Prompt for terms of service on identity server changes
Part of https://github.com/vector-im/riot-web/issues/10539
This commit is contained in:
parent
0acae22527
commit
9860baf0b4
3 changed files with 101 additions and 18 deletions
|
@ -14,15 +14,50 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import { SERVICE_TYPES } from 'matrix-js-sdk';
|
import Matrix, { SERVICE_TYPES } from 'matrix-js-sdk';
|
||||||
|
|
||||||
import MatrixClientPeg from './MatrixClientPeg';
|
import MatrixClientPeg from './MatrixClientPeg';
|
||||||
import { Service, startTermsFlow, TermsNotSignedError } from './Terms';
|
import { Service, startTermsFlow, TermsNotSignedError } from './Terms';
|
||||||
|
|
||||||
export default class IdentityAuthClient {
|
export default class IdentityAuthClient {
|
||||||
constructor() {
|
/**
|
||||||
|
* Creates a new identity auth client
|
||||||
|
* @param {string} identityUrl The URL to contact the identity server with.
|
||||||
|
* When provided, this class will operate solely within memory, refusing to
|
||||||
|
* persist any information such as tokens. Default null (not provided).
|
||||||
|
*/
|
||||||
|
constructor(identityUrl = null) {
|
||||||
this.accessToken = null;
|
this.accessToken = null;
|
||||||
this.authEnabled = true;
|
this.authEnabled = true;
|
||||||
|
|
||||||
|
if (identityUrl) {
|
||||||
|
// XXX: We shouldn't have to create a whole new MatrixClient just to
|
||||||
|
// do identity server auth. The functions don't take an identity URL
|
||||||
|
// though, and making all of them take one could lead to developer
|
||||||
|
// confusion about what the idBaseUrl does on a client. Therefore, we
|
||||||
|
// just make a new client and live with it.
|
||||||
|
this.tempClient = Matrix.createClient({
|
||||||
|
baseUrl: "", // invalid by design
|
||||||
|
idBaseUrl: identityUrl,
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
// Indicates that we're using the real client, not some workaround.
|
||||||
|
this.tempClient = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
get _matrixClient() {
|
||||||
|
return this.tempClient ? this.tempClient : MatrixClientPeg.get();
|
||||||
|
}
|
||||||
|
|
||||||
|
_writeToken() {
|
||||||
|
if (this.tempClient) return; // temporary client: ignore
|
||||||
|
window.localStorage.setItem("mx_is_access_token", token);
|
||||||
|
}
|
||||||
|
|
||||||
|
_readToken() {
|
||||||
|
if (this.tempClient) return null; // temporary client: ignore
|
||||||
|
return window.localStorage.getItem("mx_is_access_token");
|
||||||
}
|
}
|
||||||
|
|
||||||
hasCredentials() {
|
hasCredentials() {
|
||||||
|
@ -38,14 +73,14 @@ export default class IdentityAuthClient {
|
||||||
|
|
||||||
let token = this.accessToken;
|
let token = this.accessToken;
|
||||||
if (!token) {
|
if (!token) {
|
||||||
token = window.localStorage.getItem("mx_is_access_token");
|
token = this._readToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!token) {
|
if (!token) {
|
||||||
token = await this.registerForToken();
|
token = await this.registerForToken();
|
||||||
if (token) {
|
if (token) {
|
||||||
this.accessToken = token;
|
this.accessToken = token;
|
||||||
window.localStorage.setItem("mx_is_access_token", token);
|
this._writeToken();
|
||||||
}
|
}
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
|
@ -61,7 +96,7 @@ export default class IdentityAuthClient {
|
||||||
token = await this.registerForToken();
|
token = await this.registerForToken();
|
||||||
if (token) {
|
if (token) {
|
||||||
this.accessToken = token;
|
this.accessToken = token;
|
||||||
window.localStorage.setItem("mx_is_access_token", token);
|
this._writeToken();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -70,13 +105,13 @@ export default class IdentityAuthClient {
|
||||||
|
|
||||||
async _checkToken(token) {
|
async _checkToken(token) {
|
||||||
try {
|
try {
|
||||||
await MatrixClientPeg.get().getIdentityAccount(token);
|
await this._matrixClient.getIdentityAccount(token);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (e.errcode === "M_TERMS_NOT_SIGNED") {
|
if (e.errcode === "M_TERMS_NOT_SIGNED") {
|
||||||
console.log("Identity Server requires new terms to be agreed to");
|
console.log("Identity Server requires new terms to be agreed to");
|
||||||
await startTermsFlow([new Service(
|
await startTermsFlow([new Service(
|
||||||
SERVICE_TYPES.IS,
|
SERVICE_TYPES.IS,
|
||||||
MatrixClientPeg.get().idBaseUrl,
|
this._matrixClient.getIdentityServerUrl(),
|
||||||
token,
|
token,
|
||||||
)]);
|
)]);
|
||||||
return;
|
return;
|
||||||
|
@ -95,7 +130,7 @@ export default class IdentityAuthClient {
|
||||||
try {
|
try {
|
||||||
const hsOpenIdToken = await MatrixClientPeg.get().getOpenIdToken();
|
const hsOpenIdToken = await MatrixClientPeg.get().getOpenIdToken();
|
||||||
const { access_token: identityAccessToken } =
|
const { access_token: identityAccessToken } =
|
||||||
await MatrixClientPeg.get().registerWithIdentityServer(hsOpenIdToken);
|
await this._matrixClient.registerWithIdentityServer(hsOpenIdToken);
|
||||||
await this._checkToken(identityAccessToken);
|
await this._checkToken(identityAccessToken);
|
||||||
return identityAccessToken;
|
return identityAccessToken;
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
|
|
@ -22,6 +22,8 @@ import MatrixClientPeg from "../../../MatrixClientPeg";
|
||||||
import SdkConfig from "../../../SdkConfig";
|
import SdkConfig from "../../../SdkConfig";
|
||||||
import Modal from '../../../Modal';
|
import Modal from '../../../Modal';
|
||||||
import dis from "../../../dispatcher";
|
import dis from "../../../dispatcher";
|
||||||
|
import IdentityAuthClient from "../../../IdentityAuthClient";
|
||||||
|
import {SERVICE_TYPES} from "matrix-js-sdk";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If a url has no path component, etc. abbreviate it to just the hostname
|
* If a url has no path component, etc. abbreviate it to just the hostname
|
||||||
|
@ -98,6 +100,7 @@ export default class SetIdServer extends React.Component {
|
||||||
idServer: defaultIdServer,
|
idServer: defaultIdServer,
|
||||||
error: null,
|
error: null,
|
||||||
busy: false,
|
busy: false,
|
||||||
|
checking: false,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -108,14 +111,14 @@ export default class SetIdServer extends React.Component {
|
||||||
};
|
};
|
||||||
|
|
||||||
_getTooltip = () => {
|
_getTooltip = () => {
|
||||||
if (this.state.busy) {
|
if (this.state.checking) {
|
||||||
const InlineSpinner = sdk.getComponent('views.elements.InlineSpinner');
|
const InlineSpinner = sdk.getComponent('views.elements.InlineSpinner');
|
||||||
return <div>
|
return <div>
|
||||||
<InlineSpinner />
|
<InlineSpinner />
|
||||||
{ _t("Checking server") }
|
{ _t("Checking server") }
|
||||||
</div>;
|
</div>;
|
||||||
} else if (this.state.error) {
|
} else if (this.state.error) {
|
||||||
return this.state.error;
|
return <span className='warning'>{this.state.error}</span>;
|
||||||
} else {
|
} else {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -125,25 +128,67 @@ export default class SetIdServer extends React.Component {
|
||||||
return !!this.state.idServer && !this.state.busy;
|
return !!this.state.idServer && !this.state.busy;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
_continueTerms = (fullUrl) => {
|
||||||
|
MatrixClientPeg.get().setIdentityServerUrl(fullUrl);
|
||||||
|
localStorage.removeItem("mx_is_access_token");
|
||||||
|
localStorage.setItem("mx_is_url", fullUrl);
|
||||||
|
dis.dispatch({action: 'id_server_changed'});
|
||||||
|
this.setState({idServer: '', busy: false, error: null});
|
||||||
|
};
|
||||||
|
|
||||||
_saveIdServer = async (e) => {
|
_saveIdServer = async (e) => {
|
||||||
e.preventDefault();
|
e.preventDefault();
|
||||||
|
|
||||||
this.setState({busy: true});
|
this.setState({busy: true, checking: true, error: null});
|
||||||
|
|
||||||
const fullUrl = unabbreviateUrl(this.state.idServer);
|
const fullUrl = unabbreviateUrl(this.state.idServer);
|
||||||
|
|
||||||
const errStr = await checkIdentityServerUrl(fullUrl);
|
let errStr = await checkIdentityServerUrl(fullUrl);
|
||||||
|
|
||||||
let newFormValue = this.state.idServer;
|
let newFormValue = this.state.idServer;
|
||||||
if (!errStr) {
|
if (!errStr) {
|
||||||
MatrixClientPeg.get().setIdentityServerUrl(fullUrl);
|
try {
|
||||||
localStorage.removeItem("mx_is_access_token");
|
this.setState({checking: false}); // clear tooltip
|
||||||
localStorage.setItem("mx_is_url", fullUrl);
|
|
||||||
dis.dispatch({action: 'id_server_changed'});
|
// Test the identity server by trying to register with it. This
|
||||||
newFormValue = '';
|
// may result in a terms of service prompt.
|
||||||
|
const authClient = new IdentityAuthClient(fullUrl);
|
||||||
|
await authClient.getAccessToken();
|
||||||
|
|
||||||
|
// Double check that the identity server even has terms of service.
|
||||||
|
const terms = await MatrixClientPeg.get().getTerms(SERVICE_TYPES.IS, fullUrl);
|
||||||
|
if (!terms || !terms["policies"] || Object.keys(terms["policies"]).length <= 0) {
|
||||||
|
const QuestionDialog = sdk.getComponent("views.dialogs.QuestionDialog");
|
||||||
|
Modal.createTrackedDialog('No Terms Warning', '', QuestionDialog, {
|
||||||
|
title: _t("Identity server has no terms of service"),
|
||||||
|
description: (
|
||||||
|
<div>
|
||||||
|
<span className="warning">
|
||||||
|
{_t("The identity server you have chosen does not have any terms of service.")}
|
||||||
|
</span>
|
||||||
|
<span>
|
||||||
|
{_t("Only continue if you trust the owner of the server.")}
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
),
|
||||||
|
button: _t("Continue"),
|
||||||
|
onFinished: async (confirmed) => {
|
||||||
|
if (!confirmed) return;
|
||||||
|
this._continueTerms(fullUrl);
|
||||||
|
},
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this._continueTerms(fullUrl);
|
||||||
|
} catch (e) {
|
||||||
|
console.error(e);
|
||||||
|
errStr = _t("Terms of service not accepted or the identity server is invalid.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
this.setState({
|
this.setState({
|
||||||
busy: false,
|
busy: false,
|
||||||
|
checking: false,
|
||||||
error: errStr,
|
error: errStr,
|
||||||
currentClientIdServer: MatrixClientPeg.get().getIdentityServerUrl(),
|
currentClientIdServer: MatrixClientPeg.get().getIdentityServerUrl(),
|
||||||
idServer: newFormValue,
|
idServer: newFormValue,
|
||||||
|
|
|
@ -548,6 +548,10 @@
|
||||||
"Not a valid Identity Server (status code %(code)s)": "Not a valid Identity Server (status code %(code)s)",
|
"Not a valid Identity Server (status code %(code)s)": "Not a valid Identity Server (status code %(code)s)",
|
||||||
"Could not connect to Identity Server": "Could not connect to Identity Server",
|
"Could not connect to Identity Server": "Could not connect to Identity Server",
|
||||||
"Checking server": "Checking server",
|
"Checking server": "Checking server",
|
||||||
|
"Identity server has no terms of service": "Identity server has no terms of service",
|
||||||
|
"The identity server you have chosen does not have any terms of service.": "The identity server you have chosen does not have any terms of service.",
|
||||||
|
"Only continue if you trust the owner of the server.": "Only continue if you trust the owner of the server.",
|
||||||
|
"Terms of service not accepted or the identity server is invalid.": "Terms of service not accepted or the identity server is invalid.",
|
||||||
"Disconnect Identity Server": "Disconnect Identity Server",
|
"Disconnect Identity Server": "Disconnect Identity Server",
|
||||||
"Disconnect from the identity server <idserver />?": "Disconnect from the identity server <idserver />?",
|
"Disconnect from the identity server <idserver />?": "Disconnect from the identity server <idserver />?",
|
||||||
"Disconnect": "Disconnect",
|
"Disconnect": "Disconnect",
|
||||||
|
@ -562,7 +566,6 @@
|
||||||
"Terms of service not accepted or the integration manager is invalid.": "Terms of service not accepted or the integration manager is invalid.",
|
"Terms of service not accepted or the integration manager is invalid.": "Terms of service not accepted or the integration manager is invalid.",
|
||||||
"Integration manager has no terms of service": "Integration manager has no terms of service",
|
"Integration manager has no terms of service": "Integration manager has no terms of service",
|
||||||
"The integration manager you have chosen does not have any terms of service.": "The integration manager you have chosen does not have any terms of service.",
|
"The integration manager you have chosen does not have any terms of service.": "The integration manager you have chosen does not have any terms of service.",
|
||||||
"Only continue if you trust the owner of the server.": "Only continue if you trust the owner of the server.",
|
|
||||||
"You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.": "You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.",
|
"You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.": "You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.",
|
||||||
"Add which integration manager you want to manage your bots, widgets, and sticker packs.": "Add which integration manager you want to manage your bots, widgets, and sticker packs.",
|
"Add which integration manager you want to manage your bots, widgets, and sticker packs.": "Add which integration manager you want to manage your bots, widgets, and sticker packs.",
|
||||||
"Integration Manager": "Integration Manager",
|
"Integration Manager": "Integration Manager",
|
||||||
|
|
Loading…
Reference in a new issue