Merge pull request #124 from cabinetoffice/new-client-route

New client route
cabinetoffice · Jun 21, 2024 · 8cb0e58 · 8cb0e58
2 parents 8e1e90f + ce915f6
commit 8cb0e58
Show file tree

Hide file tree

Showing 5 changed files with 88 additions and 9 deletions.
diff --git a/jinja_helper.py b/jinja_helper.py
@@ -84,7 +84,7 @@ def main_css_hash():
     return _main_css_hash
 
 
-def renderTemplate(filename: str, params: dict = {}, status_code: int = 200) -> str:
+def renderTemplate(filename: str, params: dict = {}, status_code: int = 200) -> tuple[str, int]:
     params.update({"url_prefix": env_var("URL_PREFIX", "http://localhost:5001")})
 
     pbe = env_var("PHASE_BANNER", "PRIVATE-ALPHA")

diff --git a/sso_oidc.py b/sso_oidc.py
@@ -27,7 +27,7 @@
 _individual_clients = {}
 
 
-def save_client(filename: str, client: dict, client_id: str) -> dict:
+def save_client(filename: str, client: dict, client_id: str) -> bool:
     has_secret = False
     saved = False
 

diff --git a/sso_oidc_client_generation.py b/sso_oidc_client_generation.py
@@ -5,7 +5,7 @@
 from sso_utils import random_string
 
 
-def generate_client_auth_pair():
+def generate_client_auth_pair() -> dict[str, str]:
     """
     Returns a valid client ID and secret
 

diff --git a/templates/new-client.html b/templates/new-client.html
@@ -0,0 +1,63 @@
+{% extends "_primary.html" %}
+
+{% block content %}
+<div class="govuk-breadcrumbs">
+  <ol class="govuk-breadcrumbs__list">
+    <li class="govuk-breadcrumbs__list-item">
+      <a class="govuk-breadcrumbs__link" href="/">Single Sign-On</a>
+    </li>
+    <li class="govuk-breadcrumbs__list-item" aria-current="page">Create new client</li>
+  </ol>
+</div>
+
+<main class="govuk-main-wrapper " id="main-content" role="main">
+    <form action="{{ form_url }}" method="post">
+<fieldset class="govuk-fieldset">
+  <legend class="govuk-fieldset__legend govuk-fieldset__legend--l">
+    <h1 class="govuk-fieldset__heading">
+      Please provide details for the new client
+    </h1>
+  </legend>
+    <div class="govuk-form-group">
+        <label class="govuk-label" for="name">
+            The name of the app
+        </label>
+        <input class="govuk-input" id="name" name="name" type="text">
+    </div>
+    <div class="govuk-form-group">
+        <label class="govuk-label" for="description">
+            A brief description of the app
+        </label>
+        <textarea class="govuk-textarea" id="description" name="description" type="text"></textarea>
+    </div>
+  <div class="govuk-form-group">
+    <label class="govuk-label" for="app-url">
+      The usual URL for the app
+    </label>
+    <input class="govuk-input" id="app-url" name="app_url" type="text">
+  </div>
+  <div class="govuk-form-group">
+    <label class="govuk-label" for="redirect-urls">
+      Redirect url(s). If more than one, please separate them with commas
+    </label>
+    <input class="govuk-input" id="redirect-urls" name="redirect_urls" type="text">
+  </div>
+  <div class="govuk-form-group">
+    <label class="govuk-label" for="sign-in-url">
+      Sign-in URL for the new app
+    </label>
+    <input class="govuk-input govuk-!-width-two-thirds" id="sign-in-url" name="sign_in_url" type="text">
+  </div>
+  <div class="govuk-form-group">
+    <label class="govuk-label" for="owners">
+      Owner(s). On the next page, you'll be able to add more owners.
+    </label>
+    <input class="govuk-input govuk-input--width-10" id="owners" name="owners" type="text">
+  </div>
+</fieldset>
+        <div class="govuk-button-group">
+      <input type="submit" value="Continue" class="govuk-button" data-module="govuk-button">
+    </div>
+</form>
+</main>
+{% endblock %}
diff --git a/wsgi.py b/wsgi.py
@@ -1,13 +1,11 @@
 import json
 import base64
 import time
-import hashlib
-import boto3
-import botocore
+import uuid
+
 import traceback
 import re
 import os
-import html
 import jwt_signing
 import sso_oidc
 import werkzeug
@@ -18,7 +16,6 @@
     Flask,
     jsonify,
     send_from_directory,
-    render_template,
     request,
     session,
     redirect,
@@ -96,7 +93,7 @@
 except Exception as e:
     jprint({"MicrosoftAuth": {"error": e, "in_use": False}})
 
-FLASK_SECRET_KEY = env_var("FLASK_SECRET_KEY")
+FLASK_SECRET_KEY = env_var("FLASK_SECRET_KEY", secrets.token_urlsafe(24))
 app = Flask(__name__)
 
 if IS_PROD:
@@ -1403,6 +1400,25 @@ def route_manage():
     )
 
 
+@app.route("/new-client", methods=["GET", "POST"])
+@UserShouldBeSignedIn
+@SetBrowserCookie
+@CheckCSRFSession
+def new_client():
+    if request.method == "GET":
+        return renderTemplate("new-client.html", {"form_url": "/new-client"})
+    else:
+        client_secret_dict = generate_client_auth_pair()
+        client_id = client_secret_dict.get("client_id")
+        client_secret = client_secret_dict.get("client_secret")
+        sso_oidc.save_client(
+            filename=uuid.uuid4().hex,
+            client={"secret": client_secret, **request.form.to_dict()},
+            client_id=client_id
+        )
+        return redirect(f"/view?client_id={client_id}")
+
+
 @app.route("/dashboard", methods=["GET"])
 @UserShouldBeSignedIn
 @SetBrowserCookie