From 0f4bbf015300e09c31ba1504bf93940c2b890fb4 Mon Sep 17 00:00:00 2001 From: martgil Date: Tue, 19 Sep 2023 18:55:39 +0800 Subject: [PATCH 1/6] add ConfiguredIdPOAuth class --- .../authentication/configured-idp-oauth.ts | 21 +++++++++++++++++++ extension/js/common/settings.ts | 2 ++ test/source/tests/setup.ts | 2 +- test/source/tests/tooling/browser-recipe.ts | 8 ++++++- 4 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 extension/js/common/api/authentication/configured-idp-oauth.ts diff --git a/extension/js/common/api/authentication/configured-idp-oauth.ts b/extension/js/common/api/authentication/configured-idp-oauth.ts new file mode 100644 index 00000000000..71f40467828 --- /dev/null +++ b/extension/js/common/api/authentication/configured-idp-oauth.ts @@ -0,0 +1,21 @@ +/* ©️ 2016 - present FlowCrypt a.s. Limitations apply. Contact human@flowcrypt.com */ + +import { AcctStore } from '../../platform/store/acct-store.js'; +import { OAuth } from './oauth.js'; +import { GoogleOAuth } from './google/google-oauth.js'; +import { Ui } from '../../browser/ui.js'; + +export class ConfiguredIdpOAuth extends OAuth { + public static newAuthPopupForEnterpriseServerAuthenticationIfNeeded = async (acctEmail: string | undefined) => { + if (acctEmail) { + const authentication = (await AcctStore.get(acctEmail, ['authentication'])).authentication; + if (authentication?.oauth.clientId && authentication?.oauth.clientId !== GoogleOAuth.OAUTH.client_id) { + return await Ui.modal.warning( + `Custom IdP is configured on this domain, but it is not supported on browser extension yet.\n + Authentication with Enterprise Server will continue using Google IdP until implemented in a future update.` + ); + } + } + return Promise; + }; +} diff --git a/extension/js/common/settings.ts b/extension/js/common/settings.ts index 2865e2242db..428bdd7c08b 100644 --- a/extension/js/common/settings.ts +++ b/extension/js/common/settings.ts @@ -28,6 +28,7 @@ import { Api } from './api/shared/api.js'; import { BrowserMsg } from './browser/browser-msg.js'; import { Time } from './browser/time.js'; import { Google } from './api/email-provider/gmail/google.js'; +import { ConfiguredIdpOAuth } from './api/authentication/configured-idp-oauth.js'; declare const zxcvbn: Function; // eslint-disable-line @typescript-eslint/ban-types @@ -342,6 +343,7 @@ export class Settings { const response = await GoogleOAuth.newAuthPopup({ acctEmail, scopes }); if (response.result === 'Success' && response.acctEmail) { await GlobalStore.acctEmailsAdd(response.acctEmail); + await ConfiguredIdpOAuth.newAuthPopupForEnterpriseServerAuthenticationIfNeeded(acctEmail); const storage = await AcctStore.get(response.acctEmail, ['setup_done']); if (storage.setup_done) { // this was just an additional permission diff --git a/test/source/tests/setup.ts b/test/source/tests/setup.ts index b3a497bcba6..5152ce6d62c 100644 --- a/test/source/tests/setup.ts +++ b/test/source/tests/setup.ts @@ -2498,7 +2498,7 @@ AN8G3r5Htj8olot+jm9mIa5XLXWzMNUZgg== }, }); const acctEmail = 'user@authentication-config-test.flowcrypt.test'; - await BrowserRecipe.openSettingsLoginApprove(t, browser, acctEmail); + await BrowserRecipe.openSettingsLoginApprove(t, browser, acctEmail, true); const settingsPage = await browser.newExtensionSettingsPage(t, acctEmail); const debugFrame = await SettingsPageRecipe.awaitNewPageFrame(settingsPage, '@action-show-local-store-contents', ['debug_api.htm']); await debugFrame.waitForContent('@container-pre', 'authentication'); diff --git a/test/source/tests/tooling/browser-recipe.ts b/test/source/tests/tooling/browser-recipe.ts index 06476fec085..24edc49983c 100644 --- a/test/source/tests/tooling/browser-recipe.ts +++ b/test/source/tests/tooling/browser-recipe.ts @@ -42,10 +42,16 @@ export class BrowserRecipe { return settingsPage; }; - public static openSettingsLoginApprove = async (t: AvaContext, browser: BrowserHandle, acctEmail: string) => { + public static openSettingsLoginApprove = async (t: AvaContext, browser: BrowserHandle, acctEmail: string, checkForConfiguredIdPOAuth = false) => { const settingsPage = await browser.newExtensionSettingsPage(t, acctEmail); const oauthPopup = await browser.newPageTriggeredBy(t, () => settingsPage.waitAndClick('@action-connect-to-gmail')); await OauthPageRecipe.google(t, oauthPopup, acctEmail, 'approve'); + if (checkForConfiguredIdPOAuth) + await settingsPage.waitAndRespondToModal( + 'warning', + 'confirm', + 'Custom IdP is configured on this domain, but it is not supported on browser extension yet.' + ); return settingsPage; }; From a1847a1c50138ccf214196bebb3f079f52ef9625 Mon Sep 17 00:00:00 2001 From: martgil Date: Wed, 20 Sep 2023 18:14:07 +0800 Subject: [PATCH 2/6] optional checkForConfiguredIdPOAuth --- test/source/tests/tooling/browser-recipe.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/source/tests/tooling/browser-recipe.ts b/test/source/tests/tooling/browser-recipe.ts index 24edc49983c..798aa31ba1e 100644 --- a/test/source/tests/tooling/browser-recipe.ts +++ b/test/source/tests/tooling/browser-recipe.ts @@ -42,7 +42,7 @@ export class BrowserRecipe { return settingsPage; }; - public static openSettingsLoginApprove = async (t: AvaContext, browser: BrowserHandle, acctEmail: string, checkForConfiguredIdPOAuth = false) => { + public static openSettingsLoginApprove = async (t: AvaContext, browser: BrowserHandle, acctEmail: string, checkForConfiguredIdPOAuth?: boolean) => { const settingsPage = await browser.newExtensionSettingsPage(t, acctEmail); const oauthPopup = await browser.newPageTriggeredBy(t, () => settingsPage.waitAndClick('@action-connect-to-gmail')); await OauthPageRecipe.google(t, oauthPopup, acctEmail, 'approve'); From 94085527f6fba7f2a550c55603baaf522d49b51a Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 22 Sep 2023 17:16:36 +0800 Subject: [PATCH 3/6] correct condition checking --- extension/js/common/api/authentication/configured-idp-oauth.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extension/js/common/api/authentication/configured-idp-oauth.ts b/extension/js/common/api/authentication/configured-idp-oauth.ts index 71f40467828..429bdf4a44f 100644 --- a/extension/js/common/api/authentication/configured-idp-oauth.ts +++ b/extension/js/common/api/authentication/configured-idp-oauth.ts @@ -9,7 +9,7 @@ export class ConfiguredIdpOAuth extends OAuth { public static newAuthPopupForEnterpriseServerAuthenticationIfNeeded = async (acctEmail: string | undefined) => { if (acctEmail) { const authentication = (await AcctStore.get(acctEmail, ['authentication'])).authentication; - if (authentication?.oauth.clientId && authentication?.oauth.clientId !== GoogleOAuth.OAUTH.client_id) { + if (authentication?.oauth?.clientId && authentication?.oauth?.clientId !== GoogleOAuth.OAUTH.client_id) { return await Ui.modal.warning( `Custom IdP is configured on this domain, but it is not supported on browser extension yet.\n Authentication with Enterprise Server will continue using Google IdP until implemented in a future update.` From 0a4af31676725f5b38e42c0273ce4b0df343e955 Mon Sep 17 00:00:00 2001 From: martgil Date: Tue, 26 Sep 2023 19:23:33 +0800 Subject: [PATCH 4/6] wip: update ConfiguredIdPOAuth class --- .../authentication/configured-idp-oauth.ts | 26 +++++++++---------- extension/js/common/settings.ts | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/extension/js/common/api/authentication/configured-idp-oauth.ts b/extension/js/common/api/authentication/configured-idp-oauth.ts index 429bdf4a44f..f69e221a8c6 100644 --- a/extension/js/common/api/authentication/configured-idp-oauth.ts +++ b/extension/js/common/api/authentication/configured-idp-oauth.ts @@ -1,21 +1,21 @@ /* ©️ 2016 - present FlowCrypt a.s. Limitations apply. Contact human@flowcrypt.com */ -import { AcctStore } from '../../platform/store/acct-store.js'; -import { OAuth } from './oauth.js'; +'use strict'; + import { GoogleOAuth } from './google/google-oauth.js'; import { Ui } from '../../browser/ui.js'; +import { AcctStore } from '../../platform/store/acct-store.js'; -export class ConfiguredIdpOAuth extends OAuth { - public static newAuthPopupForEnterpriseServerAuthenticationIfNeeded = async (acctEmail: string | undefined) => { - if (acctEmail) { - const authentication = (await AcctStore.get(acctEmail, ['authentication'])).authentication; - if (authentication?.oauth?.clientId && authentication?.oauth?.clientId !== GoogleOAuth.OAUTH.client_id) { - return await Ui.modal.warning( - `Custom IdP is configured on this domain, but it is not supported on browser extension yet.\n - Authentication with Enterprise Server will continue using Google IdP until implemented in a future update.` - ); - } +export class ConfiguredIdpOAuth { + public static newAuthPopupForEnterpriseServerAuthenticationIfNeeded = async (acctEmail: string) => { + const storage = await AcctStore.get(acctEmail, ['authentication']); + if (storage?.authentication?.oauth?.clientId && storage.authentication.oauth.clientId !== GoogleOAuth.OAUTH.client_id) { + await Ui.modal.warning( + `Custom IdP is configured on this domain, but it is not supported on browser extension yet. + Authentication with Enterprise Server will continue using Google IdP until implemented in a future update.` + ); + } else { + return; } - return Promise; }; } diff --git a/extension/js/common/settings.ts b/extension/js/common/settings.ts index 428bdd7c08b..7b5382754ed 100644 --- a/extension/js/common/settings.ts +++ b/extension/js/common/settings.ts @@ -343,7 +343,7 @@ export class Settings { const response = await GoogleOAuth.newAuthPopup({ acctEmail, scopes }); if (response.result === 'Success' && response.acctEmail) { await GlobalStore.acctEmailsAdd(response.acctEmail); - await ConfiguredIdpOAuth.newAuthPopupForEnterpriseServerAuthenticationIfNeeded(acctEmail); + await ConfiguredIdpOAuth.newAuthPopupForEnterpriseServerAuthenticationIfNeeded(response.acctEmail); const storage = await AcctStore.get(response.acctEmail, ['setup_done']); if (storage.setup_done) { // this was just an additional permission From f1e292d46f4cc26afc04ac317c7d614751ca05e0 Mon Sep 17 00:00:00 2001 From: martgil Date: Tue, 3 Oct 2023 13:51:48 +0800 Subject: [PATCH 5/6] re-arrange build script pathing --- .../js/common/api/authentication/configured-idp-oauth.ts | 3 ++- .../js/common/api/authentication/google/google-oauth.ts | 2 +- extension/js/common/api/authentication/{ => oauth}/oauth.ts | 6 +++--- tooling/bundle-content-scripts.ts | 3 ++- 4 files changed, 8 insertions(+), 6 deletions(-) rename extension/js/common/api/authentication/{ => oauth}/oauth.ts (87%) diff --git a/extension/js/common/api/authentication/configured-idp-oauth.ts b/extension/js/common/api/authentication/configured-idp-oauth.ts index f69e221a8c6..3e7a5d12732 100644 --- a/extension/js/common/api/authentication/configured-idp-oauth.ts +++ b/extension/js/common/api/authentication/configured-idp-oauth.ts @@ -5,8 +5,9 @@ import { GoogleOAuth } from './google/google-oauth.js'; import { Ui } from '../../browser/ui.js'; import { AcctStore } from '../../platform/store/acct-store.js'; +import { OAuth } from './oauth/oauth.js'; -export class ConfiguredIdpOAuth { +export class ConfiguredIdpOAuth extends OAuth { public static newAuthPopupForEnterpriseServerAuthenticationIfNeeded = async (acctEmail: string) => { const storage = await AcctStore.get(acctEmail, ['authentication']); if (storage?.authentication?.oauth?.clientId && storage.authentication.oauth.clientId !== GoogleOAuth.OAUTH.client_id) { diff --git a/extension/js/common/api/authentication/google/google-oauth.ts b/extension/js/common/api/authentication/google/google-oauth.ts index c4a84dd1cfe..d1b25e87255 100644 --- a/extension/js/common/api/authentication/google/google-oauth.ts +++ b/extension/js/common/api/authentication/google/google-oauth.ts @@ -14,7 +14,7 @@ import { Catch } from '../../../platform/catch.js'; import { AcctStore, AcctStoreDict } from '../../../platform/store/acct-store.js'; import { InMemoryStore } from '../../../platform/store/in-memory-store.js'; import { AccountServer } from '../../account-server.js'; -import { OAuth } from '../oauth.js'; +import { OAuth } from '../oauth/oauth.js'; import { ExternalService } from '../../account-servers/external-service.js'; import { GoogleAuthErr } from '../../shared/api-error.js'; import { Assert, AssertError } from '../../../assert.js'; diff --git a/extension/js/common/api/authentication/oauth.ts b/extension/js/common/api/authentication/oauth/oauth.ts similarity index 87% rename from extension/js/common/api/authentication/oauth.ts rename to extension/js/common/api/authentication/oauth/oauth.ts index 9d66bf58109..b157b849ed2 100644 --- a/extension/js/common/api/authentication/oauth.ts +++ b/extension/js/common/api/authentication/oauth/oauth.ts @@ -2,9 +2,9 @@ 'use strict'; -import { Buf } from '../../core/buf.js'; -import { Str } from '../../core/common.js'; -import { GmailRes } from '../email-provider/gmail/gmail-parser.js'; +import { Buf } from '../../../core/buf.js'; +import { Str } from '../../../core/common.js'; +import { GmailRes } from '../../email-provider/gmail/gmail-parser.js'; export class OAuth { /** diff --git a/tooling/bundle-content-scripts.ts b/tooling/bundle-content-scripts.ts index d01f2a4575c..83cb26c5c4c 100644 --- a/tooling/bundle-content-scripts.ts +++ b/tooling/bundle-content-scripts.ts @@ -45,8 +45,9 @@ buildContentScript( getFilesInDir(`${sourceDir}/js/common/api/shared`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/key-server`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/account-servers`, /\.js$/, false), - getFilesInDir(`${sourceDir}/js/common/api/authentication`, /\.js$/, false), + getFilesInDir(`${sourceDir}/js/common/api/authentication/oauth`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/authentication/google`, /\.js$/, false), + getFilesInDir(`${sourceDir}/js/common/api/authentication`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/email-provider`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/email-provider/gmail`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api`, /\.js$/, false), From 13a2f16f9f5abb2cba7706f6e14b33066a3cc560 Mon Sep 17 00:00:00 2001 From: martgil Date: Tue, 3 Oct 2023 14:27:11 +0800 Subject: [PATCH 6/6] update directory name --- extension/js/common/api/authentication/configured-idp-oauth.ts | 2 +- .../js/common/api/authentication/{oauth => generic}/oauth.ts | 0 extension/js/common/api/authentication/google/google-oauth.ts | 2 +- tooling/bundle-content-scripts.ts | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename extension/js/common/api/authentication/{oauth => generic}/oauth.ts (100%) diff --git a/extension/js/common/api/authentication/configured-idp-oauth.ts b/extension/js/common/api/authentication/configured-idp-oauth.ts index 3e7a5d12732..6364ffb46dd 100644 --- a/extension/js/common/api/authentication/configured-idp-oauth.ts +++ b/extension/js/common/api/authentication/configured-idp-oauth.ts @@ -5,7 +5,7 @@ import { GoogleOAuth } from './google/google-oauth.js'; import { Ui } from '../../browser/ui.js'; import { AcctStore } from '../../platform/store/acct-store.js'; -import { OAuth } from './oauth/oauth.js'; +import { OAuth } from './generic/oauth.js'; export class ConfiguredIdpOAuth extends OAuth { public static newAuthPopupForEnterpriseServerAuthenticationIfNeeded = async (acctEmail: string) => { diff --git a/extension/js/common/api/authentication/oauth/oauth.ts b/extension/js/common/api/authentication/generic/oauth.ts similarity index 100% rename from extension/js/common/api/authentication/oauth/oauth.ts rename to extension/js/common/api/authentication/generic/oauth.ts diff --git a/extension/js/common/api/authentication/google/google-oauth.ts b/extension/js/common/api/authentication/google/google-oauth.ts index d1b25e87255..9fd1cf35181 100644 --- a/extension/js/common/api/authentication/google/google-oauth.ts +++ b/extension/js/common/api/authentication/google/google-oauth.ts @@ -14,7 +14,7 @@ import { Catch } from '../../../platform/catch.js'; import { AcctStore, AcctStoreDict } from '../../../platform/store/acct-store.js'; import { InMemoryStore } from '../../../platform/store/in-memory-store.js'; import { AccountServer } from '../../account-server.js'; -import { OAuth } from '../oauth/oauth.js'; +import { OAuth } from '../generic/oauth.js'; import { ExternalService } from '../../account-servers/external-service.js'; import { GoogleAuthErr } from '../../shared/api-error.js'; import { Assert, AssertError } from '../../../assert.js'; diff --git a/tooling/bundle-content-scripts.ts b/tooling/bundle-content-scripts.ts index 83cb26c5c4c..f68f92fa291 100644 --- a/tooling/bundle-content-scripts.ts +++ b/tooling/bundle-content-scripts.ts @@ -45,7 +45,7 @@ buildContentScript( getFilesInDir(`${sourceDir}/js/common/api/shared`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/key-server`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/account-servers`, /\.js$/, false), - getFilesInDir(`${sourceDir}/js/common/api/authentication/oauth`, /\.js$/, false), + getFilesInDir(`${sourceDir}/js/common/api/authentication/generic`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/authentication/google`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/authentication`, /\.js$/, false), getFilesInDir(`${sourceDir}/js/common/api/email-provider`, /\.js$/, false),