User Authentication in IDE

.github/workflows/gui-ci.yml

@@ -254,6 +254,7 @@ jobs:
           CSC_IDENTITY_AUTO_DISCOVERY: true
           APPLEID: ${{secrets.APPLE_NOTARIZATION_USERNAME}}
           APPLEIDPASS: ${{secrets.APPLE_NOTARIZATION_PASSWORD}}
+          FIREBASE_API_KEY: ${{secrets.FIREBASE_API_KEY}}
         run: node ./run dist --skip-version-validation --target macos
         if: startsWith(matrix.os,'macos')
   build:
@@ -330,15 +331,19 @@ jobs:
           CSC_IDENTITY_AUTO_DISCOVERY: true
           APPLEID: ${{secrets.APPLE_NOTARIZATION_USERNAME}}
           APPLEIDPASS: ${{secrets.APPLE_NOTARIZATION_PASSWORD}}
+          FIREBASE_API_KEY: ${{secrets.FIREBASE_API_KEY}}
         run: node ./run dist --skip-version-validation --target macos
         if: startsWith(matrix.os,'macos')
       - name: Build (win)
         env:
           WIN_CSC_LINK: ${{secrets.MICROSOFT_CODE_SIGNING_CERT}}
           WIN_CSC_KEY_PASSWORD: ${{secrets.MICROSOFT_CODE_SIGNING_CERT_PASSWORD}}
+          FIREBASE_API_KEY: ${{secrets.FIREBASE_API_KEY}}
         run: node ./run dist --skip-version-validation --target win
         if: startsWith(matrix.os,'windows')
       - name: Build (linux)
+        env:
+          FIREBASE_API_KEY: ${{secrets.FIREBASE_API_KEY}}
         run: node ./run dist --skip-version-validation --target linux
         if: startsWith(matrix.os,'ubuntu')
       - name: Upload Content Artifacts

CHANGELOG.md

@@ -1,13 +1,25 @@
 # Enso 2.0.0-alpha.7 (2021-06-06)
 
+<br/>![New Features](/docs/assets/tags/new_features.svg)
+
 #### Visual Environment
 
+- [User Authentication][1653]. Users can sign in to Enso using Google, GitHub or
+  email accounts.
+
 <br/>![Bug Fixes](/docs/assets/tags/bug_fixes.svg)
 
+#### Visual Environment
+
 - [Fix node selection bug ][1664]. Fix nodes not being deselected correctly in
   some circumstances. This would lead to nodes moving too fast when dragged
   [1650] or the internal state of the project being inconsistent [1626].
 
+[1653]: https://github.com/enso-org/ide/pull/1653
+[1664]: https://github.com/enso-org/ide/pull/1664
+
+<br/>
+
 # Enso 2.0.0-alpha.6 (2021-06-28)
 
 <br/>![New Features](/docs/assets/tags/new_features.svg)

build/workflow.js

@@ -172,14 +172,18 @@ buildOnMacOS = buildOn('macos', 'macos', {
     CSC_LINK: '${{secrets.APPLE_CODE_SIGNING_CERT}}',
     CSC_KEY_PASSWORD: '${{secrets.APPLE_CODE_SIGNING_CERT_PASSWORD}}',
     CSC_IDENTITY_AUTO_DISCOVERY: true,
-    APPLEID:'${{secrets.APPLE_NOTARIZATION_USERNAME}}',
-    APPLEIDPASS:'${{secrets.APPLE_NOTARIZATION_PASSWORD}}',
+    APPLEID: '${{secrets.APPLE_NOTARIZATION_USERNAME}}',
+    APPLEIDPASS: '${{secrets.APPLE_NOTARIZATION_PASSWORD}}',
+    FIREBASE_API_KEY: '${{secrets.FIREBASE_API_KEY}}',
 })
 buildOnWindows = buildOn('win', 'windows', {
     WIN_CSC_LINK: '${{secrets.MICROSOFT_CODE_SIGNING_CERT}}',
     WIN_CSC_KEY_PASSWORD: '${{secrets.MICROSOFT_CODE_SIGNING_CERT_PASSWORD}}',
+    FIREBASE_API_KEY: '${{secrets.FIREBASE_API_KEY}}',
+})
+buildOnLinux = buildOn('linux', 'ubuntu', {
+    FIREBASE_API_KEY: '${{secrets.FIREBASE_API_KEY}}',
 })
-buildOnLinux = buildOn('linux', 'ubuntu')
 
 let lintMarkdown = {
     name: "Lint Markdown sources",

config.json

@@ -0,0 +1,3 @@
+{
+  "minimumSupportedVersion": "2.0.0-alpha.6"
+}

src/js/lib/client/src/index.js

@@ -53,6 +53,14 @@ function capitalizeFirstLetter(string) {
 const execFile = util.promisify(child_process.execFile);
 
 
+// The list of hosts that the app can access. They are required for
+// user authentication to work.
+const trustedHosts = [
+    'enso-org.firebaseapp.com',
+    'accounts.google.com',
+    'accounts.youtube.com',
+    'github.com',
+]
 
 // =====================
 // === Option Parser ===
@@ -332,7 +340,7 @@ Electron.app.on('web-contents-created', (event,contents) => {
 Electron.app.on('web-contents-created', (event,contents) => {
     contents.on('will-navigate', (event,navigationUrl) => {
         const parsedUrl = new URL(navigationUrl)
-        if (parsedUrl.origin !== origin) {
+        if (parsedUrl.origin !== origin && !trustedHosts.includes(parsedUrl.host)) {
             event.preventDefault()
             console.error(`Prevented navigation to '${navigationUrl}'.`)
         }
@@ -441,6 +449,7 @@ let mainWindow = null
 let origin     = null
 
 async function main(args) {
+    setUserAgent()
     runBackend()
     console.log("Starting the IDE service.")
     if(args.server !== false) {
@@ -462,6 +471,19 @@ async function main(args) {
     }
 }
 
+/// Set custom user agent to fix the issue with Google authentication.
+///
+/// Google authentication doesn't work with the default Electron user agent. And
+/// Google is quite picky about the values you provide. For example, just
+/// removing Electron occurrences from the default user agent doesn't work. This
+/// user agent was chosen by trial and error as a stable one.
+///
+/// https://github.com/firebase/firebase-js-sdk/issues/2478
+function setUserAgent() {
+    const agent = 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:70.0) Gecko/20100101 Firefox/70.0'
+    Electron.app.userAgentFallback = agent
+    Electron.session.defaultSession.setUserAgent(agent)
+}
 function urlParamsFromObject(obj) {
     let params = []
     for (let key in obj) {

src/js/lib/content/firebase.yaml

@@ -0,0 +1,7 @@
+authDomain: "enso-org.firebaseapp.com"
+projectId: "enso-org"
+storageBucket: "enso-org.appspot.com"
+messagingSenderId: "451746386966"
+appId: "1:451746386966:web:558a832abe486208d61137"
+measurementId: "G-W11ZNCQ476"
+clientId: "451746386966-u5piv17hgvnimpq5ic5p60liekcqmqmu.apps.googleusercontent.com"

src/js/lib/content/package.js

@@ -7,6 +7,8 @@ let config = {
     },
     dependencies: {
         "enso-studio-common": "1.0.0",
+        "firebase": "^8.6.8",
+        "firebaseui": "^4.8.0",
         "copy-webpack-plugin": "^5.1.1",
         "mixpanel-browser":  "2.40.1"
     },

src/js/lib/content/src/index.html

@@ -5,8 +5,10 @@
         <!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -->
         <!-- FIXME https://github.com/validator/validator/issues/917 -->
         <!-- FIXME Security Vulnerabilities: https://github.com/enso-org/ide/issues/226 -->
+        <!-- NOTE `frame-src` section of `http-equiv` required only for authorization -->
         <meta http-equiv="Content-Security-Policy" content="
             default-src 'self';
+            frame-src   'self' data: https://accounts.google.com https://enso-org.firebaseapp.com;
             script-src  'self' 'unsafe-eval' data: https://*;
             style-src   'self' 'unsafe-inline' data: https://*;
             connect-src 'self' data: ws://localhost:* ws://127.0.0.1:* http://localhost:* https://*;
@@ -22,6 +24,7 @@
         />
         <title>Enso</title>
         <link rel="stylesheet" href="/assets/style.css" />
+        <link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/4.8.0/firebase-ui-auth.css" />
         <script type="module" src="/assets/index.js" defer></script>
         <script type="module" src="/assets/run.js" defer></script>
     </head>