Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-10 06:41:40 -05:00
Code Issues Activity

Improve disabled registry flows

Browse source
This commit is contained in:
Alejandro Alonso 2024-08-19 15:42:54 +02:00
parent 00bb988ecc
commit cd51f2f652
6 changed files with 99 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
CHANGES.md
View file

@ -4,6 +4,12 @@
### :bug: Bugs fixed ### :bug: Bugs fixed
- Don't allow registry with email and password, if password login is disabled (invitation workflow) [Github #4975](https://github.com/penpot/penpot/issues/4975)
## 2.1.2
### :bug: Bugs fixed
- User switch language to "zh_hant" will get 400 [Github #4884](https://github.com/penpot/penpot/issues/4884) - User switch language to "zh_hant" will get 400 [Github #4884](https://github.com/penpot/penpot/issues/4884)
- Smtp config ignoring port if ssl is set [Github #4872](https://github.com/penpot/penpot/issues/4872) - Smtp config ignoring port if ssl is set [Github #4872](https://github.com/penpot/penpot/issues/4872)
- Ability to let users to authenticate with a private oidc provider only [Github #4963](https://github.com/penpot/penpot/issues/4963) - Ability to let users to authenticate with a private oidc provider only [Github #4963](https://github.com/penpot/penpot/issues/4963)

9
backend/src/app/rpc/commands/auth.clj
View file

@ -180,10 +180,11 @@
(defn- validate-register-attempt! (defn- validate-register-attempt!
[cfg params] [cfg params]
(when-not (contains? cf/flags :registration) (when (or
(when-not (contains? params :invitation-token) (not (contains? cf/flags :registration))
(ex/raise :type :restriction (not (contains? cf/flags :login-with-password)))
:code :registration-disabled))) (ex/raise :type :restriction
:code :registration-disabled))
(when (contains? params :invitation-token) (when (contains? params :invitation-token)
(let [invitation (tokens/verify (::setup/props cfg) (let [invitation (tokens/verify (::setup/props cfg)

18
backend/src/app/rpc/commands/verify_token.clj
View file

@ -8,6 +8,7 @@
(:require (:require
[app.common.exceptions :as ex] [app.common.exceptions :as ex]
[app.common.spec :as us] [app.common.spec :as us]
[app.config :as cf]
[app.db :as db] [app.db :as db]
[app.db.sql :as-alias sql] [app.db.sql :as-alias sql]
[app.http.session :as session] [app.http.session :as session]
@ -152,11 +153,12 @@
(us/verify! ::team-invitation-claims claims) (us/verify! ::team-invitation-claims claims)
(let [invitation (db/get* conn :team-invitation (let [invitation (db/get* conn :team-invitation
{:team-id team-id :email-to member-email}) {:team-id team-id :email-to member-email})
profile (db/get* conn :profile profile (db/get* conn :profile
{:id profile-id} {:id profile-id}
{:columns [:id :email]})] {:columns [:id :email]})
registration-disabled? (not (contains? cf/flags :registration))]
(when (nil? invitation) (when (nil? invitation)
(ex/raise :type :validation (ex/raise :type :validation
:code :invalid-token :code :invalid-token
@ -185,12 +187,12 @@
:hint "logged-in user does not matches the invitation")) :hint "logged-in user does not matches the invitation"))
;; If we have not logged-in user, and invitation comes with member-id we ;; If we have not logged-in user, and invitation comes with member-id we
;; redirect user to login, if no memeber-id is present in the invitation ;; redirect user to login, if no memeber-id is present and in the invitation
;; token, we redirect user the the register page. ;; token and registration is enabled, we redirect user the the register page.
{:invitation-token token {:invitation-token token
:iss :team-invitation :iss :team-invitation
:redirect-to (if member-id :auth-login :auth-register) :redirect-to (if (or member-id registration-disabled?) :auth-login :auth-register)
:state :pending}))) :state :pending})))
;; --- Default ;; --- Default

91
backend/test/backend_tests/rpc_profile_test.clj
View file

@ -505,6 +505,54 @@
(t/is (nil? (:error out))) (t/is (nil? (:error out)))
(t/is (= 0 (:call-count @mock)))))))) (t/is (= 0 (:call-count @mock))))))))
(t/deftest prepare-and-register-with-invitation-and-enabled-registration-1
(let [sprops (:app.setup/props th/*system*)
itoken (tokens/generate sprops
{:iss :team-invitation
:exp (dt/in-future "48h")
:role :editor
:team-id uuid/zero
:member-email "user@example.com"})
data {::th/type :prepare-register-profile
:invitation-token itoken
:email "user@example.com"
:password "foobar"}
{:keys [result error] :as out} (th/command! data)]
(t/is (nil? error))
(t/is (map? result))
(t/is (string? (:token result)))
(let [rtoken (:token result)
data {::th/type :register-profile
:token rtoken
:fullname "foobar"}
{:keys [result error] :as out} (th/command! data)]
;; (th/print-result! out)
(t/is (nil? error))
(t/is (map? result))
(t/is (string? (:invitation-token result))))))
(t/deftest prepare-and-register-with-invitation-and-enabled-registration-2
(let [sprops (:app.setup/props th/*system*)
itoken (tokens/generate sprops
{:iss :team-invitation
:exp (dt/in-future "48h")
:role :editor
:team-id uuid/zero
:member-email "user2@example.com"})
data {::th/type :prepare-register-profile
:invitation-token itoken
:email "user@example.com"
:password "foobar"}
out (th/command! data)]
(t/is (not (th/success? out)))
(let [edata (-> out :error ex-data)]
(t/is (= :restriction (:type edata)))
(t/is (= :email-does-not-match-invitation (:code edata))))))
(t/deftest prepare-and-register-with-invitation-and-disabled-registration-1 (t/deftest prepare-and-register-with-invitation-and-disabled-registration-1
(with-redefs [app.config/flags [:disable-registration]] (with-redefs [app.config/flags [:disable-registration]]
@ -519,22 +567,12 @@
:invitation-token itoken :invitation-token itoken
:email "user@example.com" :email "user@example.com"
:password "foobar"} :password "foobar"}
out (th/command! data)]
{:keys [result error] :as out} (th/command! data)] (t/is (not (th/success? out)))
(t/is (nil? error)) (let [edata (-> out :error ex-data)]
(t/is (map? result)) (t/is (= :restriction (:type edata)))
(t/is (string? (:token result))) (t/is (= :registration-disabled (:code edata)))))))
(let [rtoken (:token result)
data {::th/type :register-profile
:token rtoken
:fullname "foobar"}
{:keys [result error] :as out} (th/command! data)]
;; (th/print-result! out)
(t/is (nil? error))
(t/is (map? result))
(t/is (string? (:invitation-token result)))))))
(t/deftest prepare-and-register-with-invitation-and-disabled-registration-2 (t/deftest prepare-and-register-with-invitation-and-disabled-registration-2
(with-redefs [app.config/flags [:disable-registration]] (with-redefs [app.config/flags [:disable-registration]]
@ -555,7 +593,28 @@
(t/is (not (th/success? out))) (t/is (not (th/success? out)))
(let [edata (-> out :error ex-data)] (let [edata (-> out :error ex-data)]
(t/is (= :restriction (:type edata))) (t/is (= :restriction (:type edata)))
(t/is (= :email-does-not-match-invitation (:code edata))))))) (t/is (= :registration-disabled (:code edata)))))))
(t/deftest prepare-and-register-with-invitation-and-disabled-login-with-password
(with-redefs [app.config/flags [:disable-login-with-password]]
(let [sprops (:app.setup/props th/*system*)
itoken (tokens/generate sprops
{:iss :team-invitation
:exp (dt/in-future "48h")
:role :editor
:team-id uuid/zero
:member-email "user2@example.com"})
data {::th/type :prepare-register-profile
:invitation-token itoken
:email "user@example.com"
:password "foobar"}
out (th/command! data)]
(t/is (not (th/success? out)))
(let [edata (-> out :error ex-data)]
(t/is (= :restriction (:type edata)))
(t/is (= :registration-disabled (:code edata)))))))
(t/deftest prepare-register-with-registration-disabled (t/deftest prepare-register-with-registration-disabled
(with-redefs [app.config/flags #{}] (with-redefs [app.config/flags #{}]

3
frontend/src/app/main/ui/auth/register.cljs
View file

@ -136,7 +136,8 @@
(when login/show-alt-login-buttons? (when login/show-alt-login-buttons?
[:& login/login-buttons {:params params}]) [:& login/login-buttons {:params params}])
[:hr {:class (stl/css :separator)}] [:hr {:class (stl/css :separator)}]
[:& register-form {:params params :on-success-callback on-success-callback}]]) (when (contains? cf/flags :login-with-password)
[:& register-form {:params params :on-success-callback on-success-callback}])])
(mf/defc register-page (mf/defc register-page
{::mf/props :obj} {::mf/props :obj}

2
version.txt
View file

@ -1 +1 @@
2.1.2 2.1.3