add sys admin screen for creating realms

cmd/server/assets/admin/new.html

@@ -28,7 +28,7 @@ <h1>New realm</h1>
           <div class="form-group row">
             <label for="name" class="col-sm-3">Name:</label>
             <div class="col-sm-9">
-              <input type="text" id="name" name="name" class="form-control{{if $realm.ErrorsFor "name"}} is-invalid{{end}}" value="{{$realm.Name}}">
+              <input type="text" id="name" name="name" class="form-control{{if $realm.ErrorsFor "name"}} is-invalid{{end}}" value="{{$realm.Name}}" />
               {{if $realm.ErrorsFor "name"}}
               <div class="invalid-feedback">
                 {{joinStrings ($realm.ErrorsFor "name") ", "}}
@@ -40,7 +40,7 @@ <h1>New realm</h1>
           <div class="form-group row">
             <label for="name" class="col-sm-3">Region code:</label>
             <div class="col-sm-9">
-              <input type="text" id="regionCode" name="regionCode" class="form-control{{if $realm.ErrorsFor "regionCode"}} is-invalid{{end}}" value="{{$realm.RegionCode}}">
+              <input type="text" id="regionCode" name="regionCode" class="form-control{{if $realm.ErrorsFor "regionCode"}} is-invalid{{end}}" value="{{$realm.RegionCode}}" />
               {{if $realm.ErrorsFor "regionCode"}}
               <div class="invalid-feedback">
                 {{joinStrings ($realm.ErrorsFor "regionCode") ", "}}
@@ -74,30 +74,37 @@ <h1>New realm</h1>
               </small>
             </div>
           </div>
-          {{end}}
-
+
           <div class="form-group row">
             <label for="name" class="col-sm-3">Issuer (iss):</label>
-            <div class="input-group col-sm-9">
-              <input type="text" id="certificateIssuer" name="certificateIssuer" class="form-control text-monospace" value="{{$realm.CertificateIssuer}}" />
+            <div class="col-sm-9">
+              <input type="text" id="certificateIssuer" name="certificateIssuer" class="form-control{{if $realm.ErrorsFor "certificateIssuer"}} is-invalid{{end}}" value="{{$realm.CertificateIssuer}}" />
               {{if $realm.ErrorsFor "certificateIssuer"}}
                 <div class="invalid-feedback">
                   {{joinStrings ($realm.ErrorsFor "certificateIssuer") ", "}}
                 </div>
               {{end}}
+              <small class="form-text text-muted">
+                This value is specific to the health authority.<br/>After created using realm specific keys, this field cannot be changed.
+              </small>
             </div>
           </div>
           <div class="form-group row">
             <label for="name" class="col-sm-3">Audience (aud):</label>
-            <div class="input-group col-sm-9">
-              <input type="text" id="certificateAudiance" name="certificateAudiance" class="form-control text-monospace" value="{{$realm.CertificateAudience}}" />
+            <div class="col-sm-9">
+              <input type="text" id="certificateAudiance" name="certificateAudiance" class="form-control{{if $realm.ErrorsFor "certificateAudience"}} is-invalid{{end}}" value="{{$realm.CertificateAudience}}" />
               {{if $realm.ErrorsFor "certificateAudience"}}
                 <div class="invalid-feedback">
                   {{joinStrings ($realm.ErrorsFor "certificateAudience") ", "}}
                 </div>
               {{end}}
+              <small class="form-text text-muted">
+                The audience (<tt>aud</tt>) value is provided the <em>key server</em> operator.<br/>
+                After upgrading to use realm specific keys, this field cannot be changed.
+              </small>
             </div>
           </div>
+          {{end}}
 
           <div class="form-group row">
             <div class="offset-sm-3 col-sm-9">

pkg/controller/admin/admin.go

@@ -18,7 +18,6 @@ package admin
 import (
 	"context"
 
-	"github.com/google/exposure-notifications-verification-server/pkg/cache"
 	"github.com/google/exposure-notifications-verification-server/pkg/config"
 	"github.com/google/exposure-notifications-verification-server/pkg/database"
 	"github.com/google/exposure-notifications-verification-server/pkg/render"
@@ -30,18 +29,16 @@ import (
 
 type Controller struct {
 	config *config.ServerConfig
-	cacher cache.Cacher
 	db     *database.Database
 	h      *render.Renderer
 	logger *zap.SugaredLogger
 }
 
-func New(ctx context.Context, config *config.ServerConfig, cacher cache.Cacher, db *database.Database, h *render.Renderer) *Controller {
+func New(ctx context.Context, config *config.ServerConfig, db *database.Database, h *render.Renderer) *Controller {
 	logger := logging.FromContext(ctx).Named("admin")
 
 	return &Controller{
 		config: config,
-		cacher: cacher,
 		db:     db,
 		h:      h,
 		logger: logger,

pkg/controller/admin/create_realm.go

@@ -16,6 +16,7 @@ package admin
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 
 	"github.com/google/exposure-notifications-verification-server/pkg/controller"
@@ -70,19 +71,21 @@ func (c *Controller) HandleCreateRealm() http.Handler {
 		realm.UseRealmCertificateKey = form.UseRealmCertificateKey
 		realm.CertificateIssuer = form.CertificateIssuer
 		realm.CertificateAudience = form.CertificateAudience
+		if err := c.db.SaveRealm(realm); err != nil {
+			flash.Error("Failed to create realm: %v", err)
+			c.renderNew(ctx, w, realm)
+			return
+		}
+		flash.Alert("Created realm: %q.", realm.Name)
 
 		user.Realms = append(user.Realms, realm)
 		user.AdminRealms = append(user.AdminRealms, realm)
-
 		if err := c.db.SaveUser(user); err != nil {
-			flash.Error("Failed to create realm: %v", err)
+			flash.Error("Failed to add you as an admin to the realm: %v", err)
 			c.renderNew(ctx, w, realm)
 			return
 		}
-		flash.Alert("Created realm: %q. You have been made an admin of the realm.", realm.Name)
-
-		// Remove this user from the cache so that the allowed realms will be reloaded.
-		c.cacher.Delete(ctx, user.CacheKey())
+		flash.Alert("Added you as a user and admin to the realm.")
 
 		if realm.UseRealmCertificateKey {
 			// If we are using realm specific keys - we need to create the first one.
@@ -101,6 +104,7 @@ func (c *Controller) HandleCreateRealm() http.Handler {
 
 func (c *Controller) renderNew(ctx context.Context, w http.ResponseWriter, realm *database.Realm) {
 	m := controller.TemplateMapFromContext(ctx)
+	fmt.Printf("errors %+v", realm.Errors())
 	m["realm"] = realm
 	m["supportsPerRealmSigning"] = c.db.SupportsPerRealmSigning()
 	c.h.RenderHTML(w, "admin/newrealm", m)

pkg/controller/user/create.go

@@ -95,7 +95,6 @@ func (c *Controller) HandleCreate() http.Handler {
 			c.renderNew(ctx, w, user)
 			return
 		}
-		c.cacher.Delete(ctx, user.CacheKey())
 
 		flash.Alert("Successfully created user '%v'", form.Name)
 		http.Redirect(w, r, "/users", http.StatusSeeOther)

pkg/database/realm.go

@@ -440,9 +440,6 @@ func (db *Database) GetRealms() ([]*Realm, error) {
 }
 
 func (db *Database) SaveRealm(r *Realm) error {
-	if r.Model.ID == 0 {
-		return db.db.Create(r).Error
-	}
 	return db.db.Save(r).Error
 }
 

pkg/database/user.go

@@ -35,11 +35,6 @@ type User struct {
 	AdminRealms     []*Realm `gorm:"many2many:admin_realms"`
 }
 
-// CacheKey returns the key for this user in the distributed cache.
-func (u *User) CacheKey() string {
-	return fmt.Sprintf("users:by_email:%s", u.Email)
-}
-
 // BeforeSave runs validations. If there are errors, the save fails.
 func (u *User) BeforeSave(tx *gorm.DB) error {
 	u.Email = strings.TrimSpace(u.Email)