Devin/oauth developer settings 1764693294

[DhirenMhatre]

What does this PR do?

• Fixes #XXXX (GitHub issue number)
• Fixes CAL-XXXX (Linear issue number - should be visible at the bottom of the GitHub issue description)

Visual Demo (For contributors especially)

A visual demonstration is strongly recommended, for both the original and new change (video / image - any one).

Video Demo (if applicable):

• Show screen recordings of the issue or feature.
• Demonstrate how to reproduce the issue, the behavior before and after the change.

Image Demo (if applicable):

• Add side-by-side screenshots of the original and updated change.
• Highlight any significant change(s).

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

• Are there environment variables that should be set?
• What are the minimal test data to have?
• What is expected (happy path) to have (input and output)?
• Any other important info that could help to test that PR

Checklist

• I haven't read the contributing guide
• My code doesn't follow the style guidelines of this project
• I haven't commented my code, particularly in hard-to-understand areas
• I haven't checked if my changes generate no new warnings

[codity-dm]

PR Summary

What Changed

• Added OAuth client approval workflow with PENDING/APPROVED/REJECTED status states. Users submit clients for admin review before they can be used.
• Built separate developer and admin UIs for managing OAuth clients throughout their lifecycle.
• Enforced approval checks in authorization and token flows. Only approved clients can complete OAuth flows.

Key Changes by Area

Authentication/Authorization

• Added redirect_uri validation against registered client URIs in authorize-view.tsx:1
• Replaced getClient with getClientForAuthorization with stricter enabled conditions
• Added client_not_approved error for non-approved clients in authorization and token flows

Admin/Developer Settings

• Developer view: oauth-clients-view.tsx:1 lets users create, edit, delete, and submit clients for review
• Admin view: oauth-clients-admin-view.tsx:1 provides approve/reject workflows with rejection reasons
• Shared components: Reusable dialogs and forms in modules/settings/oauth/

Email Notifications

• Three new templates notify admins of submissions and users of approval/rejection decisions
• Integration in submitClientForReview.handler.ts:55 and updateClient.handler.ts

Database

• Added OAuthClientStatus enum and extended OAuthClient model with status, purpose, websiteUrl, rejectionReason, userId, createdAt

Testing

• E2E tests cover owner CRUD, admin workflows, authorization behavior by status, and token refresh restrictions
• Unit tests for handler logic including permission checks and reapproval flows

Files Changed

File	Changes Summary
apps/web/app/(use-page-wrapper)/settings/(admin-layout)/admin/oAuth/page.tsx	New admin OAuth clients page with server-side session validation
apps/web/app/(use-page-wrapper)/settings/(settings-layout)/SettingsLayoutAppDirClient.tsx	Added OAuth menu item in developer settings navigation
apps/web/app/(use-page-wrapper)/settings/(settings-layout)/developer/oauth/page.tsx	New developer OAuth clients page with server-side session validation
apps/web/app/api/auth/oauth/token/tests/route.test.ts	Updated tests to require APPROVED status for token exchange
apps/web/modules/auth/oauth2/authorize-view.tsx	Added redirect_uri validation and extracted error handling utilities
apps/web/modules/settings/admin/oauth-clients-admin-skeleton.tsx	Loading skeleton for admin OAuth clients view
apps/web/modules/settings/admin/oauth-clients-admin-view.tsx	Admin interface with pending/rejected/approved sections and approval workflow
apps/web/modules/settings/admin/oauth-view.tsx	Removed old basic OAuth client creation form
apps/web/modules/settings/developer/oauth-clients-skeleton.tsx	Loading skeleton for developer OAuth clients view
apps/web/modules/settings/developer/oauth-clients-view.tsx	Developer interface for managing own OAuth clients
apps/web/modules/settings/oauth/OAuthClientsList.tsx	Reusable list component with status badges
apps/web/modules/settings/oauth/create/NewOAuthClientButton.tsx	FAB button for creating new OAuth clients
apps/web/modules/settings/oauth/create/OAuthClientCreateModal.tsx	Modal form for creating clients with PKCE toggle
apps/web/modules/settings/oauth/create/OAuthClientPreviewDialog.tsx	Post-creation preview showing client credentials with copy functionality
apps/web/modules/settings/oauth/view/OAuthClientDetailsDialog.tsx	Dialog for viewing/editing clients with role-based actions
apps/web/modules/settings/oauth/view/OAuthClientFormFields.tsx	Reusable form fields with URL validation and PKCE toggle
apps/web/playwright/fixtures/cal2.png	Test fixture for logo upload testing
apps/web/playwright/oauth/oauth-authorize-approval-status.e2e.ts	E2E tests for authorization page behavior by client status
apps/web/playwright/oauth/oauth-client-admin.e2e.ts	E2E tests for admin approval/rejection workflows
apps/web/playwright/oauth/oauth-client-helpers.ts	Shared helper functions for OAuth client operations
apps/web/playwright/oauth/oauth-client-owner-crud.e2e.ts	E2E tests for owner CRUD operations and reapproval flow
apps/web/playwright/oauth/oauth-refresh-tokens.e2e.ts	E2E tests for token refresh restrictions on non-approved clients
apps/web/public/static/locales/en/common.json	i18n strings for OAuth UI and email content
packages/emails/oauth-email-service.ts	Email service with functions for OAuth notifications
packages/emails/src/templates/AdminOAuthClientNotificationEmail.tsx	Email template for admin notification of new submissions
packages/emails/src/templates/OAuthClientApprovedNotificationEmail.tsx	Email template for approval notifications to users
packages/emails/src/templates/OAuthClientRejectedNotificationEmail.tsx	Email template for rejection notifications with reason
packages/emails/src/templates/index.ts	Exported new email templates
packages/emails/templates/admin-oauth-client-notification.test.ts	Unit tests for admin notification email
packages/emails/templates/admin-oauth-client-notification.ts	Email class for admin notifications
packages/emails/templates/oauth-client-approved-notification.test.ts	Unit tests for approval email
packages/emails/templates/oauth-client-approved-notification.ts	Email class for approval notifications
packages/emails/templates/oauth-client-rejected-notification.test.ts	Unit tests for rejection email
packages/emails/templates/oauth-client-rejected-notification.ts	Email class for rejection notifications
packages/features/oauth/repositories/OAuthClientRepository.ts	Extended with CRUD methods and status filtering
packages/features/oauth/services/OAuthService.ts	Added getClientForAuthorization and ensureClientIsApproved validation
packages/features/oauth/utils/generateSecret.ts	Utility for generating client secrets
packages/prisma/migrations/20260114154054_add_oauth_client_properties/migration.sql	Migration for OAuth client status and metadata fields
packages/prisma/schema.prisma	Added OAuthClientStatus enum and extended OAuthClient model
packages/trpc/server/routers/viewer/oAuth/_router.tsx	Restructured with new procedures and renamed endpoints
packages/trpc/server/routers/viewer/oAuth/addClient.handler.ts	Renamed to createClient, admin-only pre-approved creation
packages/trpc/server/routers/viewer/oAuth/addClient.schema.ts	Renamed to createClient schema
packages/trpc/server/routers/viewer/oAuth/createClient.handler.ts	Admin-only handler for pre-approved client creation
packages/trpc/server/routers/viewer/oAuth/createClient.schema.ts	Schema for admin client creation
packages/trpc/server/routers/viewer/oAuth/deleteClient.handler.ts	Owner-only deletion with ownership verification
packages/trpc/server/routers/viewer/oAuth/deleteClient.schema.ts	Schema for client deletion
packages/trpc/server/routers/viewer/oAuth/generateAuthCode.handler.test.ts	Unit tests for PKCE validation and status checks
packages/trpc/server/routers/viewer/oAuth/getClient.schema.ts	Deleted, replaced by getClientForAuthorization
packages/trpc/server/routers/viewer/oAuth/getClient.handler.ts	Deleted, replaced by getClientForAuthorization
packages/trpc/server/routers/viewer/oAuth/getClientForAuthorization.handler.ts	New handler with redirect_uri validation
packages/trpc/server/routers/viewer/oAuth/getClientForAuthorization.schema.ts	Schema with redirect_uri parameter
packages/trpc/server/routers/viewer/oAuth/listClients.handler.ts	Admin listing with optional status filter
packages/trpc/server/routers/viewer/oAuth/listClients.schema.ts	Schema with status filter enum
packages/trpc/server/routers/viewer/oAuth/listUserClients.handler.ts	User listing of own clients
packages/trpc/server/routers/viewer/oAuth/submitClientForReview.handler.test.ts	Unit tests for submission handler with email verification
packages/trpc/server/routers/viewer/oAuth/submitClientForReview.handler.ts	Creates PENDING clients and notifies admins
packages/trpc/server/routers/viewer/oAuth/submitClientForReview.schema.ts	Schema for client submission with optional fields
packages/trpc/server/routers/viewer/oAuth/updateClient.handler.test.ts	Unit tests for permission checks and reapproval flow
packages/trpc/server/routers/viewer/oAuth/updateClient.handler.ts	Handles admin approval/rejection and owner edits with reapproval
packages/trpc/server/routers/viewer/oAuth/updateClient.schema.ts	Schema requiring rejection reason for REJECTED status

Review Focus Areas

• Permission enforcement in updateClient.handler.ts: verify admin-only status changes and owner-only field edits
• Reapproval logic: confirm that editing redirectUri or other fields on approved clients correctly resets status to PENDING
• Email notification delivery: check that admin notifications fire on submission and user notifications on approval/rejection

Architecture

Design Decisions

• Split admin and developer UIs to separate concerns. Admins manage approval workflows; developers manage their own clients.
• Used PENDING/APPROVED/REJECTED enum rather than boolean flags to support rejection with reasons and audit trails.
• PKCE required for public clients, optional for confidential clients as defense in depth.

Scalability & Extensibility

• Repository pattern with status filtering supports future query patterns (e.g., filtering by date range).
• Email service abstraction allows swapping providers without changing handler logic.

Risks

• Intentional: Reapproval on field edits may create friction for developers making minor changes. This is acceptable for security.
• Unintentional: Race conditions between status check and token issuance if not using database transactions. Verify ensureClientIsApproved is called within transaction boundaries.

[codity-dm]

The client lookup now requires redirect_uri and bails out unless it is present (enabled: status === "authenticated" && !!redirect_uri), but the later success/error redirects still assume client.redirectUri exists and build a URL from it. If redirect_uri is missing or malformed in the incoming authorize request, the page no longer loads the client and the user is left on a blank screen instead of being redirected or shown a clear error. For example, an authorize link without redirect_uri now never reaches the OAuth client fetch that used to run.

Suggested fix

      {
        clientId: client_id as string,
        redirectUri: redirect_uri,
      },
      {
        enabled: status === "authenticated",
      }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert bash developer with deep knowledge of security, performance, and best practices.

### Context

File: apps/web/modules/auth/oauth2/authorize-view.tsx
Lines: 40-46
Issue Type: robustness-medium
Severity: medium

Issue Description:
The client lookup now requires `redirect_uri` and bails out unless it is present (`enabled: status === "authenticated" && !!redirect_uri`), but the later success/error redirects still assume `client.redirectUri` exists and build a URL from it. If `redirect_uri` is missing or malformed in the incoming authorize request, the page no longer loads the client and the user is left on a blank screen instead of being redirected or shown a clear error. For example, an authorize link without `redirect_uri` now never reaches the OAuth client fetch that used to run.

Current Code:
      {
        clientId: client_id as string,
        redirectUri: redirect_uri,
      },
      {
        enabled: status === "authenticated" && !!redirect_uri,
      }

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow bash best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

[codity-dm]

Security Scan Summary

Metric	Value
Vulnerabilities	Critical: 0
Overall Risk	Clean
Files Scanned	59

No critical security issues detected

Scan completed in 59.7s

View vulnerability details (1 items)

---

1. SEC-001 (CWE-601) MEDIUM

File: apps/web/modules/auth/oauth2/authorize-view.tsx (line 291)
Category: Other

window.location.href = redirectUrl;

Open redirect via window.location.href

Fix: Review the security issue and implement appropriate mitigations.

---

Security scan powered by Codity.ai