+
+Meteor.methods({
+	async addOAuthApp(application) {
+		methodDeprecationLogger.warn('addOAuthApp is deprecated and will be removed in future versions of Rocket.Chat');
+
+		return addOAuthApp(application, this.userId ?? undefined);
+	},
+});

apps/meteor/app/oauth2-server-config/server/admin/methods/deleteOAuthApp.js → apps/meteor/app/oauth2-server-config/server/admin/methods/deleteOAuthApp.ts

@@ -1,20 +1,35 @@
 import { Meteor } from 'meteor/meteor';
 import { OAuthApps } from '@rocket.chat/models';
+import type { IOAuthApps } from '@rocket.chat/core-typings';
 
-import { hasPermission } from '../../../../authorization';
+import { hasPermission } from '../../../../authorization/server';
+
+declare module '@rocket.chat/ui-contexts' {
+	// eslint-disable-next-line @typescript-eslint/naming-convention
+	interface ServerMethods {
+		deleteOAuthApp: (applicationId: IOAuthApps['_id']) => boolean;
+	}
+}
 
 Meteor.methods({
 	async deleteOAuthApp(applicationId) {
+		if (!this.userId) {
+			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'deleteOAuthApp' });
+		}
+
 		if (!hasPermission(this.userId, 'manage-oauth-apps')) {
 			throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'deleteOAuthApp' });
 		}
+
 		const application = await OAuthApps.findOneById(applicationId);
-		if (application == null) {
+		if (!application) {
 			throw new Meteor.Error('error-application-not-found', 'Application not found', {
 				method: 'deleteOAuthApp',
 			});
 		}
+
 		await OAuthApps.deleteOne({ _id: applicationId });
+
 		return true;
 	},
 });