From dc7ba98d48fc742f9c2d739acaa336e2559ad627 Mon Sep 17 00:00:00 2001
From: Abhishek Shroff <shroff@kudosoft.net>
Date: Mon, 4 Aug 2025 23:52:16 +0530
Subject: [PATCH] [server][auth] Tweak api key description

---
 server/internal/auth/openid.go         |  2 +-
 server/internal/auth/openid/openid.go  | 10 +++++++++-
 server/internal/auth/password_reset.go |  2 +-
 server/internal/auth/token.go          | 17 ++++++++++++++---
 4 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/server/internal/auth/openid.go b/server/internal/auth/openid.go
index 48c74847..783fe93b 100644
--- a/server/internal/auth/openid.go
+++ b/server/internal/auth/openid.go
@@ -25,7 +25,7 @@ const (
 )
 
 func OpenIDStart(db db.Handler, providerName, redirectURI string, clientType OpenIDClientType) (string, error) {
-	if clientID, endpoint, err := openid.GetProviderDetails(providerName); err != nil {
+	if clientID, endpoint, err := openid.GetClientDetails(providerName); err != nil {
 		return "", err
 	} else {
 		codeVerifier, codeChallenge := generateOpenIDPKCEChallenge()
diff --git a/server/internal/auth/openid/openid.go b/server/internal/auth/openid/openid.go
index ce73eaf8..b6de1978 100644
--- a/server/internal/auth/openid/openid.go
+++ b/server/internal/auth/openid/openid.go
@@ -41,7 +41,15 @@ func Providers() []Provider {
 	return p
 }
 
-func GetProviderDetails(providerName string) (string, string, error) {
+func GetProviderName(providerName string) (string, error) {
+	if c, ok := clients[providerName]; !ok {
+		return "", errors.New("OpenID provider not registered: " + providerName)
+	} else {
+		return c.Name, nil
+	}
+}
+
+func GetClientDetails(providerName string) (string, string, error) {
 	if c, ok := clients[providerName]; !ok {
 		return "", "", errors.New("OpenID provider not registered: " + providerName)
 	} else if config, err := getProviderConfig(c.IssuerURL); err != nil {
diff --git a/server/internal/auth/password_reset.go b/server/internal/auth/password_reset.go
index 49535cfb..7d597997 100644
--- a/server/internal/auth/password_reset.go
+++ b/server/internal/auth/password_reset.go
@@ -76,7 +76,7 @@ func ResetUserPassword(db db.TxHandler, email, resetToken, password string) (aut
 	}
 
 	auth = NewSUAuth(user)
-	_, _, apiToken, err = GenerateAPIKey(db, auth, "Login - Password Reset")
+	_, _, apiToken, err = GenerateAPIKey(db, auth, "Password Reset Login")
 	return
 }
 
diff --git a/server/internal/auth/token.go b/server/internal/auth/token.go
index 9dce0dc3..075d15f4 100644
--- a/server/internal/auth/token.go
+++ b/server/internal/auth/token.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 	"time"
 
+	"codeberg.org/shroff/phylum/server/internal/auth/openid"
 	"codeberg.org/shroff/phylum/server/internal/core"
 	"codeberg.org/shroff/phylum/server/internal/db"
 	"github.com/google/uuid"
@@ -53,7 +54,7 @@ func CreateLoginToken(db db.TxHandler, email string) (core.User, string, error)
 }
 
 func performTokenLogin(db db.TxHandler, tokenID uuid.UUID, token []byte) (auth *Auth, apiToken string, err error) {
-	const q = "DELETE FROM pending_logins WHERE token_id = @token_id AND token_hash = @token_hash AND user_id IS NOT NULL RETURNING user_id, expires"
+	const q = "DELETE FROM pending_logins WHERE token_id = @token_id AND token_hash = @token_hash AND user_id IS NOT NULL RETURNING user_id, expires, oidc_provider"
 	hash := sha256.Sum256([]byte(token))
 	args := pgx.NamedArgs{
 		"token_id":   tokenID,
@@ -63,8 +64,9 @@ func performTokenLogin(db db.TxHandler, tokenID uuid.UUID, token []byte) (auth *
 	var user core.User
 	var userID int32
 	var expires time.Time
+	var oidcProvider string
 	row := db.QueryRow(q, args)
-	if err = row.Scan(&userID, &expires); err != nil {
+	if err = row.Scan(&userID, &expires, &oidcProvider); err != nil {
 		if errors.Is(err, pgx.ErrNoRows) {
 			err = ErrTokenInvalid
 		}
@@ -76,7 +78,16 @@ func performTokenLogin(db db.TxHandler, tokenID uuid.UUID, token []byte) (auth *
 		return
 	} else {
 		auth = NewSUAuth(user)
-		_, _, apiToken, err = GenerateAPIKey(db, auth, "Login - Token")
+		description := "Magic Link Login"
+		if oidcProvider != "" {
+			var p string
+			if p, err = openid.GetProviderName(oidcProvider); err != nil {
+				return
+			} else {
+				description = "OAuth Login (via " + p + ")"
+			}
+		}
+		_, _, apiToken, err = GenerateAPIKey(db, auth, description)
 		return
 	}
 }