blitzwing/cryptpad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Store user data for new SSO accounts (configurable)

Browse source
This commit is contained in:
yflory 2023-12-20 17:24:14 +01:00
parent e65baebadc
commit a3f9b2eceb
8 changed files with 115 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/commands/admin-rpc.js
View file

@ -462,6 +462,8 @@ var instanceStatus = function (Env, Server, cb) {
cb(void 0, {
restrictRegistration: Env.restrictRegistration,
restrictSsoRegistration: Env.restrictSsoRegistration,
storeSSOUsers: Env.storeSSOUsers,
storeInvitedUsers: Env.storeInvitedUsers,
enableEmbedding: Env.enableEmbedding,
launchTime: Env.launchTime,

28
lib/commands/block.js
View file

@ -123,10 +123,9 @@ Block.writeLoginBlock = function (Env, msg, _cb) {
if (err || !state) { return; } // Invalid token, don't abort, check registration proof
validatedInvite = true;
}));
}).nThen(function (w) {
}).nThen(function (w) {
if (!Env.restrictRegistration) { return; }
var ssoAllowed = isSSO && !Env.restrictSsoRegistration
var ssoAllowed = isSSO && !Env.restrictSsoRegistration;
if (!(registrationProof || validatedInvite || ssoAllowed)) {
// we allow users with existing blocks to create new ones
// call back with error if registration is restricted and no proof of an existing block was provided
@ -185,7 +184,9 @@ Block.writeLoginBlock = function (Env, msg, _cb) {
});
}
});
if (!validatedInvite) { return; }
console.log(isSSO, Env.storeSSOUsers);
if (validatedInvite) {
Invitation.use(Env, inviteToken, publicKey, userData, (err) => {
if (!err) { return; }
Env.Log.error('USE_INVITATION_LINK', {
@ -194,6 +195,27 @@ Block.writeLoginBlock = function (Env, msg, _cb) {
publicKey
});
});
} else if (isSSO && Env.storeSSOUsers) {
console.log('LALALA');
let edPublic = Array.isArray(userData) && userData[1];
let name = Array.isArray(userData) && userData[0];
if (!edPublic) { return; }
let data = {
block: publicKey,
name,
edPublic,
type: 'sso',
alias: name
};
Users.add(Env, edPublic, data, null, (err) => {
if (err) {
Env.Log.error('INVITATION_ADD_USER', {
error: err,
data: data
});
}
});
}
});
};

3
lib/commands/invitation.js
View file

@ -60,6 +60,8 @@ Invitation.use = (Env, id, blockId, userData, _cb) => {
data.edPublic = edPublic;
data.type = 'invite:' + id;
let adminKey = data.createdBy;
console.log(Env.storeInvitedUsers, 'ICI', Env.storeInvitedUsers, Env.storeSSOUsers);
if (Env.storeInvitedUsers) {
Users.add(Env, edPublic, data, adminKey, (err) => {
if (err) {
Env.Log.error('INVITATION_ADD_USER', {
@ -68,6 +70,7 @@ Invitation.use = (Env, id, blockId, userData, _cb) => {
});
}
});
}
Invite.delete(Env, id, (err) => {
if (err) {

2
lib/commands/users.js
View file

@ -7,6 +7,7 @@ const Util = require("../common-util");
Users.getAll = (Env, cb) => {
User.getAll(Env, (err, data) => {
if (err) { return void cb(err); }
console.log(data);
cb(null, data);
});
};
@ -16,6 +17,7 @@ Users.add = (Env, edPublic, data, adminKey, _cb) => {
data.createdBy = adminKey;
data.time = +new Date();
const safeKey = Util.escapeKeyCharacters(edPublic);
console.log(edPublic, data);
User.write(Env, safeKey, data, (err) => {
if (err) { return void cb(err); }
cb();

2
lib/decrees.js
View file

@ -114,6 +114,8 @@ commands.ENFORCE_MFA = makeBooleanSetter('enforceMFA');
// CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['RESTRICT_REGISTRATION', [true]]], console.log)
commands.RESTRICT_REGISTRATION = makeBooleanSetter('restrictRegistration');
commands.RESTRICT_SSO_REGISTRATION = makeBooleanSetter('restrictSsoRegistration');
commands.STORE_INVITED_USERS = makeBooleanSetter('storeInvitedUsers');
commands.STORE_SSO_USERS = makeBooleanSetter('storeSSOUsers');
// CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['DISABLE_INTEGRATED_EVICTION', [true]]], console.log)
commands.DISABLE_INTEGRATED_EVICTION = makeBooleanSetter('disableIntegratedEviction');

6
www/admin/app-admin.less
View file

@ -246,6 +246,12 @@
}
}
.cp-admin-users {
.cp-admin-store-invited, .cp-admin-store-sso {
margin-bottom: 0 !important;
}
}
.cp-admin-broadcast-form {
input.flatpickr-input {
width: 307.875px !important; // same width as flatpickr calendar

60
www/admin/inner.js
View file

@ -1498,8 +1498,6 @@ Example
// Msg.admin_registrationSsoTitle
Messages.admin_registrationSsoTitle = "ALSO CLOSE SSO REGISTRATION"; // XXX
create['registration'] = function () {
var key = 'registration';
var refresh = function () {};
var $div = makeAdminCheckbox({
@ -1663,8 +1661,10 @@ Example
};
Messages.admin_usersAdd = "Add known user"; // XXX
Messages.admin_userHint = "List of known users. You can add more using the form and select automated options";
Messages.admin_userTitle = "Known users";
Messages.admin_usersHint = "List of known users. You can add more using the form and select automated options";
Messages.admin_usersTitle = "Known users";
Messages.admin_storeInvitedLabel = "Automatically store invited users"; // XXX
Messages.admin_storeSsoLabel = "Automatically store SSO users";
create['users'] = function () {
var key = 'users';
var $div = makeBlock(key); // Msg.admin_usersHint, admin_usersTitle
@ -1680,6 +1680,58 @@ Example
var refreshUsers = function () {};
var $invited = makeAdminCheckbox({
key: 'store-invited',
getState: function () {
return APP.instanceStatus.storeInvitedUsers;
},
query: function (val, setState) {
sFrameChan.query('Q_ADMIN_RPC', {
cmd: 'ADMIN_DECREE',
data: ['STORE_INVITED_USERS', [val]]
}, function (e, response) {
if (e || response.error) {
UI.warn(Messages.error);
console.error(e, response);
}
APP.updateStatus(function () {
setState(APP.instanceStatus.storeInvitedUsers);
flushCacheNotice();
});
});
}
})();
$invited.find('#cp-admin-store-invited').hide();
$invited.find('> span.cp-sidebarlayout-description').hide();
$div.append($invited);
var $sso = makeAdminCheckbox({
key: 'store-sso',
getState: function () {
return APP.instanceStatus.storeSSOUsers;
},
query: function (val, setState) {
sFrameChan.query('Q_ADMIN_RPC', {
cmd: 'ADMIN_DECREE',
data: ['STORE_SSO_USERS', [val]]
}, function (e, response) {
if (e || response.error) {
UI.warn(Messages.error);
console.error(e, response);
}
APP.updateStatus(function () {
setState(APP.instanceStatus.storeSSOUsers);
flushCacheNotice();
});
});
}
})();
var ssoEnabled = ApiConfig.sso && ApiConfig.sso.list && ApiConfig.sso.list.length;
if (ssoEnabled) {
$sso.find('#cp-admin-store-sso').hide();
$sso.find('> span.cp-sidebarlayout-description').hide();
$div.append($sso);
}
var deleteUser = function (/*id*/) {
/*
sFrameChan.query('Q_ADMIN_RPC', {

6
www/common/common-login.js
View file

@ -516,8 +516,10 @@ define([
// FIXME We currently can't create an account with OTP by default
// NOTE If we ever want to do that for SSO accounts it will require major changes
// because writeLoginBlock only supports one type of authentication at a time
var userData;
if (token) { userData = [uname, RT.proxy.edPublic]; }
// XXX userData always sent, maybe only for SSO and token?
// Only SSO users and invited users can be soted by the server and it needs to be configured
var userData = [uname, RT.proxy.edPublic];
Block.writeLoginBlock({
pw: Boolean(passwd),
auth: ssoAuth,