FlowCrypt · sosnovsky · Oct 3, 2023 · Sep 19, 2023 · Sep 19, 2023 · Sep 20, 2023
@@ -0,0 +1,22 @@
+/* ©️ 2016 - present FlowCrypt a.s. Limitations apply. Contact human@flowcrypt.com */
+
+'use strict';
+
+import { GoogleOAuth } from './google/google-oauth.js';
+import { Ui } from '../../browser/ui.js';
+import { AcctStore } from '../../platform/store/acct-store.js';
+import { OAuth } from './generic/oauth.js';
+
+export class ConfiguredIdpOAuth extends OAuth {
+  public static newAuthPopupForEnterpriseServerAuthenticationIfNeeded = async (acctEmail: string) => {
+    const storage = await AcctStore.get(acctEmail, ['authentication']);
+    if (storage?.authentication?.oauth?.clientId && storage.authentication.oauth.clientId !== GoogleOAuth.OAUTH.client_id) {
+      await Ui.modal.warning(
+        `Custom IdP is configured on this domain, but it is not supported on browser extension yet.
+        Authentication with Enterprise Server will continue using Google IdP until implemented in a future update.`
+      );
+    } else {
+      return;
+    }
+  };
+}
@@ -2,9 +2,9 @@
 
 'use strict';
 
-import { Buf } from '../../core/buf.js';
-import { Str } from '../../core/common.js';
-import { GmailRes } from '../email-provider/gmail/gmail-parser.js';
+import { Buf } from '../../../core/buf.js';
+import { Str } from '../../../core/common.js';
+import { GmailRes } from '../../email-provider/gmail/gmail-parser.js';
 
 export class OAuth {
   /**

@@ -14,7 +14,7 @@ import { Catch } from '../../../platform/catch.js';
 import { AcctStore, AcctStoreDict } from '../../../platform/store/acct-store.js';
 import { InMemoryStore } from '../../../platform/store/in-memory-store.js';
 import { AccountServer } from '../../account-server.js';
-import { OAuth } from '../oauth.js';
+import { OAuth } from '../generic/oauth.js';
 import { ExternalService } from '../../account-servers/external-service.js';
 import { GoogleAuthErr } from '../../shared/api-error.js';
 import { Assert, AssertError } from '../../../assert.js';

@@ -28,6 +28,7 @@ import { Api } from './api/shared/api.js';
 import { BrowserMsg } from './browser/browser-msg.js';
 import { Time } from './browser/time.js';
 import { Google } from './api/email-provider/gmail/google.js';
+import { ConfiguredIdpOAuth } from './api/authentication/configured-idp-oauth.js';
 
 declare const zxcvbn: Function; // eslint-disable-line @typescript-eslint/ban-types
 
@@ -342,6 +343,7 @@ export class Settings {
       const response = await GoogleOAuth.newAuthPopup({ acctEmail, scopes });
       if (response.result === 'Success' && response.acctEmail) {
         await GlobalStore.acctEmailsAdd(response.acctEmail);
+        await ConfiguredIdpOAuth.newAuthPopupForEnterpriseServerAuthenticationIfNeeded(response.acctEmail);
         const storage = await AcctStore.get(response.acctEmail, ['setup_done']);
         if (storage.setup_done) {
           // this was just an additional permission

@@ -2498,7 +2498,7 @@ AN8G3r5Htj8olot+jm9mIa5XLXWzMNUZgg==
           },
         });
         const acctEmail = 'user@authentication-config-test.flowcrypt.test';
-        await BrowserRecipe.openSettingsLoginApprove(t, browser, acctEmail);
+        await BrowserRecipe.openSettingsLoginApprove(t, browser, acctEmail, true);
         const settingsPage = await browser.newExtensionSettingsPage(t, acctEmail);
         const debugFrame = await SettingsPageRecipe.awaitNewPageFrame(settingsPage, '@action-show-local-store-contents', ['debug_api.htm']);
         await debugFrame.waitForContent('@container-pre', 'authentication');

@@ -42,10 +42,16 @@ export class BrowserRecipe {
     return settingsPage;
   };
 
-  public static openSettingsLoginApprove = async (t: AvaContext, browser: BrowserHandle, acctEmail: string) => {
+  public static openSettingsLoginApprove = async (t: AvaContext, browser: BrowserHandle, acctEmail: string, checkForConfiguredIdPOAuth?: boolean) => {
     const settingsPage = await browser.newExtensionSettingsPage(t, acctEmail);
     const oauthPopup = await browser.newPageTriggeredBy(t, () => settingsPage.waitAndClick('@action-connect-to-gmail'));
     await OauthPageRecipe.google(t, oauthPopup, acctEmail, 'approve');
+    if (checkForConfiguredIdPOAuth)
+      await settingsPage.waitAndRespondToModal(
+        'warning',
+        'confirm',
+        'Custom IdP is configured on this domain, but it is not supported on browser extension yet.'
+      );
     return settingsPage;
   };
 

@@ -45,8 +45,9 @@ buildContentScript(
     getFilesInDir(`${sourceDir}/js/common/api/shared`, /\.js$/, false),
     getFilesInDir(`${sourceDir}/js/common/api/key-server`, /\.js$/, false),
     getFilesInDir(`${sourceDir}/js/common/api/account-servers`, /\.js$/, false),
-    getFilesInDir(`${sourceDir}/js/common/api/authentication`, /\.js$/, false),
+    getFilesInDir(`${sourceDir}/js/common/api/authentication/generic`, /\.js$/, false),
     getFilesInDir(`${sourceDir}/js/common/api/authentication/google`, /\.js$/, false),
+    getFilesInDir(`${sourceDir}/js/common/api/authentication`, /\.js$/, false),
     getFilesInDir(`${sourceDir}/js/common/api/email-provider`, /\.js$/, false),
     getFilesInDir(`${sourceDir}/js/common/api/email-provider/gmail`, /\.js$/, false),
     getFilesInDir(`${sourceDir}/js/common/api`, /\.js$/, false),