cryptpad/www/ssoauth/main.js

// SPDX-FileCopyrightText: 2023 XWiki CryptPad Team <contact@cryptpad.org> and contributors
//
// SPDX-License-Identifier: AGPL-3.0-or-later

define([
    '/api/config',
    'jquery',
    '/common/hyperscript.js',
    '/common/common-util.js',
    '/common/common-credential.js',
    '/common/common-interface.js',
    '/common/common-login.js',
    '/common/common-constants.js',
    '/common/outer/http-command.js',
    '/common/outer/local-store.js',
    '/common/outer/login-block.js',
    '/customize/messages.js',

    '/components/tweetnacl/nacl-fast.min.js',
], function (ApiConfig, $, h, Util, Cred, UI, Login, Constants,
        ServerCommand, LocalStore, Block, Messages) {
    if (window.top !== window) { return; }

    let Nacl = window.nacl;

    let ssoAuthCb = function (cb) {
        var b64Keys = Util.tryParse(localStorage.CP_sso_auth);
        if (!b64Keys) {
            UI.errorLoadingScreen("MISSING_SIGNATURE_KEYS");
            return;
        }
        var keys = {
            secretKey: Nacl.util.decodeBase64(b64Keys.s),
            publicKey: Nacl.util.decodeBase64(b64Keys.p)
        };
        var inviteToken = b64Keys.token;
        ServerCommand(keys, {
            command: 'SSO_AUTH_CB',
            url: window.location.href
        }, function (err, data) {
            delete localStorage.CP_sso_auth;
            document.cookie = 'ssotoken=; Max-Age=-99999999;';
            if (data) { data.inviteToken = inviteToken; }
            cb(err, data);
        });
    };
    let ssoLoginRegister = function (seed, pw, jwt, name, isRegister, inviteToken) {
        Login.loginOrRegister({
            uname: seed,
            passwd: pw,
            token: inviteToken,
            isRegister: isRegister,
            onOTP: UI.getOTPScreen,
            ssoAuth: {
                name: name,
                type: 'SSO',
                data: jwt
            }
        }, function (err) {
            if (err) {
                UI.removeLoadingScreen();
                var msg = Messages.error;
                if (err === 'NO_SUCH_USER') { msg = Messages.drive_sfPasswordError;  }
                let $button = $('button#cp-ssoauth-button');
                $button.prop('disabled', '');
                return void UI.warn(msg);
            }
            LocalStore.setSSOSeed(seed.toLowerCase());
            window.location.href = '/drive/';
        });
    };

    $(function () {
        if (!ApiConfig.sso) { return void UI.errorLoadingScreen(Messages.error); }

        UI.addLoadingScreen();
        ssoAuthCb(function (err, data) {
            if (err || !data || !data.jwt) {
                console.error(err || 'NO_DATA');
                return void UI.warn(Messages.error);
            }
            let jwt = data.jwt;
            let seed = data.seed;
            let name = data.name;
            $('body').addClass(data.register ? 'cp-register' : 'cp-login');

            UI.removeLoadingScreen();


            // Login with a password OR register and password allowed
            let $button = $('button#cp-ssoauth-button');
            let $pw = $('#password');
            let $pw2 = $('#passwordconfirm');
            let next = (pw) => {
                // TODO login err ==> re-enable button

                setTimeout(() => { // First setTimeout to remove mobile devices' keyboard
                UI.addLoadingScreen({
                    loadingText: Messages.login_hashing,
                    hideTips: true,
                });
                setTimeout(function () { // Second timeout for the loading screen befofe Scrypt
                    ssoLoginRegister(seed, pw, jwt, name, data.register, data.inviteToken);
                }, 100);
                }, 100);

            };

            // Existing account, no CP password, continue
            if (!data.register && !data.password) {
                return void next('');
            }

            if (data.register && ApiConfig.restrictSsoRegistration && !data.inviteToken) {
                return void UI.errorLoadingScreen(Messages.register_registrationIsClosed);
            }

            // Registration and CP password disabled, continue
            if (data.register && !ApiConfig.sso.password) {
                return void next('');
            }

            $('div.cp-ssoauth-pw').show();
            $pw.focus();

            $pw.on('keypress', (ev) => {
                if (ev.which !== 13) { return; }
                if (!$pw2.val() && data.register) {
                    return void $pw2.focus();
                }
                $button.click();
            });
            $pw2.on('keypress', (ev) => {
                if (ev.which !== 13) { return; }
                $button.click();
            });

            $button.click(() => {
                let pw = $pw.val();
                let warning = Messages._getKey('register_passwordTooShort', [
                    Cred.MINIMUM_PASSWORD_LENGTH
                ]);
                if (data.register && pw !== $pw2.val()) {
                    return void UI.warn(Messages.register_passwordsDontMatch);
                }
                if (data.register && pw && !Cred.isLongEnoughPassword(pw)) {
                    return void UI.warn(warning);
                }
                if (data.register && !pw && ApiConfig.sso.password === 2) {
                    return void UI.warn(warning);
                }
                $button.prop('disabled', 'disabled');

                if (data.register) {
                    var span = h('span', [
                        h('h2', [
                            h('i.fa.fa-warning'),
                            ' ',
                            Messages.register_warning,
                        ]),
                        Messages.register_warning_note
                    ]);
                    UI.confirm(span, function (yes) {
                        if (!yes) {
                            $button.removeAttr('disabled');
                            return;
                        }
                        next(pw);
                    });
                    return;
                }

                next(pw);
            });
        });
    });
});
REUSE lint compliance 2023-12-15 22:38:01 +08:00			`// SPDX-FileCopyrightText: 2023 XWiki CryptPad Team <contact@cryptpad.org> and contributors`
			`//`
			`// SPDX-License-Identifier: AGPL-3.0-or-later`

SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`define([`
			`'/api/config',`
			`'jquery',`
			`'/common/hyperscript.js',`
			`'/common/common-util.js',`
			`'/common/common-credential.js',`
			`'/common/common-interface.js',`
			`'/common/common-login.js',`
			`'/common/common-constants.js',`
			`'/common/outer/http-command.js',`
			`'/common/outer/local-store.js',`
			`'/common/outer/login-block.js',`
			`'/customize/messages.js',`

Fix broken dependencies after merging main 2023-10-12 20:59:17 +08:00			`'/components/tweetnacl/nacl-fast.min.js',`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`], function (ApiConfig, $, h, Util, Cred, UI, Login, Constants,`
			`ServerCommand, LocalStore, Block, Messages) {`
			`if (window.top !== window) { return; }`

			`let Nacl = window.nacl;`

			`let ssoAuthCb = function (cb) {`
			`var b64Keys = Util.tryParse(localStorage.CP_sso_auth);`
			`if (!b64Keys) {`
			`UI.errorLoadingScreen("MISSING_SIGNATURE_KEYS");`
			`return;`
			`}`
			`var keys = {`
			`secretKey: Nacl.util.decodeBase64(b64Keys.s),`
			`publicKey: Nacl.util.decodeBase64(b64Keys.p)`
			`};`
Restrict SSO registration 2023-12-20 00:59:56 +08:00			`var inviteToken = b64Keys.token;`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`ServerCommand(keys, {`
			`command: 'SSO_AUTH_CB',`
			`url: window.location.href`
			`}, function (err, data) {`
			`delete localStorage.CP_sso_auth;`
			`document.cookie = 'ssotoken=; Max-Age=-99999999;';`
Restrict SSO registration 2023-12-20 00:59:56 +08:00			`if (data) { data.inviteToken = inviteToken; }`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`cb(err, data);`
			`});`
			`};`
Restrict SSO registration 2023-12-20 00:59:56 +08:00			`let ssoLoginRegister = function (seed, pw, jwt, name, isRegister, inviteToken) {`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`Login.loginOrRegister({`
			`uname: seed,`
			`passwd: pw,`
Restrict SSO registration 2023-12-20 00:59:56 +08:00			`token: inviteToken,`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`isRegister: isRegister,`
			`onOTP: UI.getOTPScreen,`
			`ssoAuth: {`
			`name: name,`
			`type: 'SSO',`
			`data: jwt`
			`}`
			`}, function (err) {`
			`if (err) {`
Fix OIDC sso issues 2023-10-18 21:39:54 +08:00			`UI.removeLoadingScreen();`
			`var msg = Messages.error;`
			`if (err === 'NO_SUCH_USER') { msg = Messages.drive_sfPasswordError; }`
			`let $button = $('button#cp-ssoauth-button');`
			`$button.prop('disabled', '');`
			`return void UI.warn(msg);`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`}`
SSO + OTP account deletion and password change 2023-10-26 23:55:54 +08:00			`LocalStore.setSSOSeed(seed.toLowerCase());`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`window.location.href = '/drive/';`
			`});`
			`};`

			`$(function () {`
			`if (!ApiConfig.sso) { return void UI.errorLoadingScreen(Messages.error); }`

			`UI.addLoadingScreen();`
			`ssoAuthCb(function (err, data) {`
			`if (err \|\| !data \|\| !data.jwt) {`
			`console.error(err \|\| 'NO_DATA');`
			`return void UI.warn(Messages.error);`
			`}`
			`let jwt = data.jwt;`
			`let seed = data.seed;`
			`let name = data.name;`
			`$('body').addClass(data.register ? 'cp-register' : 'cp-login');`

			`UI.removeLoadingScreen();`


			`// Login with a password OR register and password allowed`
			`let $button = $('button#cp-ssoauth-button');`
			`let $pw = $('#password');`
			`let $pw2 = $('#passwordconfirm');`
			`let next = (pw) => {`
			`// TODO login err ==> re-enable button`

			`setTimeout(() => { // First setTimeout to remove mobile devices' keyboard`
			`UI.addLoadingScreen({`
			`loadingText: Messages.login_hashing,`
			`hideTips: true,`
			`});`
			`setTimeout(function () { // Second timeout for the loading screen befofe Scrypt`
Restrict SSO registration 2023-12-20 00:59:56 +08:00			`ssoLoginRegister(seed, pw, jwt, name, data.register, data.inviteToken);`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`}, 100);`
			`}, 100);`

			`};`

			`// Existing account, no CP password, continue`
			`if (!data.register && !data.password) {`
			`return void next('');`
			`}`

Restrict SSO registration 2023-12-20 00:59:56 +08:00			`if (data.register && ApiConfig.restrictSsoRegistration && !data.inviteToken) {`
			`return void UI.errorLoadingScreen(Messages.register_registrationIsClosed);`
			`}`

SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`// Registration and CP password disabled, continue`
			`if (data.register && !ApiConfig.sso.password) {`
			`return void next('');`
			`}`

			`$('div.cp-ssoauth-pw').show();`
Add keyboard shortcut on SSO login 2023-10-31 00:13:54 +08:00			`$pw.focus();`

			`$pw.on('keypress', (ev) => {`
			`if (ev.which !== 13) { return; }`
			`if (!$pw2.val() && data.register) {`
			`return void $pw2.focus();`
			`}`
			`$button.click();`
			`});`
			`$pw2.on('keypress', (ev) => {`
			`if (ev.which !== 13) { return; }`
			`$button.click();`
			`});`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00
			`$button.click(() => {`
			`let pw = $pw.val();`
Restrict SSO registration 2023-12-20 00:59:56 +08:00			`let warning = Messages._getKey('register_passwordTooShort', [`
			`Cred.MINIMUM_PASSWORD_LENGTH`
			`]);`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`if (data.register && pw !== $pw2.val()) {`
			`return void UI.warn(Messages.register_passwordsDontMatch);`
			`}`
			`if (data.register && pw && !Cred.isLongEnoughPassword(pw)) {`
Restrict SSO registration 2023-12-20 00:59:56 +08:00			`return void UI.warn(warning);`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`}`
option to enforce CryptPad password for SSO accounts 2023-11-07 23:02:27 +08:00			`if (data.register && !pw && ApiConfig.sso.password === 2) {`
Restrict SSO registration 2023-12-20 00:59:56 +08:00			`return void UI.warn(warning);`
option to enforce CryptPad password for SSO accounts 2023-11-07 23:02:27 +08:00			`}`
SSO: OIDC login and register 2023-06-27 22:04:32 +08:00			`$button.prop('disabled', 'disabled');`

			`if (data.register) {`
			`var span = h('span', [`
			`h('h2', [`
			`h('i.fa.fa-warning'),`
			`' ',`
			`Messages.register_warning,`
			`]),`
			`Messages.register_warning_note`
			`]);`
			`UI.confirm(span, function (yes) {`
			`if (!yes) {`
			`$button.removeAttr('disabled');`
			`return;`
			`}`
			`next(pw);`
			`});`
			`return;`
			`}`

			`next(pw);`
			`});`
			`});`
			`});`
SSO: OIDC auth 2023-06-23 23:46:14 +08:00			`});`