[Web] limit identity_provider function better

data/web/inc/functions.inc.php

@@ -1899,17 +1899,9 @@ function rspamd_ui($action, $data = null) {
     break;
   }
 }
-function identity_provider($_action, $_data = null) {
+function identity_provider($_action, $_data = null, $hide_secret = false) {
   global $pdo;
 
-  if ($_SESSION['mailcow_cc_role'] != "admin") {
-    $_SESSION['return'][] = array(
-      'type' => 'danger',
-      'log' => array(__FUNCTION__, $_action, $_data),
-      'msg' => 'access_denied'
-    );
-    return false;
-  }
 
   switch ($_action) {
     case 'get':
@@ -1920,13 +1912,20 @@ function identity_provider($_action, $_data = null) {
       foreach($rows as $row){
         $settings[$row["key"]] = $row["value"];
       }
-      $_SESSION['return'][] =  array(
+      if ($hide_secret){
-        'type' => 'success',
+        $settings['client_secret'] = '***********************';
-        'log' => array(__FUNCTION__, $_action, $settings),
+      }
-        'msg' => 'admin_api_modified'
-      );
       return $settings;
     case 'edit':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
       $required_settings = array('server_url', 'authsource', 'realm', 'client_id', 'client_secret', 'redirect_url', 'version');
       foreach($required_settings as $setting){
         if (!$_data[$setting]){

data/web/json_api.php

@@ -1611,8 +1611,6 @@ if (isset($_GET['query'])) {
               }
             }
           break;
-          case "identity_provider":
-            process_get_return(identity_provider('get'));
           break;
         break;
         // return no route found if no case is matched