mention access tokens on account security page

2021-06-16 21:59:28 +02:00 · 2021-06-16 21:59:28 +02:00 · 1d4130fc35
parent b036468e75
commit 1d4130fc35
5 changed files with 53 additions and 17 deletions
--- a/app/controllers/Account.scala
+++ b/app/controllers/Account.scala
@ -366,7 +366,10 @@ final class Account(
    Auth { implicit ctx => me =>
      env.security.api.dedup(me.id, ctx.req) >>
        env.security.api.locatedOpenSessions(me.id, 50) map { sessions =>
-          Ok(html.account.security(me, sessions, currentSessionId))
+          Ok(
+            html.account
+              .security(me, sessions, currentSessionId, thirdPartyApps = true, personalAccessTokens = true)
+          )
        }
    }

--- a/app/views/account/security.scala
+++ b/app/views/account/security.scala
@ -10,26 +10,50 @@ import play.api.i18n.Lang

 object security {

-  def apply(u: lila.user.User, sessions: List[lila.security.LocatedSession], curSessionId: String)(implicit
+  def apply(
+      u: lila.user.User,
+      sessions: List[lila.security.LocatedSession],
+      curSessionId: String,
+      thirdPartyApps: Boolean,
+      personalAccessTokens: Boolean
+  )(implicit
      ctx: Context
  ) =
    account.layout(title = s"${u.username} - ${trans.security.txt()}", active = "security") {
-      div(cls := "account security box")(
-        h1(trans.security()),
-        standardFlash(cls := "box__pad"),
-        div(cls := "box__pad")(
-          p(trans.thisIsAListOfDevicesThatHaveLoggedIntoYourAccount()),
-          sessions.sizeIs > 1 option div(
-            trans.alternativelyYouCanX {
-              postForm(cls := "revoke-all", action := routes.Account.signout("all"))(
-                submitButton(cls := "button button-empty button-red confirm")(
-                  trans.revokeAllSessions()
+      div(cls := "account security")(
+        div(cls := "box")(
+          h1(trans.sessions()),
+          standardFlash(cls := "box__pad"),
+          div(cls := "box__pad")(
+            p(trans.thisIsAListOfDevicesThatHaveLoggedIntoYourAccount()),
+            sessions.sizeIs > 1 option div(
+              trans.alternativelyYouCanX {
+                postForm(cls := "revoke-all", action := routes.Account.signout("all"))(
+                  submitButton(cls := "button button-empty button-red confirm")(
+                    trans.revokeAllSessions()
+                  )
                )
-              )
-            }
+              }
+            )
+          ),
+          table(sessions, curSessionId.some)
+        ),
+        thirdPartyApps option div(cls := "account security box")(
+          h1("Third party apps"),
+          p(cls := "box__pad")(
+            "Revoke access of any ",
+            a(href := routes.OAuthApp.index)("third party apps"),
+            " that you do not trust."
          )
        ),
-        table(sessions, curSessionId.some)
+        personalAccessTokens option div(cls := "account security box")(
+          h1("Personal access tokens"),
+          p(cls := "box__pad")(
+            "Revoke any ",
+            a(href := routes.OAuthToken.index)("personal access tokens"),
+            " that you do not recognize."
+          )
+        )
      )
    }

--- a/modules/i18n/src/main/I18nKeys.scala
+++ b/modules/i18n/src/main/I18nKeys.scala
@ -554,6 +554,7 @@ val `disableKidMode` = new I18nKey("disableKidMode")
 val `security` = new I18nKey("security")
 val `thisIsAListOfDevicesThatHaveLoggedIntoYourAccount` = new I18nKey("thisIsAListOfDevicesThatHaveLoggedIntoYourAccount")
 val `alternativelyYouCanX` = new I18nKey("alternativelyYouCanX")
+val `sessions` = new I18nKey("sessions")
 val `revokeAllSessions` = new I18nKey("revokeAllSessions")
 val `playChessEverywhere` = new I18nKey("playChessEverywhere")
 val `asFreeAsLichess` = new I18nKey("asFreeAsLichess")
@ -711,6 +712,8 @@ val `clickToRevealEmailAddress` = new I18nKey("clickToRevealEmailAddress")
 val `download` = new I18nKey("download")
 val `welcome` = new I18nKey("welcome")
 val `lichessPatronInfo` = new I18nKey("lichessPatronInfo")
+val `coachManager` = new I18nKey("coachManager")
+val `streamerManager` = new I18nKey("streamerManager")
 val `opponentLeftCounter` = new I18nKey("opponentLeftCounter")
 val `mateInXHalfMoves` = new I18nKey("mateInXHalfMoves")
 val `nextCaptureOrPawnMoveInXHalfMoves` = new I18nKey("nextCaptureOrPawnMoveInXHalfMoves")
@ -751,8 +754,6 @@ val `availableInNbLanguages` = new I18nKey("availableInNbLanguages")
 val `nbSecondsToPlayTheFirstMove` = new I18nKey("nbSecondsToPlayTheFirstMove")
 val `nbSeconds` = new I18nKey("nbSeconds")
 val `andSaveNbPremoveLines` = new I18nKey("andSaveNbPremoveLines")
-val `coachManager` = new I18nKey("coachManager")
-val `streamerManager` = new I18nKey("streamerManager")

 object arena {
 val `arenaTournaments` = new I18nKey("arena:arenaTournaments")
--- a/translation/source/site.xml
+++ b/translation/source/site.xml
@ -695,6 +695,7 @@ computer analysis, game chat and shareable URL.</string>
  <string name="security">Security</string>
  <string name="thisIsAListOfDevicesThatHaveLoggedIntoYourAccount">This is a list of devices that have logged into your account. Revoke any sessions that you do not recognise.</string>
  <string name="alternativelyYouCanX">Alternatively you can %s.</string>
+  <string name="sessions">Sessions</string>
  <string name="revokeAllSessions">revoke all sessions</string>
  <string name="playChessEverywhere">Play chess everywhere</string>
  <string name="asFreeAsLichess">As free as Lichess</string>
--- a/ui/site/css/_account.scss
+++ b/ui/site/css/_account.scss
@ -26,6 +26,13 @@
  .slist {
    @extend %break-word;
  }
+
+  .box {
+    margin-bottom: 4em;
+    > p {
+      padding-bottom: 2em;
+    }
+  }
 }

 .twofactor ol li {