From db65f2dcf8024679a970c9a92936283b7eb046af Mon Sep 17 00:00:00 2001
From: Antonis Kotronakis <mail@akotro.dev>
Date: Sat, 11 Oct 2025 19:25:37 +0100
Subject: [PATCH] ui: prevent creation of duplicate clients after initial
 creation

Adds a new JustCreated field in clientDisplayData to handle create
button visibility and a hidden just_created input to handle form
submission from Enter keydown.

Fixes #52

Signed-off-by: Antonis Kotronakis <mail@akotro.dev>
---
 server/ui-edit.html | 17 ++++++++++++-----
 server/ui.go        |  7 +++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/server/ui-edit.html b/server/ui-edit.html
index 126f35f15..c8bbee4c1 100644
--- a/server/ui-edit.html
+++ b/server/ui-edit.html
@@ -32,7 +32,7 @@ <h2>
         </div>
         {{end}}
 
-        {{if and .Secret .IsNew}}
+        {{if and .Secret .JustCreated}}
         <div class="client-info">
           <h3>Client Created Successfully!</h3>
           <p class="warning">⚠️ Save both the Client ID and Secret now! The secret will not be shown again.</p>
@@ -76,6 +76,7 @@ <h3>New Client Secret</h3>
               value="{{.Name}}" 
               placeholder="e.g., My Application"
               class="form-input"
+              {{if .JustCreated}}readonly{{end}}
             >
             <div class="form-help">
               A descriptive name for this OIDC client (optional).
@@ -91,6 +92,7 @@ <h3>New Client Secret</h3>
               class="form-input"
               rows="4"
               required
+              {{if .JustCreated}}readonly{{end}}
             >{{joinRedirectURIs .RedirectURIs}}</textarea>
             <div class="form-help">
               Enter one redirect URI per line. Users will be redirected to one of these URLs after authentication.
@@ -113,9 +115,14 @@ <h3>New Client Secret</h3>
           {{end}}
 
           <div class="form-actions">
-            <button type="submit" class="btn btn-primary">
-              {{if .IsNew}}Create Client{{else}}Update Client{{end}}
-            </button>
+            {{if .JustCreated}}
+              <input type="hidden" name="just_created" value="true">
+              <a href="/" class="btn btn-secondary">← Back to Clients</a>
+            {{else}}
+              <button type="submit" class="btn btn-primary">
+                {{if .IsNew}}Create Client{{else}}Update Client{{end}}
+              </button>
+            {{end}}
             
             {{if .IsEdit}}
             <button type="submit" name="action" value="regenerate_secret" class="btn btn-warning" 
@@ -195,4 +202,4 @@ <h3>Client Information</h3>
       }
     </script>
   </body>
-</html> 
\ No newline at end of file
+</html> 
diff --git a/server/ui.go b/server/ui.go
index 42f1592f7..08ceb147a 100644
--- a/server/ui.go
+++ b/server/ui.go
@@ -125,6 +125,11 @@ func (s *IDPServer) handleNewClient(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
+		if r.FormValue("just_created") == "true" {
+			http.Redirect(w, r, "/", http.StatusSeeOther)
+			return
+		}
+
 		name := strings.TrimSpace(r.FormValue("name"))
 		redirectURIsText := strings.TrimSpace(r.FormValue("redirect_uris"))
 		redirectURIs := splitRedirectURIs(redirectURIsText)
@@ -176,6 +181,7 @@ func (s *IDPServer) handleNewClient(w http.ResponseWriter, r *http.Request) {
 			RedirectURIs: redirectURIs,
 			Secret:       clientSecret,
 			IsNew:        true,
+			JustCreated:  true,
 		}
 		s.renderFormSuccess(w, r, successData, "Client created successfully! Save the client secret - it won't be shown again.")
 		return
@@ -327,6 +333,7 @@ type clientDisplayData struct {
 	RedirectURIs []string
 	Secret       string
 	HasSecret    bool
+	JustCreated  bool
 	IsNew        bool
 	IsEdit       bool
 	Success      string