Prompt for terms of service on identity server changes

Part of https://github.com/vector-im/riot-web/issues/10539
This commit is contained in:
Travis Ralston 2019-08-15 15:59:44 -06:00
parent 0acae22527
commit 9860baf0b4
3 changed files with 101 additions and 18 deletions

View file

@ -14,15 +14,50 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
import { SERVICE_TYPES } from 'matrix-js-sdk'; import Matrix, { SERVICE_TYPES } from 'matrix-js-sdk';
import MatrixClientPeg from './MatrixClientPeg'; import MatrixClientPeg from './MatrixClientPeg';
import { Service, startTermsFlow, TermsNotSignedError } from './Terms'; import { Service, startTermsFlow, TermsNotSignedError } from './Terms';
export default class IdentityAuthClient { export default class IdentityAuthClient {
constructor() { /**
* Creates a new identity auth client
* @param {string} identityUrl The URL to contact the identity server with.
* When provided, this class will operate solely within memory, refusing to
* persist any information such as tokens. Default null (not provided).
*/
constructor(identityUrl = null) {
this.accessToken = null; this.accessToken = null;
this.authEnabled = true; this.authEnabled = true;
if (identityUrl) {
// XXX: We shouldn't have to create a whole new MatrixClient just to
// do identity server auth. The functions don't take an identity URL
// though, and making all of them take one could lead to developer
// confusion about what the idBaseUrl does on a client. Therefore, we
// just make a new client and live with it.
this.tempClient = Matrix.createClient({
baseUrl: "", // invalid by design
idBaseUrl: identityUrl,
});
} else {
// Indicates that we're using the real client, not some workaround.
this.tempClient = null;
}
}
get _matrixClient() {
return this.tempClient ? this.tempClient : MatrixClientPeg.get();
}
_writeToken() {
if (this.tempClient) return; // temporary client: ignore
window.localStorage.setItem("mx_is_access_token", token);
}
_readToken() {
if (this.tempClient) return null; // temporary client: ignore
return window.localStorage.getItem("mx_is_access_token");
} }
hasCredentials() { hasCredentials() {
@ -38,14 +73,14 @@ export default class IdentityAuthClient {
let token = this.accessToken; let token = this.accessToken;
if (!token) { if (!token) {
token = window.localStorage.getItem("mx_is_access_token"); token = this._readToken();
} }
if (!token) { if (!token) {
token = await this.registerForToken(); token = await this.registerForToken();
if (token) { if (token) {
this.accessToken = token; this.accessToken = token;
window.localStorage.setItem("mx_is_access_token", token); this._writeToken();
} }
return token; return token;
} }
@ -61,7 +96,7 @@ export default class IdentityAuthClient {
token = await this.registerForToken(); token = await this.registerForToken();
if (token) { if (token) {
this.accessToken = token; this.accessToken = token;
window.localStorage.setItem("mx_is_access_token", token); this._writeToken();
} }
} }
@ -70,13 +105,13 @@ export default class IdentityAuthClient {
async _checkToken(token) { async _checkToken(token) {
try { try {
await MatrixClientPeg.get().getIdentityAccount(token); await this._matrixClient.getIdentityAccount(token);
} catch (e) { } catch (e) {
if (e.errcode === "M_TERMS_NOT_SIGNED") { if (e.errcode === "M_TERMS_NOT_SIGNED") {
console.log("Identity Server requires new terms to be agreed to"); console.log("Identity Server requires new terms to be agreed to");
await startTermsFlow([new Service( await startTermsFlow([new Service(
SERVICE_TYPES.IS, SERVICE_TYPES.IS,
MatrixClientPeg.get().idBaseUrl, this._matrixClient.getIdentityServerUrl(),
token, token,
)]); )]);
return; return;
@ -95,7 +130,7 @@ export default class IdentityAuthClient {
try { try {
const hsOpenIdToken = await MatrixClientPeg.get().getOpenIdToken(); const hsOpenIdToken = await MatrixClientPeg.get().getOpenIdToken();
const { access_token: identityAccessToken } = const { access_token: identityAccessToken } =
await MatrixClientPeg.get().registerWithIdentityServer(hsOpenIdToken); await this._matrixClient.registerWithIdentityServer(hsOpenIdToken);
await this._checkToken(identityAccessToken); await this._checkToken(identityAccessToken);
return identityAccessToken; return identityAccessToken;
} catch (e) { } catch (e) {

View file

@ -22,6 +22,8 @@ import MatrixClientPeg from "../../../MatrixClientPeg";
import SdkConfig from "../../../SdkConfig"; import SdkConfig from "../../../SdkConfig";
import Modal from '../../../Modal'; import Modal from '../../../Modal';
import dis from "../../../dispatcher"; import dis from "../../../dispatcher";
import IdentityAuthClient from "../../../IdentityAuthClient";
import {SERVICE_TYPES} from "matrix-js-sdk";
/** /**
* If a url has no path component, etc. abbreviate it to just the hostname * If a url has no path component, etc. abbreviate it to just the hostname
@ -98,6 +100,7 @@ export default class SetIdServer extends React.Component {
idServer: defaultIdServer, idServer: defaultIdServer,
error: null, error: null,
busy: false, busy: false,
checking: false,
}; };
} }
@ -108,14 +111,14 @@ export default class SetIdServer extends React.Component {
}; };
_getTooltip = () => { _getTooltip = () => {
if (this.state.busy) { if (this.state.checking) {
const InlineSpinner = sdk.getComponent('views.elements.InlineSpinner'); const InlineSpinner = sdk.getComponent('views.elements.InlineSpinner');
return <div> return <div>
<InlineSpinner /> <InlineSpinner />
{ _t("Checking server") } { _t("Checking server") }
</div>; </div>;
} else if (this.state.error) { } else if (this.state.error) {
return this.state.error; return <span className='warning'>{this.state.error}</span>;
} else { } else {
return null; return null;
} }
@ -125,25 +128,67 @@ export default class SetIdServer extends React.Component {
return !!this.state.idServer && !this.state.busy; return !!this.state.idServer && !this.state.busy;
}; };
_continueTerms = (fullUrl) => {
MatrixClientPeg.get().setIdentityServerUrl(fullUrl);
localStorage.removeItem("mx_is_access_token");
localStorage.setItem("mx_is_url", fullUrl);
dis.dispatch({action: 'id_server_changed'});
this.setState({idServer: '', busy: false, error: null});
};
_saveIdServer = async (e) => { _saveIdServer = async (e) => {
e.preventDefault(); e.preventDefault();
this.setState({busy: true}); this.setState({busy: true, checking: true, error: null});
const fullUrl = unabbreviateUrl(this.state.idServer); const fullUrl = unabbreviateUrl(this.state.idServer);
const errStr = await checkIdentityServerUrl(fullUrl); let errStr = await checkIdentityServerUrl(fullUrl);
let newFormValue = this.state.idServer; let newFormValue = this.state.idServer;
if (!errStr) { if (!errStr) {
MatrixClientPeg.get().setIdentityServerUrl(fullUrl); try {
localStorage.removeItem("mx_is_access_token"); this.setState({checking: false}); // clear tooltip
localStorage.setItem("mx_is_url", fullUrl);
dis.dispatch({action: 'id_server_changed'}); // Test the identity server by trying to register with it. This
newFormValue = ''; // may result in a terms of service prompt.
const authClient = new IdentityAuthClient(fullUrl);
await authClient.getAccessToken();
// Double check that the identity server even has terms of service.
const terms = await MatrixClientPeg.get().getTerms(SERVICE_TYPES.IS, fullUrl);
if (!terms || !terms["policies"] || Object.keys(terms["policies"]).length <= 0) {
const QuestionDialog = sdk.getComponent("views.dialogs.QuestionDialog");
Modal.createTrackedDialog('No Terms Warning', '', QuestionDialog, {
title: _t("Identity server has no terms of service"),
description: (
<div>
<span className="warning">
{_t("The identity server you have chosen does not have any terms of service.")}
</span>
<span>
&nbsp;{_t("Only continue if you trust the owner of the server.")}
</span>
</div>
),
button: _t("Continue"),
onFinished: async (confirmed) => {
if (!confirmed) return;
this._continueTerms(fullUrl);
},
});
return;
}
this._continueTerms(fullUrl);
} catch (e) {
console.error(e);
errStr = _t("Terms of service not accepted or the identity server is invalid.");
}
} }
this.setState({ this.setState({
busy: false, busy: false,
checking: false,
error: errStr, error: errStr,
currentClientIdServer: MatrixClientPeg.get().getIdentityServerUrl(), currentClientIdServer: MatrixClientPeg.get().getIdentityServerUrl(),
idServer: newFormValue, idServer: newFormValue,

View file

@ -548,6 +548,10 @@
"Not a valid Identity Server (status code %(code)s)": "Not a valid Identity Server (status code %(code)s)", "Not a valid Identity Server (status code %(code)s)": "Not a valid Identity Server (status code %(code)s)",
"Could not connect to Identity Server": "Could not connect to Identity Server", "Could not connect to Identity Server": "Could not connect to Identity Server",
"Checking server": "Checking server", "Checking server": "Checking server",
"Identity server has no terms of service": "Identity server has no terms of service",
"The identity server you have chosen does not have any terms of service.": "The identity server you have chosen does not have any terms of service.",
"Only continue if you trust the owner of the server.": "Only continue if you trust the owner of the server.",
"Terms of service not accepted or the identity server is invalid.": "Terms of service not accepted or the identity server is invalid.",
"Disconnect Identity Server": "Disconnect Identity Server", "Disconnect Identity Server": "Disconnect Identity Server",
"Disconnect from the identity server <idserver />?": "Disconnect from the identity server <idserver />?", "Disconnect from the identity server <idserver />?": "Disconnect from the identity server <idserver />?",
"Disconnect": "Disconnect", "Disconnect": "Disconnect",
@ -562,7 +566,6 @@
"Terms of service not accepted or the integration manager is invalid.": "Terms of service not accepted or the integration manager is invalid.", "Terms of service not accepted or the integration manager is invalid.": "Terms of service not accepted or the integration manager is invalid.",
"Integration manager has no terms of service": "Integration manager has no terms of service", "Integration manager has no terms of service": "Integration manager has no terms of service",
"The integration manager you have chosen does not have any terms of service.": "The integration manager you have chosen does not have any terms of service.", "The integration manager you have chosen does not have any terms of service.": "The integration manager you have chosen does not have any terms of service.",
"Only continue if you trust the owner of the server.": "Only continue if you trust the owner of the server.",
"You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.": "You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.", "You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.": "You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.",
"Add which integration manager you want to manage your bots, widgets, and sticker packs.": "Add which integration manager you want to manage your bots, widgets, and sticker packs.", "Add which integration manager you want to manage your bots, widgets, and sticker packs.": "Add which integration manager you want to manage your bots, widgets, and sticker packs.",
"Integration Manager": "Integration Manager", "Integration Manager": "Integration Manager",