Store user data for new SSO accounts (configurable)
This commit is contained in:
parent
e65baebadc
commit
a3f9b2eceb
8 changed files with 115 additions and 24 deletions
|
@ -462,6 +462,8 @@ var instanceStatus = function (Env, Server, cb) {
|
|||
cb(void 0, {
|
||||
restrictRegistration: Env.restrictRegistration,
|
||||
restrictSsoRegistration: Env.restrictSsoRegistration,
|
||||
storeSSOUsers: Env.storeSSOUsers,
|
||||
storeInvitedUsers: Env.storeInvitedUsers,
|
||||
|
||||
enableEmbedding: Env.enableEmbedding,
|
||||
launchTime: Env.launchTime,
|
||||
|
|
|
@ -123,10 +123,9 @@ Block.writeLoginBlock = function (Env, msg, _cb) {
|
|||
if (err || !state) { return; } // Invalid token, don't abort, check registration proof
|
||||
validatedInvite = true;
|
||||
}));
|
||||
}).nThen(function (w) {
|
||||
}).nThen(function (w) {
|
||||
if (!Env.restrictRegistration) { return; }
|
||||
var ssoAllowed = isSSO && !Env.restrictSsoRegistration
|
||||
var ssoAllowed = isSSO && !Env.restrictSsoRegistration;
|
||||
if (!(registrationProof || validatedInvite || ssoAllowed)) {
|
||||
// we allow users with existing blocks to create new ones
|
||||
// call back with error if registration is restricted and no proof of an existing block was provided
|
||||
|
@ -185,7 +184,9 @@ Block.writeLoginBlock = function (Env, msg, _cb) {
|
|||
});
|
||||
}
|
||||
});
|
||||
if (!validatedInvite) { return; }
|
||||
|
||||
console.log(isSSO, Env.storeSSOUsers);
|
||||
if (validatedInvite) {
|
||||
Invitation.use(Env, inviteToken, publicKey, userData, (err) => {
|
||||
if (!err) { return; }
|
||||
Env.Log.error('USE_INVITATION_LINK', {
|
||||
|
@ -194,6 +195,27 @@ Block.writeLoginBlock = function (Env, msg, _cb) {
|
|||
publicKey
|
||||
});
|
||||
});
|
||||
} else if (isSSO && Env.storeSSOUsers) {
|
||||
console.log('LALALA');
|
||||
let edPublic = Array.isArray(userData) && userData[1];
|
||||
let name = Array.isArray(userData) && userData[0];
|
||||
if (!edPublic) { return; }
|
||||
let data = {
|
||||
block: publicKey,
|
||||
name,
|
||||
edPublic,
|
||||
type: 'sso',
|
||||
alias: name
|
||||
};
|
||||
Users.add(Env, edPublic, data, null, (err) => {
|
||||
if (err) {
|
||||
Env.Log.error('INVITATION_ADD_USER', {
|
||||
error: err,
|
||||
data: data
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
|
|
|
@ -60,6 +60,8 @@ Invitation.use = (Env, id, blockId, userData, _cb) => {
|
|||
data.edPublic = edPublic;
|
||||
data.type = 'invite:' + id;
|
||||
let adminKey = data.createdBy;
|
||||
console.log(Env.storeInvitedUsers, 'ICI', Env.storeInvitedUsers, Env.storeSSOUsers);
|
||||
if (Env.storeInvitedUsers) {
|
||||
Users.add(Env, edPublic, data, adminKey, (err) => {
|
||||
if (err) {
|
||||
Env.Log.error('INVITATION_ADD_USER', {
|
||||
|
@ -68,6 +70,7 @@ Invitation.use = (Env, id, blockId, userData, _cb) => {
|
|||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
Invite.delete(Env, id, (err) => {
|
||||
if (err) {
|
||||
|
|
|
@ -7,6 +7,7 @@ const Util = require("../common-util");
|
|||
Users.getAll = (Env, cb) => {
|
||||
User.getAll(Env, (err, data) => {
|
||||
if (err) { return void cb(err); }
|
||||
console.log(data);
|
||||
cb(null, data);
|
||||
});
|
||||
};
|
||||
|
@ -16,6 +17,7 @@ Users.add = (Env, edPublic, data, adminKey, _cb) => {
|
|||
data.createdBy = adminKey;
|
||||
data.time = +new Date();
|
||||
const safeKey = Util.escapeKeyCharacters(edPublic);
|
||||
console.log(edPublic, data);
|
||||
User.write(Env, safeKey, data, (err) => {
|
||||
if (err) { return void cb(err); }
|
||||
cb();
|
||||
|
|
|
@ -114,6 +114,8 @@ commands.ENFORCE_MFA = makeBooleanSetter('enforceMFA');
|
|||
// CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['RESTRICT_REGISTRATION', [true]]], console.log)
|
||||
commands.RESTRICT_REGISTRATION = makeBooleanSetter('restrictRegistration');
|
||||
commands.RESTRICT_SSO_REGISTRATION = makeBooleanSetter('restrictSsoRegistration');
|
||||
commands.STORE_INVITED_USERS = makeBooleanSetter('storeInvitedUsers');
|
||||
commands.STORE_SSO_USERS = makeBooleanSetter('storeSSOUsers');
|
||||
|
||||
// CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['DISABLE_INTEGRATED_EVICTION', [true]]], console.log)
|
||||
commands.DISABLE_INTEGRATED_EVICTION = makeBooleanSetter('disableIntegratedEviction');
|
||||
|
|
|
@ -246,6 +246,12 @@
|
|||
}
|
||||
}
|
||||
|
||||
.cp-admin-users {
|
||||
.cp-admin-store-invited, .cp-admin-store-sso {
|
||||
margin-bottom: 0 !important;
|
||||
}
|
||||
}
|
||||
|
||||
.cp-admin-broadcast-form {
|
||||
input.flatpickr-input {
|
||||
width: 307.875px !important; // same width as flatpickr calendar
|
||||
|
|
|
@ -1498,8 +1498,6 @@ Example
|
|||
// Msg.admin_registrationSsoTitle
|
||||
Messages.admin_registrationSsoTitle = "ALSO CLOSE SSO REGISTRATION"; // XXX
|
||||
create['registration'] = function () {
|
||||
var key = 'registration';
|
||||
|
||||
var refresh = function () {};
|
||||
|
||||
var $div = makeAdminCheckbox({
|
||||
|
@ -1663,8 +1661,10 @@ Example
|
|||
};
|
||||
|
||||
Messages.admin_usersAdd = "Add known user"; // XXX
|
||||
Messages.admin_userHint = "List of known users. You can add more using the form and select automated options";
|
||||
Messages.admin_userTitle = "Known users";
|
||||
Messages.admin_usersHint = "List of known users. You can add more using the form and select automated options";
|
||||
Messages.admin_usersTitle = "Known users";
|
||||
Messages.admin_storeInvitedLabel = "Automatically store invited users"; // XXX
|
||||
Messages.admin_storeSsoLabel = "Automatically store SSO users";
|
||||
create['users'] = function () {
|
||||
var key = 'users';
|
||||
var $div = makeBlock(key); // Msg.admin_usersHint, admin_usersTitle
|
||||
|
@ -1680,6 +1680,58 @@ Example
|
|||
|
||||
var refreshUsers = function () {};
|
||||
|
||||
var $invited = makeAdminCheckbox({
|
||||
key: 'store-invited',
|
||||
getState: function () {
|
||||
return APP.instanceStatus.storeInvitedUsers;
|
||||
},
|
||||
query: function (val, setState) {
|
||||
sFrameChan.query('Q_ADMIN_RPC', {
|
||||
cmd: 'ADMIN_DECREE',
|
||||
data: ['STORE_INVITED_USERS', [val]]
|
||||
}, function (e, response) {
|
||||
if (e || response.error) {
|
||||
UI.warn(Messages.error);
|
||||
console.error(e, response);
|
||||
}
|
||||
APP.updateStatus(function () {
|
||||
setState(APP.instanceStatus.storeInvitedUsers);
|
||||
flushCacheNotice();
|
||||
});
|
||||
});
|
||||
}
|
||||
})();
|
||||
$invited.find('#cp-admin-store-invited').hide();
|
||||
$invited.find('> span.cp-sidebarlayout-description').hide();
|
||||
$div.append($invited);
|
||||
var $sso = makeAdminCheckbox({
|
||||
key: 'store-sso',
|
||||
getState: function () {
|
||||
return APP.instanceStatus.storeSSOUsers;
|
||||
},
|
||||
query: function (val, setState) {
|
||||
sFrameChan.query('Q_ADMIN_RPC', {
|
||||
cmd: 'ADMIN_DECREE',
|
||||
data: ['STORE_SSO_USERS', [val]]
|
||||
}, function (e, response) {
|
||||
if (e || response.error) {
|
||||
UI.warn(Messages.error);
|
||||
console.error(e, response);
|
||||
}
|
||||
APP.updateStatus(function () {
|
||||
setState(APP.instanceStatus.storeSSOUsers);
|
||||
flushCacheNotice();
|
||||
});
|
||||
});
|
||||
}
|
||||
})();
|
||||
var ssoEnabled = ApiConfig.sso && ApiConfig.sso.list && ApiConfig.sso.list.length;
|
||||
if (ssoEnabled) {
|
||||
$sso.find('#cp-admin-store-sso').hide();
|
||||
$sso.find('> span.cp-sidebarlayout-description').hide();
|
||||
$div.append($sso);
|
||||
}
|
||||
|
||||
var deleteUser = function (/*id*/) {
|
||||
/*
|
||||
sFrameChan.query('Q_ADMIN_RPC', {
|
||||
|
|
|
@ -516,8 +516,10 @@ define([
|
|||
// FIXME We currently can't create an account with OTP by default
|
||||
// NOTE If we ever want to do that for SSO accounts it will require major changes
|
||||
// because writeLoginBlock only supports one type of authentication at a time
|
||||
var userData;
|
||||
if (token) { userData = [uname, RT.proxy.edPublic]; }
|
||||
|
||||
// XXX userData always sent, maybe only for SSO and token?
|
||||
// Only SSO users and invited users can be soted by the server and it needs to be configured
|
||||
var userData = [uname, RT.proxy.edPublic];
|
||||
Block.writeLoginBlock({
|
||||
pw: Boolean(passwd),
|
||||
auth: ssoAuth,
|
||||
|
|
Loading…
Reference in a new issue