(core) Adding GristConnect login system

Summary: New login system to allow simple SSO flow that is based on Discourse description that is available at: https://meta.discourse.org/t/discourseconnect-official-single-sign-on-for-discourse-sso/13045 Test Plan: New core test. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D3418
2026-03-02 04:09:24 +00:00 · 2022-05-18 12:25:14 +02:00
parent cf23a2d1ee
commit 0ab9e4a6a0
16 changed files with 245 additions and 31 deletions
--- a/app/client/ui/AccountWidget.ts
+++ b/app/client/ui/AccountWidget.ts
@@ -91,7 +91,7 @@ export class AccountWidget extends Disposable {
    }

    const users = this._appModel.topAppModel.users;
-
+    const isExternal = user?.loginMethod === 'External';
    return [
      cssUserInfo(
        createUserImage(user, 'large'),
@@ -138,7 +138,7 @@ export class AccountWidget extends Disposable {
            cssOtherEmail(_user.email, testId('usermenu-other-email')),
          );
        }),
-        menuItemLink({href: getLoginUrl()}, "Add Account", testId('dm-add-account')),
+        isExternal ? null : menuItemLink({href: getLoginUrl()}, "Add Account", testId('dm-add-account')),
      ],

      menuItemLink({href: getLogoutUrl()}, "Sign Out", testId('dm-log-out')),
--- a/app/client/ui/errorPages.ts
+++ b/app/client/ui/errorPages.ts
@@ -1,5 +1,5 @@
 import {AppModel} from 'app/client/models/AppModel';
-import {getLoginUrl, urlState} from 'app/client/models/gristUrlState';
+import {getLoginUrl, getMainOrgUrl, urlState} from 'app/client/models/gristUrlState';
 import {AppHeader} from 'app/client/ui/AppHeader';
 import {leftPanelBasic} from 'app/client/ui/LeftPanelCommon';
 import {pagePanels} from 'app/client/ui/PagePanels';
@@ -24,6 +24,8 @@ export function createErrPage(appModel: AppModel) {
 * Creates a page to show that the user has no access to this org.
 */
 export function createForbiddenPage(appModel: AppModel, message?: string) {
+  const isAnonym = () => !appModel.currentValidUser;
+  const isExternal = () => appModel.currentValidUser?.loginMethod === 'External';
  return pagePanelsError(appModel, 'Access denied', [
    dom.domComputed(appModel.currentValidUser, user => user ? [
      cssErrorText(message || "You do not have access to this organization's documents."),
@@ -32,12 +34,14 @@ export function createForbiddenPage(appModel: AppModel, message?: string) {
    ] : [
      // This page is not normally shown because a logged out user with no access will get
      // redirected to log in. But it may be seen if a user logs out and returns to a cached
-      // version of this page.
+      // version of this page or is an external user (connected through GristConnect).
      cssErrorText("Sign in to access this organization's documents."),
    ]),
    cssButtonWrap(bigPrimaryButtonLink(
-      appModel.currentValidUser ? 'Add account' : 'Sign in',
-      {href: getLoginUrl()},
+        isExternal() ? 'Go to main page' :
+        isAnonym() ? 'Sign in' :
+        'Add account',
+      {href: isExternal() ? getMainOrgUrl() : getLoginUrl()},
      testId('error-signin'),
    ))
  ]);