Commit graph

270 commits

Author SHA1 Message Date
J. Ryan Stinnett
b5d532b8cd Test for cross-signing homeserver support during login, toasts
This adds more checking of homeserver support for cross-signing at login and in
toasts.

Fixes https://github.com/vector-im/riot-web/issues/12228
2020-03-12 18:08:51 +00:00
Travis Ralston
2204785026 Simplify SSO step checking 2020-03-04 12:26:08 -07:00
Travis Ralston
3842bce74d Fix SSO for new approach 2020-03-04 11:41:16 -07:00
Travis Ralston
3cff6d7239 Appease the linter 2020-03-03 23:26:20 -07:00
Travis Ralston
e265c92b6e Redirect registration requests to Login when the server supports SSO
For https://github.com/vector-im/riot-web/issues/12362
2020-03-03 23:24:50 -07:00
Travis Ralston
bcfe1fcac5 Wire up 'create account' to the SSO button when SSO is used
For https://github.com/vector-im/riot-web/issues/12362
2020-03-03 23:23:53 -07:00
Michael Telatynski
f08d034f84
Merge pull request #4158 from matrix-org/t3chguy/sso
riot-desktop open SSO in browser so user doesn't have to auth twice
2020-03-03 22:27:48 +00:00
J. Ryan Stinnett
88f351d5ca Keep sign in button disabled on success
This changes password login to keep the sign in button locked when proceeding
successfully to avoid the possibility of double device sign in.

Part of https://github.com/vector-im/riot-web/issues/12546
2020-03-03 10:42:08 +00:00
Michael Telatynski
f8045e428b riot-desktop open SSO in browser so user doesn't have to auth twice 2020-03-02 14:59:54 +00:00
Michael Telatynski
b2c1242207 delint
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2020-02-23 22:19:18 +00:00
Michael Telatynski
d783ce86c8 Use noreferrer in addition to noopener for edge case browsers
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2020-02-23 22:14:29 +00:00
Bruno Windels
8c3004c2ac to_device requests now can include .request so we might need send .ready 2020-02-10 16:19:27 +01:00
Travis Ralston
ea4d97fa73 Hack in a layout option 2020-02-10 16:19:27 +01:00
Bruno Windels
3d91ff23ec cram the EncryptionPanel in CompleteSecurity instead of IncomingSasDialog
so we get QR code support and support phases prior to STARTED
2020-02-10 16:19:27 +01:00
J. Ryan Stinnett
636b3696ed
Merge pull request #4011 from matrix-org/jryans/comp-sec-title
Add title to complete security loading
2020-01-31 13:22:22 +00:00
J. Ryan Stinnett
1a95a1d4ba Add title to complete security loading 2020-01-31 10:47:58 +00:00
David Baker
ea7f160950 lint 2020-01-31 10:38:20 +00:00
David Baker
26c9b64c3b Log exceptions from accessSecretStorage
Rather than ignoring everything assuming the user cancelled
2020-01-31 10:35:05 +00:00
David Baker
2f4b3272da Send initial device display najme on register
Fixes https://github.com/vector-im/riot-web/issues/12140
2020-01-30 11:27:54 +00:00
J. Ryan Stinnett
067bfe2ee3 Tweaks from PR 2020-01-29 16:10:46 +00:00
J. Ryan Stinnett
81ee27f41e Replace device with session in UI text
This replaces "device" with "session" throughout user-visible text at the React
layer. Variable names and comments are left as-is for now.
2020-01-29 15:52:32 +00:00
David Baker
4a26a72684 Restore key backup in Complete Security dialog
Fixes https://github.com/vector-im/riot-web/issues/11889
2020-01-28 22:46:21 +00:00
J. Ryan Stinnett
89f110f60a Add separate component for post-auth security flows
Instead of twisting `AuthBody`, this adds a new component for the different
styling of post-auth security flows. This also makes them fixed width and
adjusts padding to match designs.
2020-01-27 22:28:07 +00:00
David Baker
6737523b1c
Merge pull request #3942 from matrix-org/dbkr/show_incoming_verifications_in_complete_security
Show incoming verification requests in the 'complete security' phase
2020-01-27 11:17:16 +00:00
David Baker
11de92b9a9 hopefully informative comment 2020-01-27 11:07:55 +00:00
David Baker
9e38c62791 Show incoming verification requests in the 'complete security' phase
If you click to verify your new sign in on another device, actually
show the verification request on the 'complete security' screen.
2020-01-25 20:42:45 +00:00
David Baker
437b45f8a6 Remember password for e2e bootstrapping
Fixes https://github.com/vector-im/riot-web/issues/12046
2020-01-25 15:28:06 +00:00
David Baker
3d7137d4ad Setup flow for cross-signing on login / registration
Still outstanding:
 * Keep password from login / registration
 * Confirmation on skip button

Fixes https://github.com/vector-im/riot-web/issues/11902
2020-01-24 19:11:57 +00:00
David Baker
50b05551ba
Merge pull request #3916 from matrix-org/dbkr/security_dialog_noheader
Remove riot logo from the security setup screens
2020-01-24 09:50:25 +00:00
David Baker
74b678d0ff Only say the session is verified if it is now verified 2020-01-23 19:19:12 +00:00
David Baker
a3026277c1 Unused variable 2020-01-23 18:24:03 +00:00
David Baker
5319ee4572 Remove riot logo from the security setup screens
With a little faff to make the rounded borders consistent again
2020-01-23 18:14:08 +00:00
David Baker
d69c5f6a1b Catch exception if passphrase dialog cancelled
As hopefully explained by comment
2020-01-17 14:46:20 +00:00
J. Ryan Stinnett
71fa3222fe
Fix component index import
Co-Authored-By: Travis Ralston <travpc@gmail.com>
2020-01-15 22:11:22 +00:00
J. Ryan Stinnett
27ee90cad5 Add post-login complete security flow
This adds a step after login to complete security for your new session. At the
moment, the only verification method is entering your SSSS passphrase, but nicer
paths will be added soon.

This new step only appears when crypto is available and the account has
cross-signing enabled in SSSS.

Fixes https://github.com/vector-im/riot-web/issues/11214
2020-01-15 21:53:36 +00:00
Travis Ralston
59f608ffd6
Merge pull request #3761 from matrix-org/travis/babel7-wp-es6-export
Convert CommonJS exports to ES6 exports
2020-01-08 09:09:11 -07:00
Travis Ralston
042bd35d79 Fix MatrixClientPeg imports 2019-12-22 21:15:54 -07:00
Travis Ralston
d56f0f2a25 Convert many imports to handle ES6 exports
Reliant upon https://github.com/matrix-org/matrix-react-sdk/pull/3761
2019-12-22 21:04:42 -07:00
Travis Ralston
344dac4fb9 Convert CommonJS exports to ES6-compatible exports
We use `export default` begrudgingly here. Ideally we'd use just `export`, though this entire SDK expects things to be exported as a default. Instead of breaking everything, we'll sacrifice our export pattern for a smaller diff - a later commit can always do the default export -> regular export conversion.
2019-12-22 21:01:02 -07:00
Travis Ralston
20a615396b Implementation of new potential skinning mechanism
With a switch to Only One Webpack™ we need a way to help developers generate the component index without a concurrent watch task. The best way to do this is to have developers import their components, but how do they do that when we support skins? The answer in this commit is to change skinning.

Skinning now expects to receive your list of overrides instead of the react-sdk+branded components. For Riot this means we send over *only* the Vector components and not Vector+react-sdk. 

Components can then be annotated with the `replaceComponent` decorator to have them be skinnable. The decorator must take a string with the dot path of the component because we can't reliably calculate it ourselves, sadly. 

The decorator does a call to `getComponent` which is where the important part of the branded components not including the react-sdk is important: if the branded app includes the react-sdk then the decorator gets executed before the skin has finished loading, leading to all kinds of fun errors. This is also why the skinner lazily loads the react-sdk components to avoid importing them too early, breaking the app.

The decorator will end up receiving null for a component because of the getComponent loop mentioned: the require() call is still in progress when the decorator is called, therefore we can't error out. All usages of getComponent() within the app are safe to not need such an error (the return won't be null, and developers shouldn't use getComponent() after this commit anyways).

The AuthPage, being a prominent component, has been converted to demonstrate this working. Changes to riot-web are required to have this work.

The reskindex script has also been altered to reflect these skinning changes - it no longer should set the react-sdk as a parent. The eventual end goal is to get rid of `getComponent()` entirely as it'll be easily replaced by imports.
2019-12-12 19:48:45 -07:00
Michael Telatynski
6121420113
Merge branch 'develop' into t3chguy/remove_bluebird 2019-11-20 15:21:23 +00:00
J. Ryan Stinnett
d5d2f7f936
Merge pull request #3588 from matrix-org/jryans/identity-disco-opt
Relax identity server discovery error handling
2019-11-18 17:09:08 +00:00
Michael Telatynski
5c172a383d Merge branch 't3chguy/remove_bluebird_2' of https://github.com/matrix-org/matrix-react-sdk into t3chguy/remove_bluebird
 Conflicts:
	src/components/views/right_panel/UserInfo.js
2019-11-18 10:36:43 +00:00
Michael Telatynski
d4d51dc61f Rip out the remainder of Bluebird 2019-11-18 10:03:05 +00:00
J. Ryan Stinnett
413b90328f Show server details on login for unreachable homeserver
This fixes the login page to be more helpful when the current homeserver is
unreachable: it reveals the server change field, so you have some chance to
progress forward.

Fixes https://github.com/vector-im/riot-web/issues/11077
2019-11-14 15:23:04 +00:00
Michael Telatynski
168b1b68bb Revert "s/.done(/.then(/ since modern es6 track unhandled promise exceptions"
This reverts commit 09a8fec2
2019-11-12 11:56:21 +00:00
Michael Telatynski
09a8fec261 s/.done(/.then(/ since modern es6 track unhandled promise exceptions 2019-11-12 11:51:23 +00:00
J. Ryan Stinnett
446e21c2e1 Relax identity server discovery error handling
If discovery results in a warning for the identity server (as in can't be found
or is malformed), this allows you to continue signing in and shows the warning
above the form.

Fixes https://github.com/vector-im/riot-web/issues/11102
2019-11-01 12:27:56 +00:00
J. Ryan Stinnett
0c51e41ea4 Remove id_server param for password reset
For HSes that no longer need it, remove the id_server param from password reset.

Part of https://github.com/vector-im/riot-web/issues/10941
2019-09-24 14:54:26 +01:00
Michael Telatynski
6209d62f49 Don't show spinner if registration is disabled
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2019-09-18 13:19:33 +01:00
Michael Telatynski
a4a85dc541 Hide the change HS url button on SSO login flow if custom urls disabled
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2019-09-11 23:02:52 +01:00
Michael Telatynski
6f736e8407 Apply PR feedback
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2019-09-11 17:44:04 +01:00
Michael Telatynski
76e4363452 Login: Add way to change HS from SSO Homeserver
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2019-09-11 17:44:04 +01:00
Michael Telatynski
f1ea5ff6f3 Login: don't assume supported flows, prevent login flash on SSO servers
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2019-09-11 17:44:04 +01:00
Michael Telatynski
2e1fb4533c Migrate away from React.createClass for auth and views/auth. React 16 :D
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2019-08-30 10:27:51 +01:00
J. Ryan Stinnett
72ec6c7062 Reveal custom IS field only when required
This hides the identity server at first from the custom server auth flows. For
the flows that may need an IS if the HS requires it (registration, password
reset), we then check with the HS before proceeding further and reveal the IS
field if it is in fact needed.

Fixes https://github.com/vector-im/riot-web/issues/10553
2019-08-23 18:43:55 +01:00
David Baker
cd26b73386
Merge pull request #3319 from matrix-org/dbkr/allow_pw_reset_no_is
Allow password reset without an ID Server
2019-08-19 11:41:38 +01:00
David Baker
dbe5c2cb45 Allow password reset without an ID Server
If the server advertises that it supports doing so

Requires matrix-org/matrix-js-sdk#1018
Requires matrix-org/matrix-js-sdk#1019
Fixes vector-im/riot-web#10572
2019-08-16 18:11:24 +01:00
David Baker
3c4c595f79 remove old serverCaps 2019-08-16 15:27:11 +01:00
David Baker
41a9db3224 Use new flag in /versions 2019-08-16 15:07:15 +01:00
David Baker
e705d110af Allow registering with email if no ID Server
If the server advertises that it supports doing so

This version uses a random me.dbkr prefix until the MSC is
written.

Requires https://github.com/matrix-org/matrix-js-sdk/pull/1017
Implements https://github.com/matrix-org/matrix-doc/pull/2233
2019-08-16 11:57:32 +01:00
J. Ryan Stinnett
38e64ce966 Remove 3PID binding during registration
This disables 3PID binding at registration time, so users won't be discoverable
by 3PID by default. Instead, new discovery controls in settings allow you to
opt-in.

Fixes https://github.com/vector-im/riot-web/issues/10424
2019-08-08 16:25:48 +01:00
David Baker
9fa5e01f2f Disable password reset if no ID server 2019-08-07 13:30:52 +01:00
David Baker
e8fcfbe2bf
Merge pull request #3280 from matrix-org/bwindels/user-deactivated
Let user know their account has been deactivated upon trying to login
2019-08-05 13:23:40 +01:00
Bruno Windels
7a5167b1a3 Let user know their account has been deactivated upon trying to login 2019-08-05 13:48:25 +02:00
David Baker
1c156f0a5a Don't load guest sessions on post-registration login link
If guest access was enabled, clicking the login link on the 'registration
completed' page would just load the guest account you had before registering.

Fixes https://github.com/vector-im/riot-web/issues/10482
2019-08-02 11:22:42 +01:00
Travis Ralston
2bc0e8e151 Don't rely on React being fast 2019-07-15 10:51:08 -06:00
Travis Ralston
c6a18b11f0 Check for liveliness on submission when the server was previously dead
Fixes https://github.com/vector-im/riot-web/issues/10017

Specifically the `return` at the end of the diff fixes the problem, but it seems worthwhile to check for liveliness when we know the server has been dead in previous attempts.
2019-07-14 23:23:48 -06:00
Travis Ralston
000d545ffd Remove misleading text about admins logging people out from soft logout 2019-07-11 09:18:33 -06:00
Travis Ralston
ce11eff1b8 Simplify parameter check 2019-07-10 08:01:32 -06:00
Travis Ralston
2ca6633fda Update copy as per design 2019-07-09 23:55:20 -06:00
Travis Ralston
1eb60ef1c4 Support SSO for rehydrating a soft-logged-out session.
Fixes https://github.com/vector-im/riot-web/issues/10238
2019-07-09 20:16:44 -06:00
Travis Ralston
4b1d78e04d Merge branch 'develop' into travis/soft-logout-design 2019-07-09 11:35:49 -06:00
Travis Ralston
a33e5f1918
Merge pull request #3188 from matrix-org/travis/soft-logout-non-default-hs
Fix React crash when using a non-default homeserver on soft logout
2019-07-09 11:32:31 -06:00
Travis Ralston
d2ab0a5ca7 Move key backup init to componentDidMount 2019-07-08 11:53:26 -06:00
Travis Ralston
3e0be640fd Merge branch 'travis/soft-logout-rehydrate' into travis/soft-logout-keys 2019-07-08 11:52:58 -06:00
Travis Ralston
c3383e9315 Move _initLogin to componentDidMount 2019-07-08 11:51:22 -06:00
Travis Ralston
ae79ce97f3 Dress up the soft logout page to look like the design
Fixes https://github.com/vector-im/riot-web/issues/10262

Also fixes showing the user ID twice. We might have a User object which helpfully sets the display name to the user ID, so check for that.
2019-07-05 15:05:31 -06:00
Travis Ralston
1f1a5b2aac Fix React crash when using a non-default homeserver on soft logout
The function used exists on the peg, not the client. This commit also fixes the name of the function in a backwards compatible way.
2019-07-05 14:35:21 -06:00
Travis Ralston
55b4ef2169 Change soft logout rehydrate text if there's pending key backups
Fixes https://github.com/vector-im/riot-web/issues/10263
Requires https://github.com/matrix-org/matrix-js-sdk/pull/982
2019-07-05 13:52:14 -06:00
Travis Ralston
00973a1ee8 Appease the linter 2019-07-04 17:00:09 -06:00
Travis Ralston
93872e6fa5 Ask for the user's password to rehydrate their soft logged out session
Fixes https://github.com/vector-im/riot-web/issues/10236

The changes to the MatrixClientPeg (assign/start) are to permit the SoftLogout page to access the MatrixClientPeg reliably. This is why assign() is called by Lifecycle as an alternative to start().

Minimal design work has been done here. The majority is deferred to https://github.com/vector-im/riot-web/issues/10262
2019-07-04 16:51:16 -06:00
Travis Ralston
521bc90b5f Appease the linter 2019-07-03 16:51:09 -06:00
Travis Ralston
42e6287bdb Implement basic soft logout handling
Fixes https://github.com/vector-im/riot-web/issues/10235

CSS and copy are left as an exercise for a later iteration.

Login page handling is left for https://github.com/vector-im/riot-web/issues/10236

This implementation reuses as much of the Lifecycle flow as it can without causing problems. Most importantly, it requires https://github.com/matrix-org/matrix-js-sdk/pull/975 to be able to detect a soft logout and react to it. When it comes time to starting/stopping the Lifecycle, additional parameters are provided so that the auxiliary services can (re)start themselves without the client starting to sync.
2019-07-03 16:46:37 -06:00
David Baker
c8e121dc70 Restore warning for if you're already logged in
...when clicking an email link. Although now we can complete the
registration because we can do so without replacing your session.
2019-06-18 18:43:14 +01:00
David Baker
10f6abfe17 Allow changing server if validation has failed
Show the server config section if there's an error and fix an if
case where we forgot to un-set the busy flag
2019-06-17 18:47:20 +01:00
David Baker
e3bf4a0b8e Re-enable register button on change to working HS
Register button disabling is done via serverErrorIsFatal so we need
to reset this on a successful validation.

https://github.com/vector-im/riot-web/issues/10029
2019-06-17 16:27:35 +01:00
David Baker
8fa50b26a6 Fix welcome user
https://github.com/matrix-org/matrix-react-sdk/pull/3101 meant we
don't get logged straight in after registering if using an email
address, but this was the point at which we made a chat with the
welcome user. Instead, set a flag in memory that we should try &
make a chat with the welcome user for that user ID if we get a
session for them.

Of course, if the user logs in on both tabs, this would mean each
would make a chat with the welcome user (although actually this
was a problem with the old code too). Check our m.direct to see if
we've started a chat with the welcome user before making one (which
also means we have to make sure the cached sync is up to date...
see comments).
2019-06-14 15:31:19 +01:00
David Baker
81327264f7 Remove unused inhibitlogin param
and fix docs.
2019-06-13 17:44:00 +01:00
David Baker
048d8d2ec7 Simplify email registration
You now don't get automatically logged in after finishing
registration. This makes a whole class of failures involving race
conditions and multiple devices impossible.

https://github.com/vector-im/riot-web/issues/9586
2019-06-13 16:24:09 +01:00
J. Ryan Stinnett
b8ed731c89 Allow registration to submit for non-fatal errors
This allows you to proceed with registration even if the IS is down, for
example.

Fixes https://github.com/vector-im/riot-web/issues/10018
2019-06-11 18:01:27 +01:00
J. Ryan Stinnett
21099052fc Clear the login busy state after .well-known discovery
This always clear the login busy state after .well-known discovery without
waiting for the resulting server config. This is important for the case where
the HS that a full MXID resolves to matches the default HS, as without it we'd
be stuck in a busy state forever.

Fixes https://github.com/vector-im/riot-web/issues/10014
2019-06-11 15:41:47 +01:00
David Baker
a6c5ac669b Don't show spinner once liveness check has failed
We're not doing anything at that point so it's a lie
2019-06-11 12:10:44 +01:00
David Baker
5eccd14120 Fix registration after fail-fast
The lineness checks meant that we could no longer assume we always
had a matrix client, so don't assume we do.

Fixes https://github.com/vector-im/riot-web/issues/10011
2019-06-11 12:02:14 +01:00
David Baker
7b3d1ad08d
Typo 2019-06-11 10:29:00 +01:00
Travis Ralston
bd3237500f Fix submit disabled condition 2019-06-10 20:24:06 -06:00
Travis Ralston
aacb942d57 Don't handle identity server failure as fatal, and use the right message
Fixes https://github.com/vector-im/riot-web/issues/10002
2019-06-10 19:28:32 -06:00
Travis Ralston
59ba5fe62a Don't block submit if the server is dead
But still check so we can clear any errors, maybe
2019-06-07 07:36:46 -06:00
Travis Ralston
120123bcb1 Allow submit on forgot password page 2019-06-07 07:27:15 -06:00
Travis Ralston
d59ad605a6 Allow the login form to be submitted, and clarify other things 2019-06-06 12:18:41 -06:00