feat: add confirmation warning for browser contexts

dhis2 · Aug 30, 2021 · e930dde · e930dde
1 parent da92536
commit e930dde
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/i18n/en.pot b/i18n/en.pot
@@ -5,8 +5,8 @@ msgstr ""
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1)\n"
-"POT-Creation-Date: 2021-08-30T09:59:42.089Z\n"
-"PO-Revision-Date: 2021-08-30T09:59:42.089Z\n"
+"POT-Creation-Date: 2021-08-30T19:22:36.292Z\n"
+"PO-Revision-Date: 2021-08-30T19:22:36.292Z\n"
 
 msgid "Never"
 msgstr ""
@@ -427,6 +427,13 @@ msgstr ""
 msgid "Custom expiration date (required)"
 msgstr ""
 
+msgid ""
+"Personal access tokens should only be used in a browser context for public "
+"access instances. For private instances, tokens should be treated like "
+"passwords and be kept private — requests should instead be routed through a "
+"proxy."
+msgstr ""
+
 msgid "Cancel"
 msgstr ""
 

diff --git a/src/personalAccessTokens/generateTokenModal/GenerateTokenModal.component.js b/src/personalAccessTokens/generateTokenModal/GenerateTokenModal.component.js
@@ -103,6 +103,17 @@ const GenerateTokenModal = ({ onGenerate, onClose }) => {
     const [context, setContext] = useState(null)
 
     const handleGenerate = formParams => {
+        if (
+            context === 'BROWSER' &&
+            !confirm(
+                i18n.t(
+                    'Personal access tokens should only be used in a browser context for public access instances. For private instances, tokens should be treated like passwords and be kept private — requests should instead be routed through a proxy.'
+                )
+            )
+        ) {
+            return
+        }
+
         const params = {
             expire: getExpire(formParams),
             attributes: [