discourse
diff --git a/‎app/assets/stylesheets/admin/admin_base.scss‎
Lines changed: 1 addition & 0 deletions b/‎app/assets/stylesheets/admin/admin_base.scss‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/assets/stylesheets/admin/discourse_id.scss‎
Lines changed: 44 additions & 0 deletions b/‎app/assets/stylesheets/admin/discourse_id.scss‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎app/controllers/admin/config/discourse_id_controller.rb‎
Lines changed: 67 additions & 0 deletions b/‎app/controllers/admin/config/discourse_id_controller.rb‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎app/services/discourse_id/concerns/challenge_flow.rb‎
Lines changed: 91 additions & 0 deletions b/‎app/services/discourse_id/concerns/challenge_flow.rb‎
Lines changed: 91 additions & 0 deletions
diff --git a/‎app/services/discourse_id/regenerate_credentials.rb‎
Lines changed: 46 additions & 0 deletions b/‎app/services/discourse_id/regenerate_credentials.rb‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎app/services/discourse_id/register.rb‎
Lines changed: 12 additions & 85 deletions b/‎app/services/discourse_id/register.rb‎
Lines changed: 12 additions & 85 deletions
@@ -1298,3 +1298,4 @@ a.inline-editable-field {
 @import "admin/admin_config_color_palettes";
 @import "admin/admin_config_components";
 @import "admin/upcoming-changes";
+@import "admin/discourse_id";
@@ -0,0 +1,44 @@
+.discourse-id-admin {
+  .discourse-id-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    margin-bottom: 1em;
+
+    .admin-config-area-card__title {
+      margin: 0;
+    }
+  }
+
+  .discourse-id-stats {
+    display: flex;
+    gap: 1em;
+
+    &__item {
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      flex: 1;
+      padding: 1em 1.5em;
+      background: var(--primary-very-low);
+      border-radius: var(--d-border-radius);
+    }
+
+    &__value {
+      font-size: var(--font-up-4);
+      font-weight: 700;
+      color: var(--primary);
+    }
+
+    &__label {
+      font-size: var(--font-down-1);
+      color: var(--primary-medium);
+      text-align: center;
+      margin-top: 0.25em;
+    }
+  }
+
+  .discourse-id-footer {
+    margin-top: 1em;
+  }
+}
@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+class Admin::Config::DiscourseIdController < Admin::AdminController
+  def show
+    render json: {
+             enabled: SiteSetting.enable_discourse_id,
+             configured: credentials_configured?,
+             stats: {
+               total_users: total_users_count,
+               signups_30_days: signups_last_30_days,
+               logins_30_days: logins_last_30_days,
+             },
+           }
+  end
+
+  def regenerate_credentials
+    DiscourseId::RegenerateCredentials.call(guardian:) do
+      on_success { render json: success_json }
+      on_failed_policy(:credentials_configured?) do
+        render json: failed_json.merge(error: I18n.t("discourse_id.errors.not_configured")),
+               status: :unprocessable_entity
+      end
+      on_failed_step(:request_challenge) do |step|
+        render json: failed_json.merge(error: step.error), status: :unprocessable_entity
+      end
+      on_failed_step(:regenerate_with_challenge) do |step|
+        render json: failed_json.merge(error: step.error), status: :unprocessable_entity
+      end
+      on_failure do
+        render json: failed_json.merge(error: I18n.t("discourse_id.errors.regenerate_failed")),
+               status: :unprocessable_entity
+      end
+    end
+  end
+
+  def update_settings
+    params.permit(:enabled)
+
+    SiteSetting.enable_discourse_id = params[:enabled] if params.key?(:enabled)
+
+    render json: success_json
+  end
+
+  private
+
+  def credentials_configured?
+    SiteSetting.discourse_id_client_id.present? && SiteSetting.discourse_id_client_secret.present?
+  end
+
+  def total_users_count
+    UserAssociatedAccount.where(provider_name: "discourse_id").count
+  end
+
+  def signups_last_30_days
+    UserAssociatedAccount
+      .where(provider_name: "discourse_id")
+      .where("created_at > ?", 30.days.ago)
+      .count
+  end
+
+  def logins_last_30_days
+    UserAssociatedAccount
+      .where(provider_name: "discourse_id")
+      .where("last_used > ?", 30.days.ago)
+      .count
+  end
+end
@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module DiscourseId
+  module Concerns
+    module ChallengeFlow
+      extend ActiveSupport::Concern
+
+      private
+
+      def request_challenge
+        response =
+          post_json(
+            "/challenge",
+            { domain: Discourse.current_hostname }.tap do |body|
+              body[:path] = Discourse.base_path if Discourse.base_path.present?
+            end,
+          )
+
+        return fail!(response[:error]) if response[:error]
+
+        json = response[:data]
+
+        if json["domain"] != Discourse.current_hostname
+          error =
+            "Domain mismatch in challenge response (expected: #{Discourse.current_hostname}, got: #{json["domain"]})"
+          log_error("request_challenge", error)
+          return fail!(error)
+        end
+
+        if Discourse.base_path.present? && json["path"] != Discourse.base_path
+          error =
+            "Path mismatch in challenge response (expected: #{Discourse.base_path}, got: #{json["path"]})"
+          log_error("request_challenge", error)
+          return fail!(error)
+        end
+
+        context[:token] = json["token"]
+      end
+
+      def store_challenge_token(token:)
+        Discourse.redis.setex("discourse_id_challenge_token", 600, token)
+      end
+
+      def post_json(path, body)
+        uri = URI("#{discourse_id_url}#{path}")
+        use_ssl = Rails.env.production? || uri.scheme == "https"
+
+        request = Net::HTTP::Post.new(uri)
+        request.content_type = "application/json"
+        request.body = body.to_json
+
+        begin
+          response =
+            Net::HTTP.start(uri.hostname, uri.port, use_ssl:) { |http| http.request(request) }
+        rescue StandardError => e
+          error = "Request to '#{uri}' failed: #{e.message}."
+          log_error(path, error)
+          return { error: }
+        end
+
+        if response.code.to_i != 200
+          error = "Request to '#{path}' failed: #{response.code}\nError: #{response.body}"
+          log_error(path, error)
+          return { error: }
+        end
+
+        begin
+          { data: JSON.parse(response.body) }
+        rescue JSON::ParserError => e
+          error = "Response from '#{path}' invalid JSON: #{e.message}"
+          log_error(path, error)
+          { error: }
+        end
+      end
+
+      def discourse_id_url
+        @discourse_id_url ||= DiscourseId.provider_url
+      end
+
+      def log_error(step, message)
+        Rails.logger.error(
+          "Discourse ID #{service_name} failed at step '#{step}'. Error: #{message}",
+        )
+      end
+
+      def service_name
+        self.class.name.demodulize.underscore.humanize.downcase
+      end
+    end
+  end
+end
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+class DiscourseId::RegenerateCredentials
+  include Service::Base
+  include DiscourseId::Concerns::ChallengeFlow
+
+  policy :credentials_configured?
+  step :request_challenge
+  step :store_challenge_token
+  step :regenerate_with_challenge
+  step :store_new_credentials
+  step :log_action
+
+  private
+
+  def credentials_configured?
+    SiteSetting.discourse_id_client_id.present? && SiteSetting.discourse_id_client_secret.present?
+  end
+
+  def regenerate_with_challenge(token:)
+    response =
+      post_json(
+        "/regenerate",
+        {
+          client_id: SiteSetting.discourse_id_client_id,
+          client_secret: SiteSetting.discourse_id_client_secret,
+          challenge_token: token,
+        },
+      )
+
+    return fail!(response[:error]) if response[:error]
+
+    context[:data] = response[:data]
+  end
+
+  def store_new_credentials(data:)
+    SiteSetting.discourse_id_client_secret = data["client_secret"]
+  end
+
+  def log_action(guardian:)
+    StaffActionLogger.new(guardian.user).log_custom(
+      "discourse_id_regenerate_credentials",
+      client_id: SiteSetting.discourse_id_client_id,
+    )
+  end
+end
@@ -2,6 +2,7 @@
 
 class DiscourseId::Register
   include Service::Base
+  include DiscourseId::Concerns::ChallengeFlow
 
   params do
     attribute :force, :boolean, default: false
@@ -13,6 +14,7 @@ class DiscourseId::Register
   step :store_challenge_token
   step :register_with_challenge
   step :store_credentials
+  step :log_action
 
   private
 
@@ -23,64 +25,7 @@ def not_already_registered?(params:)
     SiteSetting.discourse_id_client_id.blank? && SiteSetting.discourse_id_client_secret.blank?
   end
 
-  def request_challenge
-    uri = URI("#{discourse_id_url}/challenge")
-    use_ssl = Rails.env.production? || uri.scheme == "https"
-
-    body = { domain: Discourse.current_hostname }
-    body[:path] = Discourse.base_path if Discourse.base_path.present?
-
-    request = Net::HTTP::Post.new(uri)
-    request.content_type = "application/json"
-    request.body = body.to_json
-
-    begin
-      response = Net::HTTP.start(uri.hostname, uri.port, use_ssl:) { |http| http.request(request) }
-    rescue StandardError => e
-      error = "Challenge request to '#{uri}' failed: #{e.message}."
-      log_error("request_challenge", error)
-      return fail!(error:)
-    end
-
-    if response.code.to_i != 200
-      error = "Failed to request challenge: #{response.code}\nError: #{response.body}"
-      log_error("request_challenge", error)
-      return fail!(error:)
-    end
-
-    begin
-      json = JSON.parse(response.body)
-    rescue JSON::ParserError => e
-      error = "Challenge response invalid JSON: #{e.message}"
-      log_error("request_challenge", error)
-      return fail!(error:)
-    end
-
-    if json["domain"] != Discourse.current_hostname
-      error =
-        "Domain mismatch in challenge response (expected: #{Discourse.current_hostname}, got: #{json["domain"]})"
-      log_error("request_challenge", error)
-      return fail!(error:)
-    end
-
-    if Discourse.base_path.present? && json["path"] != Discourse.base_path
-      error =
-        "Path mismatch in challenge response (expected: #{Discourse.base_path}, got: #{json["path"]})"
-      log_error("request_challenge", error)
-      return fail!(error:)
-    end
-
-    context[:token] = json["token"]
-  end
-
-  def store_challenge_token(token:)
-    Discourse.redis.setex("discourse_id_challenge_token", 600, token)
-  end
-
   def register_with_challenge(token:, params:)
-    uri = URI("#{discourse_id_url}/register")
-    use_ssl = Rails.env.production? || uri.scheme == "https"
-
     body = {
       client_name: SiteSetting.title,
       redirect_uri: "#{Discourse.base_url}/auth/discourse_id/callback",
@@ -96,31 +41,11 @@ def register_with_challenge(token:, params:)
       body[:client_secret] = SiteSetting.discourse_id_client_secret
     end
 
-    request = Net::HTTP::Post.new(uri)
-    request.content_type = "application/json"
-    request.body = body.compact.to_json
+    response = post_json("/register", body.compact)
 
-    begin
-      response = Net::HTTP.start(uri.hostname, uri.port, use_ssl:) { |http| http.request(request) }
-    rescue StandardError => e
-      error = "Registration request to '#{uri}' failed: #{e.message}."
-      log_error("register_with_challenge", error)
-      return fail!(error:)
-    end
-
-    if response.code.to_i != 200
-      error = "Registration failed: #{response.code}\nError: #{response.body}"
-      log_error("register_with_challenge", error)
-      return fail!(error:)
-    end
+    return fail!(response[:error]) if response[:error]
 
-    begin
-      context[:data] = JSON.parse(response.body)
-    rescue JSON::ParserError => e
-      error = "Registration response invalid JSON: #{e.message}"
-      log_error("register_with_challenge", error)
-      fail!(error:)
-    end
+    context[:data] = response[:data]
   end
 
   def store_credentials(data:, params:)
@@ -130,11 +55,13 @@ def store_credentials(data:, params:)
     SiteSetting.discourse_id_client_secret = data["client_secret"]
   end
 
-  def discourse_id_url
-    @url ||= SiteSetting.discourse_id_provider_url.presence || "https://id.discourse.com"
-  end
+  def log_action(guardian:, params:, data:)
+    return if params.update
+    return if guardian.blank?
 
-  def log_error(step, message)
-    Rails.logger.error("Discourse ID registration failed at step '#{step}'. Error: #{message}")
+    StaffActionLogger.new(guardian.user).log_custom(
+      "discourse_id_register",
+      client_id: data["client_id"],
+    )
   end
 end