diff --git a/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java b/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java index 9f06884..2218114 100644 --- a/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java +++ b/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java @@ -48,4 +48,5 @@ public class Constants { public static final String TOKEN_TYPE = "token_type"; public static final String UNAUTHORIZED_CLIENT = "unauthorized_client"; public static final String USER = "user"; + public static final String USER_ID = "user_id"; } diff --git a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java index aaa043c..65a20e2 100644 --- a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java +++ b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java @@ -1,8 +1,7 @@ /* © SRSoftware 2024 */ package de.srsoftware.oidc.backend; -import static de.srsoftware.oidc.api.Constants.APP_NAME; -import static de.srsoftware.oidc.api.Constants.TOKEN; +import static de.srsoftware.oidc.api.Constants.*; import static de.srsoftware.oidc.api.data.Permission.MANAGE_USERS; import static de.srsoftware.oidc.api.data.User.*; import static de.srsoftware.utils.Strings.uuid; @@ -44,6 +43,33 @@ public class UserController extends Controller { return sendContent(ex, newID); } + @Override + public boolean doDelete(String path, HttpExchange ex) throws IOException { + var optSession = getSession(ex); + if (optSession.isEmpty()) return sendEmptyResponse(HTTP_UNAUTHORIZED, ex); + + // post-login paths + var session = optSession.get(); + switch (path) { + case "/delete": + return deleteUser(ex, session); + } + return badRequest(ex, "%s not found".formatted(path)); + } + + private boolean deleteUser(HttpExchange ex, Session session) throws IOException { + var json = json(ex); + if (!json.has(USER_ID)) return badRequest(ex, "missing_user_id"); + var uuid = json.getString(USER_ID); + if (uuid == null || uuid.isBlank()) return badRequest(ex, "missing_user_id"); + if (session.user().uuid().equals(uuid)) return badRequest(ex, "must_not_delete_self"); + if (!json.has(CONFIRMED) || !json.getBoolean(CONFIRMED)) return badRequest(ex, "missing_confirmation"); + Optional targetUser = users.load(uuid); + if (targetUser.isEmpty()) return badRequest(ex, "unknown_user"); + users.delete(targetUser.get()); + return sendEmptyResponse(HTTP_OK, ex); + } + @Override public boolean doGet(String path, HttpExchange ex) throws IOException { switch (path) { diff --git a/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java b/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java index e3ed137..1ab4b8c 100644 --- a/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java +++ b/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java @@ -76,7 +76,9 @@ public class FileStore implements AuthorizationService, ClientService, SessionSe @Override public UserService delete(User user) { - return null; + var users = json.getJSONObject(USERS); + users.remove(user.uuid()); + return save(); } @Override diff --git a/de.srsoftware.oidc.web/src/main/resources/en/scripts/common.js b/de.srsoftware.oidc.web/src/main/resources/en/scripts/common.js index 2e9f374..996c748 100644 --- a/de.srsoftware.oidc.web/src/main/resources/en/scripts/common.js +++ b/de.srsoftware.oidc.web/src/main/resources/en/scripts/common.js @@ -22,7 +22,15 @@ function getValue(id){ } function hide(id){ - get(id).style.display = 'none'; + var elem = get(id); + if (elem) elem.style.display = 'none'; +} + +function hideAll(clazz){ + var elems = document.getElementsByTagName('*'), i; + for (i in elems) { + if((' ' + elems[i].className + ' ').indexOf(' ' + clazz + ' ') > -1) elems[i].style.display = 'none'; + } } function isChecked(id){ @@ -48,5 +56,6 @@ function setValue(id,newVal){ } function show(id){ - get(id).style.display = ''; + var elem = get(id); + if (elem) elem.style.display = ''; } \ No newline at end of file diff --git a/de.srsoftware.oidc.web/src/main/resources/en/scripts/users.js b/de.srsoftware.oidc.web/src/main/resources/en/scripts/users.js index 98451fe..42a677e 100644 --- a/de.srsoftware.oidc.web/src/main/resources/en/scripts/users.js +++ b/de.srsoftware.oidc.web/src/main/resources/en/scripts/users.js @@ -29,29 +29,42 @@ async function handleUsers(response){ var bottom = document.getElementById('bottom'); for (let id in users){ var row = document.createElement("tr"); - var user = users[id]; - row.innerHTML = `${user.username} - ${user.realname} - ${user.email} + var u = users[id]; + row.innerHTML = `${u.username} + ${u.realname} + ${u.email} ${id} - + `; bottom.parentNode.insertBefore(row,bottom); } } -function handleRemove(response){ - redirect("users.html"); +async function handleRemove(response){ + if (response.ok){ + redirect("users.html"); + } else { + var info = await response.text(); + console.log(info); + show(info); + } + } -function remove(userId){ +function remove(userId,name){ + disable(`remove-${userId}`); + if (userId == user.uuid) { + //return; + } + setText(`remove-${userId}`,"sent…"); + hideAll('error'); var message = document.getElementById('message').innerHTML; - if (confirm(message.replace("{}",userId))) { + if (confirm(message.replace("{}",name))) { fetch(user_controller+"/delete",{ method: 'DELETE', - body : JSON.stringify({ userId : userId }) + body : JSON.stringify({ user_id : userId, confirmed : true }) }).then(handleRemove); } } diff --git a/de.srsoftware.oidc.web/src/main/resources/en/todo.html b/de.srsoftware.oidc.web/src/main/resources/en/todo.html index 700a417..f3f2f10 100644 --- a/de.srsoftware.oidc.web/src/main/resources/en/todo.html +++ b/de.srsoftware.oidc.web/src/main/resources/en/todo.html @@ -12,7 +12,6 @@

to do…