Merge pull request #3317 from matrix-org/travis/terms/inline-is-only

Prompt for terms of service on identity server changes
This commit is contained in:
Travis Ralston 2019-08-19 10:35:58 -06:00 committed by GitHub
commit 95bd41aac7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 105 additions and 24 deletions

View file

@ -14,15 +14,50 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
import { SERVICE_TYPES } from 'matrix-js-sdk';
import { createClient, SERVICE_TYPES } from 'matrix-js-sdk';
import MatrixClientPeg from './MatrixClientPeg';
import { Service, startTermsFlow, TermsNotSignedError } from './Terms';
export default class IdentityAuthClient {
constructor() {
/**
* Creates a new identity auth client
* @param {string} identityUrl The URL to contact the identity server with.
* When provided, this class will operate solely within memory, refusing to
* persist any information such as tokens. Default null (not provided).
*/
constructor(identityUrl = null) {
this.accessToken = null;
this.authEnabled = true;
if (identityUrl) {
// XXX: We shouldn't have to create a whole new MatrixClient just to
// do identity server auth. The functions don't take an identity URL
// though, and making all of them take one could lead to developer
// confusion about what the idBaseUrl does on a client. Therefore, we
// just make a new client and live with it.
this.tempClient = createClient({
baseUrl: "", // invalid by design
idBaseUrl: identityUrl,
});
} else {
// Indicates that we're using the real client, not some workaround.
this.tempClient = null;
}
}
get _matrixClient() {
return this.tempClient ? this.tempClient : MatrixClientPeg.get();
}
_writeToken() {
if (this.tempClient) return; // temporary client: ignore
window.localStorage.setItem("mx_is_access_token", this.accessToken);
}
_readToken() {
if (this.tempClient) return null; // temporary client: ignore
return window.localStorage.getItem("mx_is_access_token");
}
hasCredentials() {
@ -38,14 +73,14 @@ export default class IdentityAuthClient {
let token = this.accessToken;
if (!token) {
token = window.localStorage.getItem("mx_is_access_token");
token = this._readToken();
}
if (!token) {
token = await this.registerForToken();
if (token) {
this.accessToken = token;
window.localStorage.setItem("mx_is_access_token", token);
this._writeToken();
}
return token;
}
@ -61,7 +96,7 @@ export default class IdentityAuthClient {
token = await this.registerForToken();
if (token) {
this.accessToken = token;
window.localStorage.setItem("mx_is_access_token", token);
this._writeToken();
}
}
@ -70,13 +105,13 @@ export default class IdentityAuthClient {
async _checkToken(token) {
try {
await MatrixClientPeg.get().getIdentityAccount(token);
await this._matrixClient.getIdentityAccount(token);
} catch (e) {
if (e.errcode === "M_TERMS_NOT_SIGNED") {
console.log("Identity Server requires new terms to be agreed to");
await startTermsFlow([new Service(
SERVICE_TYPES.IS,
MatrixClientPeg.get().idBaseUrl,
this._matrixClient.getIdentityServerUrl(),
token,
)]);
return;
@ -95,7 +130,7 @@ export default class IdentityAuthClient {
try {
const hsOpenIdToken = await MatrixClientPeg.get().getOpenIdToken();
const { access_token: identityAccessToken } =
await MatrixClientPeg.get().registerWithIdentityServer(hsOpenIdToken);
await this._matrixClient.registerWithIdentityServer(hsOpenIdToken);
await this._checkToken(identityAccessToken);
return identityAccessToken;
} catch (e) {

View file

@ -23,6 +23,8 @@ import SdkConfig from "../../../SdkConfig";
import Modal from '../../../Modal';
import dis from "../../../dispatcher";
import { getThreepidBindStatus } from '../../../boundThreepids';
import IdentityAuthClient from "../../../IdentityAuthClient";
import {SERVICE_TYPES} from "matrix-js-sdk";
/**
* If a url has no path component, etc. abbreviate it to just the hostname
@ -101,6 +103,7 @@ export default class SetIdServer extends React.Component {
error: null,
busy: false,
disconnectBusy: false,
checking: false,
};
}
@ -111,14 +114,14 @@ export default class SetIdServer extends React.Component {
};
_getTooltip = () => {
if (this.state.busy) {
if (this.state.checking) {
const InlineSpinner = sdk.getComponent('views.elements.InlineSpinner');
return <div>
<InlineSpinner />
{ _t("Checking server") }
</div>;
} else if (this.state.error) {
return this.state.error;
return <span className='warning'>{this.state.error}</span>;
} else {
return null;
}
@ -128,28 +131,68 @@ export default class SetIdServer extends React.Component {
return !!this.state.idServer && !this.state.busy;
};
_saveIdServer = async (e) => {
e.preventDefault();
this.setState({busy: true});
const fullUrl = unabbreviateUrl(this.state.idServer);
const errStr = await checkIdentityServerUrl(fullUrl);
let newFormValue = this.state.idServer;
if (!errStr) {
_saveIdServer = (fullUrl) => {
MatrixClientPeg.get().setIdentityServerUrl(fullUrl);
localStorage.removeItem("mx_is_access_token");
localStorage.setItem("mx_is_url", fullUrl);
dis.dispatch({action: 'id_server_changed'});
newFormValue = '';
this.setState({idServer: '', busy: false, error: null});
};
_checkIdServer = async (e) => {
e.preventDefault();
this.setState({busy: true, checking: true, error: null});
const fullUrl = unabbreviateUrl(this.state.idServer);
let errStr = await checkIdentityServerUrl(fullUrl);
if (!errStr) {
try {
this.setState({checking: false}); // clear tooltip
// Test the identity server by trying to register with it. This
// may result in a terms of service prompt.
const authClient = new IdentityAuthClient(fullUrl);
await authClient.getAccessToken();
// Double check that the identity server even has terms of service.
const terms = await MatrixClientPeg.get().getTerms(SERVICE_TYPES.IS, fullUrl);
if (!terms || !terms["policies"] || Object.keys(terms["policies"]).length <= 0) {
const QuestionDialog = sdk.getComponent("views.dialogs.QuestionDialog");
Modal.createTrackedDialog('No Terms Warning', '', QuestionDialog, {
title: _t("Identity server has no terms of service"),
description: (
<div>
<span className="warning">
{_t("The identity server you have chosen does not have any terms of service.")}
</span>
<span>
&nbsp;{_t("Only continue if you trust the owner of the server.")}
</span>
</div>
),
button: _t("Continue"),
onFinished: async (confirmed) => {
if (!confirmed) return;
this._saveIdServer(fullUrl);
},
});
return;
}
this._saveIdServer(fullUrl);
} catch (e) {
console.error(e);
errStr = _t("Terms of service not accepted or the identity server is invalid.");
}
}
this.setState({
busy: false,
checking: false,
error: errStr,
currentClientIdServer: MatrixClientPeg.get().getIdentityServerUrl(),
idServer: newFormValue,
idServer: this.state.idServer,
});
};
@ -257,7 +300,7 @@ export default class SetIdServer extends React.Component {
}
return (
<form className="mx_SettingsTab_section mx_SetIdServer" onSubmit={this._saveIdServer}>
<form className="mx_SettingsTab_section mx_SetIdServer" onSubmit={this._checkIdServer}>
<span className="mx_SettingsTab_subheading">
{sectionTitle}
</span>
@ -274,7 +317,7 @@ export default class SetIdServer extends React.Component {
tooltipContent={this._getTooltip()}
/>
<AccessibleButton type="submit" kind="primary_sm"
onClick={this._saveIdServer}
onClick={this._checkIdServer}
disabled={!this._idServerChangeEnabled()}
>{_t("Change")}</AccessibleButton>
{discoSection}

View file

@ -548,6 +548,10 @@
"Not a valid Identity Server (status code %(code)s)": "Not a valid Identity Server (status code %(code)s)",
"Could not connect to Identity Server": "Could not connect to Identity Server",
"Checking server": "Checking server",
"Identity server has no terms of service": "Identity server has no terms of service",
"The identity server you have chosen does not have any terms of service.": "The identity server you have chosen does not have any terms of service.",
"Only continue if you trust the owner of the server.": "Only continue if you trust the owner of the server.",
"Terms of service not accepted or the identity server is invalid.": "Terms of service not accepted or the identity server is invalid.",
"You are currently sharing email addresses or phone numbers on the identity server <idserver />. You will need to reconnect to <idserver2 /> to stop sharing them.": "You are currently sharing email addresses or phone numbers on the identity server <idserver />. You will need to reconnect to <idserver2 /> to stop sharing them.",
"Disconnect from the identity server <idserver />?": "Disconnect from the identity server <idserver />?",
"Disconnect Identity Server": "Disconnect Identity Server",
@ -563,7 +567,6 @@
"Terms of service not accepted or the integration manager is invalid.": "Terms of service not accepted or the integration manager is invalid.",
"Integration manager has no terms of service": "Integration manager has no terms of service",
"The integration manager you have chosen does not have any terms of service.": "The integration manager you have chosen does not have any terms of service.",
"Only continue if you trust the owner of the server.": "Only continue if you trust the owner of the server.",
"You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.": "You are currently using <b>%(serverName)s</b> to manage your bots, widgets, and sticker packs.",
"Add which integration manager you want to manage your bots, widgets, and sticker packs.": "Add which integration manager you want to manage your bots, widgets, and sticker packs.",
"Integration Manager": "Integration Manager",