dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(adminui): cert page review — server-side FleetAdmin re-check, explicit delete switch, alert CSS

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-18 05:17:02 -04:00
parent 8c429c3131
commit 2e231911fd
1 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Certificates.razor
+23 -4
View File
@@ -7,6 +7,8 @@
@using ZB.MOM.WW.OtOpcUa.AdminUI.Certificates @using ZB.MOM.WW.OtOpcUa.AdminUI.Certificates
@inject IConfiguration Config @inject IConfiguration Config
@inject CertificateStoreManager CertManager @inject CertificateStoreManager CertManager
@inject Microsoft.AspNetCore.Authorization.IAuthorizationService AuthorizationService
@inject AuthenticationStateProvider AuthState
@implements IDisposable @implements IDisposable
<div class="d-flex justify-content-between align-items-center mb-3"> <div class="d-flex justify-content-between align-items-center mb-3">
@@ -28,7 +30,7 @@ else
{ {
@if (_statusMsg is not null) @if (_statusMsg is not null)
{ {
<section class="panel @(_statusError ? "error" : "notice") rise mt-3">@_statusMsg</section> <section class="panel notice rise mt-3" style="@(_statusError ? "border-color:var(--alert)" : null)">@_statusMsg</section>
} }
@if (_pending is { } p) @if (_pending is { } p)
{ {
@@ -174,15 +176,32 @@ else
private void CancelAction() => _pending = null; private void CancelAction() => _pending = null;
private void ConfirmAction() private async Task ConfirmAction()
{ {
if (_pending is not { } p) return; if (_pending is not { } p) return;
// Defense-in-depth: the action buttons are FleetAdmin-gated in markup, but this handler
// runs on the server circuit — re-check the policy before mutating the trust store.
var authState = await AuthState.GetAuthenticationStateAsync();
if (!(await AuthorizationService.AuthorizeAsync(authState.User, null, "FleetAdmin")).Succeeded)
{
_statusError = true;
_statusMsg = "Unauthorized — FleetAdmin required.";
_pending = null;
return;
}
var result = p.Verb switch var result = p.Verb switch
{ {
"trust" => CertManager.Trust(p.Thumbprint), "trust" => CertManager.Trust(p.Thumbprint),
"untrust" => CertManager.Untrust(p.Thumbprint), "untrust" => CertManager.Untrust(p.Thumbprint),
"delete" => CertManager.Delete(p.Kind == StoreKind.Trusted ? "trusted" : "rejected", p.Thumbprint), "delete" => p.Kind switch
_ => CertActionResult.Fail("unknown action"), {
StoreKind.Trusted => CertManager.Delete("trusted", p.Thumbprint),
StoreKind.Rejected => CertManager.Delete("rejected", p.Thumbprint),
_ => CertActionResult.Fail($"cannot delete from {p.Kind}"),
},
_ => CertActionResult.Fail("unknown action"),
}; };
_statusError = !result.Success; _statusError = !result.Success;
_statusMsg = result.Success _statusMsg = result.Success