diff --git a/README.md b/README.md
index 1a68fa14..b39a86f8 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,9 @@ When running locally, GitHub OAuth 2.0 is disabled and users are logged in as *t
If you want to test with GitHub OAuth 2.0, you will need to create an OAuth application on GitHub with `http://localhost:8089/oauth2-callback` as the callback URL, then generate a client ID/secret. Once generated, set the `is_auth_disabled` flag to `false`, and copy the client ID/secret into `github_client_id` and `github_client_secret`.
+### Working on the UI
+Per the above setup steps, the UI runs on `http://localhost:8089/`. To see your local UI changes reflected in the browser, you will need to hard reload (`Crtl+Shift+R`) while on the specific web page you have changed.
+
## V2 API
The v2 API is based on individual route provider classes. Each class should provide exactly one endpoint and must implement IRouteProvider or IBlockingRouteProvider.
diff --git a/webroot/adm/administrators.html b/webroot/adm/administrators.html
index 9e2cea08..5736b85a 100644
--- a/webroot/adm/administrators.html
+++ b/webroot/adm/administrators.html
@@ -25,7 +25,7 @@ Operations
- Get Metadata
- - List Admin User
+ - List Admin Users
- Reveal Admin User
- Add Admin User
- Disable Admin User
@@ -110,18 +110,40 @@ Output
});
$('#doDisable').on('click', function () {
- var email = encodeURIComponent($('#email').val());
- var url = '/api/admin/disable?name=' + email;
+ var email = $('#email').val();
+ var encodedEmail = encodeURIComponent(email);
+ var url = '/api/admin/disable?name=' + encodedEmail;
+
+ if (!validateEmail(encodedEmail)) return;
+
+ const confirmationMessage = `Disabling this admin key will prevent the associated account from being to interact with the admin service.\n\nAre you sure you want to disable ${email}?`;
+
+ if (!confirm(confirmationMessage)) return;
doApiCall('POST', url, '#standardOutput', '#errorOutput');
});
$('#doEnable').on('click', function () {
- var email = encodeURIComponent($('#email').val());
- var url = '/api/admin/enable?name=' + email;
+ var email = $('#email').val();
+ var encodedEmail = encodeURIComponent(email);
+ var url = '/api/admin/enable?name=' + encodedEmail;
+
+ if (!validateEmail(encodedEmail)) return;
+
+ const confirmationMessage = `Enabling this admin key will allow the user to interact with the admin service. This should only be enabled for current UID2 developers and service accounts.\n\nAre you sure you want to enable ${email}?`;
+
+ if (!confirm(confirmationMessage)) return;
doApiCall('POST', url, '#standardOutput', '#errorOutput');
});
+
+ function validateEmail(email) {
+ if (!email) {
+ $('#errorOutput').text("required parameter: email")
+ return false;
+ }
+ return true;
+ }
});
diff --git a/webroot/adm/client-key.html b/webroot/adm/client-key.html
index 30ee128a..57231e72 100644
--- a/webroot/adm/client-key.html
+++ b/webroot/adm/client-key.html
@@ -111,15 +111,27 @@ Output
});
$('#doDisable').on('click', function () {
- var clientName = encodeURIComponent($('#clientName').val());
- var url = '/api/client/disable?name=' + clientName;
+ const clientName = $('#clientName').val();
+ var encodedClientName = encodeURIComponent(clientName);
+ var url = '/api/client/disable?name=' + encodedClientName;
+
+ if (!validateClientName(encodedClientName)) return;
+
+ const confirmationMessage = `Disabling this client key will prevent this key from generating UID2s in a server-side integration.\n\nBefore proceeding, ensure there is no valid traffic, and confirm that the participant has provided consent.\n\nAre you sure you want to disable ${clientName}?`;
+ if (!confirm(confirmationMessage)) return;
doApiCall('POST', url, '#standardOutput', '#errorOutput');
});
$('#doEnable').on('click', function () {
- var clientName = encodeURIComponent($('#clientName').val());
- var url = '/api/client/enable?name=' + clientName;
+ const clientName = $('#clientName').val();
+ var encodedClientName = encodeURIComponent(clientName);
+ var url = '/api/client/enable?name=' + encodedClientName;
+
+ if (!validateClientName(clientName)) return;
+
+ const confirmationMessage = `Enabling this client key will allow this key to generate UID2s in a server-side integration.\n\nAre you sure you want to enable ${clientName}?`;
+ if (!confirm(confirmationMessage)) return;
doApiCall('POST', url, '#standardOutput', '#errorOutput');
});
@@ -134,6 +146,14 @@ Output
var url = '/api/client/rename?oldName=' + oldClientName + '&newName=' + newClientName;
doApiCall('POST', url, '#standardOutput', '#errorOutput');
});
+
+ function validateClientName(clientName) {
+ if (!clientName) {
+ $('#errorOutput').text("required parameter: name")
+ return false;
+ }
+ return true;
+ }
});
diff --git a/webroot/adm/client-side-keypairs.html b/webroot/adm/client-side-keypairs.html
index c4d7efd8..4bd45c96 100644
--- a/webroot/adm/client-side-keypairs.html
+++ b/webroot/adm/client-side-keypairs.html
@@ -78,7 +78,7 @@ Output
const siteId = $('#siteId').val();
const name = $('#name').val();
const disabled = ($('#disable').is(':checked'));
- if(!siteId) {
+ if (!siteId) {
$('#errorOutput').text("required parameters: site_id")
return
}
@@ -93,13 +93,16 @@ Output
const name = $('#name').val();
const disabled = ($('#disable').is(':checked'));
- if(!subscriptionId) {
+ if (!subscriptionId) {
$('#errorOutput').text("required parameters: subscription_id")
return
}
+ const confirmationMessage = getUpdateKeypairConfirmationMessage(disabled, subscriptionId);
+ if (!confirm(confirmationMessage)) return;
+
const payload = {"subscription_id": subscriptionId, "disabled" : disabled}
- if(name){
+ if (name) {
payload["name"] = name
}
@@ -107,6 +110,18 @@ Output
});
});
+
+ function getUpdateKeypairConfirmationMessage(disabled, subscriptionId) {
+ let action = disabled ? 'disable' : 'enable';
+ let confirmationMessage = `You may ignore this warning if you are not changing the disabled status of this keypair.\n\nAre you sure you want to ${action} ${subscriptionId}?`;
+
+ if (disabled) {
+ confirmationMessage = `Disabling this client-side keypair will prevent it from using CSTG.\nBefore proceeding, ensure there is no valid traffic, and confirm that the participant has provided consent.\n\n${confirmationMessage}`;
+ } else {
+ confirmationMessage = `Enabling this client-side keypair will allow it to use CSTG.\n\n${confirmationMessage}`;
+ }
+ return confirmationMessage;
+ }
diff --git a/webroot/adm/operator-key.html b/webroot/adm/operator-key.html
index 12e10226..b0dcc5be 100644
--- a/webroot/adm/operator-key.html
+++ b/webroot/adm/operator-key.html
@@ -98,15 +98,27 @@