Kratos SSO (#13)

LennartSchmidtKern · web-flow · commit 936ce252bbdf · 2024-06-10T17:59:27.000+02:00
* registration flow updaters

* google example, remove some options

* prevent setting update and some flows from displaying

* reroute after register

* simplify node preperations

* format
diff --git a/pages/login.tsx b/pages/login.tsx
@@ -15,9 +15,11 @@ import ory from "@/pkg/sdk"
 import { MiscInfo } from "@/services/basic-fetch/misc"
 
 const Login: NextPage = () => {
-  const [initialFlow, setInitialFlow] = useState<LoginFlow>()
-  const [changedFlow, setChangedFlow] = useState<LoginFlow>()
+  const [initialFlow, setInitialFlow] = useState<LoginFlow>();
+  const [changedFlow, setChangedFlow] = useState<LoginFlow>();
+  const [oidcFlow, setOidcFlow] = useState<LoginFlow>();
   const [selectedRole, setSelectedRole] = useState<string | undefined>('engineer');
+  const [isAccLinkageRequested, setIsAccLinkageRequested] = useState(false);
 
   // Get ?flow=... from the URL
   const router = useRouter()
@@ -62,20 +64,41 @@ const Login: NextPage = () => {
 
   useEffect(() => {
     if (!initialFlow) return;
-    const data: any = { ...initialFlow };
-    if (data.ui.nodes[1].meta.label) {
-      data.ui.nodes[1].meta.label.text = "Email address"
-      if (MiscInfo.isDemo) {
-        data.ui.nodes[1].attributes.value = getValueIdentifier(selectedRole);
-      }
+    const linkageRequested = initialFlow.ui.messages?.some((message: any) => message.id === 4000007) && initialFlow.ui.messages?.some((message: any) => message.id === 1010016);
+    if (linkageRequested) {
+      initialFlow.ui.nodes = []
+      initialFlow.ui.messages = [{ id: 400002, type: "error", text: "An account with the same identifier exists already and can not be linked by social-sign-in." }]
+      setChangedFlow(initialFlow);
+      setIsAccLinkageRequested(linkageRequested);
+      return
+    }
+
+    const flowData: any = Object.assign({}, initialFlow);
+
+    let emailNode = flowData.ui.nodes.find((node: any) => node.meta?.label?.text == "E-Mail");
+    if (emailNode && MiscInfo.isDemo) {
+      emailNode.attributes.value = getValueIdentifier(selectedRole);
     }
-    if (data.ui.nodes[2].meta.label && MiscInfo.isDemo) {
-      data.ui.nodes[2].attributes.value = getValuePassword(selectedRole);
+
+    let passwordNode = flowData.ui.nodes.find((node: any) => node.meta?.label?.text == "Password");
+    if (passwordNode && MiscInfo.isDemo) {
+      passwordNode.attributes.value = getValuePassword(selectedRole);
     }
-    if (data.ui.nodes[3].meta.label && MiscInfo.isDemo) {
-      data.ui.nodes[3].meta.label.text = "Proceed"
+
+    let submitNode = flowData.ui.nodes.find((node: any) => node.meta?.label?.text == "Sign in");
+    if (submitNode && MiscInfo.isDemo) {
+      submitNode.meta.label.text = "Proceed"
     }
-    setChangedFlow(data);
+
+
+    if (flowData.ui.nodes.some((node: any) => node.group === "oidc")) {
+      const oidcData = JSON.parse(JSON.stringify(flowData));
+      oidcData.ui.nodes = oidcData.ui.nodes.filter((node: any) => node.group == "oidc");
+      // prevent duplicate messages
+      oidcData.ui.messages = [];
+      setOidcFlow(oidcData);
+    }
+    setChangedFlow(flowData);
   }, [initialFlow, selectedRole])
 
   const onSubmit = (values: UpdateLoginFlowBody) =>
@@ -133,29 +156,41 @@ const Login: NextPage = () => {
             </>)}</>
           ) : (<></>)}
           <div className="ui-container">
-            {!MiscInfo.isDemo ? (<Flow onSubmit={onSubmit} flow={changedFlow} />) : (<>
-              <fieldset>
-                <span className="typography-h3">
-                  Select role
-                  <span className="required-indicator">*</span>
-                  <select className="typography-h3 select" id="roles" value={selectedRole} onChange={(e: any) => { setSelectedRole(e.target.value); }}>
-                    <option value="engineer">Engineer</option>
-                    <option value="expert">Expert</option>
-                    <option value="annotator">Annotator</option>
-                  </select>
-                </span>
-              </fieldset>
-              <p className="text-description" id="description">
-                {selectedRole === 'engineer' ? 'Administers the project and works on programmatic tasks such as labeling automation or filter settings.' : selectedRole === 'expert' ? 'Working on reference manual labels, which can be used by the engineering team to estimate the data quality.' : 'Working on manual labels as if they were heuristics. They can be switched on/off by the engineering team, so that the engineers can in - or exclude them during weak supervision.'}
-              </p>
-              <p className="text-description" id="sub-description">
-                {selectedRole === 'engineer' ? 'They have access to all features of the application, including the Python SDK.' : selectedRole === 'expert' ? 'They have access to the labeling view only.' : 'They have access to a task-minimized labeling view only. Engineers can revoke their access to the labeling view.'}
-              </p>
-              <DemoFlow onSubmit={onSubmit} flow={changedFlow} />
-            </>)}
+            {!MiscInfo.isDemo ? (
+              <div>
+                <Flow onSubmit={onSubmit} flow={changedFlow} only="password" />
+                {oidcFlow ?
+                  <>
+                    <div className="divider-outer"><span className="divider">Or</span></div>
+                    <Flow onSubmit={onSubmit} flow={oidcFlow} only="oidc" />
+                  </> : null}
+              </div>) : (<>
+                <fieldset>
+                  <span className="typography-h3">
+                    Select role
+                    <span className="required-indicator">*</span>
+                    <select className="typography-h3 select" id="roles" value={selectedRole} onChange={(e: any) => { setSelectedRole(e.target.value); }}>
+                      <option value="engineer">Engineer</option>
+                      <option value="expert">Expert</option>
+                      <option value="annotator">Annotator</option>
+                    </select>
+                  </span>
+                </fieldset>
+                <p className="text-description" id="description">
+                  {selectedRole === 'engineer' ? 'Administers the project and works on programmatic tasks such as labeling automation or filter settings.' : selectedRole === 'expert' ? 'Working on reference manual labels, which can be used by the engineering team to estimate the data quality.' : 'Working on manual labels as if they were heuristics. They can be switched on/off by the engineering team, so that the engineers can in - or exclude them during weak supervision.'}
+                </p>
+                <p className="text-description" id="sub-description">
+                  {selectedRole === 'engineer' ? 'They have access to all features of the application, including the Python SDK.' : selectedRole === 'expert' ? 'They have access to the labeling view only.' : 'They have access to a task-minimized labeling view only. Engineers can revoke their access to the labeling view.'}
+                </p>
+                <DemoFlow onSubmit={onSubmit} flow={changedFlow} />
+              </>)}
           </div>
           <div className="link-container">
-            {!MiscInfo.isDemo ? (<a className="link" data-testid="forgot-password" href="/auth/recovery">Forgot your password?</a>) : (<></>)}
+            {!MiscInfo.isDemo ?
+              !isAccLinkageRequested ?
+                <a className="link" data-testid="forgot-password" href="/auth/recovery">Forgot your password?</a>
+                : <a className="link" data-testid="back-to-login" href="/auth/login">Go back to login</a>
+              : null}
           </div>
         </div>
       </div >
diff --git a/pages/registration.tsx b/pages/registration.tsx
@@ -9,16 +9,18 @@ import ory from "@/pkg/sdk"
 import { handleFlowError } from "@/pkg/errors"
 import { Flow } from "@/pkg"
 import { MiscInfo } from "@/services/basic-fetch/misc"
-import { prepareFirstLastNameAsRequired } from "@/util/helper-functions"
+import { prepareNodes } from "@/util/helper-functions"
 
 // Renders the registration page
 const Registration: NextPage = () => {
   const router = useRouter()
 
   // The "flow" represents a registration process and contains
   // information about the form we need to render (e.g. username + password)
-  const [initialFlow, setInitialFlow]: any = useState<RegistrationFlow>()
-  const [changedFlow, setChangedFlow]: any = useState<RegistrationFlow>()
+  const [initialFlow, setInitialFlow]: any = useState<RegistrationFlow>();
+  const [changedFlow, setChangedFlow]: any = useState<RegistrationFlow>();
+  const [oidcFlow, setOidcFlow]: any = useState<RegistrationFlow>();
+
 
   // Get ?flow=... from the URL
   const { flow: flowId, return_to: returnTo } = router.query;
@@ -55,21 +57,32 @@ const Registration: NextPage = () => {
 
   useEffect(() => {
     if (!initialFlow) return;
-    if (initialFlow.ui.nodes[1].meta.label) {
-      initialFlow.ui.nodes[1].meta.label.text = "Email address"
+
+    initialFlow.ui.nodes = prepareNodes(initialFlow);
+
+    if (initialFlow.ui.nodes.some((node: any) => node.group === "oidc")) {
+      const oidcData = JSON.parse(JSON.stringify(initialFlow));
+      oidcData.ui.nodes = oidcData.ui.nodes.filter((node: any) => node.group == "oidc");
+      // prevent duplicate messages
+      oidcData.ui.messages = [];
+      setOidcFlow(oidcData);
     }
-    initialFlow.ui.nodes = prepareFirstLastNameAsRequired(3, 4, initialFlow);
+
     setChangedFlow(initialFlow);
   }, [initialFlow])
 
   const onSubmit = async (values: UpdateRegistrationFlowBody) => {
+
+    await router
+      // On submission, add the flow ID to the URL but do not navigate. This prevents the user loosing
+      // his data when she/he reloads the page.
+      .push(`/registration?flow=${initialFlow?.id}`, undefined, { shallow: true })
     ory
       .updateRegistrationFlow({
         flow: String(initialFlow?.id),
-        updateRegistrationFlowBody: values,
+        updateRegistrationFlowBody: values
       })
       .then(async ({ data }) => {
-        // If continue_with did not contain anything, we can just return to the home page.
         await router.push(initialFlow?.return_to || "/")
       })
       .catch(handleFlowError(router, "registration", setInitialFlow))
@@ -95,7 +108,15 @@ const Registration: NextPage = () => {
         <KernLogo />
         <div id="signup">
           <h2 className="title">{MiscInfo.isManaged ? 'Register account' : 'Sign up for a local account'}</h2>
-          <Flow onSubmit={onSubmit} flow={changedFlow} />
+          <div>
+            <Flow onSubmit={onSubmit} flow={changedFlow} only="password" />
+            {oidcFlow ?
+              <>
+                <div className="divider-outer"><span className="divider">Or</span></div>
+                <Flow onSubmit={onSubmit} flow={oidcFlow} only="oidc" />
+              </> : null}
+          </div>
+
           <div className="link-container">
             <a className="link" data-testid="forgot-password" href="/auth/login">Go back to login</a>
           </div>
diff --git a/pages/settings.tsx b/pages/settings.tsx
@@ -9,14 +9,14 @@ import { Flow, Messages } from "../pkg"
 import { handleFlowError } from "../pkg/errors"
 import ory from "../pkg/sdk"
 import { KernLogo } from "@/pkg/ui/Icons"
-import { prepareFirstLastNameAsRequired } from "@/util/helper-functions"
+import { prepareNodes } from "@/util/helper-functions"
 
 const Settings: NextPage = () => {
   const [initialFlow, setInitialFlow]: any = useState<SettingsFlow>()
   const [changedFlow, setChangedFlow]: any = useState<SettingsFlow>()
   const [containsTotp, setContainsTotp] = useState<boolean>(false)
   const [containsBackupCodes, setContainsBackupCodes] = useState<boolean>(false)
-
+  const [isOidc, setIsOidc] = useState(false);
   // Get ?flow=... from the URL
   const router = useRouter()
   const { flow: flowId, return_to: returnTo } = router.query
@@ -51,10 +51,7 @@ const Settings: NextPage = () => {
 
   useEffect(() => {
     if (!initialFlow) return;
-    if (initialFlow.ui.nodes[1].meta.label) {
-      initialFlow.ui.nodes[1].meta.label.text = "Email address";
-    }
-    initialFlow.ui.nodes = prepareFirstLastNameAsRequired(2, 3, initialFlow);
+    initialFlow.ui.nodes = prepareNodes(initialFlow);
     const checkIfTotp = initialFlow.ui.nodes.find((node: UiNode) => node.group === "totp");
     const checkIfBackupCodes = initialFlow.ui.nodes.find((node: UiNode) => node.group === "lookup_secret");
     if (checkIfTotp) {
@@ -64,6 +61,13 @@ const Settings: NextPage = () => {
       setContainsBackupCodes(true);
     }
     setChangedFlow(initialFlow)
+
+    //prevent password change option display if sso
+    if (initialFlow.identity.metadata_public?.registration_scope?.provider_id != "kern.ai") {
+      initialFlow.ui.nodes = initialFlow.ui.nodes.filter((node: UiNode) => node.group !== "password");
+      setIsOidc(true);
+    }
+
   }, [initialFlow])
 
   const onSubmit = (values: UpdateSettingsFlowBody) =>
@@ -109,17 +113,17 @@ const Settings: NextPage = () => {
               flow={changedFlow}
             />
           </div>
-
-          <div className="form-container">
-            <h3 className="subtitle">Change password</h3>
-            <Messages messages={changedFlow?.ui.messages} />
-            <Flow
-              hideGlobalMessages
-              onSubmit={onSubmit}
-              only="password"
-              flow={changedFlow}
-            />
-          </div>
+          {!isOidc ?
+            <div className="form-container">
+              <h3 className="subtitle">Change password</h3>
+              <Messages messages={changedFlow?.ui.messages} />
+              <Flow
+                hideGlobalMessages
+                onSubmit={onSubmit}
+                only="password"
+                flow={changedFlow}
+              />
+            </div> : null}
 
           {containsBackupCodes ? (<div className="form-container">
             <h3 className="subtitle">Manage 2FA backup recovery codes</h3>
diff --git a/pkg/ui/Messages.tsx b/pkg/ui/Messages.tsx
@@ -8,7 +8,7 @@ interface MessageProps {
 export const Message = ({ message }: MessageProps) => {
   return (
     <Alert severity={message.type === "error" ? "error" : "info"}>
-      <AlertContent data-testid={`ui/message/${message.id}`} className={message.type == 'info' ? 'message success' : 'message error'}>
+      <AlertContent data-testid={`ui/message/${message.id}`} className={message.type == 'error' ? 'message error' : 'message success'}>
         {message.text}
       </AlertContent>
     </Alert>
diff --git a/styles/globals.css b/styles/globals.css
@@ -80,6 +80,18 @@ button[name="method"] {
     background-color: #2f7241 !important;
 }
 
+button[name="provider"] {
+    background-color: white !important;
+    color: rgb(69, 69, 69) !important;
+    border: 1px rgb(209 213 219) solid !important;
+}
+
+button[name="provider"]:hover {
+    border-color: #5AB370 !important;
+    background-color: rgb(251, 251, 251) !important;
+    transition: all 0.1s ease-in-out;
+}
+
 button.button-sign-in:focus {
     outline-offset: 2px;
     outline-color: #5AB370;
@@ -146,6 +158,27 @@ button.button-sign-in:focus {
     margin-bottom: 20px;
 }
 
+.divider-outer {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    margin: 0.75rem;
+    padding-top: 0.25rem;
+}
+
+.divider-outer:before, .divider-outer:after {
+    content: "";
+    border-bottom: 1px solid  #D1D5DB;
+    flex: 1 0 auto;
+    height: .3rem;
+}
+
+.divider {
+    color: #a4a6a8;
+    margin: 0 1rem;
+    font-size: 0.8rem;
+}
+
 .subtitle {
     font-weight: bold;
     margin-top: 20px;
diff --git a/util/helper-functions.ts b/util/helper-functions.ts
@@ -37,12 +37,25 @@ export function refactorFlowWithMoreMessages(flow: any) {
     return flow;
 }
 
-export function prepareFirstLastNameAsRequired(firstNameIdx: number, lastNameIdx: number, initialFlow: any) {
-    if (initialFlow.ui.nodes[firstNameIdx].attributes.name === "traits.name.first") {
-        initialFlow.ui.nodes[firstNameIdx].attributes.required = true
+export function prepareNodes(flow: any) {
+
+    let firstNameNode = flow.ui.nodes.find((node: any) => node.attributes?.name === "traits.name.first");
+    if (firstNameNode) {
+        firstNameNode.attributes.required = true
+    }
+
+    let lastNameNode = flow.ui.nodes.find((node: any) => node.attributes?.name === "traits.name.last");
+    if (lastNameNode) {
+        lastNameNode.attributes.required = true
     }
-    if (initialFlow.ui.nodes[lastNameIdx].attributes.name === "traits.name.last") {
-        initialFlow.ui.nodes[lastNameIdx].attributes.required = true
+
+    let filteredNodes = flow.ui.nodes.filter((node: any) => !node.attributes?.name.startsWith("metadata"));
+
+    const providerId = flow.identity?.metadata_public?.registration_scope?.provider_id;
+    if (["microsoft", "google"].includes(providerId)) {
+        const mailNode = filteredNodes.find((node: any) => node.attributes?.name == "traits.email");
+        mailNode.attributes.type = "hidden"
     }
-    return initialFlow.ui.nodes;
+
+    return filteredNodes;
 }
