From 5928f708e18748532bb592c4dba28f013c6f495f Mon Sep 17 00:00:00 2001
From: Alex Kriuchykhin <oleksii@scinote.net>
Date: Tue, 5 Sep 2023 12:53:51 +0200
Subject: [PATCH] Remove user controlled method execution from
 connected_accounts controller, add Okta unlinking functionality [SCI-9220]
 (#6135)

---
 .../account/connected_accounts_controller.rb  | 17 +++++--------
 .../account/connected_accounts/_okta.html.erb | 24 +++++++++++++++++++
 .../account/connected_accounts/index.html.erb | 11 ++++-----
 .../unlink_modals/_okta_modal.html.erb        | 23 ++++++++++++++++++
 config/locales/en.yml                         |  9 +++++++
 5 files changed, 66 insertions(+), 18 deletions(-)
 create mode 100644 app/views/users/settings/account/connected_accounts/_okta.html.erb
 create mode 100644 app/views/users/settings/account/connected_accounts/unlink_modals/_okta_modal.html.erb

diff --git a/app/controllers/users/settings/account/connected_accounts_controller.rb b/app/controllers/users/settings/account/connected_accounts_controller.rb
index 8f3c981de..d30a2579d 100644
--- a/app/controllers/users/settings/account/connected_accounts_controller.rb
+++ b/app/controllers/users/settings/account/connected_accounts_controller.rb
@@ -9,20 +9,15 @@ module Users
         end
 
         def destroy
-          settings = ApplicationSettings.instance
-          if settings.values['azure_ad_apps']&.find { |v| v['provider_name'] == params[:provider] }
-            provider = params[:provider]
-          else
-            flash[:error] = t('users.settings.account.connected_accounts.errors.not_found')
+          user_identity = current_user.user_identities.find_by(provider: params[:provider])
+          if user_identity.blank?
+            flash.now[:error] = t('users.settings.account.connected_accounts.errors.not_found')
             return
           end
-          ActiveRecord::Base.transaction do
-            __send__("#{provider}_pre_destroy".to_sym) if respond_to?("#{provider}_pre_destroy".to_sym, true)
-            current_user.user_identities.where(provider: provider).take&.destroy!
-          end
-          flash[:success] = t('users.settings.account.connected_accounts.unlink_success')
+          user_identity.destroy!
+          flash.now[:success] = t('users.settings.account.connected_accounts.unlink_success')
         rescue StandardError
-          flash[:error] ||= t('users.settings.account.connected_accounts.errors.generic')
+          flash.now[:error] ||= t('users.settings.account.connected_accounts.errors.generic')
         ensure
           @linked_accounts = current_user.user_identities.pluck(:provider)
           render :index
diff --git a/app/views/users/settings/account/connected_accounts/_okta.html.erb b/app/views/users/settings/account/connected_accounts/_okta.html.erb
new file mode 100644
index 000000000..8e87c054b
--- /dev/null
+++ b/app/views/users/settings/account/connected_accounts/_okta.html.erb
@@ -0,0 +1,24 @@
+<div class="panel panel-default">
+  <div class="panel-body">
+    <div class="col-xs-8 col-sm-9 col-md-9 col-lg-9">
+      <strong><%= t('users.settings.account.connected_accounts.okta.title') %></strong> <br>
+        <p><%= t('users.settings.account.connected_accounts.okta.connect_hint') %></p>
+    </div>
+    <div class="pull-right">
+      <div>
+        <strong>
+          <%= t('users.settings.account.connected_accounts.okta.connected') %>
+          <span class="sn-icon sn-icon-check" aria-hidden="true"></span>
+        </strong>
+      </div>
+      <div>
+        <%= link_to t('users.settings.account.connected_accounts.okta.unlink_button'),
+                    '#unlinkOktaModal',
+                    class: 'btn btn-danger',
+                    data: { toggle: 'modal'} %>
+      </div>
+    </div>
+  </div>
+</div>
+
+<%= render partial: 'users/settings/account/connected_accounts/unlink_modals/okta_modal', locals: { provider: provider } %>
diff --git a/app/views/users/settings/account/connected_accounts/index.html.erb b/app/views/users/settings/account/connected_accounts/index.html.erb
index 4573671c8..4638ef2a7 100644
--- a/app/views/users/settings/account/connected_accounts/index.html.erb
+++ b/app/views/users/settings/account/connected_accounts/index.html.erb
@@ -10,13 +10,10 @@
         <h1 class="connected-accounts-title"><%= t('users.settings.account.connected_accounts.title') %></h1>
         <% if @linked_accounts.present? %>
           <% @linked_accounts.each do |provider| %>
-            <% settings = ApplicationSettings.instance %>
-            <% if provider == 'giot_connect' || settings.values['azure_ad_apps']&.find { |v| v['provider_name'] == provider } %>
-              <% if lookup_context.exists?(provider, 'users/settings/account/connected_accounts', true) %>
-                <%= render partial: provider %>
-              <% else %>
-                <%= render partial: 'azure_ad', locals: { provider: provider } %>
-              <% end %>
+            <% if lookup_context.exists?(provider, 'users/settings/account/connected_accounts', true) %>
+              <%= render partial: provider, locals: { provider: provider } %>
+            <% elsif ApplicationSettings.instance.values['azure_ad_apps']&.find { |v| v['provider_name'] == provider } %>
+              <%= render partial: 'azure_ad', locals: { provider: provider } %>
             <% end %>
           <% end %>
         <% else %>
diff --git a/app/views/users/settings/account/connected_accounts/unlink_modals/_okta_modal.html.erb b/app/views/users/settings/account/connected_accounts/unlink_modals/_okta_modal.html.erb
new file mode 100644
index 000000000..13ac2cbbe
--- /dev/null
+++ b/app/views/users/settings/account/connected_accounts/unlink_modals/_okta_modal.html.erb
@@ -0,0 +1,23 @@
+<div class="modal fade" id="unlinkOktaModal" tabindex="-1" role="dialog">
+  <div class="modal-dialog" role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal" aria-label="<%= t('general.close') %>">
+          <span aria-hidden="true">&times;</span>
+        </button>
+        <h4 class="modal-title" >
+          <%= t('users.settings.account.connected_accounts.okta.unlink_modal.title') %>
+        </h4>
+      </div>
+      <div class="modal-body">
+          <p><%= t('users.settings.account.connected_accounts.okta.unlink_modal.description_1') %></p>
+      </div>
+      <div class="modal-footer">
+        <%= form_tag(unlink_connected_account_path, method: :delete) do %>
+          <%= hidden_field_tag :provider, provider %>
+          <%= submit_tag t('users.settings.account.connected_accounts.okta.unlink_modal.submit_button'), class: 'btn btn-danger' %>
+        <% end %>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index e270eb889..93415031a 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2547,6 +2547,15 @@ en:
               title: "Unlink Azure AD account?"
               description_1: "Are you sure you would like unlink Azure AD and SciNote accounts?"
               submit_button: "Submit"
+          okta:
+            title: "Your Okta Account"
+            connect_hint: "Allows you to sign in with your Okta account."
+            connected: "Connected"
+            unlink_button: "Unlink"
+            unlink_modal:
+              title: "Unlink Okta account?"
+              description_1: "Are you sure you would like unlink Okta and SciNote accounts?"
+              submit_button: "Submit"
           errors:
             not_found: "You have no Connected accounts for this provider"
             generic: "Unable to unlink linked account"