(core) Add account page option to allow Google login

Summary:
Enabled by default, the new checkbox is only visible to
users logged in with email/password, and controls whether it is possible
to log in to the same account via a Google account
(with matching email). When disabled, CognitoClient will refuse logins
from Google if a Grist account with the same email exists.

Test Plan:
Server and browser tests for setting flag. Manual tests to verify
Cognito doesn't allow signing in with Google when flag is disabled.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D3257
This commit is contained in:
George Gevoian 2022-02-14 13:26:21 -08:00
parent 99f3422217
commit e264094412
8 changed files with 115 additions and 10 deletions

View File

@ -10,6 +10,7 @@ import {transientInput} from 'app/client/ui/transientInput';
import {buildNameWarningsDom, checkName} from 'app/client/ui/WelcomePage';
import {bigBasicButton, bigPrimaryButtonLink} from 'app/client/ui2018/buttons';
import {cssBreadcrumbs, cssBreadcrumbsLink, separator} from 'app/client/ui2018/breadcrumbs';
import {labeledSquareCheckbox} from 'app/client/ui2018/checkbox';
import {icon} from 'app/client/ui2018/icons';
import {cssModalBody, cssModalButtons, cssModalTitle, modal} from 'app/client/ui2018/modals';
import {colors, vars} from 'app/client/ui2018/cssVars';
@ -28,6 +29,8 @@ export class AccountPage extends Disposable {
private _isEditingName = Observable.create(this, false);
private _nameEdit = Observable.create<string>(this, '');
private _isNameValid = Computed.create(this, this._nameEdit, (_use, val) => checkName(val));
private _allowGoogleLogin = Computed.create(this, (use) => use(this._userObs)?.allowGoogleLogin ?? false)
.onWrite((val) => this._updateAllowGooglelogin(val));
constructor(private _appModel: AppModel) {
super();
@ -98,6 +101,14 @@ export class AccountPage extends Disposable {
testId('login-method'),
),
user.loginMethod !== 'Email + Password' ? null : dom.frag(
cssDataRow(
labeledSquareCheckbox(
this._allowGoogleLogin,
'Allow signing in to this account with Google',
testId('allow-google-login-checkbox'),
),
testId('allow-google-login'),
),
cssSubHeaderFullWidth('Two-factor authentication'),
cssDescription(
"Two-factor authentication is an extra layer of security for your Grist account designed " +
@ -163,10 +174,14 @@ export class AccountPage extends Disposable {
private async _fetchAll() {
await Promise.all([
this._fetchUserMfaPreferences(),
this._fetchApiKey(),
this._fetchUserProfile(),
]);
const user = this._userObs.get();
if (user?.loginMethod === 'Email + Password') {
await this._fetchUserMfaPreferences();
}
}
private async _updateUserName(val: string) {
@ -176,6 +191,11 @@ export class AccountPage extends Disposable {
await this._appModel.api.updateUserName(val);
await this._fetchAll();
}
private async _updateAllowGooglelogin(allowGoogleLogin: boolean) {
await this._appModel.api.updateAllowGoogleLogin(allowGoogleLogin);
await this._fetchUserProfile();
}
}
function confirmPwdResetModal(userEmail: string) {

View File

@ -11,6 +11,7 @@ export interface UserProfile {
// have been validated against database.
export interface FullUser extends UserProfile {
id: number;
allowGoogleLogin?: boolean; // when present, specifies whether logging in via Google is possible.
}
export interface LoginSessionAPI {

View File

@ -131,6 +131,12 @@ export interface Document extends DocumentProperties {
trunkAccess?: roles.Role|null;
}
// Non-core options for a user.
export interface UserOptions {
// Whether signing in with Google is allowed. Defaults to true if unset.
allowGoogleLogin?: boolean;
}
export interface PermissionDelta {
maxInheritedRole?: roles.BasicRole|null;
users?: {
@ -357,6 +363,7 @@ export interface UserAPI {
getUserProfile(): Promise<FullUser>;
getUserMfaPreferences(): Promise<UserMFAPreferences>;
updateUserName(name: string): Promise<void>;
updateAllowGoogleLogin(allowGoogleLogin: boolean): Promise<void>;
getWorker(key: string): Promise<string>;
getWorkerAPI(key: string): Promise<DocWorkerAPI>;
getBillingAPI(): BillingAPI;
@ -653,6 +660,13 @@ export class UserAPIImpl extends BaseAPI implements UserAPI {
});
}
public async updateAllowGoogleLogin(allowGoogleLogin: boolean): Promise<void> {
await this.request(`${this._url}/api/profile/allowGoogleLogin`, {
method: 'POST',
body: JSON.stringify({allowGoogleLogin})
});
}
public async getWorker(key: string): Promise<string> {
const json = await this.requestJson(`${this._url}/api/worker/${key}`, {
method: 'GET',

View File

@ -345,7 +345,7 @@ export class ApiServer {
// Get user's profile
this._app.get('/api/profile/user', expressWrap(async (req, res) => {
const fullUser = await this._getFullUser(req);
return sendOkReply(req, res, fullUser);
return sendOkReply(req, res, fullUser, {allowedFields: new Set(['allowGoogleLogin'])});
}));
// POST /api/profile/user/name
@ -361,6 +361,24 @@ export class ApiServer {
res.sendStatus(200);
}));
// POST /api/profile/allowGoogleLogin
// Update user's preference for allowing Google login.
this._app.post('/api/profile/allowGoogleLogin', expressWrap(async (req, res) => {
const userId = getAuthorizedUserId(req);
const fullUser = await this._getFullUser(req);
if (fullUser.loginMethod !== 'Email + Password') {
throw new ApiError('Only users signed in via email can enable/disable Google login', 401);
}
const allowGoogleLogin: boolean | undefined = req.body.allowGoogleLogin;
if (allowGoogleLogin === undefined) {
throw new ApiError('Missing body param: allowGoogleLogin', 400);
}
await this._dbManager.updateUserOptions(userId, {allowGoogleLogin});
res.sendStatus(200);
}));
// GET /api/profile/apikey
// Get user's apiKey
this._app.get('/api/profile/apikey', expressWrap(async (req, res) => {
@ -471,11 +489,15 @@ export class ApiServer {
private async _getFullUser(req: Request): Promise<FullUser> {
const mreq = req as RequestWithLogin;
const userId = getUserId(mreq);
const fullUser = await this._dbManager.getFullUser(userId);
const user = await this._dbManager.getUser(userId);
if (!user) { throw new ApiError("unable to find user", 400); }
const fullUser = this._dbManager.makeFullUser(user);
const domain = getOrgFromRequest(mreq);
const sessionUser = getSessionUser(mreq.session, domain || '', fullUser.email);
const loginMethod = sessionUser && sessionUser.profile ? sessionUser.profile.loginMethod : undefined;
return {...fullUser, loginMethod};
const allowGoogleLogin = user.options?.allowGoogleLogin ?? true;
return {...fullUser, loginMethod, allowGoogleLogin};
}
}

View File

@ -1,3 +1,5 @@
import {UserOptions} from 'app/common/UserAPI';
import {nativeValues} from 'app/gen-server/lib/values';
import {BaseEntity, Column, Entity, JoinTable, ManyToMany, OneToMany, OneToOne,
PrimaryGeneratedColumn} from "typeorm";
@ -42,6 +44,9 @@ export class User extends BaseEntity {
@Column({name: 'is_first_time_user', default: false})
public isFirstTimeUser: boolean;
@Column({name: 'options', type: nativeValues.jsonEntityType, nullable: true})
public options: UserOptions | null;
/**
* Get user's email. Returns undefined if logins has not been joined, or no login
* is available

View File

@ -11,6 +11,7 @@ import * as roles from 'app/common/roles';
import {ANONYMOUS_USER_EMAIL, DocumentProperties, EVERYONE_EMAIL, getRealAccess,
ManagerDelta, NEW_DOCUMENT_CODE, OrganizationProperties,
Organization as OrgInfo, PermissionData, PermissionDelta, SUPPORT_EMAIL, UserAccessData,
UserOptions,
WorkspaceProperties} from "app/common/UserAPI";
import {AclRule, AclRuleDoc, AclRuleOrg, AclRuleWs} from "app/gen-server/entity/AclRule";
import {Alias} from "app/gen-server/entity/Alias";
@ -432,6 +433,15 @@ export class HomeDBManager extends EventEmitter {
await user.save();
}
public async updateUserOptions(userId: number, props: Partial<UserOptions>) {
const user = await User.findOne(userId);
if (!user) { throw new ApiError("unable to find user", 400); }
const newOptions = {...(user.options ?? {}), ...props};
user.options = newOptions;
await user.save();
}
// Fetch user from login, creating the user if previously unseen, allowing one retry
// for an email key conflict failure. This is in case our transaction conflicts with a peer
// doing the same thing. This is quite likely if the first page visited by a previously

View File

@ -0,0 +1,17 @@
import {nativeValues} from "app/gen-server/lib/values";
import {MigrationInterface, QueryRunner, TableColumn} from "typeorm";
export class UserOptions1644363380225 implements MigrationInterface {
public async up(queryRunner: QueryRunner): Promise<any> {
await queryRunner.addColumn("users", new TableColumn({
name: "options",
type: nativeValues.jsonType,
isNullable: true,
}));
}
public async down(queryRunner: QueryRunner): Promise<any> {
await queryRunner.dropColumn("users", "options");
}
}

View File

@ -20,7 +20,7 @@ export const TEST_HTTPS_OFFSET = process.env.GRIST_TEST_HTTPS_OFFSET ?
// Database fields that we permit in entities but don't want to cross the api.
const INTERNAL_FIELDS = new Set(['apiKey', 'billingAccountId', 'firstLoginAt', 'filteredOut', 'ownerId',
'stripeCustomerId', 'stripeSubscriptionId', 'stripePlanId',
'stripeProductId', 'userId', 'isFirstTimeUser']);
'stripeProductId', 'userId', 'isFirstTimeUser', 'allowGoogleLogin']);
/**
* Adapt a home-server or doc-worker URL to match the hostname in the request URL. For custom
@ -159,11 +159,20 @@ export function addPermit(scope: Scope, userId: number, specialPermit: Permit):
return {...scope, ...(scope.userId === userId ? {specialPermit} : {})};
}
export interface SendReplyOptions {
allowedFields?: Set<string>;
}
// Return a JSON response reflecting the output of a query.
// Filter out keys we don't want crossing the api.
// Set req to null to not log any information about request.
export async function sendReply<T>(req: Request|null, res: Response, result: QueryResult<T>) {
const data = pruneAPIResult(result.data || null);
export async function sendReply<T>(
req: Request|null,
res: Response,
result: QueryResult<T>,
options: SendReplyOptions = {},
) {
const data = pruneAPIResult(result.data || null, options.allowedFields);
if (shouldLogApiDetails && req) {
const mreq = req as RequestWithLogin;
log.rawDebug('api call', {
@ -183,11 +192,16 @@ export async function sendReply<T>(req: Request|null, res: Response, result: Que
}
}
export async function sendOkReply<T>(req: Request|null, res: Response, result?: T) {
return sendReply(req, res, {status: 200, data: result});
export async function sendOkReply<T>(
req: Request|null,
res: Response,
result?: T,
options: SendReplyOptions = {}
) {
return sendReply(req, res, {status: 200, data: result}, options);
}
export function pruneAPIResult<T>(data: T): T {
export function pruneAPIResult<T>(data: T, allowedFields?: Set<string>): T {
// TODO: This can be optimized by pruning data recursively without serializing in between. But
// it's fairly fast even with serializing (on the order of 15usec/kb).
const output = JSON.stringify(data,
@ -197,6 +211,8 @@ export function pruneAPIResult<T>(data: T): T {
if (key === 'removedAt' && value === null) { return undefined; }
// Don't bother sending option fields if there are no options set.
if (key === 'options' && value === null) { return undefined; }
// Don't prune anything that is explicitly allowed.
if (allowedFields?.has(key)) { return value; }
return INTERNAL_FIELDS.has(key) ? undefined : value;
});
return JSON.parse(output);