Rename Confidential field to ConfidentialClient

Author: hickford

models/auth/oauth2.go

@@ -35,10 +35,10 @@ type OAuth2Application struct {
 	// https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
 	// "Authorization servers MUST record the client type in the client registration details"
 	// https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
-	Confidential bool               `xorm:"NOT NULL DEFAULT TRUE"`
-	RedirectURIs []string           `xorm:"redirect_uris JSON TEXT"`
-	CreatedUnix  timeutil.TimeStamp `xorm:"INDEX created"`
-	UpdatedUnix  timeutil.TimeStamp `xorm:"INDEX updated"`
+	ConfidentialClient bool               `xorm:"NOT NULL DEFAULT TRUE"`
+	RedirectURIs       []string           `xorm:"redirect_uris JSON TEXT"`
+	CreatedUnix        timeutil.TimeStamp `xorm:"INDEX created"`
+	UpdatedUnix        timeutil.TimeStamp `xorm:"INDEX updated"`
 }
 
 func init() {
@@ -62,7 +62,7 @@ func (app *OAuth2Application) PrimaryRedirectURI() string {
 
 // ContainsRedirectURI checks if redirectURI is allowed for app
 func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
-	if !app.Confidential {
+	if !app.ConfidentialClient {
 		uri, err := url.Parse(redirectURI)
 		// ignore port for http loopback uris following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
 		if err == nil && uri.Scheme == "http" && uri.Port() != "" {
@@ -168,21 +168,21 @@ func GetOAuth2ApplicationsByUserID(ctx context.Context, userID int64) (apps []*O
 
 // CreateOAuth2ApplicationOptions holds options to create an oauth2 application
 type CreateOAuth2ApplicationOptions struct {
-	Name         string
-	UserID       int64
-	Confidential bool
-	RedirectURIs []string
+	Name               string
+	UserID             int64
+	ConfidentialClient bool
+	RedirectURIs       []string
 }
 
 // CreateOAuth2Application inserts a new oauth2 application
 func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOptions) (*OAuth2Application, error) {
 	clientID := uuid.New().String()
 	app := &OAuth2Application{
-		UID:          opts.UserID,
-		Name:         opts.Name,
-		ClientID:     clientID,
-		RedirectURIs: opts.RedirectURIs,
-		Confidential: opts.Confidential,
+		UID:                opts.UserID,
+		Name:               opts.Name,
+		ClientID:           clientID,
+		RedirectURIs:       opts.RedirectURIs,
+		ConfidentialClient: opts.ConfidentialClient,
 	}
 	if err := db.Insert(ctx, app); err != nil {
 		return nil, err
@@ -192,11 +192,11 @@ func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOp
 
 // UpdateOAuth2ApplicationOptions holds options to update an oauth2 application
 type UpdateOAuth2ApplicationOptions struct {
-	ID           int64
-	Name         string
-	UserID       int64
-	Confidential bool
-	RedirectURIs []string
+	ID                 int64
+	Name               string
+	UserID             int64
+	ConfidentialClient bool
+	RedirectURIs       []string
 }
 
 // UpdateOAuth2Application updates an oauth2 application
@@ -217,7 +217,7 @@ func UpdateOAuth2Application(opts UpdateOAuth2ApplicationOptions) (*OAuth2Applic
 
 	app.Name = opts.Name
 	app.RedirectURIs = opts.RedirectURIs
-	app.Confidential = opts.Confidential
+	app.ConfidentialClient = opts.ConfidentialClient
 
 	if err = updateOAuth2Application(ctx, app); err != nil {
 		return nil, err
@@ -228,7 +228,7 @@ func UpdateOAuth2Application(opts UpdateOAuth2ApplicationOptions) (*OAuth2Applic
 }
 
 func updateOAuth2Application(ctx context.Context, app *OAuth2Application) error {
-	if _, err := db.GetEngine(ctx).ID(app.ID).UseBool("Confidential").Update(app); err != nil {
+	if _, err := db.GetEngine(ctx).ID(app.ID).UseBool("ConfidentialClient").Update(app); err != nil {
 		return err
 	}
 	return nil

models/auth/oauth2_test.go

@@ -45,8 +45,8 @@ func TestOAuth2Application_ContainsRedirectURI(t *testing.T) {
 
 func TestOAuth2Application_ContainsRedirectURI_WithPort(t *testing.T) {
 	app := &auth_model.OAuth2Application{
-		RedirectURIs: []string{"http://127.0.0.1/", "http://::1/", "http://192.168.0.1/", "http://intranet/", "https://127.0.0.1/"},
-		Confidential: false,
+		RedirectURIs:       []string{"http://127.0.0.1/", "http://::1/", "http://192.168.0.1/", "http://intranet/", "https://127.0.0.1/"},
+		ConfidentialClient: false,
 	}
 
 	// http loopback uris should ignore port

models/fixtures/oauth2_application.yml

@@ -7,7 +7,7 @@
   redirect_uris: '["a"]'
   created_unix: 1546869730
   updated_unix: 1546869730
-  confidential: true
+  confidential_client: true
 -
   id: 2
   uid: 2
@@ -17,4 +17,4 @@
   redirect_uris: '["http://127.0.0.1"]'
   created_unix: 1546869730
   updated_unix: 1546869730
-  confidential: false
+  confidential_client: false

models/migrations/migrations.go

@@ -416,7 +416,7 @@ var migrations = []Migration{
 	// v226 -> v227
 	NewMigration("Conan and generic packages do not need to be semantically versioned", fixPackageSemverField),
 	// v227 -> v228
-	NewMigration("Add confidential column default true to OAuth2Application table", addConfidentialColumnToOAuth2ApplicationTable),
+	NewMigration("Add ConfidentialClient column (default true) to OAuth2Application table", addConfidentialClientColumnToOAuth2ApplicationTable),
 }
 
 // GetCurrentDBVersion returns the current db version

models/migrations/v227.go

@@ -8,10 +8,10 @@ import (
 	"xorm.io/xorm"
 )
 
-// addConfidentialColumnToOAuth2ApplicationTable: add Confidential column, setting existing rows to true
-func addConfidentialColumnToOAuth2ApplicationTable(x *xorm.Engine) error {
+// addConfidentialColumnToOAuth2ApplicationTable: add ConfidentialClient column, setting existing rows to true
+func addConfidentialClientColumnToOAuth2ApplicationTable(x *xorm.Engine) error {
 	type OAuth2Application struct {
-		Confidential bool `xorm:"NOT NULL DEFAULT TRUE"`
+		ConfidentialClient bool `xorm:"NOT NULL DEFAULT TRUE"`
 	}
 
 	return x.Sync(new(OAuth2Application))

modules/convert/convert.go

@@ -392,13 +392,13 @@ func ToTopicResponse(topic *repo_model.Topic) *api.TopicResponse {
 // ToOAuth2Application convert from auth.OAuth2Application to api.OAuth2Application
 func ToOAuth2Application(app *auth.OAuth2Application) *api.OAuth2Application {
 	return &api.OAuth2Application{
-		ID:           app.ID,
-		Name:         app.Name,
-		ClientID:     app.ClientID,
-		ClientSecret: app.ClientSecret,
-		Confidential: app.Confidential,
-		RedirectURIs: app.RedirectURIs,
-		Created:      app.CreatedUnix.AsTime(),
+		ID:                 app.ID,
+		Name:               app.Name,
+		ClientID:           app.ClientID,
+		ClientSecret:       app.ClientSecret,
+		ConfidentialClient: app.ConfidentialClient,
+		RedirectURIs:       app.RedirectURIs,
+		Created:            app.CreatedUnix.AsTime(),
 	}
 }
 

modules/structs/user_app.go

@@ -30,21 +30,21 @@ type CreateAccessTokenOption struct {
 
 // CreateOAuth2ApplicationOptions holds options to create an oauth2 application
 type CreateOAuth2ApplicationOptions struct {
-	Name         string   `json:"name" binding:"Required"`
-	Confidential bool     `json:"confidential"`
-	RedirectURIs []string `json:"redirect_uris" binding:"Required"`
+	Name               string   `json:"name" binding:"Required"`
+	ConfidentialClient bool     `json:"confidential_client"`
+	RedirectURIs       []string `json:"redirect_uris" binding:"Required"`
 }
 
 // OAuth2Application represents an OAuth2 application.
 // swagger:response OAuth2Application
 type OAuth2Application struct {
-	ID           int64     `json:"id"`
-	Name         string    `json:"name"`
-	ClientID     string    `json:"client_id"`
-	ClientSecret string    `json:"client_secret"`
-	Confidential bool      `json:"confidential"`
-	RedirectURIs []string  `json:"redirect_uris"`
-	Created      time.Time `json:"created"`
+	ID                 int64     `json:"id"`
+	Name               string    `json:"name"`
+	ClientID           string    `json:"client_id"`
+	ClientSecret       string    `json:"client_secret"`
+	ConfidentialClient bool      `json:"confidential_client"`
+	RedirectURIs       []string  `json:"redirect_uris"`
+	Created            time.Time `json:"created"`
 }
 
 // OAuth2ApplicationList represents a list of OAuth2 applications.

routers/api/v1/user/app.go

@@ -213,10 +213,10 @@ func CreateOauth2Application(ctx *context.APIContext) {
 	data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)
 
 	app, err := auth_model.CreateOAuth2Application(ctx, auth_model.CreateOAuth2ApplicationOptions{
-		Name:         data.Name,
-		UserID:       ctx.Doer.ID,
-		RedirectURIs: data.RedirectURIs,
-		Confidential: data.Confidential,
+		Name:               data.Name,
+		UserID:             ctx.Doer.ID,
+		RedirectURIs:       data.RedirectURIs,
+		ConfidentialClient: data.ConfidentialClient,
 	})
 	if err != nil {
 		ctx.Error(http.StatusBadRequest, "", "error creating oauth2 application")
@@ -364,11 +364,11 @@ func UpdateOauth2Application(ctx *context.APIContext) {
 	data := web.GetForm(ctx).(*api.CreateOAuth2ApplicationOptions)
 
 	app, err := auth_model.UpdateOAuth2Application(auth_model.UpdateOAuth2ApplicationOptions{
-		Name:         data.Name,
-		UserID:       ctx.Doer.ID,
-		ID:           appID,
-		RedirectURIs: data.RedirectURIs,
-		Confidential: data.Confidential,
+		Name:               data.Name,
+		UserID:             ctx.Doer.ID,
+		ID:                 appID,
+		RedirectURIs:       data.RedirectURIs,
+		ConfidentialClient: data.ConfidentialClient,
 	})
 	if err != nil {
 		if auth_model.IsErrOauthClientIDInvalid(err) || auth_model.IsErrOAuthApplicationNotFound(err) {

routers/web/auth/oauth.go

@@ -432,7 +432,7 @@ func AuthorizeOAuth(ctx *context.Context) {
 	case "":
 		// "Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message"
 		// https://datatracker.ietf.org/doc/html/rfc8252#section-8.1
-		if !app.Confidential {
+		if !app.ConfidentialClient {
 			// "the authorization endpoint MUST return the authorization error response with the "error" value set to "invalid_request""
 			// https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1
 			handleAuthorizeError(ctx, AuthorizeError{

routers/web/user/setting/oauth2_common.go

@@ -39,10 +39,10 @@ func (oa *OAuth2CommonHandlers) AddApp(ctx *context.Context) {
 
 	// TODO validate redirect URI
 	app, err := auth.CreateOAuth2Application(ctx, auth.CreateOAuth2ApplicationOptions{
-		Name:         form.Name,
-		RedirectURIs: []string{form.RedirectURI},
-		UserID:       oa.OwnerID,
-		Confidential: form.Confidential,
+		Name:               form.Name,
+		RedirectURIs:       []string{form.RedirectURI},
+		UserID:             oa.OwnerID,
+		ConfidentialClient: form.ConfidentialClient,
 	})
 	if err != nil {
 		ctx.ServerError("CreateOAuth2Application", err)
@@ -91,11 +91,11 @@ func (oa *OAuth2CommonHandlers) EditSave(ctx *context.Context) {
 	// TODO validate redirect URI
 	var err error
 	if ctx.Data["App"], err = auth.UpdateOAuth2Application(auth.UpdateOAuth2ApplicationOptions{
-		ID:           ctx.ParamsInt64("id"),
-		Name:         form.Name,
-		RedirectURIs: []string{form.RedirectURI},
-		UserID:       oa.OwnerID,
-		Confidential: form.Confidential,
+		ID:                 ctx.ParamsInt64("id"),
+		Name:               form.Name,
+		RedirectURIs:       []string{form.RedirectURI},
+		UserID:             oa.OwnerID,
+		ConfidentialClient: form.ConfidentialClient,
 	}); err != nil {
 		ctx.ServerError("UpdateOAuth2Application", err)
 		return

services/forms/user_form.go

@@ -379,9 +379,9 @@ func (f *NewAccessTokenForm) Validate(req *http.Request, errs binding.Errors) bi
 
 // EditOAuth2ApplicationForm form for editing oauth2 applications
 type EditOAuth2ApplicationForm struct {
-	Name         string `binding:"Required;MaxSize(255)" form:"application_name"`
-	RedirectURI  string `binding:"Required" form:"redirect_uri"`
-	Confidential bool   `form:"confidential"`
+	Name               string `binding:"Required;MaxSize(255)" form:"application_name"`
+	RedirectURI        string `binding:"Required" form:"redirect_uri"`
+	ConfidentialClient bool   `form:"confidential_client"`
 }
 
 // Validate validates the fields

templates/swagger/v1_json.tmpl

@@ -14645,9 +14645,9 @@
       "description": "CreateOAuth2ApplicationOptions holds options to create an oauth2 application",
       "type": "object",
       "properties": {
-        "confidential": {
+        "confidential_client": {
           "type": "boolean",
-          "x-go-name": "Confidential"
+          "x-go-name": "ConfidentialClient"
         },
         "name": {
           "type": "string",
@@ -17310,9 +17310,9 @@
           "type": "string",
           "x-go-name": "ClientSecret"
         },
-        "confidential": {
+        "confidential_client": {
           "type": "boolean",
-          "x-go-name": "Confidential"
+          "x-go-name": "ConfidentialClient"
         },
         "created": {
           "type": "string",

templates/user/settings/applications_oauth2_edit_form.tmpl

@@ -39,9 +39,9 @@
 				<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
 				<input id="application-name" value="{{.App.Name}}" name="application_name" required>
 			</div>
-			<div class="field ui checkbox {{if .Err_Confidential}}error{{end}}">
+			<div class="field ui checkbox {{if .Err_ConfidentialClient}}error{{end}}">
 				<label>{{.locale.Tr "settings.oauth2_confidential_client"}}</label>
-				<input type="checkbox" name="confidential" {{if .App.Confidential}}checked{{end}}>
+				<input type="checkbox" name="confidential_client" {{if .App.ConfidentialClient}}checked{{end}}>
 			</div>
 			<div class="field {{if .Err_RedirectURI}}error{{end}}">
 				<label for="redirect-uri">{{.locale.Tr "settings.oauth2_redirect_uri"}}</label>

templates/user/settings/applications_oauth2_list.tmpl

@@ -33,9 +33,9 @@
 			<label for="application-name">{{.locale.Tr "settings.oauth2_application_name"}}</label>
 			<input id="application-name" name="application_name" value="{{.application_name}}" required>
 		</div>
-		<div class="field ui checkbox {{if .Err_Confidential}}error{{end}}">
+		<div class="field ui checkbox {{if .Err_ConfidentialClient}}error{{end}}">
 			<label>{{.locale.Tr "settings.oauth2_confidential_client"}}</label>
-			<input type="checkbox" name="confidential" checked>
+			<input type="checkbox" name="confidential_client" checked>
 		</div>
 		<div class="field {{if .Err_RedirectURI}}error{{end}}">
 			<label for="redirect-uri">{{.locale.Tr "settings.oauth2_redirect_uri"}}</label>

tests/integration/api_oauth2_apps_test.go

@@ -34,7 +34,7 @@ func testAPICreateOAuth2Application(t *testing.T) {
 		RedirectURIs: []string{
 			"http://www.google.com",
 		},
-		Confidential: true,
+		ConfidentialClient: true,
 	}
 
 	req := NewRequestWithJSON(t, "POST", "/api/v1/user/applications/oauth2", &appBody)
@@ -47,7 +47,7 @@ func testAPICreateOAuth2Application(t *testing.T) {
 	assert.EqualValues(t, appBody.Name, createdApp.Name)
 	assert.Len(t, createdApp.ClientSecret, 56)
 	assert.Len(t, createdApp.ClientID, 36)
-	assert.True(t, createdApp.Confidential)
+	assert.True(t, createdApp.ConfidentialClient)
 	assert.NotEmpty(t, createdApp.Created)
 	assert.EqualValues(t, appBody.RedirectURIs[0], createdApp.RedirectURIs[0])
 	unittest.AssertExistsAndLoadBean(t, &auth.OAuth2Application{UID: user.ID, Name: createdApp.Name})
@@ -64,7 +64,7 @@ func testAPIListOAuth2Applications(t *testing.T) {
 		RedirectURIs: []string{
 			"http://www.google.com",
 		},
-		Confidential: true,
+		ConfidentialClient: true,
 	})
 
 	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2?token=%s", token)
@@ -77,7 +77,7 @@ func testAPIListOAuth2Applications(t *testing.T) {
 
 	assert.EqualValues(t, existApp.Name, expectedApp.Name)
 	assert.EqualValues(t, existApp.ClientID, expectedApp.ClientID)
-	assert.Equal(t, existApp.Confidential, expectedApp.Confidential)
+	assert.Equal(t, existApp.ConfidentialClient, expectedApp.ConfidentialClient)
 	assert.Len(t, expectedApp.ClientID, 36)
 	assert.Empty(t, expectedApp.ClientSecret)
 	assert.EqualValues(t, existApp.RedirectURIs[0], expectedApp.RedirectURIs[0])
@@ -116,7 +116,7 @@ func testAPIGetOAuth2Application(t *testing.T) {
 		RedirectURIs: []string{
 			"http://www.google.com",
 		},
-		Confidential: true,
+		ConfidentialClient: true,
 	})
 
 	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2/%d?token=%s", existApp.ID, token)
@@ -129,7 +129,7 @@ func testAPIGetOAuth2Application(t *testing.T) {
 
 	assert.EqualValues(t, existApp.Name, expectedApp.Name)
 	assert.EqualValues(t, existApp.ClientID, expectedApp.ClientID)
-	assert.Equal(t, existApp.Confidential, expectedApp.Confidential)
+	assert.Equal(t, existApp.ConfidentialClient, expectedApp.ConfidentialClient)
 	assert.Len(t, expectedApp.ClientID, 36)
 	assert.Empty(t, expectedApp.ClientSecret)
 	assert.Len(t, expectedApp.RedirectURIs, 1)
@@ -154,7 +154,7 @@ func testAPIUpdateOAuth2Application(t *testing.T) {
 			"http://www.google.com/",
 			"http://www.github.com/",
 		},
-		Confidential: true,
+		ConfidentialClient: true,
 	}
 
 	urlStr := fmt.Sprintf("/api/v1/user/applications/oauth2/%d", existApp.ID)
@@ -169,6 +169,6 @@ func testAPIUpdateOAuth2Application(t *testing.T) {
 	assert.Len(t, expectedApp.RedirectURIs, 2)
 	assert.EqualValues(t, expectedApp.RedirectURIs[0], appBody.RedirectURIs[0])
 	assert.EqualValues(t, expectedApp.RedirectURIs[1], appBody.RedirectURIs[1])
-	assert.Equal(t, expectedApp.Confidential, appBody.Confidential)
+	assert.Equal(t, expectedApp.ConfidentialClient, appBody.ConfidentialClient)
 	unittest.AssertExistsAndLoadBean(t, &auth.OAuth2Application{ID: expectedApp.ID, Name: expectedApp.Name})
 }