RFE-9481: Add copy-to-clipboard on OAuth token display page#243
RFE-9481: Add copy-to-clipboard on OAuth token display page#243hjaiswal12 wants to merge 1 commit into
Conversation
Add copy buttons for the API token, oc login command, and curl example after the existing Display Token step. Copy text is exposed via escaped data attributes and copied only on explicit user click. Co-authored-by: Cursor <cursoragent@cursor.com>
|
@hjaiswal12: This pull request references RFE-9481 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the feature request to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
WalkthroughAdds ChangesToken page copy-to-clipboard commands
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 14 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (14 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Hi @hjaiswal12. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: hjaiswal12 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pkg/server/tokenrequest/tokenrequest.go`:
- Around line 302-314: The rendered command examples in tokenTemplate are
drifting from the copied text because the curl example is rebuilt from
PublicMasterURL instead of using the preformatted CurlCommand, while the login
example already uses OcLoginCommand. Update the template to render the same
command strings used for the copy buttons so the visible examples always match
the copied content, and verify the curl output stays normalized when
PublicMasterURL has a trailing slash.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: eeddc6b0-ed6c-463c-b36d-0ecbf080a1af
📒 Files selected for processing (2)
pkg/server/tokenrequest/tokenrequest.gopkg/server/tokenrequest/tokenrequest_test.go
| var tokenTemplate = template.Must(template.New("tokenTemplate").Parse( | ||
| cssStyle + ` | ||
| {{ if .Error }} | ||
| {{ .Error }} | ||
| {{ else }} | ||
| <h2>Your API token is</h2> | ||
| <h2 class="copy-heading">Your API token is <button type="button" class="copy-button" data-copy-text="{{.AccessToken}}" aria-label="Copy to clipboard">Copy to clipboard</button></h2> | ||
| <code>{{.AccessToken}}</code> | ||
|
|
||
| <h2>Log in with this token</h2> | ||
| <h2 class="copy-heading">Log in with this token <button type="button" class="copy-button" data-copy-text="{{.OcLoginCommand}}" aria-label="Copy to clipboard">Copy to clipboard</button></h2> | ||
| <pre>oc login <span class="nowrap">--token={{.AccessToken}}</span> <span class="nowrap">--server={{.PublicMasterURL}}</span></pre> | ||
|
|
||
| <h3>Use this token directly against the API</h3> | ||
| <h3 class="copy-heading">Use this token directly against the API <button type="button" class="copy-button" data-copy-text="{{.CurlCommand}}" aria-label="Copy to clipboard">Copy to clipboard</button></h3> | ||
| <pre>curl <span class="nowrap">-H "Authorization: Bearer {{.AccessToken}}"</span> <span class="nowrap">"{{.PublicMasterURL}}/apis/user.openshift.io/v1/users/~"</span></pre> |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Keep the rendered command examples identical to the copied text.
formatCurlCommand() normalizes a trailing slash, but Line 314 rebuilds the visible curl example from PublicMasterURL instead of CurlCommand. If the configured server URL ends with /, the button copies the normalized command while the on-page example shows //apis/.... Rendering the preformatted fields here avoids that drift for both commands.
Suggested fix
- <pre>oc login <span class="nowrap">--token={{.AccessToken}}</span> <span class="nowrap">--server={{.PublicMasterURL}}</span></pre>
+ <pre>{{.OcLoginCommand}}</pre>
<h3 class="copy-heading">Use this token directly against the API <button type="button" class="copy-button" data-copy-text="{{.CurlCommand}}" aria-label="Copy to clipboard">Copy to clipboard</button></h3>
- <pre>curl <span class="nowrap">-H "Authorization: Bearer {{.AccessToken}}"</span> <span class="nowrap">"{{.PublicMasterURL}}/apis/user.openshift.io/v1/users/~"</span></pre>
+ <pre>{{.CurlCommand}}</pre>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| var tokenTemplate = template.Must(template.New("tokenTemplate").Parse( | |
| cssStyle + ` | |
| {{ if .Error }} | |
| {{ .Error }} | |
| {{ else }} | |
| <h2>Your API token is</h2> | |
| <h2 class="copy-heading">Your API token is <button type="button" class="copy-button" data-copy-text="{{.AccessToken}}" aria-label="Copy to clipboard">Copy to clipboard</button></h2> | |
| <code>{{.AccessToken}}</code> | |
| <h2>Log in with this token</h2> | |
| <h2 class="copy-heading">Log in with this token <button type="button" class="copy-button" data-copy-text="{{.OcLoginCommand}}" aria-label="Copy to clipboard">Copy to clipboard</button></h2> | |
| <pre>oc login <span class="nowrap">--token={{.AccessToken}}</span> <span class="nowrap">--server={{.PublicMasterURL}}</span></pre> | |
| <h3>Use this token directly against the API</h3> | |
| <h3 class="copy-heading">Use this token directly against the API <button type="button" class="copy-button" data-copy-text="{{.CurlCommand}}" aria-label="Copy to clipboard">Copy to clipboard</button></h3> | |
| <pre>curl <span class="nowrap">-H "Authorization: Bearer {{.AccessToken}}"</span> <span class="nowrap">"{{.PublicMasterURL}}/apis/user.openshift.io/v1/users/~"</span></pre> | |
| var tokenTemplate = template.Must(template.New("tokenTemplate").Parse( | |
| cssStyle + ` | |
| {{ if .Error }} | |
| {{ .Error }} | |
| {{ else }} | |
| <h2 class="copy-heading">Your API token is <button type="button" class="copy-button" data-copy-text="{{.AccessToken}}" aria-label="Copy to clipboard">Copy to clipboard</button></h2> | |
| <code>{{.AccessToken}}</code> | |
| <h2 class="copy-heading">Log in with this token <button type="button" class="copy-button" data-copy-text="{{.OcLoginCommand}}" aria-label="Copy to clipboard">Copy to clipboard</button></h2> | |
| <pre>{{.OcLoginCommand}}</pre> | |
| <h3 class="copy-heading">Use this token directly against the API <button type="button" class="copy-button" data-copy-text="{{.CurlCommand}}" aria-label="Copy to clipboard">Copy to clipboard</button></h3> | |
| <pre>{{.CurlCommand}}</pre> |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pkg/server/tokenrequest/tokenrequest.go` around lines 302 - 314, The rendered
command examples in tokenTemplate are drifting from the copied text because the
curl example is rebuilt from PublicMasterURL instead of using the preformatted
CurlCommand, while the login example already uses OcLoginCommand. Update the
template to render the same command strings used for the copy buttons so the
visible examples always match the copied content, and verify the curl output
stays normalized when PublicMasterURL has a trailing slash.
Summary
Adds Copy to clipboard buttons on the OAuth token display page (
/oauth/token/display) for:oc login --token=... --server=...commandcurlexample for direct API useMotivation
Users currently must manually select and copy text after Display Token. This adds one-click copy while keeping the existing security flow.
Security
data-copy-textattributes (not inline JS string interpolation).Test plan
go test ./pkg/server/tokenrequest/...Files changed
pkg/server/tokenrequest/tokenrequest.go— copy UI + helperspkg/server/tokenrequest/tokenrequest_test.go— template, escaping, CSRF testsSummary by CodeRabbit
New Features
oc logincommand and a directcurlrequest.Bug Fixes
Tests