Move to an API endpoint to solve connections (#818)

* Move to an API endpoint to solve connections

* format

* update the mds.jwt cache

Author: abergs

src/AdminConsole/Components/Pages/App/Settings/ManageAuthenticators.razor

@@ -1,5 +1,6 @@
 @page "/app/{AppId}/settings/authenticators/manage"
 
+@using Microsoft.AspNetCore.Mvc
 @using Passwordless.Common.Models.MDS
 @using Passwordless.AdminConsole.Services.PasswordlessManagement
 @using Passwordless.Common.Models.Authenticators
@@ -98,18 +99,27 @@
     document.addEventListener("change", (event) => {
         if (event.target.name === "ManageForm.Selected") {            
             let checkbox = event.target;
+            let oldValue = checkbox.checked;
 
             const formData = new FormData();
-            formData.append("ManageForm.Selected", checkbox.value);
-            formData.append("ManageForm.Action", checkbox.checked ? "add" : "remove");
-            formData.append("_handler", checkbox.form["_handler"].value);
+            formData.append("Selected", checkbox.value);
+            formData.append("Action", checkbox.checked ? "add" : "remove");
             formData.append("__RequestVerificationToken", checkbox.form["__RequestVerificationToken"].value);
 
-            fetch(checkbox.form.action, {
+            const appId = "@AppId";
+            
+            fetch(`/app/${appId}/settings/authenticators/manage/api`, {
                 method: "POST",
-                body: formData
+                body: formData,
+                headers: {
+                    'X-Requested-With': 'XMLHttpRequest'
+                }
+            }).then(response => {
+                if (!response.ok) {
+                    throw new Error(`HTTP ${response.status}`);
+                }
             }).catch(() => {
-               event.target.checked = !event.target.checked;
+               event.target.checked = !oldValue;
             })
         }
     });
@@ -163,7 +173,7 @@
         _isInitialized = true;
     }
 
-    private async Task OnAuthenticatorModified()
+    public async Task<IActionResult> OnAuthenticatorModified()
     {
         switch (ManageForm.Action)
         {
@@ -180,6 +190,8 @@
                 break;
             }
         }
+
+        return new OkObjectResult("hello");
     }
 
     public class FilterViewModel

src/AdminConsole/Endpoints/ComplimentaryEndpoints.cs

@@ -1,11 +1,15 @@
+using Microsoft.AspNetCore.Antiforgery;
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
+using Passwordless.AdminConsole.Authorization;
 using Passwordless.AdminConsole.Billing.Configuration;
 using Passwordless.AdminConsole.Identity;
 using Passwordless.AdminConsole.Services;
 using Passwordless.AdminConsole.Services.MagicLinks;
+using Passwordless.AdminConsole.Services.PasswordlessManagement;
+using Passwordless.Common.Models.Authenticators;
 using Stripe;
 using Stripe.Checkout;
 using static Microsoft.AspNetCore.Http.Results;
@@ -17,6 +21,8 @@ public static class ComplimentaryEndpoints
     public static void MapComplimentaryEndpoints(this IEndpointRouteBuilder builder)
     {
         builder.MapGet("/Account/Magic", AccountMagicEndpoint);
+        builder.MapPost("/app/{appId}/settings/authenticators/manage/api", ManageAuthenticatorAsync)
+            .RequireAuthorization(CustomPolicy.HasAppRole);
     }
 
     /// <summary>
@@ -48,4 +54,47 @@ public static async Task<IResult> AccountMagicEndpoint(
         // Only allow the url to be a relative url, to prevent open redirect attacks
         return LocalRedirect(returnUrl);
     }
+
+    public static async Task<IResult> ManageAuthenticatorAsync(
+        [FromRoute] string appId,
+        [FromForm] AuthenticatorManagementRequest request,
+        [FromServices] IScopedPasswordlessClient passwordlessClient,
+        HttpContext context)
+    {
+        try
+        {
+            switch (request.Action?.ToLowerInvariant())
+            {
+                case "add":
+                    {
+                        var addRequest = new AddAuthenticatorsRequest(request.Selected, true);
+                        await passwordlessClient.AddAuthenticatorsAsync(addRequest);
+                        break;
+                    }
+                case "remove":
+                    {
+                        var removeRequest = new RemoveAuthenticatorsRequest(request.Selected);
+                        await passwordlessClient.RemoveAuthenticatorsAsync(removeRequest);
+                        break;
+                    }
+                default:
+                    return BadRequest(new { error = "Invalid action. Must be 'add' or 'remove'." });
+            }
+
+            return Ok(new { success = true });
+        }
+        catch (Exception ex)
+        {
+            return Problem(
+                title: "Error managing authenticator",
+                detail: ex.Message,
+                statusCode: 500);
+        }
+    }
+
+    public class AuthenticatorManagementRequest
+    {
+        public Guid[] Selected { get; set; } = Array.Empty<Guid>();
+        public string? Action { get; set; }
+    }
 }