Prompt for terms of service on identity server changes
Part of https://github.com/vector-im/riot-web/issues/10539pull/21833/head
Travis Ralston
parent
0acae22527
commit
9860baf0b4
|
|
@ -14,15 +14,50 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
*/
|
||||
|
||||
import { SERVICE_TYPES } from 'matrix-js-sdk';
|
||||
import Matrix, { SERVICE_TYPES } from 'matrix-js-sdk';
|
||||
|
||||
import MatrixClientPeg from './MatrixClientPeg';
|
||||
import { Service, startTermsFlow, TermsNotSignedError } from './Terms';
|
||||
|
||||
export default class IdentityAuthClient {
|
||||
constructor() {
|
||||
/**
|
||||
* Creates a new identity auth client
|
||||
* @param {string} identityUrl The URL to contact the identity server with.
|
||||
* When provided, this class will operate solely within memory, refusing to
|
||||
* persist any information such as tokens. Default null (not provided).
|
||||
*/
|
||||
constructor(identityUrl = null) {
|
||||
this.accessToken = null;
|
||||
this.authEnabled = true;
|
||||
|
||||
if (identityUrl) {
|
||||
// XXX: We shouldn't have to create a whole new MatrixClient just to
|
||||
// do identity server auth. The functions don't take an identity URL
|
||||
// though, and making all of them take one could lead to developer
|
||||
// confusion about what the idBaseUrl does on a client. Therefore, we
|
||||
// just make a new client and live with it.
|
||||
this.tempClient = Matrix.createClient({
|
||||
baseUrl: "", // invalid by design
|
||||
idBaseUrl: identityUrl,
|
||||
});
|
||||
} else {
|
||||
// Indicates that we're using the real client, not some workaround.
|
||||
this.tempClient = null;
|
||||
}
|
||||
}
|
||||
|
||||
get _matrixClient() {
|
||||
return this.tempClient ? this.tempClient : MatrixClientPeg.get();
|
||||
}
|
||||
|
||||
_writeToken() {
|
||||
if (this.tempClient) return; // temporary client: ignore
|
||||
window.localStorage.setItem("mx_is_access_token", token);
|
||||
}
|
||||
|
||||
_readToken() {
|
||||
if (this.tempClient) return null; // temporary client: ignore
|
||||
return window.localStorage.getItem("mx_is_access_token");
|
||||
}
|
||||
|
||||
hasCredentials() {
|
||||
|
|
@ -38,14 +73,14 @@ export default class IdentityAuthClient {
|
|||
|
||||
let token = this.accessToken;
|
||||
if (!token) {
|
||||
token = window.localStorage.getItem("mx_is_access_token");
|
||||
token = this._readToken();
|
||||
}
|
||||
|
||||
if (!token) {
|
||||
token = await this.registerForToken();
|
||||
if (token) {
|
||||
this.accessToken = token;
|
||||
window.localStorage.setItem("mx_is_access_token", token);
|
||||
this._writeToken();
|
||||
}
|
||||
return token;
|
||||
}
|
||||
|
|
@ -61,7 +96,7 @@ export default class IdentityAuthClient {
|
|||
token = await this.registerForToken();
|
||||
if (token) {
|
||||
this.accessToken = token;
|
||||
window.localStorage.setItem("mx_is_access_token", token);
|
||||
this._writeToken();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -70,13 +105,13 @@ export default class IdentityAuthClient {
|
|||
|
||||
async _checkToken(token) {
|
||||
try {
|
||||
await MatrixClientPeg.get().getIdentityAccount(token);
|
||||
await this._matrixClient.getIdentityAccount(token);
|
||||
} catch (e) {
|
||||
if (e.errcode === "M_TERMS_NOT_SIGNED") {
|
||||
console.log("Identity Server requires new terms to be agreed to");
|
||||
await startTermsFlow([new Service(
|
||||
SERVICE_TYPES.IS,
|
||||
MatrixClientPeg.get().idBaseUrl,
|
||||
this._matrixClient.getIdentityServerUrl(),
|
||||
token,
|
||||
)]);
|
||||
return;
|
||||
|
|
@ -95,7 +130,7 @@ export default class IdentityAuthClient {
|
|||
try {
|
||||
const hsOpenIdToken = await MatrixClientPeg.get().getOpenIdToken();
|
||||
const { access_token: identityAccessToken } =
|
||||
await MatrixClientPeg.get().registerWithIdentityServer(hsOpenIdToken);
|
||||
await this._matrixClient.registerWithIdentityServer(hsOpenIdToken);
|
||||
await this._checkToken(identityAccessToken);
|
||||
return identityAccessToken;
|
||||
} catch (e) {
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ import MatrixClientPeg from "../../../MatrixClientPeg";
|
|||
import SdkConfig from "../../../SdkConfig";
|
||||
import Modal from '../../../Modal';
|
||||
import dis from "../../../dispatcher";
|
||||
import IdentityAuthClient from "../../../IdentityAuthClient";
|
||||
import {SERVICE_TYPES} from "matrix-js-sdk";
|
||||
|
||||
/**
|
||||
* If a url has no path component, etc. abbreviate it to just the hostname
|
||||
|
|
@ -98,6 +100,7 @@ export default class SetIdServer extends React.Component {
|
|||
idServer: defaultIdServer,
|
||||
error: null,
|
||||
busy: false,
|
||||
checking: false,
|
||||
};
|
||||
}
|
||||
|
||||
|
|
@ -108,14 +111,14 @@ export default class SetIdServer extends React.Component {
|
|||
};
|
||||
|
||||
_getTooltip = () => {
|
||||
if (this.state.busy) {
|
||||
if (this.state.checking) {
|
||||
const InlineSpinner = sdk.getComponent('views.elements.InlineSpinner');
|
||||
return <div>
|
||||
<InlineSpinner />
|
||||
{ _t("Checking server") }
|
||||
</div>;
|
||||
} else if (this.state.error) {
|
||||
return this.state.error;
|
||||
return <span className='warning'>{this.state.error}</span>;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
|
|
@ -125,25 +128,67 @@ export default class SetIdServer extends React.Component {
|
|||
return !!this.state.idServer && !this.state.busy;
|
||||
};
|
||||
|
||||
_continueTerms = (fullUrl) => {
|
||||
MatrixClientPeg.get().setIdentityServerUrl(fullUrl);
|
||||
localStorage.removeItem("mx_is_access_token");
|
||||
localStorage.setItem("mx_is_url", fullUrl);
|
||||
dis.dispatch({action: 'id_server_changed'});
|
||||
this.setState({idServer: '', busy: false, error: null});
|
||||
};
|
||||
|
||||
_saveIdServer = async (e) => {
|
||||
e.preventDefault();
|
||||
|
||||
this.setState({busy: true});
|
||||
this.setState({busy: true, checking: true, error: null});
|
||||
|
||||
const fullUrl = unabbreviateUrl(this.state.idServer);
|
||||
|
||||
const errStr = await checkIdentityServerUrl(fullUrl);
|
||||
let errStr = await checkIdentityServerUrl(fullUrl);
|
||||
|
||||
let newFormValue = this.state.idServer;
|
||||
if (!errStr) {
|
||||
MatrixClientPeg.get().setIdentityServerUrl(fullUrl);
|
||||
localStorage.removeItem("mx_is_access_token");
|
||||
localStorage.setItem("mx_is_url", fullUrl);
|
||||
dis.dispatch({action: 'id_server_changed'});
|
||||
newFormValue = '';
|
||||
try {
|
||||
this.setState({checking: false}); // clear tooltip
|
||||
|
||||
// Test the identity server by trying to register with it. This
|
||||
// may result in a terms of service prompt.
|
||||
const authClient = new IdentityAuthClient(fullUrl);
|
||||
await authClient.getAccessToken();
|
||||
|
||||
// Double check that the identity server even has terms of service.
|
||||
const terms = await MatrixClientPeg.get().getTerms(SERVICE_TYPES.IS, fullUrl);
|
||||
if (!terms || !terms["policies"] || Object.keys(terms["policies"]).length <= 0) {
|
||||
const QuestionDialog = sdk.getComponent("views.dialogs.QuestionDialog");
|
||||
Modal.createTrackedDialog('No Terms Warning', '', QuestionDialog, {
|
||||
title: _t("Identity server has no terms of service"),
|
||||
description: (
|
||||
<div>
|
||||
<span className="warning">
|
||||
{_t("The identity server you have chosen does not have any terms of service.")}
|
||||
</span>
|
||||
<span>
|
||||
{_t("Only continue if you trust the owner of the server.")}
|
||||
</span>
|
||||
</div>
|
||||
),
|
||||
button: _t("Continue"),
|
||||
onFinished: async (confirmed) => {
|
||||
if (!confirmed) return;
|
||||
this._continueTerms(fullUrl);
|
||||
},
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
this._continueTerms(fullUrl);
|
||||
} catch (e) {
|
||||
console.error(e);
|
||||
errStr = _t("Terms of service not accepted or the identity server is invalid.");
|
||||
}
|
||||
}
|
||||
this.setState({
|
||||
busy: false,
|
||||
checking: false,
|
||||
error: errStr,
|
||||
currentClientIdServer: MatrixClientPeg.get().getIdentityServerUrl(),
|
||||
idServer: newFormValue,
|
||||
|
|
|
|||
|
|
@ -548,6 +548,10 @@
|
|||
"Not a valid Identity Server (status code %(code)s)": "Not a valid Identity Server (status code %(code)s)",
|
||||
"Could not connect to Identity Server": "Could not connect to Identity Server",
|
||||
"Checking server": "Checking server",
|
||||
"Identity server has no terms of service": "Identity server has no terms of service",
|
||||
"The identity server you have chosen does not have any terms of service.": "The identity server you have chosen does not have any terms of service.",
|
||||
"Only continue if you trust the owner of the server.": "Only continue if you trust the owner of the server.",
|
||||
"Terms of service not accepted or the identity server is invalid.": "Terms of service not accepted or the identity server is invalid.",
|
||||
"Disconnect Identity Server": "Disconnect Identity Server",
|
||||
"Disconnect from the identity server <idserver />?": "Disconnect from the identity server <idserver />?",
|
||||
"Disconnect": "Disconnect",
|
||||
|
|
@ -562,7 +566,6 @@
|
|||
"Terms of service not accepted or the integration manager is invalid.": "Terms of service not accepted or the integration manager is invalid.",
|
||||
"Integration manager has no terms of service": "Integration manager has no terms of service",
|
||||
"The integration manager you have chosen does not have any terms of service.": "The integration manager you have chosen does not have any terms of service.",
|
||||
"Only continue if you trust the owner of the server.": "Only continue if you trust the owner of the server.",
|
||||
"You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.": "You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.",
|
||||
"Add which integration manager you want to manage your bots, widgets, and sticker packs.": "Add which integration manager you want to manage your bots, widgets, and sticker packs.",
|
||||
"Integration Manager": "Integration Manager",
|
||||
|
|
|
|||
Loading…
Reference in New Issue