Add dynamic help text for client_secret field on application form#1697
Open
emmanuelangelo4199 wants to merge 3 commits into
Open
Add dynamic help text for client_secret field on application form#1697emmanuelangelo4199 wants to merge 3 commits into
emmanuelangelo4199 wants to merge 3 commits into
Conversation
Fixes django-oauth#1635 - warns users to save their secret on creation, and informs them it is hashed and unrecoverable when editing.
dopry
force-pushed
the
feature/1635-client-secret-help-text
branch
from
4dca86a to
dec5e2f
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to improve the UX of registering/editing OAuth applications by providing context-sensitive help text for the client_secret field: a “copy it now” warning on creation, and a “hashed/unrecoverable” note on edit.
Changes:
- Introduces an
ApplicationFormthat setsclient_secrethelp text based on whether the instance already exists. - Updates application create/update views to use that form via
modelform_factory. - Adds tests asserting the help text differs between the registration and update forms.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
oauth2_provider/forms.py |
Adds ApplicationForm to set dynamic help text for client_secret. |
oauth2_provider/views/application.py |
Switches application create/update views to use ApplicationForm and centralizes the field list. |
tests/test_application_views.py |
Adds assertions for dynamic help text behavior in register vs update views. |
Comment on lines
1
to
6
| from django import forms | ||
| from django.forms.models import modelform_factory | ||
| from .models import get_application_model | ||
|
|
||
|
|
||
| class AllowForm(forms.Form): |
Comment on lines
+33
to
+45
| class ApplicationForm(forms.ModelForm): | ||
| def __init__(self, *args, **kwargs): | ||
| super().__init__(*args, **kwargs) | ||
| if self.instance and self.instance.pk: | ||
| self.fields["client_secret"].help_text = ( | ||
| "⚠️ The client secret has been hashed and can no longer be viewed. " | ||
| "If you need the original value, you must regenerate it and save it immediately." | ||
| ) | ||
| else: | ||
| self.fields["client_secret"].help_text = ( | ||
| "⚠️ Copy and store this secret now. " | ||
| "Once saved, it will be hashed and cannot be recovered." | ||
| ) No newline at end of file |
Comment on lines
+36
to
+44
| if self.instance and self.instance.pk: | ||
| self.fields["client_secret"].help_text = ( | ||
| "⚠️ The client secret has been hashed and can no longer be viewed. " | ||
| "If you need the original value, you must regenerate it and save it immediately." | ||
| ) | ||
| else: | ||
| self.fields["client_secret"].help_text = ( | ||
| "⚠️ Copy and store this secret now. " | ||
| "Once saved, it will be hashed and cannot be recovered." |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1635 - warns users to save their secret on creation, and informs them it is hashed and unrecoverable when editing.
Fixes #
Description of the Change
Checklist
CHANGELOG.mdupdated (only for user relevant changes)AUTHORS