From 11e2894621293122ab8c965f552035353cbc5828 Mon Sep 17 00:00:00 2001
From: Philippe Loctaux <p@philippeloctaux.com>
Date: Fri, 7 Apr 2023 17:46:39 +0200
Subject: [PATCH] admin/security: show flash, confirm action with modal

---
 crates/ezidam/src/routes/admin/settings.rs    | 147 ++++++++++--------
 .../pages/admin/settings/security.html.tera   |  61 +++++++-
 2 files changed, 137 insertions(+), 71 deletions(-)

diff --git a/crates/ezidam/src/routes/admin/settings.rs b/crates/ezidam/src/routes/admin/settings.rs
index abff756..75cb4c5 100644
--- a/crates/ezidam/src/routes/admin/settings.rs
+++ b/crates/ezidam/src/routes/admin/settings.rs
@@ -72,10 +72,15 @@ pub async fn settings_update_branding(
 }
 
 #[get("/admin/settings/security")]
-pub async fn settings_security(admin: JwtAdmin) -> Result<Page> {
-    Ok(Page::AdminSettingsSecurity(
-        super::content::AdminSettingsSecurity { user: admin.0 },
-    ))
+pub async fn settings_security(
+    admin: JwtAdmin,
+    flash: Option<FlashMessage<'_>>,
+) -> Result<Template> {
+    let page = Page::AdminSettingsSecurity(super::content::AdminSettingsSecurity { user: admin.0 });
+
+    Ok(flash
+        .map(|flash| Page::with_flash(page.clone(), flash))
+        .unwrap_or_else(|| page.into()))
 }
 
 #[derive(Debug, FromForm)]
@@ -90,81 +95,93 @@ pub async fn settings_security_form(
     form: Form<SecurityForm>,
     ip_address: IpAddr,
     cookie_jar: &CookieJar<'_>,
-) -> Result<Redirect> {
+) -> Result<Flash<Redirect>> {
     let mut transaction = db.begin().await?;
 
-    if let Some(logout_everyone) = form.logout_everyone {
-        if logout_everyone {
-            // Generate key id
-            let key_id = task::spawn_blocking(id::KeyID::default).await?;
+    let (flash_kind, flash_message) = match form.logout_everyone {
+        Some(logout_everyone) => {
+            if logout_everyone {
+                // Generate key id
+                let key_id = task::spawn_blocking(id::KeyID::default).await?;
 
-            // Generate key
-            let key_id_for_generation = key_id.clone();
-            let (private_key, public_key) =
-                task::spawn_blocking(move || jwt::generate(&key_id_for_generation)).await??;
+                // Generate key
+                let key_id_for_generation = key_id.clone();
+                let (private_key, public_key) =
+                    task::spawn_blocking(move || jwt::generate(&key_id_for_generation)).await??;
 
-            // Insert keys in database
-            jwt::database::save_new_keys(&mut transaction, &key_id, &private_key, &public_key)
-                .await?;
+                // Insert keys in database
+                jwt::database::save_new_keys(&mut transaction, &key_id, &private_key, &public_key)
+                    .await?;
 
-            // Revoke all keys except new one
-            jwt::database::revoke_all_except_one(&mut transaction, &key_id).await?;
+                // Revoke all keys except new one
+                jwt::database::revoke_all_except_one(&mut transaction, &key_id).await?;
 
-            // Get app
-            let app = App::get_one_by_id(&mut transaction, "ezidam")
-                .await?
-                .ok_or_else(|| Error::not_found("Could not find application"))?;
+                // Get app
+                let app = App::get_one_by_id(&mut transaction, "ezidam")
+                    .await?
+                    .ok_or_else(|| Error::not_found("Could not find application"))?;
 
-            // Get user info
-            let user = User::get_by_login(&mut transaction, &admin.0.subject)
-                .await?
-                .ok_or_else(|| Error::not_found("Could not find user"))?;
+                // Get user info
+                let user = User::get_by_login(&mut transaction, &admin.0.subject)
+                    .await?
+                    .ok_or_else(|| Error::not_found("Could not find user"))?;
 
-            // Revoke all refresh tokens
-            RefreshToken::revoke_all(&mut transaction).await?;
+                // Revoke all refresh tokens
+                RefreshToken::revoke_all(&mut transaction).await?;
 
-            // Generate refresh token
-            let refresh_token =
-                generate_refresh_token(&mut transaction, ip_address, user.id(), app.id())
-                    .await
-                    .map_err(Error::internal_server_error)?;
+                // Generate refresh token
+                let refresh_token =
+                    generate_refresh_token(&mut transaction, ip_address, user.id(), app.id())
+                        .await
+                        .map_err(Error::internal_server_error)?;
 
-            // Add refresh token as a cookie
-            let mut cookie = Cookie::new(REFRESH_TOKEN_COOKIE_NAME, refresh_token);
-            cookie.set_secure(true);
-            cookie.set_http_only(true);
-            cookie.set_same_site(SameSite::Strict);
-            cookie.set_max_age(Duration::days(REFRESH_TOKEN_DURATION_DAYS));
-            cookie_jar.add(cookie);
+                // Add refresh token as a cookie
+                let mut cookie = Cookie::new(REFRESH_TOKEN_COOKIE_NAME, refresh_token);
+                cookie.set_secure(true);
+                cookie.set_http_only(true);
+                cookie.set_same_site(SameSite::Strict);
+                cookie.set_max_age(Duration::days(REFRESH_TOKEN_DURATION_DAYS));
+                cookie_jar.add(cookie);
 
-            // Get base url
-            let settings = Settings::get(&mut transaction).await?;
-            let home_page = settings
-                .url()
-                .map(String::from)
-                .ok_or_else(|| Error::bad_request("Server url is not set"))?;
+                // Get base url
+                let settings = Settings::get(&mut transaction).await?;
+                let home_page = settings
+                    .url()
+                    .map(String::from)
+                    .ok_or_else(|| Error::bad_request("Server url is not set"))?;
 
-            // Generate jwt
-            let jwt = generate_jwt(
-                &mut transaction,
-                &private_key,
-                &home_page,
-                &app.id().0,
-                &user,
-            )
-            .await
-            .map_err(Error::internal_server_error)?;
+                // Generate jwt
+                let jwt = generate_jwt(
+                    &mut transaction,
+                    &private_key,
+                    &home_page,
+                    &app.id().0,
+                    &user,
+                )
+                .await
+                .map_err(Error::internal_server_error)?;
 
-            // Add jwt as a cookie
-            let mut cookie = Cookie::new(JWT_COOKIE_NAME, jwt);
-            cookie.set_secure(true);
-            cookie.set_http_only(true);
-            cookie.set_same_site(SameSite::Strict);
-            cookie.set_max_age(Duration::minutes(JWT_DURATION_MINUTES));
-            cookie_jar.add(cookie);
+                // Add jwt as a cookie
+                let mut cookie = Cookie::new(JWT_COOKIE_NAME, jwt);
+                cookie.set_secure(true);
+                cookie.set_http_only(true);
+                cookie.set_same_site(SameSite::Strict);
+                cookie.set_max_age(Duration::minutes(JWT_DURATION_MINUTES));
+                cookie_jar.add(cookie);
+
+                (FlashKind::Success, "Everyone has been logged out.")
+            } else {
+                (FlashKind::Warning, "Nothing to do.")
+            }
         }
-    }
+        None => (FlashKind::Warning, "Nothing to do."),
+    };
+
     transaction.commit().await?;
 
-    Ok(Redirect::to(uri!(settings_security)))
+    Ok(Flash::new(
+        Redirect::to(uri!(settings_security)),
+        flash_kind,
+        flash_message,
+    ))
 }
diff --git a/crates/ezidam/templates/pages/admin/settings/security.html.tera b/crates/ezidam/templates/pages/admin/settings/security.html.tera
index 44d3681..d0a2ca7 100644
--- a/crates/ezidam/templates/pages/admin/settings/security.html.tera
+++ b/crates/ezidam/templates/pages/admin/settings/security.html.tera
@@ -16,6 +16,13 @@
 <!-- Page body -->
 <div class="page-body">
     <div class="container-xl">
+
+        {% if flash %}
+        <div class="alert alert-{{flash.0}}" role="alert">
+            <h4 class="alert-title">{{ flash.1 | safe }}</h4>
+        </div>
+        {% endif %}
+
         <div class="card">
             <div class="row g-0">
                 <div class="col-3 d-none d-md-block border-end">
@@ -39,15 +46,13 @@
                         </p>
                         <p>This might take some time, but should not be long.</p>
 
-                        <div class="row align-items-center">
+                        <div class="row align-items-center mb-4">
 
                             <!-- Logout everyone -->
                             <div class="col-auto">
-                                <form action="" method="post">
-                                    <button class="btn btn-danger" type="submit" name="logout_everyone" value="true">
-                                        Logout everyone
-                                    </button>
-                                </form>
+                                <a class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#modal-logout-confirm">
+                                    Logout everyone
+                                </a>
                             </div>
 
                         </div>
@@ -57,4 +62,48 @@
         </div>
     </div>
 </div>
+
+
+<!-- Logout everyone modal -->
+<div class="modal modal-blur" tabindex="-1" id="modal-logout-confirm">
+    <div class="modal-dialog modal-sm modal-dialog-centered" role="document">
+        <div class="modal-content">
+
+            <div class="modal-status bg-danger"></div>
+
+            <div class="modal-body text-center py-4">
+
+                <div class="text-danger mb-2">
+                    {% include "icons/alert-triangle-large" %}
+                </div>
+
+                <h3>Do you want to log out everyone?</h3>
+                <div class="mt-2">All users will be logged out.</div>
+                <div class="mt-2">This might take some time, but should not be long.</div>
+
+            </div>
+
+            <div class="modal-footer">
+                <div class="w-100">
+                    <div class="row">
+
+                        <div class="col">
+                            <a href="#" class="btn w-100" data-bs-dismiss="modal">Cancel</a>
+                        </div>
+
+                        <div class="col">
+                            <form action="" method="post">
+                                <button type="submit" name="logout_everyone" value="true" class="btn btn-danger w-100">
+                                    Logout everyone
+                                </button>
+                            </form>
+                        </div>
+
+                    </div>
+                </div>
+            </div>
+
+        </div>
+    </div>
+</div>
 {% endblock content %}