katalyst-koi 4.15.1 → 4.17.0

data/app/assets/stylesheets/koi/components/_query.scss

@@ -1,3 +1,4 @@
+@use "sass:meta";
 @use "sass:string";
 @use "../utils/typography";
 
@@ -77,7 +78,7 @@ $text-icon-color: #888;
   }
 
   li.suggestion.attribute::before {
-    background: url("data:image/svg+xml,%3Csvg width='14' height='16' viewBox='0 0 14 16' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M13 3.1C13 4.2598 10.3137 5.2 7 5.2C3.68629 5.2 1 4.2598 1 3.1M13 3.1C13 1.9402 10.3137 1 7 1C3.68629 1 1 1.9402 1 3.1M13 3.1V12.9C13 14.062 10.3333 15 7 15C3.66667 15 1 14.062 1 12.9V3.1M13 8C13 9.162 10.3333 10.1 7 10.1C3.66667 10.1 1 9.162 1 8' stroke='%23#{string.slice(inspect($text-icon-color), 2)}' stroke-width='1.5' stroke-linecap='round' stroke-linejoin='round'/%3E%3C/svg%3E%0A")
+    background: url("data:image/svg+xml,%3Csvg width='14' height='16' viewBox='0 0 14 16' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M13 3.1C13 4.2598 10.3137 5.2 7 5.2C3.68629 5.2 1 4.2598 1 3.1M13 3.1C13 1.9402 10.3137 1 7 1C3.68629 1 1 1.9402 1 3.1M13 3.1V12.9C13 14.062 10.3333 15 7 15C3.66667 15 1 14.062 1 12.9V3.1M13 8C13 9.162 10.3333 10.1 7 10.1C3.66667 10.1 1 9.162 1 8' stroke='%23#{string.slice(meta.inspect($text-icon-color), 2)}' stroke-width='1.5' stroke-linecap='round' stroke-linejoin='round'/%3E%3C/svg%3E%0A")
       no-repeat;
     top: 2px;
   }
@@ -85,13 +86,13 @@ $text-icon-color: #888;
   li.suggestion.database_value::before,
   li.suggestion.constant_value::before,
   li.suggestion.custom_value::before {
-    background: url("data:image/svg+xml,%3Csvg width='14' height='16' viewBox='0 0 16 18' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M14.6111 5.16702L7.99998 8.99998M7.99998 8.99998L1.38886 5.16702M7.99998 8.99998L8 16.711M15 12.2943V5.70573C15 5.42761 15 5.28856 14.9607 5.16453C14.926 5.05481 14.8692 4.9541 14.7942 4.86912C14.7094 4.77307 14.5929 4.70553 14.3599 4.57047L8.60436 1.23354C8.38378 1.10565 8.27348 1.04171 8.15668 1.01664C8.05331 0.994453 7.94669 0.994453 7.84332 1.01664C7.72652 1.04171 7.61623 1.10565 7.39564 1.23354L1.64009 4.57047C1.40713 4.70554 1.29064 4.77307 1.20583 4.86912C1.13079 4.9541 1.074 5.05481 1.03927 5.16453C1 5.28856 1 5.42762 1 5.70573V12.2943C1 12.5724 1 12.7114 1.03927 12.8355C1.074 12.9452 1.13079 13.0459 1.20583 13.1309C1.29064 13.2269 1.40713 13.2945 1.64009 13.4295L7.39564 16.7665C7.61623 16.8943 7.72652 16.9583 7.84332 16.9834C7.94669 17.0055 8.05331 17.0055 8.15668 16.9834C8.27348 16.9583 8.38377 16.8943 8.60436 16.7665L14.3599 13.4295C14.5929 13.2945 14.7094 13.2269 14.7942 13.1309C14.8692 13.0459 14.926 12.9452 14.9607 12.8355C15 12.7114 15 12.5724 15 12.2943Z' stroke='%23#{string.slice(inspect($text-icon-color), 2)}' stroke-width='1.5' stroke-linecap='round' stroke-linejoin='round'/%3E%3C/svg%3E%0A")
+    background: url("data:image/svg+xml,%3Csvg width='14' height='16' viewBox='0 0 16 18' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M14.6111 5.16702L7.99998 8.99998M7.99998 8.99998L1.38886 5.16702M7.99998 8.99998L8 16.711M15 12.2943V5.70573C15 5.42761 15 5.28856 14.9607 5.16453C14.926 5.05481 14.8692 4.9541 14.7942 4.86912C14.7094 4.77307 14.5929 4.70553 14.3599 4.57047L8.60436 1.23354C8.38378 1.10565 8.27348 1.04171 8.15668 1.01664C8.05331 0.994453 7.94669 0.994453 7.84332 1.01664C7.72652 1.04171 7.61623 1.10565 7.39564 1.23354L1.64009 4.57047C1.40713 4.70554 1.29064 4.77307 1.20583 4.86912C1.13079 4.9541 1.074 5.05481 1.03927 5.16453C1 5.28856 1 5.42762 1 5.70573V12.2943C1 12.5724 1 12.7114 1.03927 12.8355C1.074 12.9452 1.13079 13.0459 1.20583 13.1309C1.29064 13.2269 1.40713 13.2945 1.64009 13.4295L7.39564 16.7665C7.61623 16.8943 7.72652 16.9583 7.84332 16.9834C7.94669 17.0055 8.05331 17.0055 8.15668 16.9834C8.27348 16.9583 8.38377 16.8943 8.60436 16.7665L14.3599 13.4295C14.5929 13.2945 14.7094 13.2269 14.7942 13.1309C14.8692 13.0459 14.926 12.9452 14.9607 12.8355C15 12.7114 15 12.5724 15 12.2943Z' stroke='%23#{string.slice(meta.inspect($text-icon-color), 2)}' stroke-width='1.5' stroke-linecap='round' stroke-linejoin='round'/%3E%3C/svg%3E%0A")
       no-repeat;
     top: 2px;
   }
 
   li.suggestion.search_value::before {
-    background: url("data:image/svg+xml,%3Csvg width='14' height='16' viewBox='0 0 24 24' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M21 21L15.0001 15M17 10C17 13.866 13.866 17 10 17C6.13401 17 3 13.866 3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10Z' stroke='%23#{string.slice(inspect($text-icon-color), 2)}' stroke-width='3' stroke-linecap='round' stroke-linejoin='round'/%3E%3C/svg%3E%0A")
+    background: url("data:image/svg+xml,%3Csvg width='14' height='16' viewBox='0 0 24 24' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M21 21L15.0001 15M17 10C17 13.866 13.866 17 10 17C6.13401 17 3 13.866 3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10Z' stroke='%23#{string.slice(meta.inspect($text-icon-color), 2)}' stroke-width='3' stroke-linecap='round' stroke-linejoin='round'/%3E%3C/svg%3E%0A")
       no-repeat;
     top: 2px;
   }

data/app/assets/stylesheets/koi/layouts/_header.scss

@@ -1,30 +1,34 @@
-@mixin list($separator, $space: 1rem) {
+$inset: 2rem !default;
+
+$title: 4rem;
+$breadcrumbs: 3rem;
+$actions: 3rem;
+$height: $title + $breadcrumbs + $actions;
+
+@mixin list($separator, $margin: 1em, $padding: 0.5em) {
   display: flex;
+  align-items: center;
   list-style-position: outside;
+  margin-inline: $inset;
 
   > * {
     display: list-item;
-    margin-left: $space;
+    margin-inline-start: $margin;
+    padding-inline-start: $padding;
   }
 
   > *::marker {
-    content: " " + $separator + " ";
+    content: $separator;
     color: rgba(0, 0, 0, 0.4);
   }
 
   > *:first-child {
     display: block;
-    margin-left: 0;
+    margin-inline-start: 0;
+    padding-inline-start: 0;
   }
 }
 
-$inset: 2rem !default;
-
-$title: 4rem;
-$breadcrumbs: 3rem;
-$actions: 3rem;
-$height: $title + $breadcrumbs + $actions;
-
 %header {
   border-bottom: 1px solid #ececec;
   color: #b2b2b2;
@@ -44,20 +48,14 @@ $height: $title + $breadcrumbs + $actions;
 
   .breadcrumbs {
     grid-area: breadcrumbs;
-    display: flex;
-    align-items: center;
-    margin: 0 $inset;
 
-    @include list("› ", 1.2rem);
+    @include list("›");
   }
 
   .actions {
     grid-area: actions;
-    display: flex;
-    align-items: center;
-    margin: 0 $inset;
+    gap: 0;
 
-    @include list("|", 0.5rem);
-    list-style-type: square;
+    @include list("|", $margin: 0.8em);
   }
 }

data/app/assets/stylesheets/koi/pages/_login.scss

@@ -11,7 +11,7 @@
 
 .admin-login > main {
   flex: 1 1 auto;
-  max-width: 20rem;
+  max-width: 24rem;
   background: white;
   border-radius: 0.25rem;
   height: unset;

data/app/assets/stylesheets/koi/themes/_govuk.scss

@@ -1,42 +1,24 @@
 @use "../utils/typography" as *;
 
-@function govuk-definition($size) {
-  @return (
-    null: (
-      font-size: font-size($size, mobile, px),
-      line-height: line-height($size, mobile, px),
-    ),
-    tablet: (
-      font-size: font-size($size, tablet, px),
-      line-height: line-height($size, tablet, px),
-    ),
-    print: (
-      font-size: font-size($size, print, px),
-      line-height: line-height($size, print, px),
-    )
-  );
-}
-
-$govuk-font-family: "Inter";
-$govuk-text-colour: #{var(--site-text-color)};
-$govuk-typography-scale: (
-  80: govuk-definition(h1),
-  48: govuk-definition(h2),
-  36: govuk-definition(h3),
-  27: govuk-definition(h4),
-  24: govuk-definition(h5),
-  19: govuk-definition(h6),
-  16: govuk-definition(paragraph),
-  14: govuk-definition(small),
+@use "katalyst/govuk/formbuilder" with (
+  $govuk-font-family: "Inter",
+  $govuk-text-colour: #{var(--site-text-color)},
+  $govuk-typography-scale: (
+    80: govuk-definition(h1),
+    48: govuk-definition(h2),
+    36: govuk-definition(h3),
+    27: govuk-definition(h4),
+    24: govuk-definition(h5),
+    19: govuk-definition(h6),
+    16: govuk-definition(paragraph),
+    14: govuk-definition(small),
+  ),
+  $govuk-input-border-colour: #{var(--site-text-color)}
 );
 
-$govuk-input-border-colour: #{var(--site-text-color)};
-
-@import "katalyst/govuk/formbuilder";
-
 .govuk-input,
 .govuk-textarea {
-  color: $govuk-text-colour;
+  color: var(--site-text-color);
 }
 
 .govuk-hint {
@@ -50,3 +32,25 @@ $govuk-input-border-colour: #{var(--site-text-color)};
   margin-left: -18px;
   padding-left: 13px;
 }
+
+// add some koi styling to the govuk show/hide password button
+[data-govuk-password-input-init] {
+  max-width: var(--text-width);
+
+  .govuk-password-input__wrapper {
+    gap: 0.5rem;
+  }
+
+  .govuk-button {
+    min-width: 4em;
+    background: none;
+    cursor: pointer;
+    border: 2px solid var(--site-text-color);
+  }
+
+  .govuk-button:focus-visible,
+  .govuk-button:hover {
+    color: var(--site-primary);
+    border-color: var(--site-primary);
+  }
+}

data/app/assets/stylesheets/koi/utils/_typography.scss

@@ -1,10 +1,11 @@
+@use "sass:map";
 @use "sass:math";
 
 $-font-sizes: () !default;
 $-line-heights: () !default;
 
 @function font-size($size, $breakpoint: null, $unit: rem) {
-  $font-size: map-get($-font-sizes, $size);
+  $font-size: map.get($-font-sizes, $size);
 
   @if $unit == rem {
     @return $font-size;
@@ -14,7 +15,7 @@ $-line-heights: () !default;
 }
 
 @function line-height($size, $breakpoint: null, $unit: em) {
-  $line-height: map-get($-line-heights, $size);
+  $line-height: map.get($-line-heights, $size);
 
   @if $unit == em {
     @return $line-height;
@@ -22,3 +23,20 @@ $-line-heights: () !default;
     @return math.div($line-height, 1em) * 16px;
   }
 }
+
+@function govuk-definition($size) {
+  @return (
+    null: (
+      font-size: font-size($size, mobile, px),
+      line-height: line-height($size, mobile, px),
+    ),
+    tablet: (
+      font-size: font-size($size, tablet, px),
+      line-height: line-height($size, tablet, px),
+    ),
+    print: (
+      font-size: font-size($size, print, px),
+      line-height: line-height($size, print, px),
+    )
+  );
+}

data/app/controllers/admin/admin_users_controller.rb

@@ -77,7 +77,7 @@ module Admin
     end
 
     def admin_user_params
-      params.require(:admin).permit(:name, :email, :password, :archived)
+      params.expect(admin: %i[name email password archived])
     end
 
     class Collection < Admin::Collection

data/app/controllers/admin/credentials_controller.rb

@@ -64,7 +64,7 @@ module Admin
     private
 
     def credential_params
-      params.require(:admin_credential).permit(:nickname, :response)
+      params.expect(admin_credential: %i[nickname response])
     end
 
     def set_admin_user

data/app/controllers/admin/otps_controller.rb

@@ -36,7 +36,7 @@ module Admin
     private
 
     def otp_params
-      params.require(:admin).permit(:otp_secret, :token)
+      params.expect(admin: %i[otp_secret token])
     end
 
     def set_admin_user

data/app/controllers/admin/sessions_controller.rb

@@ -3,6 +3,7 @@
 module Admin
   class SessionsController < ApplicationController
     include Koi::Controller::HasWebauthn
+    include Koi::Controller::RecordsAuthentication
 
     before_action :redirect_authenticated, only: %i[new], if: :admin_signed_in?
     before_action :authenticate_local_admin, only: %i[new], if: :authenticate_local_admins?
@@ -102,35 +103,7 @@ module Admin
     end
 
     def session_params
-      params.require(:admin).permit(:email, :password, :token, :response)
-    end
-
-    def update_last_sign_in(admin_user)
-      return if admin_user.current_sign_in_at.blank?
-
-      admin_user.last_sign_in_at = admin_user.current_sign_in_at
-      admin_user.last_sign_in_ip = admin_user.current_sign_in_ip
-    end
-
-    def record_sign_in!(admin_user)
-      update_last_sign_in(admin_user)
-
-      admin_user.current_sign_in_at = Time.current
-      admin_user.current_sign_in_ip = request.remote_ip
-      admin_user.sign_in_count      = admin_user.sign_in_count + 1
-
-      admin_user.save!
-    end
-
-    def record_sign_out!(admin_user)
-      return unless admin_user
-
-      update_last_sign_in(admin_user)
-
-      admin_user.current_sign_in_at = nil
-      admin_user.current_sign_in_ip = nil
-
-      admin_user.save!
+      params.expect(admin: %i[email password token response])
     end
   end
 end

data/app/controllers/admin/tokens_controller.rb

@@ -2,66 +2,40 @@
 
 module Admin
   class TokensController < ApplicationController
-    include Koi::Controller::JsonWebToken
+    include Koi::Controller::RecordsAuthentication
 
-    before_action :set_admin, only: %i[create]
-    before_action :set_token, only: %i[show update]
-    before_action :invalid_token, only: %i[show update], unless: :token_valid?
+    before_action :set_admin_user, only: %i[create]
+
+    attr_reader :admin_user
 
     def show
-      render locals: { admin: @admin, token: params[:token] }, layout: "koi/login"
+      if (@admin_user = Admin::User.find_by_token_for(:password_reset, params[:token]))
+        render locals: { admin_user:, token: params[:token] }, layout: "koi/login"
+      else
+        redirect_to(new_admin_session_path, status: :see_other, notice: I18n.t("koi.auth.token_invalid"))
+      end
     end
 
     def create
-      token = encode_token(admin_id: @admin.id, exp: 30.minutes.from_now.to_i, iat: Time.current.to_i)
-
-      render locals: { token: }
+      render locals: { token: admin_user.generate_token_for(:password_reset) }
     end
 
     def update
-      sign_in_admin(@admin)
-
-      redirect_to admin_admin_user_path(@admin), status: :see_other, notice: t("koi.auth.token_consumed")
-    end
-
-    private
+      if (@admin_user = Admin::User.find_by_token_for(:password_reset, params[:token]))
+        record_sign_in!(admin_user)
 
-    def set_admin
-      @admin = Admin::User.find(params[:admin_user_id])
-    end
-
-    def set_token
-      @token = decode_token(params[:token])
-
-      # constant time token validation requires that we always try to retrieve a user
-      @admin = Admin::User.find_by(id: @token&.fetch(:admin_id) || "")
-    end
+        session[:admin_user_id] = admin_user.id
 
-    def token_valid?
-      return false unless @token.present? && @admin.present?
-
-      # Ensure that the user has not signed in since the token was generated
-      if @admin.current_sign_in_at.present?
-        @admin.current_sign_in_at.to_i < @token[:iat]
-      elsif @admin.last_sign_in_at.present?
-        @admin.last_sign_in_at.to_i < @token[:iat]
+        redirect_to admin_admin_user_path(admin_user), status: :see_other, notice: t("koi.auth.token_consumed")
       else
-        true # first sign in
+        redirect_to(new_admin_session_path, status: :see_other, notice: I18n.t("koi.auth.token_invalid"))
       end
     end
 
-    def invalid_token
-      redirect_to(new_admin_session_path, status: :see_other, notice: I18n.t("koi.auth.token_invalid"))
-    end
-
-    def sign_in_admin(admin)
-      admin.current_sign_in_at = Time.current
-      admin.current_sign_in_ip = request.remote_ip
-      admin.sign_in_count      = 1
+    private
 
-      # disable validations to allow saving without password or passkey credentials
-      admin.save!(validate: false)
-      session[:admin_user_id] = admin.id
+    def set_admin_user
+      @admin_user = Admin::User.find(params[:admin_user_id])
     end
   end
 end

data/app/controllers/admin/url_rewrites_controller.rb

@@ -52,7 +52,7 @@ module Admin
     private
 
     def url_rewrite_params
-      params.require(:url_rewrite).permit(:from, :to, :status_code, :active)
+      params.expect(url_rewrite: %i[from to status_code active])
     end
 
     def set_url_rewrite

data/app/controllers/admin/well_knowns_controller.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module Admin
+  class WellKnownsController < ApplicationController
+    before_action :set_well_known, only: %i[show edit update destroy]
+
+    def index
+      collection = Collection.new.with_params(params).apply(::WellKnown.strict_loading.all)
+
+      render locals: { collection: }
+    end
+
+    def show
+      render locals: { well_known: @well_known }
+    end
+
+    def new
+      render locals: { well_known: ::WellKnown.new }
+    end
+
+    def edit
+      render locals: { well_known: @well_known }
+    end
+
+    def create
+      @well_known = ::WellKnown.new(well_known_params)
+
+      if @well_known.save
+        redirect_to [:admin, @well_known], status: :see_other
+      else
+        render :new, locals: { well_known: @well_known }, status: :unprocessable_content
+      end
+    end
+
+    def update
+      if @well_known.update(well_known_params)
+        redirect_to action: :show, status: :see_other
+      else
+        render :edit, locals: { well_known: @well_known }, status: :unprocessable_content
+      end
+    end
+
+    def destroy
+      @well_known.destroy!
+
+      redirect_to action: :index, status: :see_other
+    end
+
+    private
+
+    # Only allow a list of trusted parameters through.
+    def well_known_params
+      params.expect(well_known: %i[name purpose content_type content])
+    end
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_well_known
+      @well_known = ::WellKnown.find(params[:id])
+    end
+
+    class Collection < Admin::Collection
+      config.sorting  = :name
+      config.paginate = true
+
+      attribute :name, :string
+      attribute :purpose, :string
+      attribute :content_type, :string
+      attribute :content, :string
+    end
+  end
+end

data/app/controllers/concerns/koi/controller/has_webauthn.rb

@@ -12,15 +12,14 @@ module Koi
       def webauthn_relying_party
         @webauthn_relying_party ||=
           WebAuthn::RelyingParty.new(
-            name:   Koi.config.admin_name,
-            origin: request.base_url,
+            name:            Koi.config.admin_name,
+            allowed_origins: [request.base_url],
           )
       end
 
       def webauthn_auth_options
-        options = webauthn_relying_party.options_for_authentication(
-          allow: Admin::Credential.pluck(:external_id),
-        )
+        options = webauthn_relying_party.options_for_authentication
+
         session[:authentication_challenge] = options.challenge
 
         options
@@ -42,6 +41,8 @@ module Koi
         )
 
         stored_credential.admin
+      rescue ActiveRecord::RecordNotFound
+        false
       end
     end
   end

data/app/controllers/concerns/koi/controller/records_authentication.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Koi
+  module Controller
+    module RecordsAuthentication
+      def update_last_sign_in(admin_user)
+        return if admin_user.current_sign_in_at.blank?
+
+        admin_user.last_sign_in_at = admin_user.current_sign_in_at
+        admin_user.last_sign_in_ip = admin_user.current_sign_in_ip
+      end
+
+      def record_sign_in!(admin_user)
+        update_last_sign_in(admin_user)
+
+        admin_user.current_sign_in_at = Time.current
+        admin_user.current_sign_in_ip = request.remote_ip
+        admin_user.sign_in_count += 1
+
+        admin_user.save!
+      end
+
+      def record_sign_out!(admin_user)
+        return unless admin_user
+
+        update_last_sign_in(admin_user)
+
+        admin_user.current_sign_in_at = nil
+        admin_user.current_sign_in_ip = nil
+
+        admin_user.save!
+      end
+    end
+  end
+end

data/app/controllers/well_knowns_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class WellKnownsController < ApplicationController
+  before_action :set_well_known
+
+  def show
+    render renderable: @well_known
+  end
+
+  private
+
+  def set_well_known
+    @well_known = WellKnown.find_by!(name: params[:name])
+  end
+end

data/app/models/admin/user.rb

@@ -12,6 +12,8 @@ module Admin
     # disable validations for password_digest
     has_secure_password validations: false
 
+    generates_token_for(:password_reset, expires_in: 30.minutes) { current_sign_in_at }
+
     has_many :credentials, inverse_of: :admin, class_name: "Admin::Credential", dependent: :destroy
 
     validates :name, :email, presence: true

data/app/models/well_known.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class WellKnown < ApplicationRecord
+  CONTENT_TYPES = {
+    text: "text/plain",
+    json: "application/json",
+  }.freeze
+
+  enum :content_type, CONTENT_TYPES
+
+  validates :name, :purpose, :content_type, presence: true
+  validates :name, uniqueness: { case_sensitive: true }
+
+  scope :admin_search, ->(query) do
+    where(arel_table[:name].matches("%#{query}%"))
+  end
+
+  def render_in(view_context)
+    view_context.render(plain: content)
+  end
+
+  def format
+    content_type.to_sym
+  end
+end

data/app/views/admin/sessions/password.html.erb

@@ -8,4 +8,7 @@
   <%= form.govuk_password_field :password, autofocus: true, autocomplete: "off" %>
   <%= hidden_field_tag(:redirect, params[:redirect]) %>
   <%= form.admin_save "Next" %>
+
+  <%# init govuk js to provide the show/hide button %>
+  <%= govuk_formbuilder_init %>
 <% end %>

data/app/views/admin/tokens/create.turbo_stream.erb

@@ -1,3 +1,5 @@
+<%# locals: (token:) %>
+
 <%= turbo_stream.replace "invite" do %>
   <div class="action copy-to-clipboard govuk-input__wrapper" data-controller="clipboard" data-clipboard-supported-class="clipboard--supported">
     <%= text_field_tag :invite_link, admin_session_token_url(token), readonly: true, data: { clipboard_target: "source" } %>

data/app/views/admin/tokens/show.html.erb

@@ -1,8 +1,10 @@
+<%# locals: (admin_user:, token:) %>
+
 <%= render "layouts/koi/navigation_header" %>
 
 <%= form_with(url: admin_session_token_path(token), method: :patch) do |form| %>
   <p>Welcome to Koi Admin</p>
-  <%= render Koi::SummaryListComponent.new(model: admin, class: "item-table") do |builder| %>
+  <%= render Koi::SummaryListComponent.new(model: admin_user, class: "item-table") do |builder| %>
     <%= builder.text :name %>
     <%= builder.text :email %>
   <% end %>

data/app/views/admin/well_knowns/_fields.html.erb

@@ -0,0 +1,6 @@
+<%= form.govuk_text_field :name %>
+<%= form.govuk_text_field :purpose %>
+<%= form.govuk_collection_radio_buttons(
+      :content_type, WellKnown::CONTENT_TYPES, :first, :second, small: true
+    ) %>
+<%= form.govuk_text_area :content %>

data/app/views/admin/well_knowns/edit.html.erb

@@ -0,0 +1,12 @@
+<% content_for :header do %>
+  <%= render(Koi::Header::EditComponent.new(resource: well_known)) %>
+<% end %>
+
+<%= form_with(model: well_known, url: admin_well_known_path(well_known)) do |form| %>
+  <%= render "fields", form: %>
+
+  <div class="actions">
+    <%= form.admin_save %>
+    <%= form.admin_delete %>
+  </div>
+<% end %>

data/app/views/admin/well_knowns/index.html.erb

@@ -0,0 +1,15 @@
+<% content_for :header do %>
+  <%= render(Koi::Header::IndexComponent.new(model: WellKnown)) do |component| %>
+    <% component.with_action "New", new_admin_well_known_path %>
+  <% end %>
+<% end %>
+
+<%= table_query_with(collection:) %>
+
+<%= table_with(collection:) do |row| %>
+  <% row.select %>
+  <% row.link :name %>
+  <% row.text :purpose %>
+<% end %>
+
+<%= table_pagination_with(collection:) %>