Merge pull request #17 from documize/github-extension

Github extension - secrets WIP as requested
2025-08-09 07:25:23 +02:00 · 2016-07-07 16:14:11 +01:00 · 2016-07-07 16:14:11 +01:00 · 1436d37ff4
commit 1436d37ff4
parent 37f6d41604 43c34cbb66
30 changed files with 918 additions and 689 deletions
--- a/app/app/components/section/github/type-editor.js
+++ b/app/app/components/section/github/type-editor.js
@ -33,13 +33,12 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 		if (is.undefined(this.get('config.clientId')) || is.undefined(this.get('config.callbackUrl'))) {
 			self.get('sectionService').fetch(page, "config", {})
-                .then(function(cfg) {
+				.then(function (cfg) {
 					let config = {};

 					config = {
 						clientId: cfg.clientID,
 						callbackUrl: cfg.authorizationCallbackURL,
-                        token: "",
 						owner: null,
 						owner_name: "",
 						repo: null,
@ -52,6 +51,8 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 						branchLines: "30",
 						state: null,
 						issues: "",
+						userId: "",
+						pageId: page.get('id'),
 					};

 					try {
@ -64,25 +65,41 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 						config.branchLines = metaConfig.branchLines;
 						config.state = metaConfig.state;
 						config.issues = metaConfig.issues;
+						config.userId = metaConfig.userId;
+						config.pageId = metaConfig.pageId;
 					} catch (e) {}

 					self.set('config', config);
+					self.set('config.pageId', page.get('id'));

 					// On auth callback capture code
 					let code = window.location.search;

-                    if (is.not.undefined(code) && is.not.null(code)) {
+					if (is.not.undefined(code) && is.not.null(code) && is.not.empty(code) && code !== "") {
 						let tok = code.replace("?code=", "");
-                        if (is.not.empty(code)) {
-                            self.set('config.token', tok);
+						self.get('sectionService').fetch(page, "saveSecret", { "token": tok })
+							.then(function () {
+								console.log("github auth code saved to db");
 								self.send('authStage2');
-                        }
-                    } else {
-                        if (self.get('config.token') === "") {
+							}, function (error) { //jshint ignore: line
+								console.log(error);
 								self.send('auth');
+							});
+					} else {
+						if (config.userId !== self.session.user.id) {
+							console.log("github auth wrong user ID, switching");
+							self.set('config.userId', self.session.user.id);
 						}
+						self.get('sectionService').fetch(page, "checkAuth", self.get('config'))
+							.then(function () {
+								console.log("github auth code valid");
+								self.send('authStage2');
+							}, function (error) { //jshint ignore: line
+								console.log(error);
+								self.send('auth'); // require auth if the db token is invalid
+							});
 					}
-                }, function(error) { //jshint ignore: line
+				}, function (error) { //jshint ignore: line
 					console.log(error);
 				});
 		}
@ -112,11 +129,11 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		this.set('owner', thisOwner);

 		this.get('sectionService').fetch(page, "repos", self.get('config'))
-            .then(function(lists) {
+			.then(function (lists) {
 				self.set('busy', false);
 				self.set('repos', lists);
 				self.getRepoLists();
-            }, function(error) { //jshint ignore: line
+			}, function (error) { //jshint ignore: line
 				self.set('busy', false);
 				self.set('authenticated', false);
 				self.showNotification("Unable to fetch repositories");
@ -151,15 +168,14 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		this.getReportLists();
 	},

-
 	getReportLists() {
 		let reports = [];
 		reports[0] = {
-            id: "commits_data", // used as method for fetching Go data
+			id: "commitsData", // used as method for fetching Go data
 			name: "Commits on a branch"
 		};
 		reports[1] = {
-            id: "issues_data", // used as method for fetching Go data
+			id: "issuesData", // used as method for fetching Go data
 			name: "Issues"
 		};

@ -196,11 +212,11 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		this.set('showCommits', false);
 		this.set('showLabels', false);
 		switch (thisReport.id) {
-            case 'commits_data':
+		case 'commitsData':
 			this.set('showCommits', true);
 			this.getBranchLists();
 			break;
-            case "issues_data":
+		case 'issuesData':
 			this.set('showLabels', true);
 			this.getLabelLists();
 			break;
@ -214,7 +230,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		let page = this.get('page');

 		this.get('sectionService').fetch(page, "branches", self.get('config'))
-            .then(function(lists) {
+			.then(function (lists) {
 				let savedLists = self.get('config.lists');
 				if (savedLists === null) {
 					savedLists = [];
@ -223,7 +239,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 				if (lists.length > 0) {
 					let noIncluded = true;

-                    lists.forEach(function(list) {
+					lists.forEach(function (list) {
 						let included = false;
 						var saved;
 						if (is.not.undefined(savedLists)) {
@ -243,7 +259,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 				self.set('config.lists', lists);
 				self.set('busy', false);
-            }, function(error) { //jshint ignore: line
+			}, function (error) { //jshint ignore: line
 				self.set('busy', false);
 				self.set('authenticated', false);
 				self.showNotification("Unable to fetch repository branches");
@ -285,14 +301,14 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		this.set('state', thisState);

 		this.get('sectionService').fetch(page, "labels", self.get('config'))
-            .then(function(lists) {
+			.then(function (lists) {
 				let savedLists = self.get('config.lists');
 				if (savedLists === null) {
 					savedLists = [];
 				}

 				if (lists.length > 0) {
-                    lists.forEach(function(list) {
+					lists.forEach(function (list) {
 						var saved;
 						if (is.not.undefined(savedLists)) {
 							saved = savedLists.findBy("id", list.id);
@ -307,7 +323,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 				self.set('config.lists', lists);
 				self.set('busy', false);
-            }, function(error) { //jshint ignore: line
+			}, function (error) { //jshint ignore: line
 				self.set('busy', false);
 				self.set('authenticated', false);
 				self.showNotification("Unable to fetch repository labels");
@ -325,7 +341,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 			let list = lists.findBy('id', id);

 			// restore the list of branches to the default state
-            lists.forEach(function(lst) {
+			lists.forEach(function (lst) {
 				Ember.set(lst, 'included', false);
 			});

@ -343,19 +359,19 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 			}
 		},

-
 		authStage2() {
 			let self = this;
+			self.set('config.userId', this.session.user.id);
 			self.set('authenticated', true);
 			self.set('busy', true);
 			let page = this.get('page');

 			self.get('sectionService').fetch(page, "owners", self.get('config'))
-                .then(function(owners) {
+				.then(function (owners) {
 					self.set('busy', false);
 					self.set('owners', owners);
 					self.getOwnerLists();
-                }, function(error) { //jshint ignore: line
+				}, function (error) { //jshint ignore: line
 					self.set('busy', false);
 					self.set('authenticated', false);
 					self.showNotification("Unable to fetch owners");
@ -365,7 +381,6 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		},

 		auth() {
-
 			let self = this;
 			self.set('busy', true);
 			self.set('authenticated', false);
@ -401,7 +416,6 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 			this.set('config.state', thisState);
 		},

-
 		onCancel() {
 			this.attrs.onCancel();
 		},
@ -428,11 +442,11 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 			let thisReport = this.get('config.report');
 			this.get('sectionService').fetch(page, thisReport.id, this.get('config'))
-                .then(function(response) {
+				.then(function (response) {
 					meta.set('rawBody', JSON.stringify(response));
 					self.set('busy', false);
 					self.attrs.onAction(page, meta);
-                }, function(reason) { //jshint ignore: line
+				}, function (reason) { //jshint ignore: line
 					self.set('busy', false);
 					self.attrs.onAction(page, meta);
 				});
--- a/app/app/components/section/papertrail/type-editor.js
+++ b/app/app/components/section/papertrail/type-editor.js
@ -65,6 +65,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		},

 		auth() {
+			console.log(this.get('config'));
 			// missing data?
 			this.set('config.APIToken', this.get('config.APIToken').trim());

@ -80,28 +81,31 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 			this.set('waiting', true);

 			this.get('sectionService').fetch(page, "auth", config)
-            .then(function(response) {
+				.then(function (response) {
 					self.set('authenticated', true);
 					self.set('items', response);
+					self.set('config.APIToken', '********'); // reset the api token once it has been sent to the host

 					self.get('sectionService').fetch(page, "options", config)
-	            .then(function(response) {
+						.then(function (response) {
 							self.set('options', response);
 							self.set('waiting', false);

 							let options = self.get('options');
-					let group = _.findWhere(options.groups, {id: config.group.id});
+							let group = _.findWhere(options.groups, { id: config.group.id });
 							if (is.not.undefined(group)) {
 								Ember.set(config, 'group', group);
 							}
-	            }, function(reason) { //jshint ignore: line
+						}, function (reason) { //jshint ignore: line
 							self.set('waiting', false);
 							self.displayError(reason);
 						});
-	        }, function(reason) { //jshint ignore: line
+				}, function (reason) { //jshint ignore: line
 					self.set('authenticated', false);
 					self.set('waiting', false);
+					self.set('config.APIToken', ''); // clear the api token 
 					self.displayError(reason);
+					$("#papertrail-apitoken").addClass("error").focus();
 				});
 		},

@ -114,10 +118,10 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 			this.set('waiting', true);

 			this.get('sectionService').fetch(page, "auth", config)
-	            .then(function(response) {
+				.then(function (response) {
 					self.set('waiting', false);
 					self.set('items', response);
-		        }, function(reason) { //jshint ignore: line
+				}, function (reason) { //jshint ignore: line
 					self.set('waiting', false);
 					self.displayError(reason);
 				});
@ -132,10 +136,10 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 			this.set('waiting', true);

 			this.get('sectionService').fetch(page, "auth", config)
-	            .then(function(response) {
+				.then(function (response) {
 					self.set('waiting', false);
 					self.set('items', response);
-		        }, function(reason) { //jshint ignore: line
+				}, function (reason) { //jshint ignore: line
 					self.set('waiting', false);
 					self.displayError(reason);
 				});
@ -162,7 +166,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 			this.set('waiting', true);

 			this.get('sectionService').fetch(page, "auth", this.get('config'))
-            .then(function(response) {
+				.then(function (response) {
 					self.set('items', response);
 					let items = self.get('items');

@ -175,7 +179,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 					self.set('waiting', false);
 					self.attrs.onAction(page, meta);
-            }, function(reason) { //jshint ignore: line
+				}, function (reason) { //jshint ignore: line
 					self.set('authenticated', false);
 					self.set('waiting', false);
 					self.showNotification(`Something went wrong, try again!`);
--- a/app/app/services/audit.js
+++ b/app/app/services/audit.js
@ -24,7 +24,7 @@ export default Ember.Service.extend({
 	},

 	record(id) {
-        if (!this.get('enabled') || is.empty(this.get('appId'))) {
+		if (!this.get('enabled') || this.get('appId').length === 0) {
 			return;
 		}

@ -37,6 +37,10 @@ export default Ember.Service.extend({
 	},

 	stop() {
+		if (!this.get('enabled') || this.get('appId').length === 0) {
+			return;
+		}
+
 		Intercom('shutdown'); //jshint ignore: line
 	},

--- a/app/app/templates/components/section/papertrail/type-editor.hbs
+++ b/app/app/templates/components/section/papertrail/type-editor.hbs
@ -4,7 +4,11 @@
 		<div class="input-form">
 			<form {{action 'auth' on="submit"}}>
 				<div class="heading">
-					<div class="title">Papertrail Authentication</div>
+					<div class="title">Papertrail Authentication
+						{{#if authenticated}}
+							Complete
+						{{/if}}						
+					</div>
 					<div class="tip">Provide your Papertrail API token</div>
 				</div>
 				<div class="input-control">
@ -12,7 +16,11 @@
 					<div class="tip">API Token (from your profile)</div>
 					{{focus-input id="papertrail-apitoken" type="password" value=config.APIToken readonly=isReadonly}}
 				</div>
+				{{#if authenticated}}
+					<div class="regular-button button-blue" {{ action 'auth' }}>Re-Authenticate</div>
+				{{else}}		
 					<div class="regular-button button-blue" {{ action 'auth' }}>Authenticate</div>
+				{{/if}}
 			</form>
 		</div>
 	</div>
--- a/app/app/utils/net.js
+++ b/app/app/utils/net.js
@ -40,7 +40,7 @@ function getAppUrl(domain) {
 }

 function isAjaxAccessError(reason) {
-	if (typeof reason === "undefined") {
+	if (typeof reason === "undefined" || typeof reason.errors === "undefined") {
 		return false;
 	}

--- a/documize/api/endpoint/page_endpoint.go
+++ b/documize/api/endpoint/page_endpoint.go
@ -79,6 +79,8 @@ func AddDocumentPage(w http.ResponseWriter, r *http.Request) {
 	model.Meta.PageID = pageID
 	model.Page.SetDefaults()
 	model.Meta.SetDefaults()
+	model.Meta.OrgID = p.Context.OrgID
+	model.Meta.UserID = p.Context.UserID
 	// page.Title = template.HTMLEscapeString(page.Title)

 	tx, err := request.Db.Beginx()
@ -90,7 +92,8 @@ func AddDocumentPage(w http.ResponseWriter, r *http.Request) {

 	p.Context.Transaction = tx

-	output, ok := provider.Render(model.Page.ContentType, model.Meta.Config, model.Meta.RawBody)
+	output, ok := provider.Render(model.Page.ContentType,
+		provider.NewContext(model.Meta.OrgID, model.Meta.UserID), model.Meta.Config, model.Meta.RawBody)
 	if !ok {
 		log.ErrorString("provider.Render could not find: " + model.Page.ContentType)
 	}
@ -374,7 +377,7 @@ func DeleteDocumentPages(w http.ResponseWriter, r *http.Request) {
 	writeSuccessEmptyJSON(w)
 }

-// UpdateDocumentPage will persiste changed page and note the fact
+// UpdateDocumentPage will persist changed page and note the fact
 // that this is a new revision. If the page is the first in a document
 // then the corresponding document title will also be changed.
 func UpdateDocumentPage(w http.ResponseWriter, r *http.Request) {
@ -432,7 +435,15 @@ func UpdateDocumentPage(w http.ResponseWriter, r *http.Request) {
 	model.Page.SetDefaults()
 	model.Meta.SetDefaults()

-	output, ok := provider.Render(model.Page.ContentType, model.Meta.Config, model.Meta.RawBody)
+	oldPageMeta, err := p.GetPageMeta(pageID)
+
+	if err != nil {
+		log.Error("unable to fetch old pagemeta record", err)
+		writeBadRequestError(w, method, err.Error())
+		return
+	}
+
+	output, ok := provider.Render(model.Page.ContentType, provider.NewContext(model.Meta.OrgID, oldPageMeta.UserID), model.Meta.Config, model.Meta.RawBody)
 	if !ok {
 		log.ErrorString("provider.Render could not find: " + model.Page.ContentType)
 	}
@ -452,7 +463,7 @@ func UpdateDocumentPage(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	err = p.UpdatePageMeta(model.Meta)
+	err = p.UpdatePageMeta(model.Meta, true) // change the UserID to the current one

 	log.IfErr(tx.Commit())

--- a/documize/api/endpoint/sections_endpoint.go
+++ b/documize/api/endpoint/sections_endpoint.go
@ -70,7 +70,7 @@ func RunSectionCommand(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if !provider.Command(sectionName, w, r) {
+	if !provider.Command(sectionName, provider.NewContext(p.Context.OrgID, p.Context.UserID), w, r) {
 		log.ErrorString("Unable to run provider.Command() for: " + sectionName)
 		writeNotFoundError(w, "RunSectionCommand", sectionName)
 	}
@ -125,14 +125,16 @@ func RefreshSections(w http.ResponseWriter, r *http.Request) {
 			return
 		}

+		pcontext := provider.NewContext(pm.OrgID, pm.UserID)
+
 		// Ask for data refresh
-		data, ok := provider.Refresh(page.ContentType, pm.Config, pm.RawBody)
+		data, ok := provider.Refresh(page.ContentType, pcontext, pm.Config, pm.RawBody)
 		if !ok {
 			log.ErrorString("provider.Refresh could not find: " + page.ContentType)
 		}

 		// Render again
-		body, ok := provider.Render(page.ContentType, pm.Config, data)
+		body, ok := provider.Render(page.ContentType, pcontext, pm.Config, data)
 		if !ok {
 			log.ErrorString("provider.Render could not find: " + page.ContentType)
 		}
@ -153,7 +155,7 @@ func RefreshSections(w http.ResponseWriter, r *http.Request) {
 				return
 			}

-			err = p.UpdatePageMeta(pm)
+			err = p.UpdatePageMeta(pm, false) // do not change the UserID on this PageMeta

 			if err != nil {
 				writeGeneralSQLError(w, method, err)
--- a/documize/api/entity/objects.go
+++ b/documize/api/entity/objects.go
@ -204,6 +204,7 @@ type PageMeta struct {
 	Created        time.Time `json:"created"`
 	Revised        time.Time `json:"revised"`
 	OrgID          string    `json:"orgId"`
+	UserID         string    `json:"userId"`
 	DocumentID     string    `json:"documentId"`
 	PageID         string    `json:"pageId"`
 	RawBody        string    `json:"rawBody"`        // a blob of data
--- a/documize/api/request/config.go
+++ b/documize/api/request/config.go
@ -13,6 +13,7 @@ package request

 import (
 	"bytes"
+	"errors"

 	"github.com/documize/community/wordsmith/utility"
 )
@ -65,3 +66,64 @@ func ConfigString(area, path string) (ret string) {
 	//fmt.Println("DEBUG ConfigString " + sql + " => " + ret)
 	return ret
 }
+
+// UserConfigGetJSON fetches a configuration JSON element from the userconfig table for a given orgid/userid combination.
+// Errors return the empty string. A blank path returns the whole JSON object, as JSON.
+func UserConfigGetJSON(orgid, userid, area, path string) (ret string) {
+	if Db == nil {
+		return ""
+	}
+	if path != "" {
+		path = "." + path
+	}
+	sql := "SELECT JSON_EXTRACT(`config`,'$" + path + "') FROM `userconfig` WHERE `key` = '" + area +
+		"' AND `orgid` = '" + orgid + "' AND `userid` = '" + userid + "';"
+
+	stmt, err := Db.Preparex(sql)
+	if err != nil {
+		//fmt.Printf("DEBUG: Unable to prepare select SQL for ConfigString: %s -- error: %v\n", sql, err)
+		return ""
+	}
+	defer utility.Close(stmt)
+
+	var item = make([]uint8, 0)
+
+	err = stmt.Get(&item)
+
+	if err != nil {
+		//fmt.Printf("DEBUG: Unable to prepare execute SQL for ConfigString: %s -- error: %v\n", sql, err)
+		return ""
+	}
+
+	if len(item) > 1 {
+		q := []byte(`"`)
+		ret = string(bytes.TrimPrefix(bytes.TrimSuffix(item, q), q))
+	}
+
+	//fmt.Println("DEBUG UserConfigString " + sql + " => " + ret)
+	return ret
+
+}
+
+// UserConfigSetJSON writes a configuration JSON element to the userconfig table for the current user.
+func UserConfigSetJSON(orgid, userid, area, json string) error {
+	if Db == nil {
+		return errors.New("no database")
+	}
+	if area == "" {
+		return errors.New("no area")
+	}
+	sql := "INSERT INTO `userconfig` (`orgid`,`userid`,`key`,`config`) " +
+		"VALUES ('" + orgid + "','" + userid + "','" + area + "','" + json +
+		"') ON DUPLICATE KEY UPDATE `config`='" + json + "';"
+
+	stmt, err := Db.Preparex(sql)
+	if err != nil {
+		//fmt.Printf("DEBUG: Unable to prepare select SQL for UserConfigSetJSON: %s -- error: %v\n", sql, err)
+		return err
+	}
+	defer utility.Close(stmt)
+
+	_,err= stmt.Exec()
+	return err
+}
--- a/documize/api/request/page.go
+++ b/documize/api/request/page.go
@ -34,6 +34,7 @@ func (p *Persister) AddPage(model models.PageModel) (err error) {
 	model.Page.SetDefaults()

 	model.Meta.OrgID = p.Context.OrgID
+	model.Meta.UserID = p.Context.UserID
 	model.Meta.DocumentID = model.Page.DocumentID
 	model.Meta.Created = time.Now().UTC()
 	model.Meta.Revised = time.Now().UTC()
@ -65,7 +66,7 @@ func (p *Persister) AddPage(model models.PageModel) (err error) {

 	err = searches.Add(&databaseRequest{OrgID: p.Context.OrgID}, model.Page, model.Page.RefID)

-	stmt2, err := p.Context.Transaction.Preparex("INSERT INTO pagemeta (pageid, orgid, documentid, rawbody, config, externalsource, created, revised) VALUES (?, ?, ?, ?, ?, ?, ?, ?)")
+	stmt2, err := p.Context.Transaction.Preparex("INSERT INTO pagemeta (pageid, orgid, userid, documentid, rawbody, config, externalsource, created, revised) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)")
 	defer utility.Close(stmt2)

 	if err != nil {
@ -73,7 +74,7 @@ func (p *Persister) AddPage(model models.PageModel) (err error) {
 		return
 	}

-	_, err = stmt2.Exec(model.Meta.PageID, model.Meta.OrgID, model.Meta.DocumentID, model.Meta.RawBody, model.Meta.Config, model.Meta.ExternalSource, model.Meta.Created, model.Meta.Revised)
+	_, err = stmt2.Exec(model.Meta.PageID, model.Meta.OrgID, model.Meta.UserID, model.Meta.DocumentID, model.Meta.RawBody, model.Meta.Config, model.Meta.ExternalSource, model.Meta.Created, model.Meta.Revised)

 	if err != nil {
 		log.Error("Unable to execute insert for page meta", err)
@ -291,12 +292,15 @@ func (p *Persister) UpdatePage(page entity.Page, refID, userID string, skipRevis
 }

 // UpdatePageMeta persists meta information associated with a document page.
-func (p *Persister) UpdatePageMeta(meta entity.PageMeta) (err error) {
+func (p *Persister) UpdatePageMeta(meta entity.PageMeta,updateUserID bool) (err error) {
 	err = nil
 	meta.Revised = time.Now().UTC()
+	if updateUserID {
+		meta.UserID=p.Context.UserID
+	}

 	var stmt *sqlx.NamedStmt
-	stmt, err = p.Context.Transaction.PrepareNamed("UPDATE pagemeta SET documentid=:documentid, rawbody=:rawbody, config=:config, externalsource=:externalsource, revised=:revised WHERE orgid=:orgid AND pageid=:pageid")
+	stmt, err = p.Context.Transaction.PrepareNamed("UPDATE pagemeta SET userid=:userid, documentid=:documentid, rawbody=:rawbody, config=:config, externalsource=:externalsource, revised=:revised WHERE orgid=:orgid AND pageid=:pageid")
 	defer utility.Close(stmt)

 	if err != nil {
@ -383,7 +387,7 @@ func (p *Persister) DeletePage(documentID, pageID string) (rows int64, err error
 func (p *Persister) GetPageMeta(pageID string) (meta entity.PageMeta, err error) {
 	err = nil

-	stmt, err := Db.Preparex("SELECT id, pageid, orgid, documentid, rawbody, coalesce(config,JSON_UNQUOTE('{}')) as config, externalsource, created, revised FROM pagemeta WHERE orgid=? AND pageid=?")
+	stmt, err := Db.Preparex("SELECT id, pageid, orgid, userid, documentid, rawbody, coalesce(config,JSON_UNQUOTE('{}')) as config, externalsource, created, revised FROM pagemeta WHERE orgid=? AND pageid=?")
 	defer utility.Close(stmt)

 	if err != nil {
@ -409,7 +413,7 @@ func (p *Persister) GetDocumentPageMeta(documentID string, externalSourceOnly bo
 		filter = " AND externalsource=1"
 	}

-	err = Db.Select(&meta, "SELECT id, pageid, orgid, documentid, rawbody, coalesce(config,JSON_UNQUOTE('{}')) as config, externalsource, created, revised FROM pagemeta WHERE orgid=? AND documentid=?"+filter, p.Context.OrgID, documentID)
+	err = Db.Select(&meta, "SELECT id, pageid, orgid, userid, documentid, rawbody, coalesce(config,JSON_UNQUOTE('{}')) as config, externalsource, created, revised FROM pagemeta WHERE orgid=? AND documentid=?"+filter, p.Context.OrgID, documentID)

 	if err != nil {
 		log.Error(fmt.Sprintf("Unable to execute select document page meta for org %s and document %s", p.Context.OrgID, documentID), err)
--- a/documize/database/scripts/autobuild/db_00000.sql
+++ b/documize/database/scripts/autobuild/db_00000.sql
@ -168,6 +168,7 @@ CREATE TABLE IF NOT EXISTS `pagemeta` (
 	`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
 	`pageid` CHAR(16) NOT NULL COLLATE utf8_bin,
 	`orgid` CHAR(16) NOT NULL COLLATE utf8_bin,
+	`userid` CHAR(16) NOT NULL COLLATE utf8_bin,
 	`documentid` CHAR(16) NOT NULL COLLATE utf8_bin,
 	`rawbody` LONGBLOB,
 	`config` JSON,
@ -266,3 +267,16 @@ INSERT INTO `config` VALUES ('LICENSE','{\"token\": \"\",\"endpoint\": \"https:/
 INSERT INTO `config` VALUES ('META','{\"database\": \"db_00000.sql\"}');
 INSERT INTO `config` VALUES ('SECTION-GITHUB', '{\"clientID\": \"\", \"clientSecret\": \"\", \"authorizationCallbackURL\": \"https://localhost:5001/api/public/validate?section=github\"}');
 INSERT INTO `config` VALUES ('SECTION-TRELLO','{\"appKey\": \"\"}');
+
+DROP TABLE IF EXISTS `userconfig`;
+
+CREATE TABLE IF NOT EXISTS  `userconfig` (
+	`orgid` CHAR(16) NOT NULL COLLATE utf8_bin,
+	`userid` CHAR(16) NOT NULL COLLATE utf8_bin,
+	`key` CHAR(225) NOT NULL,
+	`config` JSON,
+	UNIQUE INDEX `idx_userconfig_orguserkey` (`orgid`, `userid`, `key` ASC) )
+	DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
+
+-- TODO insert userid into pagemeta table
+-- ALTER TABLE `pagemeta` ADD `userid` CHAR(16) NOT NULL COLLATE utf8_bin AFTER `orgid`;
--- a/documize/section/asana/asana.go
+++ b/documize/section/asana/asana.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/code/code.go
+++ b/documize/section/code/code.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/docusign/docusign.go
+++ b/documize/section/docusign/docusign.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/gemini/gemini.go
+++ b/documize/section/gemini/gemini.go
@ -40,7 +40,7 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Render converts Gemini data into HTML suitable for browser rendering.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	var items []geminiItem
 	var payload = geminiRender{}
 	var c = geminiConfig{}
@ -64,7 +64,7 @@ func (*Provider) Render(config, data string) string {
 }

 // Command handles authentication, workspace listing and items retrieval.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	query := r.URL.Query()
 	method := query.Get("method")

@ -84,7 +84,7 @@ func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) (newData string) {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) (newData string) {
 	var c = geminiConfig{}
 	err := json.Unmarshal([]byte(config), &c)

--- a/documize/section/github/github.go
+++ b/documize/section/github/github.go
@ -14,6 +14,7 @@ package github
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"html/template"
 	"io/ioutil"
@ -64,9 +65,22 @@ func authorizationCallbackURL() string {
 	// NOTE: URL value must have the path and query "/api/public/validate?section=github"
 	return request.ConfigString(meta.ConfigHandle(), "authorizationCallbackURL")
 }
+func validateToken(ptoken string) error {
+	// Github authorization check
+	authClient := gogithub.NewClient((&gogithub.BasicAuthTransport{
+		Username: clientID(),
+		Password: clientSecret(),
+	}).Client())
+	_, _, err := authClient.Authorizations.Check(clientID(), ptoken)
+	return err
+}
+
+func secretsJSON(token string) string {
+	return `{"token":"` + strings.TrimSpace(token) + `"}`
+}

 // Command to run the various functions required...
-func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (p *Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	query := r.URL.Query()
 	method := query.Get("method")

@ -99,6 +113,25 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// get the secret token in the database
+	ptoken := ctx.GetSecrets("token")
+
+	switch method {
+
+	case "saveSecret": // secret Token update code
+
+		// write the new one, direct from JS
+		if err = ctx.SaveSecrets(string(body)); err != nil {
+			log.Error("github settoken configuration", err)
+			provider.WriteError(w, "github", err)
+			return
+		}
+		provider.WriteEmpty(w)
+		return
+
+	}
+
+	// load the config from the client-side
 	config := githubConfig{}
 	err = json.Unmarshal(body, &config)

@ -109,17 +142,29 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
 	}

 	config.Clean()
-
-	if len(config.Token) == 0 {
-		msg := "Missing token"
-		log.ErrorString("github: " + msg)
-		provider.WriteMessage(w, "gitub", msg)
-		return
-	}
+	// always use DB version of the token
+	config.Token = ptoken

 	client := p.githubClient(config)

-	switch method {
+	switch method { // the main data handling switch
+
+	case "checkAuth":
+
+		if len(ptoken) == 0 {
+			err = errors.New("empty github token")
+		} else {
+			err = validateToken(ptoken)
+		}
+		if err != nil {
+			// token now invalid, so wipe it
+			ctx.SaveSecrets("") // ignore error, already in an error state
+			log.Error("github check token validation", err)
+			provider.WriteError(w, "github", err)
+			return
+		}
+		provider.WriteEmpty(w)
+		return

 	case tagCommitsData:

@ -208,7 +253,7 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
 				provider.WriteError(w, "github", err)
 				return
 			}
-			for kr, vr := range repos {
+			for _, vr := range repos {
 				private := ""
 				if *vr.Private {
 					private = " (private)"
@ -216,7 +261,7 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
 				render = append(render,
 					githubRepo{
 						Name:    config.Owner + "/" + *vr.Name + private,
-						ID:      fmt.Sprintf("%s:%s:%d", config.Owner, *vr.Name, kr),
+						ID:      fmt.Sprintf("%s:%s", config.Owner, *vr.Name),
 						Owner:   config.Owner,
 						Repo:    *vr.Name,
 						Private: *vr.Private,
@ -229,6 +274,7 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
 		provider.WriteJSON(w, render)

 	case "branches":
+
 		if config.Owner == "" || config.Repo == "" {
 			provider.WriteJSON(w, []githubBranch{}) // we have nothing to return
 			return
@ -244,7 +290,7 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
 		for kc, vb := range branches {
 			render[kc] = githubBranch{
 				Name:     *vb.Name,
-				ID:       fmt.Sprintf("%s:%s:%s:%d", config.Owner, config.Repo, *vb.Name, kc),
+				ID:       fmt.Sprintf("%s:%s:%s", config.Owner, config.Repo, *vb.Name),
 				Included: false,
 				URL:      "https://github.com/" + config.Owner + "/" + config.Repo + "/tree/" + *vb.Name,
 			}
@ -253,6 +299,7 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
 		provider.WriteJSON(w, render)

 	case "labels":
+
 		if config.Owner == "" || config.Repo == "" {
 			provider.WriteJSON(w, []githubBranch{}) // we have nothing to return
 			return
@ -277,6 +324,7 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
 		provider.WriteJSON(w, render)

 	default:
+
 		log.ErrorString("Github connector unknown method: " + method)
 		provider.WriteEmpty(w)
 	}
@ -573,7 +621,7 @@ func (*Provider) getCommits(client *gogithub.Client, config githubConfig) ([]git
 }

 // Refresh ... gets the latest version
-func (p *Provider) Refresh(configJSON, data string) string {
+func (p *Provider) Refresh(ctx *provider.Context, configJSON, data string) string {
 	var c = githubConfig{}

 	err := json.Unmarshal([]byte(configJSON), &c)
@ -584,6 +632,7 @@ func (p *Provider) Refresh(configJSON, data string) string {
 	}

 	c.Clean()
+	c.Token = ctx.GetSecrets("token")

 	switch c.ReportInfo.ID {
 	/*case "issuenum_data":
@ -634,7 +683,7 @@ func (p *Provider) Refresh(configJSON, data string) string {
 }

 // Render ... just returns the data given, suitably formatted
-func (p *Provider) Render(config, data string) string {
+func (p *Provider) Render(ctx *provider.Context, config, data string) string {
 	var err error

 	payload := githubRender{}
@ -648,6 +697,8 @@ func (p *Provider) Render(config, data string) string {
 	}

 	c.Clean()
+	c.Token = ctx.GetSecrets("token")
+
 	payload.Config = c
 	payload.Repo = c.RepoInfo
 	payload.Limit = c.BranchLines
--- a/documize/section/github/model.go
+++ b/documize/section/github/model.go
@ -13,14 +13,13 @@ package github

 import (
 	"html/template"
-	"strings"
 	"time"

 	"github.com/documize/community/wordsmith/log"
 )

-const tagIssuesData = "issues_data"
-const tagCommitsData = "commits_data"
+const tagIssuesData = "issuesData"
+const tagCommitsData = "commitsData"

 type githubRender struct {
 	Config           githubConfig
@ -218,8 +217,9 @@ type githubIssueActivity struct {
 */

 type githubConfig struct {
-	AppKey      string         `json:"appKey"` // TODO keep?
-	Token       string         `json:"token"`
+	Token       string         `json:"-"` // NOTE very important that the secret Token is not leaked to the client side, so "-"
+	UserID      string         `json:"userId"`
+	PageID      string         `json:"pageId"`
 	Owner       string         `json:"owner_name"`
 	Repo        string         `json:"repo_name"`
 	Branch      string         `json:"branch"`
@ -239,8 +239,6 @@ type githubConfig struct {
 }

 func (c *githubConfig) Clean() {
-	c.AppKey = strings.TrimSpace(c.AppKey) // TODO keep?
-	c.Token = strings.TrimSpace(c.Token)
 	c.Owner = c.OwnerInfo.Name
 	c.Repo = c.RepoInfo.Repo
 	for _, l := range c.Lists {
--- a/documize/section/intercom/intercom.go
+++ b/documize/section/intercom/intercom.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/mailchimp/mailchimp.go
+++ b/documize/section/mailchimp/mailchimp.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/markdown/markdown.go
+++ b/documize/section/markdown/markdown.go
@ -36,18 +36,18 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render converts markdown data into HTML suitable for browser rendering.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	result := blackfriday.MarkdownCommon([]byte(data))

 	return string(result)
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/papertrail/model.go
+++ b/documize/section/papertrail/model.go
@ -61,7 +61,7 @@ type papertrailEvent struct {
 }

 type papertrailConfig struct {
-	APIToken string           `json:"APIToken"`
+	APIToken string           `json:"APIToken"` // only contains the correct token just after it is typed in
 	Query    string           `json:"query"`
 	Max      int              `json:"max"`
 	Group    papertrailOption `json:"group"`
--- a/documize/section/papertrail/papertrail.go
+++ b/documize/section/papertrail/papertrail.go
@ -42,7 +42,7 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Render converts Papertrail data into HTML suitable for browser rendering.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	var search papertrailSearch
 	var events []papertrailEvent
 	var payload = papertrailRender{}
@ -51,6 +51,8 @@ func (*Provider) Render(config, data string) string {
 	json.Unmarshal([]byte(data), &search)
 	json.Unmarshal([]byte(config), &c)

+	c.APIToken = ctx.GetSecrets("APIToken")
+
 	max := len(search.Events)
 	if c.Max < max {
 		max = c.Max
@ -74,7 +76,7 @@ func (*Provider) Render(config, data string) string {
 }

 // Command handles authentication, workspace listing and items retrieval.
-func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (p *Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	query := r.URL.Query()
 	method := query.Get("method")

@ -101,6 +103,10 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {

 	config.Clean()

+	if config.APIToken == provider.SecretReplacement {
+		config.APIToken = ctx.GetSecrets("APIToken")
+	}
+
 	if len(config.APIToken) == 0 {
 		provider.WriteMessage(w, me, "Missing API token")
 		return
@ -108,14 +114,14 @@ func (p *Provider) Command(w http.ResponseWriter, r *http.Request) {

 	switch method {
 	case "auth":
-		auth(config, w, r)
+		auth(ctx, config, w, r)
 	case "options":
 		options(config, w, r)
 	}
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) (newData string) {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) (newData string) {
 	var c = papertrailConfig{}
 	err := json.Unmarshal([]byte(config), &c)

@ -126,6 +132,8 @@ func (*Provider) Refresh(config, data string) (newData string) {

 	c.Clean()

+	c.APIToken = ctx.GetSecrets("APIToken")
+
 	if len(c.APIToken) == 0 {
 		log.Error("missing API token", err)
 		return
@ -149,7 +157,7 @@ func (*Provider) Refresh(config, data string) (newData string) {
 	return
 }

-func auth(config papertrailConfig, w http.ResponseWriter, r *http.Request) {
+func auth(ctx *provider.Context, config papertrailConfig, w http.ResponseWriter, r *http.Request) {
 	result, err := fetchEvents(config)

 	if err != nil {
@ -162,6 +170,8 @@ func auth(config papertrailConfig, w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	log.IfErr(ctx.SaveSecrets(`{"APIToken":"` + config.APIToken + `"}`))
+
 	provider.WriteJSON(w, result)
 }

--- a/documize/section/provider/provider.go
+++ b/documize/section/provider/provider.go
@ -19,9 +19,14 @@ import (
 	"sort"
 	"strings"

+	"github.com/documize/community/documize/api/request"
 	"github.com/documize/community/wordsmith/log"
 )

+// SecretReplacement is a constant used to replace secrets in data-structures when required.
+// 8 stars.
+const SecretReplacement = "********"
+
 // sectionsMap is where individual sections register themselves.
 var sectionsMap = make(map[string]Provider)

@ -44,9 +49,25 @@ func (t *TypeMeta) ConfigHandle() string {
 // Provider represents a 'page' in a document.
 type Provider interface {
 	Meta() TypeMeta                                               // Meta returns section details
-	Command(w http.ResponseWriter, r *http.Request) // Command is general-purpose method that can return data to UI
-	Render(config, data string) string              // Render converts section data into presentable HTML
-	Refresh(config, data string) string             // Refresh returns latest data
+	Command(ctx *Context, w http.ResponseWriter, r *http.Request) // Command is general-purpose method that can return data to UI
+	Render(ctx *Context, config, data string) string              // Render converts section data into presentable HTML
+	Refresh(ctx *Context, config, data string) string             // Refresh returns latest data
+}
+
+// Context describes the environment the section code runs in
+type Context struct {
+	OrgID     string
+	UserID    string
+	prov      Provider
+	inCommand bool
+}
+
+// NewContext is a convenience function.
+func NewContext(orgid, userid string) *Context {
+	if orgid == "" || userid == "" {
+		log.Error("NewContext incorrect orgid:"+orgid+" userid:"+userid, errors.New("bad section context"))
+	}
+	return &Context{OrgID: orgid, UserID: userid}
 }

 // Register makes document section type available
@ -71,10 +92,12 @@ func GetSectionMeta() []TypeMeta {
 }

 // Command passes parameters to the given section id, the returned bool indicates success.
-func Command(section string, w http.ResponseWriter, r *http.Request) bool {
+func Command(section string, ctx *Context, w http.ResponseWriter, r *http.Request) bool {
 	s, ok := sectionsMap[section]
 	if ok {
-		s.Command(w, r)
+		ctx.prov = s
+		ctx.inCommand = true
+		s.Command(ctx, w, r)
 	}
 	return ok
 }
@ -91,19 +114,21 @@ func Callback(section string, w http.ResponseWriter, r *http.Request) error {
 }

 // Render runs that operation for the given section id, the returned bool indicates success.
-func Render(section, config, data string) (string, bool) {
+func Render(section string, ctx *Context, config, data string) (string, bool) {
 	s, ok := sectionsMap[section]
 	if ok {
-		return s.Render(config, data), true
+		ctx.prov = s
+		return s.Render(ctx, config, data), true
 	}
 	return "", false
 }

 // Refresh returns the latest data for a section.
-func Refresh(section, config, data string) (string, bool) {
+func Refresh(section string, ctx *Context, config, data string) (string, bool) {
 	s, ok := sectionsMap[section]
 	if ok {
-		return s.Refresh(config, data), true
+		ctx.prov = s
+		return s.Refresh(ctx, config, data), true
 	}
 	return "", false
 }
@ -174,6 +199,28 @@ func WriteForbidden(w http.ResponseWriter) {
 	log.IfErr(err)
 }

+// Secrets handling
+
+// SaveSecrets for the current user/org combination.
+// The secrets must be in the form of a JSON format string, for example `{"mysecret":"lover"}`.
+// An empty string signifies no valid secrets for this user/org combination.
+// Note that this function can only be called within the Command method of a section.
+func (c *Context) SaveSecrets(JSONobj string) error {
+	if !c.inCommand {
+		return errors.New("SaveSecrets() may only be called from within Command()")
+	}
+	return request.UserConfigSetJSON(c.OrgID, c.UserID, c.prov.Meta().ContentType, JSONobj)
+}
+
+// GetSecrets for the current context user/org.
+// For example (see SaveSecrets example): thisContext.GetSecrets("mysecret")
+// JSONpath format is defined at https://dev.mysql.com/doc/refman/5.7/en/json-path-syntax.html .
+// An empty JSONpath returns the whole JSON object, as JSON.
+// Errors return the empty string.
+func (c *Context) GetSecrets(JSONpath string) string {
+	return request.UserConfigGetJSON(c.OrgID, c.UserID, c.prov.Meta().ContentType, JSONpath)
+}
+
 // sort sections in order that that should be presented.
 type sectionsToSort []TypeMeta

--- a/documize/section/register.go
+++ b/documize/section/register.go
@ -50,7 +50,6 @@ func Register() {
 	provider.Register("trello", &trello.Provider{})
 	provider.Register("wysiwyg", &wysiwyg.Provider{})
 	provider.Register("zendesk", &zendesk.Provider{})
-
 	p := provider.List()
 	log.Info(fmt.Sprintf("Documize registered %d smart sections", len(p)))
 }
--- a/documize/section/salesforce/salesforce.go
+++ b/documize/section/salesforce/salesforce.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/stripe/stripe.go
+++ b/documize/section/stripe/stripe.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/table/table.go
+++ b/documize/section/table/table.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render sends back data as-is (HTML).
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/trello/trello.go
+++ b/documize/section/trello/trello.go
@ -45,7 +45,7 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	query := r.URL.Query()
 	method := query.Get("method")

@ -137,7 +137,7 @@ func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	raw := []trelloListCards{}
 	payload := trelloRender{}
 	var c = trelloConfig{}
@ -163,7 +163,7 @@ func (*Provider) Render(config, data string) string {
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	var c = trelloConfig{}
 	json.Unmarshal([]byte(config), &c)

--- a/documize/section/wysiwyg/wysiwyg.go
+++ b/documize/section/wysiwyg/wysiwyg.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render returns data as-is (HTML).
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }
--- a/documize/section/zendesk/zendesk.go
+++ b/documize/section/zendesk/zendesk.go
@ -35,16 +35,16 @@ func (*Provider) Meta() provider.TypeMeta {
 }

 // Command stub.
-func (*Provider) Command(w http.ResponseWriter, r *http.Request) {
+func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	provider.WriteEmpty(w)
 }

 // Render just sends back HMTL as-is.
-func (*Provider) Render(config, data string) string {
+func (*Provider) Render(ctx *provider.Context, config, data string) string {
 	return data
 }

 // Refresh just sends back data as-is.
-func (*Provider) Refresh(config, data string) string {
+func (*Provider) Refresh(ctx *provider.Context, config, data string) string {
 	return data
 }