fix(admin): hide saved credentials from user, require client credenti…

…als when needed

Signed-off-by: Edward Ly <[email protected]>

lib/Settings/Admin.php

@@ -84,8 +84,8 @@ public function getForm(): TemplateResponse {
 		$userEmail = $this->config->getAppValue(Application::APP_ID, 'docusign_user_email');
 
 		$adminConfig = [
-			'docusign_client_id' => $clientID,
-			'docusign_client_secret' => $clientSecret,
+			'docusign_client_id' => $clientID ? 'dummyClientNumber' : '',
+			'docusign_client_secret' => $clientSecret ? 'dummyClientSecret' : '',
 			'docusign_token' => $token !== '',
 			'docusign_user_name' => $userName,
 			'docusign_user_email' => $userEmail,

src/components/AdminSettings.vue

@@ -129,10 +129,15 @@ export default {
 			this.loading = true
 			delay(async () => {
 				await confirmPassword()
-				this.saveOptions({
-					docusign_client_id: this.state.docusign_client_id,
-					docusign_client_secret: this.state.docusign_client_secret,
-				})
+
+				const options = {}
+				if (this.state.docusign_client_id !== 'dummyClientNumber') {
+					options.docusign_client_id = this.state.docusign_client_id
+				}
+				if (this.state.docusign_client_secret !== 'dummyClientSecret') {
+					options.docusign_client_secret = this.state.docusign_client_secret
+				}
+				this.saveOptions(options)
 			}, 2000)()
 		},
 		saveOptions(values) {
@@ -155,6 +160,20 @@ export default {
 				})
 		},
 		onOAuthClick() {
+			let dummyValueProvided = false
+			if (this.state.docusign_client_id === 'dummyClientNumber') {
+				this.state.docusign_client_id = ''
+				dummyValueProvided = true
+			}
+			if (this.state.docusign_client_secret === 'dummyClientSecret') {
+				this.state.docusign_client_secret = ''
+				dummyValueProvided = true
+			}
+			if (dummyValueProvided) {
+				showError(t('integration_docusign', 'For security reasons, please enter your client credentials again'))
+				return
+			}
+
 			const oauthState = Math.random().toString(36).substring(3)
 			const scopes = [
 				'signature',