From 9c93a41ebb72cc1d61dfd2b9a63213d15bdd0260 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 7 Aug 2025 00:32:16 +0000
Subject: [PATCH 1/5] Initial plan


From cf860213e3686cf1314147b898e547b54bc6719d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 7 Aug 2025 00:52:24 +0000
Subject: [PATCH 2/5] Modernize user settings page with public key management

Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com>
---
 .../controllers/api/UserApiController.java    | 105 +++
 .../sso/controllers/view/UserController.java  |  19 +-
 .../templates/sso/users/user_settings.html    | 723 +++++++++++++-----
 .../sso/core/services/HostGroupService.java   |   5 +
 4 files changed, 672 insertions(+), 180 deletions(-)

diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
index 45e17f2c..269beba5 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
@@ -22,11 +22,13 @@
 import io.sentrius.sso.core.dto.UserDTO;
 import io.sentrius.sso.core.dto.UserTypeDTO;
 import io.sentrius.sso.core.model.users.UserConfig;
+import io.sentrius.sso.core.model.users.UserPublicKey;
 import io.sentrius.sso.core.model.users.UserSettings;
 import io.sentrius.sso.core.services.ErrorOutputService;
 import io.sentrius.sso.core.services.HostGroupService;
 import io.sentrius.sso.core.services.SessionService;
 import io.sentrius.sso.core.services.UserCustomizationService;
+import io.sentrius.sso.core.services.UserPublicKeyService;
 import io.sentrius.sso.core.services.UserService;
 import io.sentrius.sso.core.services.agents.AgentService;
 import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
@@ -45,8 +47,10 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -63,6 +67,7 @@ public class UserApiController extends BaseController {
     final CryptoService cryptoService;
     private final MessagingUtil messagingUtil;
     final UserCustomizationService userThemeService;
+    final UserPublicKeyService userPublicKeyService;
     final ZeroTrustRequestService ztatRequestService;
     final ZeroTrustAccessTokenService ztatService;
     final AgentService agentService;
@@ -87,6 +92,7 @@ protected UserApiController(
         HostGroupService hostGroupService, CryptoService  cryptoService,
         MessagingUtil messagingUtil,
         UserCustomizationService userThemeService,
+        UserPublicKeyService userPublicKeyService,
         SessionService sessionService,
         ZeroTrustRequestService ztatRequestService,
         ZeroTrustAccessTokenService ztatService, AgentService agentService,
@@ -97,6 +103,7 @@ protected UserApiController(
         this.cryptoService = cryptoService;
         this.messagingUtil = messagingUtil;
         this.userThemeService = userThemeService;
+        this.userPublicKeyService = userPublicKeyService;
         this.sessionService = sessionService;
         this.ztatRequestService = ztatRequestService;
         this.ztatService = ztatService;
@@ -428,5 +435,103 @@ private List<Map<String, Object>> getAgentSessionDurations() {
         return agentSessions;
     }
 
+    // Public Key Management Endpoints
+    
+    @GetMapping("/publickeys")
+    public ResponseEntity<List<UserPublicKey>> getUserPublicKeys(HttpServletRequest request, HttpServletResponse response) {
+        var user = userService.getOperatingUser(request, response, null);
+        var publicKeys = userPublicKeyService.getPublicKeysForUser(user.getId());
+        return ResponseEntity.ok(publicKeys);
+    }
+
+    @PostMapping("/publickeys")
+    public ResponseEntity<ObjectNode> addPublicKey(HttpServletRequest request, HttpServletResponse response, @RequestBody UserPublicKey publicKey) {
+        ObjectNode node = JsonUtil.MAPPER.createObjectNode();
+        try {
+            var user = userService.getOperatingUser(request, response, null);
+            publicKey.setUser(user);
+            
+            if (publicKey.getCreatedAt() == null) {
+                publicKey.setCreatedAt(new java.sql.Timestamp(System.currentTimeMillis()));
+            }
+            
+            var savedKey = userPublicKeyService.addPublicKey(publicKey);
+            node.put("status", "Public key successfully added");
+            node.put("id", savedKey.getId());
+            return ResponseEntity.ok(node);
+        } catch (Exception e) {
+            log.error("Error adding public key", e);
+            node.put("status", "Error adding public key");
+            return ResponseEntity.internalServerError().body(node);
+        }
+    }
+
+    @PostMapping("/publickeys/{keyId}/assign")
+    public ResponseEntity<ObjectNode> assignPublicKeyToHostGroup(
+            HttpServletRequest request, HttpServletResponse response,
+            @PathVariable Long keyId, @RequestParam Long hostGroupId) {
+        ObjectNode node = JsonUtil.MAPPER.createObjectNode();
+        try {
+            var user = userService.getOperatingUser(request, response, null);
+            var publicKeyOpt = userPublicKeyService.getPublicKeyById(keyId);
+            
+            if (publicKeyOpt.isEmpty()) {
+                node.put("status", "Public key not found");
+                return ResponseEntity.status(HttpStatus.NOT_FOUND).body(node);
+            }
+            
+            var publicKey = publicKeyOpt.get();
+            
+            // Verify the key belongs to the current user
+            if (!publicKey.getUser().getId().equals(user.getId())) {
+                node.put("status", "Unauthorized");
+                return ResponseEntity.status(HttpStatus.FORBIDDEN).body(node);
+            }
+            
+            var hostGroup = hostGroupService.getHostGroup(hostGroupId);
+            publicKey.setHostGroup(hostGroup);
+            userPublicKeyService.addPublicKey(publicKey);
+            
+            node.put("status", "Public key successfully assigned to host group");
+            return ResponseEntity.ok(node);
+        } catch (Exception e) {
+            log.error("Error assigning public key to host group", e);
+            node.put("status", "Error assigning public key to host group");
+            return ResponseEntity.internalServerError().body(node);
+        }
+    }
+
+    @DeleteMapping("/publickeys/{keyId}")
+    public ResponseEntity<ObjectNode> deletePublicKey(
+            HttpServletRequest request, HttpServletResponse response,
+            @PathVariable Long keyId) {
+        ObjectNode node = JsonUtil.MAPPER.createObjectNode();
+        try {
+            var user = userService.getOperatingUser(request, response, null);
+            var publicKeyOpt = userPublicKeyService.getPublicKeyById(keyId);
+            
+            if (publicKeyOpt.isEmpty()) {
+                node.put("status", "Public key not found");
+                return ResponseEntity.status(HttpStatus.NOT_FOUND).body(node);
+            }
+            
+            var publicKey = publicKeyOpt.get();
+            
+            // Verify the key belongs to the current user
+            if (!publicKey.getUser().getId().equals(user.getId())) {
+                node.put("status", "Unauthorized");
+                return ResponseEntity.status(HttpStatus.FORBIDDEN).body(node);
+            }
+            
+            userPublicKeyService.deletePublicKey(keyId);
+            node.put("status", "Public key successfully deleted");
+            return ResponseEntity.ok(node);
+        } catch (Exception e) {
+            log.error("Error deleting public key", e);
+            node.put("status", "Error deleting public key");
+            return ResponseEntity.internalServerError().body(node);
+        }
+    }
+
 }
 
diff --git a/api/src/main/java/io/sentrius/sso/controllers/view/UserController.java b/api/src/main/java/io/sentrius/sso/controllers/view/UserController.java
index c2448c8f..3eb30a22 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/view/UserController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/view/UserController.java
@@ -23,7 +23,9 @@
 import io.sentrius.sso.core.model.users.UserConfig;
 import io.sentrius.sso.core.model.users.UserSettings;
 import io.sentrius.sso.core.services.ErrorOutputService;
+import io.sentrius.sso.core.services.HostGroupService;
 import io.sentrius.sso.core.services.UserCustomizationService;
+import io.sentrius.sso.core.services.UserPublicKeyService;
 import io.sentrius.sso.core.services.UserService;
 import io.sentrius.sso.core.services.WorkHoursService;
 import io.sentrius.sso.core.services.security.CryptoService;
@@ -44,16 +46,21 @@
 public class UserController extends BaseController {
 
     final UserCustomizationService userThemeService;
+    final UserPublicKeyService userPublicKeyService;
+    final HostGroupService hostGroupService;
     final WorkHoursService  workHoursService;
     final CryptoService cryptoService;
 
     protected UserController(
         UserService userService, SystemOptions systemOptions,
-        ErrorOutputService errorOutputService, UserCustomizationService userThemeService, WorkHoursService workHoursService,
-        CryptoService cryptoService
+        ErrorOutputService errorOutputService, UserCustomizationService userThemeService, 
+        UserPublicKeyService userPublicKeyService, HostGroupService hostGroupService,
+        WorkHoursService workHoursService, CryptoService cryptoService
     ) {
         super(userService, systemOptions, errorOutputService);
         this.userThemeService = userThemeService;
+        this.userPublicKeyService = userPublicKeyService;
+        this.hostGroupService = hostGroupService;
         this.workHoursService = workHoursService;
         this.cryptoService = cryptoService;
     }
@@ -186,8 +193,16 @@ public String getUserSettings(Model model, HttpServletRequest request, HttpServl
         Map<Integer, WorkHours> userWorkHours = workHoursList.stream()
             .collect(Collectors.toMap(WorkHours::getDayOfWeek, wh -> wh));
 
+        // Get user's public keys
+        var publicKeys = userPublicKeyService.getPublicKeysForUser(user.getId());
+        
+        // Get available host groups for this user
+        var hostGroups = hostGroupService.getHostGroupsForUser(user.getId());
+
         // Pass data to Thymeleaf
         model.addAttribute("userWorkHours", userWorkHours);
+        model.addAttribute("publicKeys", publicKeys);
+        model.addAttribute("hostGroups", hostGroups);
         model.addAttribute("daysOfWeek", List.of(
             new DayOfWeekDTO(0, "Sunday"),
             new DayOfWeekDTO(1, "Monday"),
diff --git a/api/src/main/resources/templates/sso/users/user_settings.html b/api/src/main/resources/templates/sso/users/user_settings.html
index 8d9bc4d8..dad3e6ed 100755
--- a/api/src/main/resources/templates/sso/users/user_settings.html
+++ b/api/src/main/resources/templates/sso/users/user_settings.html
@@ -1,179 +1,546 @@
-<!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
-
-<head>
-    <meta th:replace="~{fragments/header}">
-    <!--<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css" rel="stylesheet">
-    -->
-    <style>
-        /* Centering the form container */
-        .center-container {
-            display: flex;
-            flex-direction: column; /* Stack elements vertically */
-            align-items: center;
-            width: 100%; /* Ensure full width usage */
-            padding: 20px;
-        }
-
-        .form-section {
-            width: 100%; /* Prevent side-by-side layout */
-            max-width: 600px; /* Optional: Match the width of the form */
-            margin-bottom: 20px; /* Space between form and table */
-        }
-
-
-        /* Limit form width for better UX */
-        .settings-form {
-            max-width: 500px;
-            width: 100%;
-            background-color: #30373a;
-            padding: 20px;
-            border-radius: 10px;
-            box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
-        }
-
-        /* Table adjustments */
-        .settings-form table {
-            width: 100%;
-        }
-
-        /* Responsive table adjustments */
-        .settings-form td:first-child {
-            width: 70%;
-        }
-
-        .settings-form td:last-child {
-            width: 30%;
-        }
-
-        /* Align icons next to labels */
-        .settings-label {
-            display: flex;
-            align-items: center;
-            gap: 5px;
-        }
-
-        .submit_btn {
-            width: 100%; /* Full-width button */
-        }
-
-        .settings-form table,
-        .table {
-            margin-bottom: 10px; /* Reduce spacing between tables */
-        }
-    </style>
-    <title>[[${systemOptions.systemLogoName}]] - User Settings</title>
-</head>
-
-<body>
-<div class="container-fluid">
-    <div class="row flex-nowrap">
-        <!-- Sidebar -->
-        <div th:replace="~{fragments/sidebar}" class="col-auto sidebar" style="width: 180px;"></div>
-
-        <!-- Main content -->
-        <div class="col py-4">
-            <div class="main-content">
-                <div th:replace="~{fragments/alerts}"></div>
-
-                <!-- Centered form container -->
-                <div class="center-container">
-                    <h2>Your Settings</h2>
-                    <form th:action="@{/api/v1/users/settings}" method="post" class="settings-form" autocomplete="off">
-                        <input type="hidden" name="_csrf" th:value="${_csrf.token}" />
-
-                        <table th:if="${userOptions != null && !userOptions.empty}">
-                            <template th:each="s : ${userOptions}" th:remove="tag">
-                                <tr>
-                                    <td>
-                                        <span class="settings-label">
-                                            <div th:text="${s.name}"></div>
-                                            <i class="fa-regular fa-circle-question" th:title="${s.description}"
-                                               th:if="${s.description != null && !s.description.empty}"></i>
-                                        </span>
-                                    </td>
-                                    <td>
-                                        <input type="text" class="form-control" th:name="${s.name}" th:value="${s.value}" />
-                                    </td>
-                                </tr>
-                            </template>
-                        </table>
-
-
-                        <br />
-                        <button type="submit" class="btn btn-primary submit_btn">Save</button>
-                    </form>
-
-                <div class="form-section">
-                    <br />
-                    <h2>Work Hours</h2>
-                    <table class="table table-dark table-striped">
-                        <thead>
-                        <tr>
-                            <th>Day</th>
-                            <th>Enable</th>
-                            <th>Start Time</th>
-                            <th>End Time</th>
-                        </tr>
-                        </thead>
-                        <tbody>
-                        <tr th:each="day, iter : ${daysOfWeek}">
-                            <td th:text="${day.name}"></td>
-                            <td>
-                                <input type="checkbox" th:id="'enable_' + ${iter.index}" th:checked="${userWorkHours.containsKey(day.id)}">
-                            </td>
-                            <td>
-                                <input type="time" class="form-control" th:id="'start_' + ${iter.index}"
-                                       th:value="${userWorkHours.containsKey(day.id) ? userWorkHours.get(day.id).startTime : ''}"
-                                       th:disabled="${!userWorkHours.containsKey(day.id)}">
-                            </td>
-                            <td>
-                                <input type="time" class="form-control" th:id="'end_' + ${iter.index}"
-                                       th:value="${userWorkHours.containsKey(day.id) ? userWorkHours.get(day.id).endTime : ''}"
-                                       th:disabled="${!userWorkHours.containsKey(day.id)}">
-                            </td>
-                        </tr>
-                        </tbody>
-                    </table>
-
-                    <br />
-                    <button class="btn btn-primary mt-3" id="saveWorkHours">Save Work Hours</button>
-                </div>
-            </div>
-        </div>
-    </div>
-</div>
-<script>
-    document.addEventListener('DOMContentLoaded', function () {
-        document.querySelectorAll('[id^="enable_"]').forEach((checkbox) => {
-            checkbox.addEventListener('change', function () {
-                let index = this.id.split("_")[1];
-                document.getElementById('start_' + index).disabled = !this.checked;
-                document.getElementById('end_' + index).disabled = !this.checked;
-            });
-        });
-
-        document.getElementById('saveWorkHours').addEventListener('click', function () {
-            let workHours = [];
-            document.querySelectorAll('[id^="enable_"]').forEach((checkbox) => {
-                let index = checkbox.id.split("_")[1];
-                if (checkbox.checked) {
-                    workHours.push({
-                        dayOfWeek: index,
-                        startTime: document.getElementById('start_' + index).value,
-                        endTime: document.getElementById('end_' + index).value
-                    });
-                }
-            });
-
-            fetch('/api/v1/users/settings/workhours', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify(workHours)
-            }).then(response => location.reload());
-        });
-    });
-</script>
-</body>
-
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+
+<head>
+    <meta th:replace="~{fragments/header}">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css" rel="stylesheet">
+    <style>
+        .center-container {
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            width: 100%;
+            padding: 20px;
+        }
+
+        .settings-section {
+            width: 100%;
+            max-width: 900px;
+            margin-bottom: 30px;
+            background-color: #30373a;
+            padding: 25px;
+            border-radius: 12px;
+            box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+        }
+
+        .settings-section h3 {
+            color: #ffffff;
+            margin-bottom: 20px;
+            font-weight: 600;
+            border-bottom: 2px solid #495057;
+            padding-bottom: 10px;
+        }
+
+        .settings-form table {
+            width: 100%;
+        }
+
+        .settings-form td:first-child {
+            width: 70%;
+            padding: 8px;
+        }
+
+        .settings-form td:last-child {
+            width: 30%;
+            padding: 8px;
+        }
+
+        .settings-label {
+            display: flex;
+            align-items: center;
+            gap: 8px;
+            color: #ffffff;
+            font-weight: 500;
+        }
+
+        .submit_btn {
+            width: 100%;
+        }
+
+        /* Public Key Management Styles */
+        .public-key-item {
+            background-color: #495057;
+            border-radius: 8px;
+            padding: 15px;
+            margin-bottom: 15px;
+            border: 1px solid #6c757d;
+        }
+
+        .public-key-header {
+            display: flex;
+            justify-content: between;
+            align-items: center;
+            margin-bottom: 10px;
+        }
+
+        .key-name {
+            font-weight: 600;
+            color: #ffffff;
+            font-size: 1.1em;
+        }
+
+        .key-type {
+            background-color: #007bff;
+            color: white;
+            padding: 2px 8px;
+            border-radius: 4px;
+            font-size: 0.8em;
+            font-weight: 500;
+        }
+
+        .key-fingerprint {
+            font-family: monospace;
+            color: #adb5bd;
+            font-size: 0.9em;
+            margin: 5px 0;
+        }
+
+        .key-hostgroup {
+            color: #28a745;
+            font-size: 0.9em;
+            margin: 5px 0;
+        }
+
+        .key-actions {
+            margin-top: 10px;
+        }
+
+        .btn-sm {
+            margin-right: 5px;
+        }
+
+        .no-keys-message {
+            text-align: center;
+            color: #6c757d;
+            padding: 30px;
+            font-style: italic;
+        }
+
+        /* Add Key Form */
+        .add-key-form {
+            background-color: #495057;
+            border-radius: 8px;
+            padding: 20px;
+            margin-bottom: 20px;
+        }
+
+        .work-hours-table {
+            margin-bottom: 10px;
+        }
+
+        .modal-dialog-centered {
+            display: flex;
+            align-items: center;
+            min-height: calc(100% - 1rem);
+        }
+    </style>
+    <title>[[${systemOptions.systemLogoName}]] - User Settings</title>
+</head>
+
+<body>
+<div class="container-fluid">
+    <div class="row flex-nowrap">
+        <!-- Sidebar -->
+        <div th:replace="~{fragments/sidebar}" class="col-auto sidebar" style="width: 180px;"></div>
+
+        <!-- Main content -->
+        <div class="col py-4">
+            <div class="main-content">
+                <div th:replace="~{fragments/alerts}"></div>
+
+                <!-- Centered form container -->
+                <div class="center-container">
+                    <h1 class="mb-4 text-white">Your Settings</h1>
+                    
+                    <!-- User Preferences Section -->
+                    <div class="settings-section">
+                        <h3><i class="fas fa-cog me-2"></i>User Preferences</h3>
+                        <form th:action="@{/api/v1/users/settings}" method="post" class="settings-form" autocomplete="off">
+                            <input type="hidden" name="_csrf" th:value="${_csrf.token}" />
+
+                            <table th:if="${userOptions != null && !userOptions.empty}">
+                                <template th:each="s : ${userOptions}" th:remove="tag">
+                                    <tr>
+                                        <td>
+                                            <span class="settings-label">
+                                                <div th:text="${s.name}"></div>
+                                                <i class="fa-regular fa-circle-question" th:title="${s.description}"
+                                                   th:if="${s.description != null && !s.description.empty}"></i>
+                                            </span>
+                                        </td>
+                                        <td>
+                                            <input type="text" class="form-control" th:name="${s.name}" th:value="${s.value}" />
+                                        </td>
+                                    </tr>
+                                </template>
+                            </table>
+
+                            <br />
+                            <button type="submit" class="btn btn-primary submit_btn">
+                                <i class="fas fa-save me-2"></i>Save Preferences
+                            </button>
+                        </form>
+                    </div>
+
+                    <!-- Public Key Management Section -->
+                    <div class="settings-section">
+                        <h3><i class="fas fa-key me-2"></i>SSH Public Key Management</h3>
+                        
+                        <!-- Add New Key Button -->
+                        <button class="btn btn-success mb-3" data-bs-toggle="modal" data-bs-target="#addKeyModal">
+                            <i class="fas fa-plus me-2"></i>Add New Public Key
+                        </button>
+
+                        <!-- Public Keys List -->
+                        <div th:if="${publicKeys != null && !publicKeys.empty}">
+                            <div th:each="key : ${publicKeys}" class="public-key-item">
+                                <div class="public-key-header">
+                                    <div class="d-flex align-items-center gap-2">
+                                        <span class="key-name" th:text="${key.keyName}">Key Name</span>
+                                        <span class="key-type" th:text="${key.keyType}">RSA</span>
+                                        <span class="badge bg-success" th:if="${key.isEnabled}">Enabled</span>
+                                        <span class="badge bg-secondary" th:unless="${key.isEnabled}">Disabled</span>
+                                    </div>
+                                </div>
+                                
+                                <div class="key-fingerprint" th:if="${key.fingerprint}">
+                                    <i class="fas fa-fingerprint me-2"></i>
+                                    <span th:text="${key.fingerprint}">Fingerprint</span>
+                                </div>
+                                
+                                <div class="key-hostgroup" th:if="${key.hostGroup}">
+                                    <i class="fas fa-server me-2"></i>
+                                    Assigned to: <span th:text="${key.hostGroup.name}">Host Group</span>
+                                </div>
+                                <div class="text-muted" th:unless="${key.hostGroup}">
+                                    <i class="fas fa-exclamation-triangle me-2"></i>
+                                    Not assigned to any host group
+                                </div>
+
+                                <div class="key-actions">
+                                    <button class="btn btn-sm btn-primary" th:onclick="'assignToHostGroup(' + ${key.id} + ')'"
+                                            th:disabled="${hostGroups == null || hostGroups.empty}">
+                                        <i class="fas fa-link me-1"></i>Assign to Host Group
+                                    </button>
+                                    <button class="btn btn-sm btn-danger" th:onclick="'deleteKey(' + ${key.id} + ')'">
+                                        <i class="fas fa-trash me-1"></i>Delete
+                                    </button>
+                                </div>
+                            </div>
+                        </div>
+                        
+                        <div th:if="${publicKeys == null || publicKeys.empty}" class="no-keys-message">
+                            <i class="fas fa-key fa-3x mb-3 text-muted"></i>
+                            <p>No SSH public keys configured. Add your first key to get started!</p>
+                        </div>
+                    </div>
+
+                    <!-- Work Hours Section -->
+                    <div class="settings-section">
+                        <h3><i class="fas fa-clock me-2"></i>Work Hours</h3>
+                        <table class="table table-dark table-striped work-hours-table">
+                            <thead>
+                            <tr>
+                                <th>Day</th>
+                                <th>Enable</th>
+                                <th>Start Time</th>
+                                <th>End Time</th>
+                            </tr>
+                            </thead>
+                            <tbody>
+                            <tr th:each="day, iter : ${daysOfWeek}">
+                                <td th:text="${day.name}"></td>
+                                <td>
+                                    <input type="checkbox" th:id="'enable_' + ${iter.index}" th:checked="${userWorkHours.containsKey(day.id)}">
+                                </td>
+                                <td>
+                                    <input type="time" class="form-control" th:id="'start_' + ${iter.index}"
+                                           th:value="${userWorkHours.containsKey(day.id) ? userWorkHours.get(day.id).startTime : ''}"
+                                           th:disabled="${!userWorkHours.containsKey(day.id)}">
+                                </td>
+                                <td>
+                                    <input type="time" class="form-control" th:id="'end_' + ${iter.index}"
+                                           th:value="${userWorkHours.containsKey(day.id) ? userWorkHours.get(day.id).endTime : ''}"
+                                           th:disabled="${!userWorkHours.containsKey(day.id)}">
+                                </td>
+                            </tr>
+                            </tbody>
+                        </table>
+
+                        <button class="btn btn-primary mt-3" id="saveWorkHours">
+                            <i class="fas fa-save me-2"></i>Save Work Hours
+                        </button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<!-- Add Public Key Modal -->
+<div class="modal fade" id="addKeyModal" tabindex="-1" aria-labelledby="addKeyModalLabel" aria-hidden="true">
+    <div class="modal-dialog modal-lg modal-dialog-centered">
+        <div class="modal-content bg-dark text-white">
+            <div class="modal-header">
+                <h5 class="modal-title" id="addKeyModalLabel">
+                    <i class="fas fa-key me-2"></i>Add New SSH Public Key
+                </h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <div class="modal-body">
+                <form id="addKeyForm">
+                    <div class="mb-3">
+                        <label for="keyName" class="form-label">Key Name *</label>
+                        <input type="text" class="form-control" id="keyName" placeholder="e.g., Work Laptop, Personal Key" required>
+                        <div class="form-text">A descriptive name for this key</div>
+                    </div>
+                    
+                    <div class="mb-3">
+                        <label for="keyType" class="form-label">Key Type</label>
+                        <select class="form-control" id="keyType">
+                            <option value="RSA">RSA</option>
+                            <option value="ECDSA">ECDSA</option>
+                            <option value="Ed25519">Ed25519</option>
+                            <option value="DSA">DSA</option>
+                        </select>
+                    </div>
+                    
+                    <div class="mb-3">
+                        <label for="publicKey" class="form-label">Public Key *</label>
+                        <textarea class="form-control" id="publicKey" rows="4" 
+                                  placeholder="ssh-rsa AAAAB3NzaC1yc2E... or ssh-ed25519 AAAAC3NzaC1l..." required></textarea>
+                        <div class="form-text">Paste your SSH public key here</div>
+                    </div>
+                    
+                    <div class="mb-3">
+                        <label for="hostGroupSelect" class="form-label">Assign to Host Group (Optional)</label>
+                        <select class="form-control" id="hostGroupSelect">
+                            <option value="">-- Select Host Group --</option>
+                            <option th:each="group : ${hostGroups}" th:value="${group.id}" th:text="${group.name}">Host Group</option>
+                        </select>
+                        <div class="form-text">You can assign this key to a host group now or later</div>
+                    </div>
+                </form>
+            </div>
+            <div class="modal-footer">
+                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
+                <button type="button" class="btn btn-primary" onclick="addPublicKey()">
+                    <i class="fas fa-plus me-2"></i>Add Key
+                </button>
+            </div>
+        </div>
+    </div>
+</div>
+
+<!-- Assign to Host Group Modal -->
+<div class="modal fade" id="assignModal" tabindex="-1" aria-labelledby="assignModalLabel" aria-hidden="true">
+    <div class="modal-dialog modal-dialog-centered">
+        <div class="modal-content bg-dark text-white">
+            <div class="modal-header">
+                <h5 class="modal-title" id="assignModalLabel">
+                    <i class="fas fa-link me-2"></i>Assign Key to Host Group
+                </h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <div class="modal-body">
+                <form id="assignForm">
+                    <input type="hidden" id="assignKeyId">
+                    <div class="mb-3">
+                        <label for="assignHostGroupSelect" class="form-label">Select Host Group</label>
+                        <select class="form-control" id="assignHostGroupSelect" required>
+                            <option value="">-- Select Host Group --</option>
+                            <option th:each="group : ${hostGroups}" th:value="${group.id}" th:text="${group.name}">Host Group</option>
+                        </select>
+                    </div>
+                </form>
+            </div>
+            <div class="modal-footer">
+                <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
+                <button type="button" class="btn btn-primary" onclick="assignKey()">
+                    <i class="fas fa-link me-2"></i>Assign
+                </button>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
+<script>
+    document.addEventListener('DOMContentLoaded', function () {
+        // Work Hours functionality
+        document.querySelectorAll('[id^="enable_"]').forEach((checkbox) => {
+            checkbox.addEventListener('change', function () {
+                let index = this.id.split("_")[1];
+                document.getElementById('start_' + index).disabled = !this.checked;
+                document.getElementById('end_' + index).disabled = !this.checked;
+            });
+        });
+
+        document.getElementById('saveWorkHours').addEventListener('click', function () {
+            let workHours = [];
+            document.querySelectorAll('[id^="enable_"]').forEach((checkbox) => {
+                let index = checkbox.id.split("_")[1];
+                if (checkbox.checked) {
+                    workHours.push({
+                        dayOfWeek: index,
+                        startTime: document.getElementById('start_' + index).value,
+                        endTime: document.getElementById('end_' + index).value
+                    });
+                }
+            });
+
+            fetch('/api/v1/users/settings/workhours', {
+                method: 'POST',
+                headers: { 
+                    'Content-Type': 'application/json',
+                    'X-Requested-With': 'XMLHttpRequest'
+                },
+                body: JSON.stringify(workHours)
+            }).then(response => {
+                if (response.ok) {
+                    showAlert('Work hours saved successfully!', 'success');
+                } else {
+                    showAlert('Error saving work hours', 'danger');
+                }
+            }).catch(error => {
+                showAlert('Error saving work hours', 'danger');
+            });
+        });
+    });
+
+    // Public Key Management Functions
+    function addPublicKey() {
+        const keyName = document.getElementById('keyName').value;
+        const keyType = document.getElementById('keyType').value;
+        const publicKey = document.getElementById('publicKey').value;
+        const hostGroupId = document.getElementById('hostGroupSelect').value;
+
+        if (!keyName || !publicKey) {
+            showAlert('Please fill in all required fields', 'warning');
+            return;
+        }
+
+        const keyData = {
+            keyName: keyName,
+            keyType: keyType,
+            publicKey: publicKey,
+            isEnabled: true
+        };
+
+        // Add host group if selected
+        if (hostGroupId) {
+            keyData.hostGroup = { id: parseInt(hostGroupId) };
+        }
+
+        fetch('/api/v1/users/publickeys', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-Requested-With': 'XMLHttpRequest'
+            },
+            body: JSON.stringify(keyData)
+        })
+        .then(response => response.json())
+        .then(data => {
+            if (data.status && data.status.includes('success')) {
+                showAlert('Public key added successfully!', 'success');
+                setTimeout(() => location.reload(), 1500);
+            } else {
+                showAlert(data.status || 'Error adding public key', 'danger');
+            }
+        })
+        .catch(error => {
+            showAlert('Error adding public key', 'danger');
+        });
+
+        // Close modal
+        bootstrap.Modal.getInstance(document.getElementById('addKeyModal')).hide();
+    }
+
+    function assignToHostGroup(keyId) {
+        document.getElementById('assignKeyId').value = keyId;
+        new bootstrap.Modal(document.getElementById('assignModal')).show();
+    }
+
+    function assignKey() {
+        const keyId = document.getElementById('assignKeyId').value;
+        const hostGroupId = document.getElementById('assignHostGroupSelect').value;
+
+        if (!hostGroupId) {
+            showAlert('Please select a host group', 'warning');
+            return;
+        }
+
+        fetch(`/api/v1/users/publickeys/${keyId}/assign`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                'X-Requested-With': 'XMLHttpRequest'
+            },
+            body: `hostGroupId=${hostGroupId}`
+        })
+        .then(response => response.json())
+        .then(data => {
+            if (data.status && data.status.includes('success')) {
+                showAlert('Key assigned successfully!', 'success');
+                setTimeout(() => location.reload(), 1500);
+            } else {
+                showAlert(data.status || 'Error assigning key', 'danger');
+            }
+        })
+        .catch(error => {
+            showAlert('Error assigning key', 'danger');
+        });
+
+        // Close modal
+        bootstrap.Modal.getInstance(document.getElementById('assignModal')).hide();
+    }
+
+    function deleteKey(keyId) {
+        if (confirm('Are you sure you want to delete this public key? This action cannot be undone.')) {
+            fetch(`/api/v1/users/publickeys/${keyId}`, {
+                method: 'DELETE',
+                headers: {
+                    'X-Requested-With': 'XMLHttpRequest'
+                }
+            })
+            .then(response => response.json())
+            .then(data => {
+                if (data.status && data.status.includes('success')) {
+                    showAlert('Public key deleted successfully!', 'success');
+                    setTimeout(() => location.reload(), 1500);
+                } else {
+                    showAlert(data.status || 'Error deleting key', 'danger');
+                }
+            })
+            .catch(error => {
+                showAlert('Error deleting key', 'danger');
+            });
+        }
+    }
+
+    function showAlert(message, type) {
+        // Create and show a Bootstrap alert
+        const alertContainer = document.querySelector('.main-content');
+        const alert = document.createElement('div');
+        alert.className = `alert alert-${type} alert-dismissible fade show`;
+        alert.innerHTML = `
+            ${message}
+            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+        `;
+        
+        // Insert at the top of main content
+        alertContainer.insertBefore(alert, alertContainer.firstChild);
+        
+        // Auto-remove after 5 seconds
+        setTimeout(() => {
+            if (alert.parentNode) {
+                alert.remove();
+            }
+        }, 5000);
+    }
+</script>
+</body>
+
 </html>
diff --git a/dataplane/src/main/java/io/sentrius/sso/core/services/HostGroupService.java b/dataplane/src/main/java/io/sentrius/sso/core/services/HostGroupService.java
index 1049e890..f45fb658 100644
--- a/dataplane/src/main/java/io/sentrius/sso/core/services/HostGroupService.java
+++ b/dataplane/src/main/java/io/sentrius/sso/core/services/HostGroupService.java
@@ -195,6 +195,11 @@ public void removeHostSystemFromHostGroup(Long hostGroupId, Long hostSystemId) {
     public List<HostGroup> getAllHostGroups() {
         return hostGroupRepository.findAll();
     }
+    
+    @Transactional(readOnly = true)
+    public List<HostGroup> getHostGroupsForUser(Long userId) {
+        return userRepository.findHostGroupsByUserId(userId).stream().toList();
+    }
 
     public List<HostGroup> getHostGroupsByName(String name) {
         return hostGroupRepository.findByName(name);

From 1b06af8f0417a1c4382a4597d75644bb57ff3399 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 7 Aug 2025 00:58:25 +0000
Subject: [PATCH 3/5] Add comprehensive tests and complete user settings
 modernization

Co-authored-by: phrocker <1781585+phrocker@users.noreply.github.com>
---
 .../api/UserPublicKeyApiControllerTest.java   | 235 ++++++++++++++++++
 1 file changed, 235 insertions(+)
 create mode 100644 api/src/test/java/io/sentrius/sso/controllers/api/UserPublicKeyApiControllerTest.java

diff --git a/api/src/test/java/io/sentrius/sso/controllers/api/UserPublicKeyApiControllerTest.java b/api/src/test/java/io/sentrius/sso/controllers/api/UserPublicKeyApiControllerTest.java
new file mode 100644
index 00000000..6725b82b
--- /dev/null
+++ b/api/src/test/java/io/sentrius/sso/controllers/api/UserPublicKeyApiControllerTest.java
@@ -0,0 +1,235 @@
+package io.sentrius.sso.controllers.api;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.sentrius.sso.core.config.SystemOptions;
+import io.sentrius.sso.core.model.users.User;
+import io.sentrius.sso.core.model.users.UserPublicKey;
+import io.sentrius.sso.core.model.hostgroup.HostGroup;
+import io.sentrius.sso.core.services.ErrorOutputService;
+import io.sentrius.sso.core.services.UserPublicKeyService;
+import io.sentrius.sso.core.services.UserService;
+import io.sentrius.sso.core.services.HostGroupService;
+import io.sentrius.sso.core.services.UserCustomizationService;
+import io.sentrius.sso.core.services.SessionService;
+import io.sentrius.sso.core.services.security.CryptoService;
+import io.sentrius.sso.core.services.security.ZeroTrustRequestService;
+import io.sentrius.sso.core.services.security.ZeroTrustAccessTokenService;
+import io.sentrius.sso.core.services.agents.AgentService;
+import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
+import io.sentrius.sso.core.utils.MessagingUtil;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import java.util.Arrays;
+import java.util.Optional;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+public class UserPublicKeyApiControllerTest {
+
+    @Mock
+    private UserPublicKeyService userPublicKeyService;
+
+    @Mock
+    private UserService userService;
+
+    @Mock
+    private HostGroupService hostGroupService;
+
+    @Mock
+    private SystemOptions systemOptions;
+
+    @Mock
+    private ErrorOutputService errorOutputService;
+
+    @Mock
+    private CryptoService cryptoService;
+
+    @Mock
+    private UserCustomizationService userCustomizationService;
+
+    @Mock
+    private SessionService sessionService;
+
+    @Mock
+    private ZeroTrustRequestService zeroTrustRequestService;
+
+    @Mock
+    private ZeroTrustAccessTokenService zeroTrustAccessTokenService;
+
+    @Mock
+    private AgentService agentService;
+
+    @Mock
+    private ZeroTrustClientService zeroTrustClientService;
+
+    @Mock
+    private MessagingUtil messagingUtil;
+
+    @Mock
+    private HttpServletRequest request;
+
+    @Mock
+    private HttpServletResponse response;
+
+    private UserApiController controller;
+
+    @BeforeEach
+    void setUp() {
+        controller = new UserApiController(
+            userService, 
+            systemOptions, 
+            errorOutputService, 
+            hostGroupService, 
+            cryptoService, 
+            messagingUtil,
+            userCustomizationService, 
+            userPublicKeyService,
+            sessionService, 
+            zeroTrustRequestService, 
+            zeroTrustAccessTokenService, 
+            agentService, 
+            zeroTrustClientService
+        );
+    }
+
+    @Test
+    public void testGetUserPublicKeys() {
+        // Setup
+        User user = new User();
+        user.setId(1L);
+        user.setUsername("testuser");
+
+        UserPublicKey key1 = new UserPublicKey();
+        key1.setId(1L);
+        key1.setKeyName("Test Key 1");
+        key1.setKeyType("RSA");
+        key1.setPublicKey("ssh-rsa AAAAB3NzaC1yc2EAAA...");
+
+        UserPublicKey key2 = new UserPublicKey();
+        key2.setId(2L);
+        key2.setKeyName("Test Key 2");
+        key2.setKeyType("Ed25519");
+        key2.setPublicKey("ssh-ed25519 AAAAC3NzaC1l...");
+
+        when(userService.getOperatingUser(any(), any(), any())).thenReturn(user);
+        when(userPublicKeyService.getPublicKeysForUser(1L)).thenReturn(Arrays.asList(key1, key2));
+
+        // Execute
+        ResponseEntity result = controller.getUserPublicKeys(request, response);
+
+        // Verify
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+        assertNotNull(result.getBody());
+        assertEquals(2, ((java.util.List) result.getBody()).size());
+    }
+
+    @Test
+    public void testAddPublicKey() {
+        // Setup
+        User user = new User();
+        user.setId(1L);
+        user.setUsername("testuser");
+
+        UserPublicKey newKey = new UserPublicKey();
+        newKey.setKeyName("New Test Key");
+        newKey.setKeyType("RSA");
+        newKey.setPublicKey("ssh-rsa AAAAB3NzaC1yc2EAAA...");
+        newKey.setIsEnabled(true);
+
+        UserPublicKey savedKey = new UserPublicKey();
+        savedKey.setId(3L);
+        savedKey.setKeyName("New Test Key");
+        savedKey.setKeyType("RSA");
+        savedKey.setPublicKey("ssh-rsa AAAAB3NzaC1yc2EAAA...");
+        savedKey.setIsEnabled(true);
+
+        when(userService.getOperatingUser(any(), any(), any())).thenReturn(user);
+        when(userPublicKeyService.addPublicKey(any(UserPublicKey.class))).thenReturn(savedKey);
+
+        // Execute
+        ResponseEntity result = controller.addPublicKey(request, response, newKey);
+
+        // Verify
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+        assertNotNull(result.getBody());
+    }
+
+    @Test
+    public void testDeletePublicKey() {
+        // Setup
+        User user = new User();
+        user.setId(1L);
+        user.setUsername("testuser");
+
+        UserPublicKey existingKey = new UserPublicKey();
+        existingKey.setId(1L);
+        existingKey.setUser(user);
+
+        when(userService.getOperatingUser(any(), any(), any())).thenReturn(user);
+        when(userPublicKeyService.getPublicKeyById(1L)).thenReturn(Optional.of(existingKey));
+
+        // Execute
+        ResponseEntity result = controller.deletePublicKey(request, response, 1L);
+
+        // Verify
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+        assertNotNull(result.getBody());
+    }
+
+    @Test
+    public void testAssignPublicKeyToHostGroup() {
+        // Setup
+        User user = new User();
+        user.setId(1L);
+        user.setUsername("testuser");
+
+        UserPublicKey existingKey = new UserPublicKey();
+        existingKey.setId(1L);
+        existingKey.setUser(user);
+
+        HostGroup hostGroup = new HostGroup();
+        hostGroup.setId(1L);
+        hostGroup.setName("Test Host Group");
+
+        when(userService.getOperatingUser(any(), any(), any())).thenReturn(user);
+        when(userPublicKeyService.getPublicKeyById(1L)).thenReturn(Optional.of(existingKey));
+        when(hostGroupService.getHostGroup(1L)).thenReturn(hostGroup);
+        when(userPublicKeyService.addPublicKey(any(UserPublicKey.class))).thenReturn(existingKey);
+
+        // Execute
+        ResponseEntity result = controller.assignPublicKeyToHostGroup(request, response, 1L, 1L);
+
+        // Verify
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+        assertNotNull(result.getBody());
+    }
+
+    @Test
+    public void testDeleteNonExistentPublicKey() {
+        // Setup
+        User user = new User();
+        user.setId(1L);
+        user.setUsername("testuser");
+
+        when(userService.getOperatingUser(any(), any(), any())).thenReturn(user);
+        when(userPublicKeyService.getPublicKeyById(999L)).thenReturn(Optional.empty());
+
+        // Execute
+        ResponseEntity result = controller.deletePublicKey(request, response, 999L);
+
+        // Verify
+        assertEquals(HttpStatus.NOT_FOUND, result.getStatusCode());
+        assertNotNull(result.getBody());
+    }
+}
\ No newline at end of file

From 61fd2aaca94ab18cce07b11083cfebba5a63ee77 Mon Sep 17 00:00:00 2001
From: Marc Parisi <phrocker@apache.org>
Date: Thu, 7 Aug 2025 06:26:48 -0400
Subject: [PATCH 4/5] Fixup

---
 .local.env                                    |  2 +-
 .local.env.bak                                |  2 +-
 .../controllers/api/UserApiController.java    | 46 ++++++++++++++++---
 .../templates/sso/users/user_settings.html    | 26 +++++++----
 .../api/UserPublicKeyApiControllerTest.java   |  3 +-
 .../sso/core/dto/UserPublicKeyDTO.java        | 19 ++++++++
 6 files changed, 80 insertions(+), 18 deletions(-)
 create mode 100644 core/src/main/java/io/sentrius/sso/core/dto/UserPublicKeyDTO.java

diff --git a/.local.env b/.local.env
index a94ea226..a03b0e56 100644
--- a/.local.env
+++ b/.local.env
@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.334
+SENTRIUS_VERSION=1.1.341
 SENTRIUS_SSH_VERSION=1.1.41
 SENTRIUS_KEYCLOAK_VERSION=1.1.53
 SENTRIUS_AGENT_VERSION=1.1.42
diff --git a/.local.env.bak b/.local.env.bak
index a94ea226..a03b0e56 100644
--- a/.local.env.bak
+++ b/.local.env.bak
@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.334
+SENTRIUS_VERSION=1.1.341
 SENTRIUS_SSH_VERSION=1.1.41
 SENTRIUS_KEYCLOAK_VERSION=1.1.53
 SENTRIUS_AGENT_VERSION=1.1.42
diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
index 269beba5..ea001c3a 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
@@ -6,6 +6,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.BooleanNode;
@@ -15,7 +16,10 @@
 import io.sentrius.sso.core.annotations.LimitAccess;
 import io.sentrius.sso.core.config.SystemOptions;
 import io.sentrius.sso.core.controllers.BaseController;
+import io.sentrius.sso.core.dto.HostGroupDTO;
+import io.sentrius.sso.core.dto.UserPublicKeyDTO;
 import io.sentrius.sso.core.exceptions.ZtatException;
+import io.sentrius.sso.core.model.hostgroup.HostGroup;
 import io.sentrius.sso.core.model.security.UserType;
 import io.sentrius.sso.core.model.security.enums.UserAccessEnum;
 import io.sentrius.sso.core.model.users.User;
@@ -24,6 +28,7 @@
 import io.sentrius.sso.core.model.users.UserConfig;
 import io.sentrius.sso.core.model.users.UserPublicKey;
 import io.sentrius.sso.core.model.users.UserSettings;
+import io.sentrius.sso.core.services.ConfigurationService;
 import io.sentrius.sso.core.services.ErrorOutputService;
 import io.sentrius.sso.core.services.HostGroupService;
 import io.sentrius.sso.core.services.SessionService;
@@ -438,24 +443,51 @@ private List<Map<String, Object>> getAgentSessionDurations() {
     // Public Key Management Endpoints
     
     @GetMapping("/publickeys")
-    public ResponseEntity<List<UserPublicKey>> getUserPublicKeys(HttpServletRequest request, HttpServletResponse response) {
+    public ResponseEntity<List<UserPublicKeyDTO>> getUserPublicKeys(HttpServletRequest request,
+                                                                  HttpServletResponse response) {
         var user = userService.getOperatingUser(request, response, null);
         var publicKeys = userPublicKeyService.getPublicKeysForUser(user.getId());
-        return ResponseEntity.ok(publicKeys);
+        List<UserPublicKeyDTO> publicKeyDTOs = new ArrayList<>();
+        for (UserPublicKey key : publicKeys) {
+            UserPublicKeyDTO dto = UserPublicKeyDTO.builder().build();
+            //dto.setId(key.getId());
+            dto.setKeyName(key.getKeyName());
+            dto.setKeyType(key.getKeyType());
+            dto.setPublicKey(key.getPublicKey());
+            dto.setIsEnabled(key.getIsEnabled());
+            if (key.getHostGroup() != null) {
+                dto.setHostGroup( HostGroupDTO.builder().groupId(key.getHostGroup().getId()).build());
+                //dto.setHostGroupName(key.getHostGroup().getName());
+            }
+            publicKeyDTOs.add(dto);
+        }
+        return ResponseEntity.ok(publicKeyDTOs);
     }
 
     @PostMapping("/publickeys")
-    public ResponseEntity<ObjectNode> addPublicKey(HttpServletRequest request, HttpServletResponse response, @RequestBody UserPublicKey publicKey) {
+    public ResponseEntity<ObjectNode> addPublicKey(HttpServletRequest request, HttpServletResponse response, @RequestBody
+    UserPublicKeyDTO publicKey) {
         ObjectNode node = JsonUtil.MAPPER.createObjectNode();
         try {
+
+            HostGroup hostGroup = hostGroupService.getHostGroup(publicKey.getHostGroup().getGroupId());
+            Objects.requireNonNull(hostGroup);
+
+            UserPublicKey key = new UserPublicKey();
+            key.setKeyName(publicKey.getKeyName());
+            key.setKeyType(publicKey.getKeyType());
+            key.setPublicKey(publicKey.getPublicKey());
+            key.setIsEnabled(publicKey.getIsEnabled());
+            key.setHostGroup(hostGroup);
+
             var user = userService.getOperatingUser(request, response, null);
-            publicKey.setUser(user);
+            key.setUser(user);
             
-            if (publicKey.getCreatedAt() == null) {
-                publicKey.setCreatedAt(new java.sql.Timestamp(System.currentTimeMillis()));
+            if (key.getCreatedAt() == null) {
+                key.setCreatedAt(new java.sql.Timestamp(System.currentTimeMillis()));
             }
             
-            var savedKey = userPublicKeyService.addPublicKey(publicKey);
+            var savedKey = userPublicKeyService.addPublicKey(key);
             node.put("status", "Public key successfully added");
             node.put("id", savedKey.getId());
             return ResponseEntity.ok(node);
diff --git a/api/src/main/resources/templates/sso/users/user_settings.html b/api/src/main/resources/templates/sso/users/user_settings.html
index dad3e6ed..d2264d8d 100755
--- a/api/src/main/resources/templates/sso/users/user_settings.html
+++ b/api/src/main/resources/templates/sso/users/user_settings.html
@@ -3,8 +3,6 @@
 
 <head>
     <meta th:replace="~{fragments/header}">
-    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
-    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css" rel="stylesheet">
     <style>
         .center-container {
             display: flex;
@@ -142,6 +140,7 @@
 <div class="container-fluid">
     <div class="row flex-nowrap">
         <!-- Sidebar -->
+        <input type="hidden" id="csrf-token" th:value="${_csrf.token}" />
         <div th:replace="~{fragments/sidebar}" class="col-auto sidebar" style="width: 180px;"></div>
 
         <!-- Main content -->
@@ -390,11 +389,14 @@ <h5 class="modal-title" id="assignModalLabel">
                 }
             });
 
+            const csrfToken = document.getElementById("csrf-token").value;
+
             fetch('/api/v1/users/settings/workhours', {
                 method: 'POST',
                 headers: { 
                     'Content-Type': 'application/json',
-                    'X-Requested-With': 'XMLHttpRequest'
+                    'X-Requested-With': 'XMLHttpRequest',
+                    "X-CSRF-TOKEN": csrfToken
                 },
                 body: JSON.stringify(workHours)
             }).then(response => {
@@ -430,14 +432,17 @@ <h5 class="modal-title" id="assignModalLabel">
 
         // Add host group if selected
         if (hostGroupId) {
-            keyData.hostGroup = { id: parseInt(hostGroupId) };
+            keyData.hostGroup = { groupId: parseInt(hostGroupId) };
         }
 
+        const csrfToken = document.getElementById("csrf-token").value;
+
         fetch('/api/v1/users/publickeys', {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
-                'X-Requested-With': 'XMLHttpRequest'
+                'X-Requested-With': 'XMLHttpRequest',
+                "X-CSRF-TOKEN": csrfToken
             },
             body: JSON.stringify(keyData)
         })
@@ -472,11 +477,14 @@ <h5 class="modal-title" id="assignModalLabel">
             return;
         }
 
+        const csrfToken = document.getElementById("csrf-token").value;
+
         fetch(`/api/v1/users/publickeys/${keyId}/assign`, {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/x-www-form-urlencoded',
-                'X-Requested-With': 'XMLHttpRequest'
+                'X-Requested-With': 'XMLHttpRequest',
+                "X-CSRF-TOKEN": csrfToken
             },
             body: `hostGroupId=${hostGroupId}`
         })
@@ -498,11 +506,13 @@ <h5 class="modal-title" id="assignModalLabel">
     }
 
     function deleteKey(keyId) {
+        const csrfToken = document.getElementById("csrf-token").value;
         if (confirm('Are you sure you want to delete this public key? This action cannot be undone.')) {
             fetch(`/api/v1/users/publickeys/${keyId}`, {
                 method: 'DELETE',
                 headers: {
-                    'X-Requested-With': 'XMLHttpRequest'
+                    'X-Requested-With': 'XMLHttpRequest',
+                    "X-CSRF-TOKEN": csrfToken
                 }
             })
             .then(response => response.json())
@@ -543,4 +553,4 @@ <h5 class="modal-title" id="assignModalLabel">
 </script>
 </body>
 
-</html>
+</html>
diff --git a/api/src/test/java/io/sentrius/sso/controllers/api/UserPublicKeyApiControllerTest.java b/api/src/test/java/io/sentrius/sso/controllers/api/UserPublicKeyApiControllerTest.java
index 6725b82b..759986b8 100644
--- a/api/src/test/java/io/sentrius/sso/controllers/api/UserPublicKeyApiControllerTest.java
+++ b/api/src/test/java/io/sentrius/sso/controllers/api/UserPublicKeyApiControllerTest.java
@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.sentrius.sso.core.config.SystemOptions;
+import io.sentrius.sso.core.dto.UserPublicKeyDTO;
 import io.sentrius.sso.core.model.users.User;
 import io.sentrius.sso.core.model.users.UserPublicKey;
 import io.sentrius.sso.core.model.hostgroup.HostGroup;
@@ -141,7 +142,7 @@ public void testAddPublicKey() {
         user.setId(1L);
         user.setUsername("testuser");
 
-        UserPublicKey newKey = new UserPublicKey();
+        UserPublicKeyDTO newKey = UserPublicKeyDTO.builder().build();
         newKey.setKeyName("New Test Key");
         newKey.setKeyType("RSA");
         newKey.setPublicKey("ssh-rsa AAAAB3NzaC1yc2EAAA...");
diff --git a/core/src/main/java/io/sentrius/sso/core/dto/UserPublicKeyDTO.java b/core/src/main/java/io/sentrius/sso/core/dto/UserPublicKeyDTO.java
new file mode 100644
index 00000000..21d53c7f
--- /dev/null
+++ b/core/src/main/java/io/sentrius/sso/core/dto/UserPublicKeyDTO.java
@@ -0,0 +1,19 @@
+package io.sentrius.sso.core.dto;
+
+import java.util.ArrayList;
+import java.util.List;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+@Builder
+public class UserPublicKeyDTO {
+    private String keyName;
+    private String keyType;
+    private String publicKey;
+    private Boolean isEnabled;
+    @Builder.Default
+    private HostGroupDTO hostGroup = new HostGroupDTO();
+}
\ No newline at end of file

From a80c291686441f48b2f061289ced4c579255b8c6 Mon Sep 17 00:00:00 2001
From: Marc Parisi <phrocker@apache.org>
Date: Thu, 7 Aug 2025 06:30:35 -0400
Subject: [PATCH 5/5] Fix test

---
 .../io/sentrius/sso/controllers/api/UserApiController.java | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java b/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
index ea001c3a..71d88542 100644
--- a/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
+++ b/api/src/main/java/io/sentrius/sso/controllers/api/UserApiController.java
@@ -471,15 +471,16 @@ public ResponseEntity<ObjectNode> addPublicKey(HttpServletRequest request, HttpS
         try {
 
             HostGroup hostGroup = hostGroupService.getHostGroup(publicKey.getHostGroup().getGroupId());
-            Objects.requireNonNull(hostGroup);
+
 
             UserPublicKey key = new UserPublicKey();
             key.setKeyName(publicKey.getKeyName());
             key.setKeyType(publicKey.getKeyType());
             key.setPublicKey(publicKey.getPublicKey());
             key.setIsEnabled(publicKey.getIsEnabled());
-            key.setHostGroup(hostGroup);
-
+            if (null != hostGroup) {
+                key.setHostGroup(hostGroup);
+            }
             var user = userService.getOperatingUser(request, response, null);
             key.setUser(user);