0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-11 07:11:32 -05:00

Add :insecure-register flag.

This allows on-premise users skip the email validation.
This commit is contained in:
Andrey Antukh 2021-11-10 15:53:54 +01:00 committed by Andrés Moya
parent bf2a393fd3
commit e7003dde83
10 changed files with 79 additions and 60 deletions

View file

@ -268,10 +268,17 @@
::telemetry-with-taiga
::tenant]))
(def default-flags
[:enable-backend-asserts
:enable-backend-api-doc
:enable-insecure-register
:enable-secure-session-cookies])
(defn- parse-flags
[config]
(-> (:flags config)
(flags/parse flags/default)))
(flags/parse flags/default
default-flags
(:flags config)))
(defn read-env
[prefix]

View file

@ -45,7 +45,7 @@
(defn handler
[rpc]
(let [context (prepare-context rpc)]
(if (contains? cf/flags :api-doc)
(if (contains? cf/flags :backend-api-doc)
(fn [_]
{:status 200
:body (-> (io/resource "api-doc.tmpl")

View file

@ -203,6 +203,7 @@
(sxf request)))
(let [info (assoc info
:iss :prepared-register
:is-active true
:exp (dt/in-future {:hours 48}))
token (tokens :generate info)
params (d/without-nils

View file

@ -53,12 +53,13 @@
(defn- add-cookies
[response {:keys [id] :as session}]
(let [cors? (contains? cfg/flags :cors)]
(let [cors? (contains? cfg/flags :cors)
secure? (contains? cfg/flags :secure-session-cookies)]
(assoc response :cookies {cookie-name {:path "/"
:http-only true
:value id
:same-site (if cors? :none :strict)
:secure true}})))
:secure secure?}})))
(defn- clear-cookies
[response]

View file

@ -34,7 +34,7 @@
params {:id id
:email email
:fullname fullname
:is-demo true
:is-active true
:deleted-at (dt/in-future cf/deletion-delay)
:password password
:props {:onboarding-viewed true}}]

View file

@ -124,9 +124,7 @@
;; --- MUTATION: Register Profile
(s/def ::accept-terms-and-privacy ::us/boolean)
(s/def ::token ::us/not-empty-string)
(s/def ::register-profile
(s/keys :req-un [::token ::fullname]))
@ -146,13 +144,17 @@
(defn register-profile
[{:keys [conn tokens session metrics] :as cfg} {:keys [token] :as params}]
(let [claims (tokens :verify {:token token :iss :prepared-register})
params (merge params claims)]
(let [claims (tokens :verify {:token token :iss :prepared-register})
params (merge params claims)]
(check-profile-existence! conn params)
(let [profile (->> params
(create-profile conn)
(create-profile-relations conn)
(decode-profile-row))]
(let [is-active (or (:is-active params)
(contains? cf/flags :insecure-register))
profile (->> (assoc params :is-active is-active)
(create-profile conn)
(create-profile-relations conn)
(decode-profile-row))]
(cond
;; If invitation token comes in params, this is because the
;; user comes from team-invitation process; in this case,
@ -182,6 +184,15 @@
::audit/props (audit/profile->props profile)
::audit/profile-id (:id profile)})
;; If the `:enable-insecure-register` flag is set, we proceed
;; to sign in the user directly, without email verification.
(true? is-active)
(with-meta (profile/strip-private-attrs profile)
{:transform-response ((:create session) (:id profile))
:before-complete (annotate-profile-register metrics)
::audit/props (audit/profile->props profile)
::audit/profile-id (:id profile)})
;; In all other cases, send a verification email.
:else
(let [vtoken (tokens :generate
@ -226,7 +237,7 @@
backend (:backend params "penpot")
is-demo (:is-demo params false)
is-muted (:is-muted params false)
is-active (:is-active params (or (not= "penpot" backend) is-demo))
is-active (:is-active params false)
email (str/lower (:email params))
params {:id id

View file

@ -10,30 +10,28 @@
[cuerdas.core :as str]))
(def default
#{:backend-asserts
:api-doc
:registration
:demo-users})
"A common flags that affects both: backend and frontend."
[:enable-registration
:enable-demo-users])
(defn parse
([flags] (parse flags #{}))
([flags default]
(loop [flags (seq flags)
result default]
(let [item (first flags)]
(if (nil? item)
result
(let [sname (name item)]
(cond
(str/starts-with? sname "enable-")
(recur (rest flags)
(conj result (keyword (subs sname 7))))
[& flags]
(loop [flags (apply concat flags)
result #{}]
(let [item (first flags)]
(if (nil? item)
result
(let [sname (name item)]
(cond
(str/starts-with? sname "enable-")
(recur (rest flags)
(conj result (keyword (subs sname 7))))
(str/starts-with? sname "disable-")
(recur (rest flags)
(disj result (keyword (subs sname 8))))
(str/starts-with? sname "disable-")
(recur (rest flags)
(disj result (keyword (subs sname 8))))
:else
(recur (rest flags) result))))))))
:else
(recur (rest flags) result)))))))

View file

@ -50,7 +50,7 @@ services:
- PENPOT_SMTP_PASSWORD=
- PENPOT_SMTP_SSL=false
- PENPOT_SMTP_TLS=false
- PENPOT_FLAGS="enable-cors"
- PENPOT_FLAGS="enable-cors enable-insecure-register enable-terms-and-privacy-checkbox"
# LDAP setup
- PENPOT_LDAP_HOST=ldap

View file

@ -57,8 +57,8 @@
(defn- parse-flags
[global]
(let [flags (obj/get global "penpotFlags" "")
flags (into #{} (map keyword) (str/words flags))]
(flags/parse flags flags/default)))
flags (sequence (map keyword) (str/words flags))]
(flags/parse flags/default flags)))
(defn- parse-version
[global]

View file

@ -169,7 +169,9 @@
(let [token (:invitation-token data)]
(st/emit! (rt/nav :auth-verify-token {} {:token token})))
(not= "penpot" (:auth-backend data))
;; The :is-active flag is true, when insecure-register is enabled
;; or the user used external auth provider.
(:is-active data)
(st/emit! (du/login-from-register))
:else
@ -178,9 +180,14 @@
(s/def ::accept-terms-and-privacy (s/and ::us/boolean true?))
(s/def ::accept-newsletter-subscription ::us/boolean)
(s/def ::register-validate-form
(s/keys :req-un [::token ::fullname ::accept-terms-and-privacy]
:opt-un [::accept-newsletter-subscription]))
(if (contains? @cf/flags :terms-and-privacy-checkbox)
(s/def ::register-validate-form
(s/keys :req-un [::token ::fullname ::accept-terms-and-privacy]
:opt-un [::accept-newsletter-subscription]))
(s/def ::register-validate-form
(s/keys :req-un [::token ::fullname]
:opt-un [::accept-terms-and-privacy
::accept-newsletter-subscription])))
(mf/defc register-validate-form
[{:keys [params] :as props}]
@ -207,23 +214,17 @@
:label (tr "auth.fullname")
:type "text"}]]
[:div.fields-row
[:& fm/input {:name :accept-terms-and-privacy
:class "check-primary"
:type "checkbox"}
[:span
(tr "auth.terms-privacy-agreement")
[:div
[:a {:href "https://penpot.app/terms.html" :target "_blank"} (tr "auth.terms-of-service")]
[:span ",\u00A0"]
[:a {:href "https://penpot.app/privacy.html" :target "_blank"} (tr "auth.privacy-policy")]]]]]
;; (when (contains? @cf/flags :newsletter-registration-check)
;; [:div.fields-row
;; [:& fm/input {:name :accept-newsletter-subscription
;; :class "check-primary"
;; :label (tr "auth.newsletter-subscription")
;; :type "checkbox"}]])
(when (contains? @cf/flags :terms-and-privacy-checkbox)
[:div.fields-row
[:& fm/input {:name :accept-terms-and-privacy
:class "check-primary"
:type "checkbox"}
[:span
(tr "auth.terms-privacy-agreement")
[:div
[:a {:href "https://penpot.app/terms.html" :target "_blank"} (tr "auth.terms-of-service")]
[:span ",\u00A0"]
[:a {:href "https://penpot.app/privacy.html" :target "_blank"} (tr "auth.privacy-policy")]]]]])
[:& fm/submit-button
{:label (tr "auth.register-submit")