Bug 28772: Display API secret once

This patch makes the apikeys.pl display the generated API secret once,
when generated. After that, it won't be displayed by the UI.

To test:
1. Generate a new API key
=> FAIL: The secret is displayed in the API keys table
2. Visit some other page, and go back to the API keys page
=> FAIL: The API key secret is there
3. Apply this patch
4. Go to More > Manage API keys
=> SUCCESS: It no longer displays the secret
5. Generate a new API key
=> SUCCESS: The API key details (including the secret) are displayed.
=> SUCCESS: A message telling to copy the secret because it won't be
            displayed again is shown.
6. Repeat 4
=> SUCCESS: The secret is no longer displayed
7. Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

koha-tmpl/intranet-tmpl/prog/en/modules/members/apikeys.tt

@@ -34,6 +34,28 @@
                 [% INCLUDE 'members-toolbar.inc' %]
 
                 <h1>API keys for [% INCLUDE 'patron-title.inc' %]</h1>
+
+            [% IF fresh_api_key %]
+                [%# A fresh api key was generated, display the secret, only once %]
+                <div class="rows">
+                    <span class="alert">Make sure to copy your API secret now. You won’t be able to see it again!</span>
+                    <ol>
+                        <li>
+                            <span class="label">Description: </span>
+                            [% fresh_api_key.description | html %]
+                        </li>
+                        <li>
+                            <span class="label">Client ID: </span>
+                            [% fresh_api_key.client_id | html %]
+                        </li>
+                        <li>
+                            <span class="label">Secret: </span>
+                            [% fresh_api_key.plain_text_secret | html %]
+                        </li>
+                    </ol>
+                </div>
+            [% END %]
+
                 <form id="add-api-key" action="/cgi-bin/koha/members/apikeys.pl" method="post" style="display:none">
                     <input type="hidden" name="patron_id" value="[% patron.id | html %]" />
                     <input type="hidden" name="csrf_token" value="[% csrf_token | html %]" />
@@ -61,7 +83,6 @@
                                 <tr>
                                     <th>Description</th>
                                     <th>Client ID</th>
-                                    <th>Secret</th>
                                     <th>Active</th>
                                     <th class="noExport">Actions</th>
                                 </tr>
@@ -71,7 +92,6 @@
                                     <tr>
                                         <td>[% key.description | html %]</td>
                                         <td>[% key.client_id | html %]</td>
-                                        <td>[% key.secret | html %]</td>
                                         <td>[% IF key.active %]Yes[% ELSE %]No[% END %]</td>
                                         <td>
                                             <form action="/cgi-bin/koha/members/apikeys.pl" method="post">

members/apikeys.pl

@@ -81,8 +81,11 @@ if ($op) {
             }
         );
         $api_key->store;
-        print $cgi->redirect( '/cgi-bin/koha/members/apikeys.pl?patron_id=' . $patron_id );
-        exit;
+
+        $template->param(
+            fresh_api_key => $api_key,
+            api_keys      => scalar Koha::ApiKeys->search({ patron_id => $patron_id }),
+        );
     }
 
     if ( $op eq 'delete' ) {