is787/invitation-registration (#790)

Implements #787 and #791 

Allows registration only by invitation. Change in the server side:
- option configurable at app.login
- invitations are generated with confirmation-codes (utils to generate codes in login.registration)
- confirmation codes have one use and have a lifetime of 5 days (currently hard-coded)
- rest API:
   - updated schema request body to include invitation code
   - added entrypoint to retrieve front-end config

Changes in the front-end side:
- retrieves runtime configuration
- enables/disables registration link
- captures invitation token from fragments
- refactor fragment parsing (see notes in #791)

Author: pcrespov

api/specs/webserver/v0/components/schemas/config.yaml

@@ -0,0 +1,18 @@
+ConfigEnveloped:
+  type: object
+  required:
+    - data
+  properties:
+    data:
+      $ref: '#/ConfigSchema'
+    error:
+      nullable: true
+      default: null
+
+ConfigSchema:
+  type: object
+  properties:
+    invitation_required:
+      type: bool
+  example:
+    invitation_required: true

api/specs/webserver/v0/components/schemas/registration.yaml

@@ -26,7 +26,16 @@ RegistrationType:
     confirm:
       type: string
       #format: password
+    invitation:
+      type: string
+      description: "Invitation code"
+  required:
+    - email
+    - password
+
+
   example:
     email: [email protected]
     password: 'my secret'
-    confim: 'my secret'
+    confirm: 'my secret'
+    invitation: 33c451d4-17b7-4e65-9880-694559b8ffc2

api/specs/webserver/v0/openapi-diagnostics.yaml

@@ -54,3 +54,16 @@ paths:
             application/json:
               schema:
                 $ref: './components/schemas/fake.yaml#/FakeEnveloped'
+  /config:
+    get:
+      summary: Front end runtime configuration
+      operationId: get_config
+      responses:
+        '200':
+          description: configuration details
+          content:
+            application/json:
+              schema:
+                $ref: './components/schemas/config.yaml#/ConfigEnveloped'
+        default:
+          $ref: './openapi.yaml#/components/responses/DefaultErrorResponse'

api/specs/webserver/v0/openapi.yaml

@@ -32,6 +32,9 @@ paths:
   /check/{action}:
     $ref: './openapi-diagnostics.yaml#/paths/~1check~1{action}'
 
+  /config:
+    $ref: './openapi-diagnostics.yaml#/paths/~1config'
+
   # AUTHENTICATION & AUTHORIZATION --------------------------------------
 
   /auth/register:

services/web/client/source/class/qxapp/Application.js

@@ -71,12 +71,25 @@ qx.Class.define("qxapp.Application", {
     },
 
     __initRouting: function() {
-      // Route: /#/study/{id}
       // TODO: PC -> IP consider regex for uuid, i.e. /[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}/ ???
-      let result = /#\/study\/([0-9a-zA-Z\-]+)/.exec(window.location.hash);
-      if (result) {
-        qxapp.utils.Utils.cookie.deleteCookie("user");
-        qxapp.auth.Manager.getInstance().validateToken(() => this.__loadMainPage(result[1]), this.__loadLoginPage, this);
+      const urlFragment = qxapp.utils.Utils.parseURLFragment();
+      if (urlFragment.nav && urlFragment.nav.length) {
+        if (urlFragment.nav[0] === "study" && urlFragment.nav.length > 1) {
+          // Route: /#/study/{id}
+          qxapp.utils.Utils.cookie.deleteCookie("user");
+          qxapp.auth.Manager.getInstance().validateToken(() => this.__loadMainPage(urlFragment.nav[1]), this.__loadLoginPage, this);
+        } else if (urlFragment.nav[0] === "registration" && urlFragment.params && urlFragment.params.invitation) {
+          // Route: /#/registration/?invitation={token}
+          qxapp.utils.Utils.cookie.deleteCookie("user");
+          this.__restart();
+        } else if (urlFragment.nav[0] === "reset-password" && urlFragment.params && urlFragment.params.code) {
+          // Route: /#/reset-password/?code={resetCode}
+          qxapp.utils.Utils.cookie.deleteCookie("user");
+          this.__restart();
+        } else {
+          // this.load404();
+          console.error("URL fragment format not recognized.");
+        }
       } else {
         this.__restart();
       }
@@ -131,6 +144,8 @@ qx.Class.define("qxapp.Application", {
       }
       doc.add(view, options);
       this.__current = view;
+      // Clear URL
+      window.history.replaceState(null, "", "/");
     },
 
     /**

services/web/client/source/class/qxapp/auth/LoginPage.js

@@ -65,6 +65,15 @@ qx.Class.define("qxapp.auth.LoginPage", {
       pages.setSelection([reset]);
     }
 
+    const urlFragment = qxapp.utils.Utils.parseURLFragment();
+    if (urlFragment.nav && urlFragment.nav.length) {
+      if (urlFragment.nav[0] === "registration") {
+        pages.setSelection([register]);
+      } else if (urlFragment.nav[0] === "reset-password") {
+        pages.setSelection([reset]);
+      }
+    }
+
     // Transitions between pages
     login.addListener("done", function(msg) {
       login.resetValues();
@@ -103,19 +112,18 @@ qx.Class.define("qxapp.auth.LoginPage", {
 
   members: {
     __addVersionLink: function() {
-      const versionLinkLayout = new qx.ui.container.Composite(new qx.ui.layout.HBox(10));
-
-      versionLinkLayout.add(new qx.ui.core.Spacer(), {
-        flex: 1
+      const versionLinkLayout = new qx.ui.container.Composite(new qx.ui.layout.HBox(10).set({
+        alignX: "center"
+      })).set({
+        margin: [10, 0]
       });
 
       const platformVersion = qxapp.utils.LibVersions.getPlatformVersion();
       if (platformVersion) {
         const text = platformVersion.name + " v" + platformVersion.version;
         const versionLink = new qxapp.ui.basic.LinkLabel(text, platformVersion.url).set({
-          alignX: "right",
-          allowGrowX: true,
-          font: "text-12"
+          font: "text-12",
+          textColor: "text-darker"
         });
         versionLinkLayout.add(versionLink);
 
@@ -124,16 +132,11 @@ qx.Class.define("qxapp.auth.LoginPage", {
       }
 
       const organizationLink = new qxapp.ui.basic.LinkLabel("© 2019 IT'IS Foundation", "https://itis.swiss").set({
-        alignX: "left",
-        allowGrowX: true,
-        font: "text-12"
+        font: "text-12",
+        textColor: "text-darker"
       });
       versionLinkLayout.add(organizationLink);
 
-      versionLinkLayout.add(new qx.ui.core.Spacer(), {
-        flex: 1
-      });
-
       this._add(versionLinkLayout, {
         row: 1,
         column: 0

services/web/client/source/class/qxapp/auth/core/Utils.js

@@ -39,7 +39,7 @@ qx.Class.define("qxapp.auth.core.Utils", {
      *
      * Expected fragment format as https://osparc.io#page=reset-password;code=123546
      * where fragment is #page=reset-password;code=123546
-    */
+     */
     findParameterInFragment: function(parameterName) {
       let result = null;
       const params = window.location.hash.substr(1).split(";");

services/web/client/source/class/qxapp/auth/ui/LoginView.js

@@ -53,7 +53,7 @@ qx.Class.define("qxapp.auth.ui.LoginView", {
     _buildPage: function() {
       this.__form = new qx.ui.form.Form();
 
-      let atm = new qx.ui.basic.Atom().set({
+      const atm = new qx.ui.basic.Atom().set({
         icon: "qxapp/osparc-white.svg",
         iconPosition: "top"
       });
@@ -64,7 +64,7 @@ qx.Class.define("qxapp.auth.ui.LoginView", {
       });
       this.add(atm);
 
-      let email = new qx.ui.form.TextField().set({
+      const email = new qx.ui.form.TextField().set({
         placeholder: this.tr("Your email address"),
         required: true
       });
@@ -75,15 +75,15 @@ qx.Class.define("qxapp.auth.ui.LoginView", {
         email.focus();
         email.activate();
       });
-      let pass = new qx.ui.form.PasswordField().set({
+      const pass = new qx.ui.form.PasswordField().set({
         placeholder: this.tr("Your password"),
         required: true
       });
       pass.getContentElement().setAttribute("autocomplete", "current-password");
       this.add(pass);
       this.__form.add(pass, "", null, "password", null);
 
-      let loginBtn = new qx.ui.form.Button(this.tr("Log In"));
+      const loginBtn = new qx.ui.form.Button(this.tr("Log In"));
       loginBtn.addListener("execute", function() {
         this.__login();
       }, this);
@@ -97,13 +97,31 @@ qx.Class.define("qxapp.auth.ui.LoginView", {
 
 
       //  create account | forgot password? links
-      let grp = new qx.ui.container.Composite(new qx.ui.layout.HBox());
-
-      let registerBtn = this.createLinkButton(this.tr("Create Account"), function() {
-        this.fireEvent("toRegister");
+      const grp = new qx.ui.container.Composite(new qx.ui.layout.HBox());
+
+      const registerBtn = this.createLinkButton(this.tr("Create Account"), () => {
+        const interval = 1000;
+        const configTimer = new qx.event.Timer(interval);
+        const resource = qxapp.io.rest.ResourceFactory.getInstance();
+        let registerWithInvitation = resource.registerWithInvitation();
+        configTimer.addListener("interval", () => {
+          registerWithInvitation = resource.registerWithInvitation();
+          if (registerWithInvitation !== null) {
+            configTimer.stop();
+            if (registerWithInvitation) {
+              let text = this.tr("Registration is currently only available with an invitation.");
+              text += "<br>";
+              text += this.tr("Please contact [email protected]");
+              qxapp.component.widget.FlashMessenger.getInstance().logAs(text, "INFO");
+            } else {
+              this.fireEvent("toRegister");
+            }
+          }
+        }, this);
+        configTimer.start();
       }, this);
 
-      let forgotBtn = this.createLinkButton(this.tr("Forgot Password?"), function() {
+      const forgotBtn = this.createLinkButton(this.tr("Forgot Password?"), () => {
         this.fireEvent("toReset");
       }, this);
 
@@ -122,10 +140,10 @@ qx.Class.define("qxapp.auth.ui.LoginView", {
     },
 
     __buildExternals: function() {
-      let grp = new qx.ui.container.Composite(new qx.ui.layout.HBox());
+      const grp = new qx.ui.container.Composite(new qx.ui.layout.HBox());
 
       [this.tr("Login with NIH"), this.tr("Login with OpenID")].forEach(txt => {
-        let btn = this.createLinkButton(txt, function() {
+        const btn = this.createLinkButton(txt, function() {
           // TODO add here callback
           console.error("Login with external services are still not implemented");
         }, this);
@@ -148,17 +166,17 @@ qx.Class.define("qxapp.auth.ui.LoginView", {
       const email = this.__form.getItems().email;
       const pass = this.__form.getItems().password;
 
-      let manager = qxapp.auth.Manager.getInstance();
+      const manager = qxapp.auth.Manager.getInstance();
 
-      let successFun = function(log) {
+      const successFun = function(log) {
         this.fireDataEvent("done", log.message);
         // we don't need the form any more, so remove it and mock-navigate-away
         // and thus tell the password manager to save the content
         this._formElement.dispose();
         window.history.replaceState(null, window.document.title, window.location.pathname);
       };
 
-      let failFun = function(msg) {
+      const failFun = function(msg) {
         // TODO: can get field info from response here
         msg = String(msg) || this.tr("Introduced an invalid email or password");
         [email, pass].forEach(item => {
@@ -175,8 +193,8 @@ qx.Class.define("qxapp.auth.ui.LoginView", {
     },
 
     resetValues: function() {
-      let fieldItems = this.__form.getItems();
-      for (var key in fieldItems) {
+      const fieldItems = this.__form.getItems();
+      for (const key in fieldItems) {
         fieldItems[key].resetValue();
       }
     }

services/web/client/source/class/qxapp/auth/ui/RegistrationView.js

@@ -65,6 +65,14 @@ qx.Class.define("qxapp.auth.ui.RegistrationView", {
       });
       this.add(pass2);
 
+      const urlFragment = qxapp.utils.Utils.parseURLFragment();
+      const token = urlFragment.params ? urlFragment.params.invitation || null : null;
+      const invitation = new qx.ui.form.TextField().set({
+        visibility: "excluded",
+        value: token
+      });
+      this.add(invitation);
+
       // interaction
       pass1.addListener("changeValue", e => {
         qxapp.auth.Manager.getInstance().evalPasswordStrength(e.getData(), (strength, rating, improvement) => {
@@ -123,7 +131,8 @@ qx.Class.define("qxapp.auth.ui.RegistrationView", {
           this.__submit({
             email: email.getValue(),
             password: pass1.getValue(),
-            confirm: pass2.getValue()
+            confirm: pass2.getValue(),
+            invitation: invitation.getValue()
           });
         }
       }, this);

services/web/client/source/class/qxapp/auth/ui/ResetPassView.js

@@ -48,6 +48,14 @@ qx.Class.define("qxapp.auth.ui.ResetPassView", {
       });
       this.add(confirm);
 
+      const urlFragment = qxapp.utils.Utils.parseURLFragment();
+      const resetCode = urlFragment.params ? urlFragment.params.code || null : null;
+      const code = new qx.ui.form.TextField().set({
+        visibility: "excluded",
+        value: resetCode
+      });
+      this.add(code);
+
       validator.setValidator(function(_itemForms) {
         return qxapp.auth.core.Utils.checkSamePasswords(password, confirm);
       });
@@ -69,10 +77,7 @@ qx.Class.define("qxapp.auth.ui.ResetPassView", {
       submitBtn.addListener("execute", function(e) {
         const valid = validator.validate();
         if (valid) {
-          const code = qxapp.auth.core.Utils.findParameterInFragment("code");
-          qxapp.auth.core.Utils.removeParameterInFragment("page");
-          qxapp.auth.core.Utils.removeParameterInFragment("code");
-          this.__submit(password.getValue(), confirm.getValue(), code);
+          this.__submit(password.getValue(), confirm.getValue(), code.getValue());
         }
       }, this);
 
@@ -88,7 +93,6 @@ qx.Class.define("qxapp.auth.ui.ResetPassView", {
 
       let successFun = function(log) {
         this.fireDataEvent("done", log.message);
-        // TODO: See #465: clean all query from url: e.g. /?page=reset-password&code=qwewqefgfg
         qxapp.component.widget.FlashMessenger.getInstance().log(log);
       };