Styling user consent form

app/assets/stylesheets/mobile/settings.scss

@@ -30,35 +30,6 @@
   }
 }
 
-.applications-page {
-  .applications-explenation {
-    margin-bottom: 15px;
-  }
-
-  .application-img {
-    margin: 9px 0;
-    float: left;
-    width: 60px;
-    max-height: 60px;
-    text-align: center;
-
-    [class^="entypo-"] {
-      font-size: 60px;
-      height: 60px;
-      margin: 0;
-      padding: 0;
-      width: 100%;
-      &::before {
-        position: relative;
-        top: -15px;
-      }
-    }
-  }
-
-  .application-authorizations {
-    width: calc(100% - 60px);
-    padding: 0 0 15px 15px;
-    display: inline-block;
-    float: right;
-  }
+.applications-page .applications-explanation {
+  margin-bottom: 15px;
 }

app/assets/stylesheets/user_applications.scss

@@ -1,32 +1,28 @@
-.applications-page {
-  .applications-explenation {
-    margin-bottom: 15px;
-  }
+.application-img {
+  margin: 9px 0;
+  float: left;
+  width: 60px;
+  max-height: 60px;
+  text-align: center;
 
-  .application-img {
-    margin: 9px 0;
-    float: left;
-    width: 60px;
-    max-height: 60px;
-    text-align: center;
-
-    [class^="entypo-"] {
-      font-size: 60px;
-      height: 60px;
-      margin: 0;
-      padding: 0;
-      width: 100%;
-      &::before {
-        position: relative;
-        top: -15px;
-      }
+  [class^="entypo-"] {
+    font-size: 60px;
+    height: 60px;
+    margin: 0;
+    padding: 0;
+    width: 100%;
+    &::before {
+      position: relative;
+      top: -15px;
     }
   }
-
-  .application-authorizations {
-    width: calc(100% - 60px);
-    padding: 0 0 15px 15px;
-    display: inline-block;
-    float: right;
-  }
 }
+
+.application-authorizations {
+  width: calc(100% - 60px);
+  padding: 0 0 15px 15px;
+  display: inline-block;
+  float: right;
+}
+
+.user-consent { margin-top: 20px; }

app/controllers/api/openid_connect/authorizations_controller.rb

@@ -32,7 +32,7 @@ module Api
         else
           flash[:error] = I18n.t("api.openid_connect.authorizations.destroy.fail", id: params[:id])
         end
-        redirect_to user_applications_url
+        redirect_to api_openid_connect_user_applications_url
       end
 
       private
@@ -107,6 +107,13 @@ module Api
           endpoint.redirect_uri, endpoint.scopes, endpoint.request_object
         ]
         save_request_parameters
+
+        @app = {
+          name:           @o_auth_application.client_name,
+          image:          @o_auth_application.image_uri,
+          authorizations: @scopes
+        }
+
         render :new
       end
 

app/controllers/api/openid_connect/user_applications_controller.rb

@@ -0,0 +1,11 @@
+module Api
+  module OpenidConnect
+    class UserApplicationsController < ApplicationController
+      before_action :authenticate_user!
+
+      def index
+        @user_apps = UserApplicationsPresenter.new current_user
+      end
+    end
+  end
+end

app/controllers/user_applications_controller.rb

@@ -1,9 +0,0 @@
-class UserApplicationsController < ApplicationController
-  before_action :authenticate_user!
-
-  def index
-    respond_to do |format|
-      format.all { @user_apps = UserApplicationsPresenter.new current_user }
-    end
-  end
-end

app/models/api/openid_connect/authorization.rb

@@ -21,10 +21,11 @@ module Api
         self.refresh_token = SecureRandom.hex(32)
       end
 
+
       def validate_scope_names
         return unless scopes
         scopes.each do |scope|
-          errors.add(:scope, "is not a valid scope name") unless %w(openid read write).include? scope
+          errors.add(:scope, "is not a valid scope name") unless scopes.include? scope
         end
       end
 
@@ -56,9 +57,13 @@ module Api
 
       def self.find_by_refresh_token(client_id, refresh_token)
         Api::OpenidConnect::Authorization.joins(:o_auth_application).find_by(
-          o_auth_applications: {client_id: client_id}, refresh_token: refresh_token)
+        o_auth_applications: {client_id: client_id}, refresh_token: refresh_token)
       end
 
+      def self.scopes
+        %w(openid read write)
+      end
+      
       def self.use_code(code)
         return unless code
         find_by(code: code).tap do |auth|

app/views/api/openid_connect/authorizations/_form.haml

@@ -1,7 +0,0 @@
-= form_tag api_openid_connect_authorizations_path, class: action do
-  - if action == :approve
-    = submit_tag t(".approve")
-    = hidden_field_tag :approve, true
-  - else
-    = submit_tag t(".deny")
-    = hidden_field_tag :approve, false

app/views/api/openid_connect/authorizations/_grants_list.haml

@@ -0,0 +1,16 @@
+.application-img
+  - if app[:image]
+    = image_tag app[:image], class: "img-responsive"
+  - else
+    %i.entypo-browser
+.application-authorizations
+  - if app[:authorizations].count > 0
+    %h4=t("api.openid_connect.authorizations.new.access", name: app[:name])
+    %ul
+      - app[:authorizations].each do |authorization|
+        %li
+          %b= t("api.openid_connect.scopes.#{authorization}.name")
+          %p= t("api.openid_connect.scopes.#{authorization}.description")
+  - else
+    .well
+      =t("api.openid_connect.authorizations.new.no_requirement", name: app[:name])

app/views/api/openid_connect/authorizations/new.html.haml

@@ -1,12 +1,13 @@
-%h2= @o_auth_application.client_name
-%p= t(".redirection_message", redirect_uri: @redirect_uri)
-%ul
-  - @scopes.each do |scope|
-    %li= scope
-  - if @request_object
-    %li= t(".requested_objects")
-    %ul
-      %pre= JSON.pretty_generate @request_object.as_json
+.user-consent.col-md-6.col-md-offset-1
+  %ul.list-group
+    %li.list-group-item.authorized-application
+      = render "grants_list", app: @app
 
-= render 'api/openid_connect/authorizations/form', action: :approve
-= render 'api/openid_connect/authorizations/form', action: :deny
+      .clearfix
+        = form_tag api_openid_connect_authorizations_path, class: "pull-right"  do
+          %span
+            = submit_tag t(".deny"), class: "btn btn-danger"
+            = hidden_field_tag :deny, false
+          %span
+            = submit_tag t(".approve"),  class: "btn btn-primary"
+            = hidden_field_tag :approve, true

app/views/api/openid_connect/user_applications/_add_remove_applications.haml

@@ -0,0 +1,14 @@
+- if @user_apps.applications?
+  %ul.list-group
+    - @user_apps.user_applications.each do |app|
+      %li.list-group-item.authorized-application
+        = render "grants_list", app: app
+        = form_for "application", url: "#{api_openid_connect_authorizations_path}/#{app[:id]}",
+            html: { method: :delete, class: "form-horizontal"} do |f|
+          .clearfix= f.submit t("api.openid_connect.user_applications.revoke_autorization"),
+            class: "btn btn-danger pull-right app-revoke"
+
+- else
+  .well
+    %h4
+      = t("api.openid_connect.user_applications.no_applications")

app/views/api/openid_connect/user_applications/_grants_list.haml

@@ -0,0 +1,16 @@
+.application-img
+  - if app[:image]
+    = image_tag app[:image], class: "img-responsive"
+  - else
+    %i.entypo-browser
+.application-authorizations
+  - if app[:authorizations].count > 0
+    %h4=t("api.openid_connect.user_applications.index.access", name: app[:name])
+    %ul
+      - app[:authorizations].each do |authorization|
+        %li
+          %b= t("api.openid_connect.scopes.#{authorization}.name")
+          %p= t("api.openid_connect.scopes.#{authorization}.description")
+  - else
+    .well
+      =t("api.openid_connect.user_applications.index.no_requirement",name: app[:name])

app/views/api/openid_connect/user_applications/index.mobile.haml

@@ -0,0 +1,13 @@
+.settings_container.applications-page
+  - content_for :page_title do
+    = t(".edit_applications")
+
+  = render "shared/settings_nav"
+
+  .container-fluid
+    .row
+      .col-md-12.applications-explanation
+        = t(".applications_explanation")
+      .col-md-12
+        = render "add_remove_applications"
+

app/views/shared/_settings_nav.haml

@@ -6,4 +6,5 @@
     %li{class: current_page?(edit_user_path) && "active"}= link_to t("account"), edit_user_path
     %li{class: current_page?(privacy_settings_path) && "active"}= link_to t("privacy"), privacy_settings_path
     %li{class: current_page?(services_path) && "active"}= link_to t("_services"), services_path
-    %li{class: current_page?(user_applications_path) && 'active'}= link_to t("_applications"), user_applications_path
+    %li{class: current_page?(api_openid_connect_user_applications_path) && "active"}
+      = link_to t("_applications"), api_openid_connect_user_applications_path

app/views/shared/_settings_nav.mobile.haml

@@ -6,4 +6,4 @@
       %li= link_to_unless_current t('account'), edit_user_path
       %li= link_to_unless_current t('privacy'), privacy_settings_path
       %li= link_to_unless_current t('_services'), services_path
-      %li= link_to_unless_current t('_applications'), user_applications_path
+      %li= link_to_unless_current t('_applications'), api_openid_connect_user_applications_path

app/views/user_applications/_add_remove_applications.haml

@@ -1,28 +0,0 @@
-- if @user_apps.applications?
-  %ul.list-group
-    - @user_apps.user_applications.each do |app|
-      %li.list-group-item.authorized-application
-        .application-img
-          - if app[:image]
-            = image_tag app[:image], class: "img-responsive"
-          - else
-            %i.entypo-browser
-        .application-authorizations
-          - if app[:authorizations].count > 0
-            %h4=t("user_applications.index.access", name: app[:name])
-            %ul
-              - app[:authorizations].each do |authorization|
-                %li
-                  %b= t("user_applications.scopes.#{authorization}.name")
-                  %p= t("user_applications.scopes.#{authorization}.description")
-          - else
-            .well
-              =t("user_applications.show.no_requirement")
-        = form_for "application", url: "#{api_openid_connect_authorizations_path}/#{app[:id]}",
-            html: { method: :delete, class: "form-horizontal"} do |f|
-          .clearfix= f.submit t("user_applications.revoke_autorization"), class: "btn btn-danger pull-right app-revoke"
-
-- else
-  .well
-    %h4
-      = t("user_applications.no_applications")

app/views/user_applications/index.mobile.haml

@@ -1,13 +0,0 @@
-.settings_container.applications-page
-  - content_for :page_title do
-    = t('.edit_applications')
-
-  = render 'shared/settings_nav'
-
-  .container-fluid
-    .row
-      .col-md-12.applications-explenation
-        = t('.applications_explanation')
-      .col-md-12
-        = render 'add_remove_applications'
-

config/locales/diaspora/en.yml

@@ -886,11 +886,35 @@ en:
       authorizations:
         new:
           redirection_message: "Are you sure you want to give access to %{redirect_uri}?"
-        form:
+          access: "%{name} requires access to:"
+          no_requirement: "%{name} requires no permissions"
           approve: "Approve"
           deny: "Deny"
         destroy:
           fail: "The attempt to revoke the authorization with ID %{id} has failed"
+      user_applications:
+        index:
+          edit_applications: "Applications"
+          title: "Authorized applications"
+          access: "%{name} has access to:"
+          no_requirement: "%{name} requires no permissions"
+          applications_explanation: "Here is a list of applications to which you have authorized"
+        no_applications: "You have no authorized applications"
+        revoke_autorization: "Revoke"
+      scopes:
+        openid:
+          name: "basic profile"
+          description: "This allows the application to read your basic profile"
+        extended:
+          name: "extended profile"
+          description: "This allows the application to read your extended profile"
+        read:
+          name: "read profile, stream and conversations"
+          description: "This allows the application to read your stream, your conversations and your complete profile"
+        write:
+          name: "send posts, conversations and reactions"
+          description: "This allows the application to send new posts, write conversations, and send reactions"
+
   people:
     zero: "No people"
     one: "1 person"
@@ -1476,27 +1500,3 @@ en:
     disabled: "Not available"
     open: "Open"
     closed: "Closed"
-    
-  user_applications:
-    index:
-      edit_applications: "Applications"
-      title: "Authorized applications"
-      access: "%{name} is authorized access to:"
-      no_requirement: "This application requires no permissions"
-      applications_explanation: "Here is a list of applications to which you have authorized access"
-    no_applications: "You have no authorized applications"
-    revoke_autorization: "Revoke"
-    scopes:
-      openid:
-        name: "basic profile"
-        description: "This allows the application to read your basic profile"
-      extended:
-        name: "extended profile"
-        description: "This allows the application to read your extended profile"
-      read:
-        name: "read profile, stream and conversations"
-        description: "This allows the application to read your stream, your conversations and your complete profile"
-      write:
-        name: "send posts, conversations and reactions"
-        description: "This allows the application to send new posts, write conversations, and send reactions"
-    

config/routes.rb

@@ -248,14 +248,12 @@ Diaspora::Application.routes.draw do
       # See http://openid.net/specs/openid-connect-core-1_0.html#AuthResponseValidation
       resources :authorizations, only: %i(new create destroy)
       post "authorizations/new", to: "authorizations#new"
-
+      get "user_applications", to: "user_applications#index"
       get "jwks.json", to: "id_tokens#jwks"
-
       get "user_info", to: "user_info#show"
     end
   end
 
   get ".well-known/webfinger", to: "api/openid_connect/discovery#webfinger"
   get ".well-known/openid-configuration", to: "api/openid_connect/discovery#configuration"
-  get "user_applications", to: "user_applications#index"
 end

features/support/paths.rb

@@ -37,7 +37,7 @@ module NavigationHelpers
     when /^forgot password page$/
       new_user_password_path
     when /^user applications page$/
-      user_applications_path
+      api_openid_connect_user_applications_path
     when %r{^"(/.*)"}
       Regexp.last_match(1)
     else

lib/api/openid_connect/authorization_point/endpoint.rb

@@ -10,7 +10,7 @@ module Api
           @user = user
           @app = Rack::OAuth2::Server::Authorize.new do |req, res|
             build_attributes(req, res)
-            if OAuthApplication.available_response_types.include? Array(req.response_type).map(&:to_s).join(" ")
+            if OAuthApplication.available_response_types.include? Array(req.response_type).join(" ")
               handle_response_type(req, res)
             else
               req.unsupported_response_type!
@@ -46,11 +46,14 @@ module Api
         def build_scopes(req)
           @scopes = req.scope.map {|scope|
             scope.tap do |scope_name|
-              # TODO: Use enum
-              req.invalid_scope! "Unknown scope: #{scope_name}" unless %w(openid read write).include? scope_name
+              req.invalid_scope! "Unknown scope: #{scope_name}" unless scopes.include? scope_name
             end
           }
         end
+
+        def scopes
+          Api::OpenidConnect::Authorization.scopes
+        end
       end
     end
   end

spec/controllers/api/openid_connect/authorizations_controller_spec.rb

@@ -302,7 +302,7 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
     context "with non-existent authorization" do
       it "raises an error" do
         delete :destroy, id: 123_456_789
-        expect(response).to redirect_to(user_applications_url)
+        expect(response).to redirect_to(api_openid_connect_user_applications_url)
         expect(flash[:error]).to eq("The attempt to revoke the authorization with ID 123456789 has failed")
       end
     end