* Introduces new configuration variables for OIDC:
- GRIST_OIDC_IDP_ENABLED_PROTECTIONS
- GRIST_OIDC_IDP_ACR_VALUES
- GRIST_OIDC_IDP_EXTRA_CLIENT_METADATA
* Implements all supported protections in oidc/Protections.ts
* Includes a better error page for failed OIDC logins
* Includes some other improvements, e.g. to logging, to OIDC
* Adds a large unit test for OIDCConfig
* Adds support for SERVER_NODE_OPTIONS for running tests
* Adds to documentation/develop.md info about GREP_TESTS, VERBOSE, and SERVER_NODE_OPTIONS.
For #1140, I considered trying to use the existing fields in a better
way, but because we already use the activations table to store
preferences, we need to keep all of the existing data and its usage
as-is.
The enterprise code will use this new column to decide how long the
trial period should be.
We had `getgrist.com` hardcoded here, which only works for SaaS. The
base domain as well as the way that orgs are encoded in the URL can be
different in other circumstances.
If we are encoding orgs in the domain name, that's easy. We just do
`orgname.base.domain.name`. If we are not, then we first try a base
domain, and if that isn't set, we'll use the domain of the home
server.
Issues and PRs descriptions sometimes lacks of details we would like to have to better understand the motivations behind.
I propose here templates to guide the reporters towards good descriptions.
These templates are heavily inspired from the ones of the PeerTube project.
Fixes#1125
---------
Co-authored-by: CamilleLegeron <camille@telescoop.fr>
Final ingredient. This surfaces the work in creating the backend
config API, the frontend model, the grainjs observable, and the
grainjs DOM and CSS components.
Strongly patterned after SupportGristPage. In fact, it has almost the
same structure.
Perhaps one day it would be possible to synchronise the logic between
the two toggles even further, but I couldn't see a simple way to do so
now. For now, some code structure duplication seemed easiest in lieau
of more abstractions.
Test Plan: Tested manually with a Date and DateTime column type.
Reviewers: paulfitz
Reviewed By: paulfitz
Subscribers: paulfitz
Differential Revision: https://phab.getgrist.com/D4305
The problem here is that making it this optional meant that it wasn't
supplied by [the enterprise creation
function](fb22d94878/ext/app/server/lib/create.ts (L10)).
This resulted in an odd situation where the secret was required for
the enterprise edition, even though it offers no additional security.
Without this key, the enterprise code crashes.
The requirement to supply a secret key would make a Grist instance
crash if you start in normal mode but switch to enterprise, as the
enterprise creator does not supply a default secret key.
Summary:
When last widget for a table is removed, user is informed
about that and can decide between removing the widget and removing
both table and widget
Test Plan: Updated
Reviewers: georgegevoian
Reviewed By: georgegevoian
Differential Revision: https://phab.getgrist.com/D4295
Access control for ConvertFromColumn in the presence of access rules had previously been left as a TODO. This change allows the action when the user has schema rights. Because schema rights let you create formulas, they let you read anything, so there is currently no value in nuance here.