Poor man's SSO (#2641)

* Implemented workspace general page * Added notifications to user input * Allowed non-admins to view but not edit * Added redirect to homeroute * Fixed validation * Squashed commit of the following: commit 7bf14ab8af0f76b4c9d0aa87fc08085af7c34959 Author: Chuck Driesler <chuck@speckle.systems> Date: Tue Aug 6 19:40:50 2024 +0200 mob next [ci-skip] [ci skip] [skip ci] lastFile:packages/server/modules/workspacesCore/migrations/20240806160740_workspace_domains.ts commit 8aa3fb0cb052c10eeeb83bf9874ae0d1c065e480 Author: Alessandro Magionami <alessandro.magionami@gmail.com> Date: Tue Aug 6 18:54:15 2024 +0200 mob next [ci-skip] [ci skip] [skip ci] lastFile:packages/server/modules/core/domain/userEmails/operations.ts commit 66dfd0cf6c15a789c8f96a65a3168323e83a7b9e Author: Chuck Driesler <chuck@speckle.systems> Date: Tue Aug 6 18:30:22 2024 +0200 mob next [ci-skip] [ci skip] [skip ci] lastFile:packages/server/modules/workspacesCore/domain/types.ts Co-authored-by: Alessandro Magionami <alessandro.magionami@gmail.com> * Move General to workspaces folder * feat(workspaces): inputs on security section * feat(workspaces): add domain to workspace mutation * chore(workspaces): add blocked domains list * fix(workspaces): modals with buttons * feat(workspaceDomains): delete domain * fix(workspaces): use mutation * fix(workspaces): present user verified domains as options * Moved sidebar menu to a composable * Added coming soon tag back * feat(workspaces): create domains resolver for workspace * chore(workspaces): fix tests * chore(workspaces): fix types * chore(workspaces): fix linter * fix(workspaces): do some delete I think * chore(workspaces): add domainBasedMembershipProtectionEnabled field to workspace * chore(workspaces): improve validation for email domain * fix(workspace): query and do the thing * chore(workspaces): add graphql schema for domainBasedMembershipProtection * chore(workspaces): lint and test failures * fix(workspaces): test issues w new field * feat(workspaces): add discoverability flag * chore(workspaces): they made me do it * feat(workspaces): enable toggling domain protection * feat(workspaces): add discoverability toggle to workspace settings * feat(workspace): auto enable discoverability on first domain registration * feat(workspace): discoverability toggle fixes * fix(eventBus): fix tests * feat(workspaces): user discoverable workspaces (#2620) * feat(workspaces): it works just trust me * fix(workspaces): don't worry about it * fix(workspaces); happy path success * fix(workspaces): almost there * fix(workspaces): successful tests! * fix(workspaces): we have DISCOVERED (#2621) * Fixed linting issue * Updated query * Updated validation rules * Updated validation rules * Fix unsaved file with type export * Addressed PR comments * Updated cache * Updated item classes, add fragment back * Gergo/web 1574 join workspaces via discovery (#2623) * chore(useremails): add find verified emails by user function * chore(workspace): table helper for workspace domains * chore(workspace): get workspace with domains function * chore(workspace): test get workspace with domains function * feat(workspace): restrict workspace membership when updating workspace role * chore(workspaces): fix types * feat(workspaces): WIP join * feat(workspaces): join button makes u join * chore(useremails): fix type for find verified emails function * feat(workspaces): join * feat(workspace): prevent inviting user without email matching domain * chore(workspaces): fix linter * fix(workspaces): invoke join (gergo wrote this) * fuck * fix(workspaces): properly get discoverable workspaces * fix(workspaces): test --------- Co-authored-by: Gergő Jedlicska <gergo@jedlicska.com> Co-authored-by: Chuck Driesler <chuck@speckle.systems> * fix(workspaces): some query stuff * fix(workspaces): mutate cache instead of refetch * fix(workspaces): more adjustments to gql query and fragment structure * fix(workspaces): queries, style, structure * fix(workspaces): match discoverability with current styles * chore(workspaces): lint lint lint * fix(workspaces): got it twisted * chore(workspaces): fix test * fix(workspaces): route to joined workspace on join --------- Co-authored-by: Mike Tasset <mike.tasset@gmail.com> Co-authored-by: Chuck Driesler <chuck@speckle.systems> Co-authored-by: Alessandro Magionami <alessandro.magionami@gmail.com>
2024-08-26 13:33:16 +02:00
parent 038a280266
commit 08e941f8af
54 changed files with 3142 additions and 135 deletions
@@ -8,7 +8,8 @@ export const WorkspaceEvents = {
  Created: `${workspaceEventPrefix}created`,
  Updated: `${workspaceEventPrefix}updated`,
  RoleDeleted: `${workspaceEventPrefix}role-deleted`,
-  RoleUpdated: `${workspaceEventPrefix}role-updated`
+  RoleUpdated: `${workspaceEventPrefix}role-updated`,
+  JoinedFromDiscovery: `${workspaceEventPrefix}joined-from-discovery`
 } as const

 export type WorkspaceEvents = (typeof WorkspaceEvents)[keyof typeof WorkspaceEvents]
@@ -19,10 +20,12 @@ type WorkspaceCreatedPayload = Workspace & {
 type WorkspaceUpdatedPayload = Workspace
 type WorkspaceRoleDeletedPayload = WorkspaceAcl
 type WorkspaceRoleUpdatedPayload = WorkspaceAcl
+type WorkspaceJoinedFromDiscoveryPayload = { userId: string; workspaceId: string }

 export type WorkspaceEventsPayloads = {
  [WorkspaceEvents.Created]: WorkspaceCreatedPayload
  [WorkspaceEvents.Updated]: WorkspaceUpdatedPayload
  [WorkspaceEvents.RoleDeleted]: WorkspaceRoleDeletedPayload
  [WorkspaceEvents.RoleUpdated]: WorkspaceRoleUpdatedPayload
+  [WorkspaceEvents.JoinedFromDiscovery]: WorkspaceJoinedFromDiscoveryPayload
 }
@@ -8,6 +8,19 @@ export type Workspace = {
  updatedAt: Date
  logo: string | null
  defaultLogoIndex: number
+  domainBasedMembershipProtectionEnabled: boolean
+  discoverabilityEnabled: boolean
+}
+export type WorkspaceWithDomains = Workspace & { domains: WorkspaceDomain[] }
+
+export type WorkspaceDomain = {
+  id: string
+  workspaceId: string
+  domain: string
+  createdAt: Date
+  updatedAt: Date
+  createdByUserId: string | null
+  verified: boolean
 }

 export type WorkspaceWithOptionalRole = Workspace & { role?: WorkspaceRoles }
@@ -30,6 +30,15 @@ export = !FF_WORKSPACES_MODULE_ENABLED
        updateRole: async () => {
          throw new WorkspacesModuleDisabledError()
        },
+        addDomain: async () => {
+          throw new WorkspacesModuleDisabledError()
+        },
+        deleteDomain: async () => {
+          throw new WorkspacesModuleDisabledError()
+        },
+        join: async () => {
+          throw new WorkspacesModuleDisabledError()
+        },
        leave: async () => {
          throw new WorkspacesModuleDisabledError()
        },
@@ -64,9 +73,15 @@ export = !FF_WORKSPACES_MODULE_ENABLED
        },
        projects: async () => {
          throw new WorkspacesModuleDisabledError()
+        },
+        domains: async () => {
+          throw new WorkspacesModuleDisabledError()
        }
      },
      User: {
+        discoverableWorkspaces: async () => {
+          throw new WorkspacesModuleDisabledError()
+        },
        workspaces: async () => {
          throw new WorkspacesModuleDisabledError()
        },
@@ -0,0 +1,20 @@
+import { Knex } from 'knex'
+
+export async function up(knex: Knex): Promise<void> {
+  await knex.schema.createTable('workspace_domains', (table) => {
+    table.text('id').primary()
+    table.text('domain').notNullable()
+    table.boolean('verified').notNullable()
+    table.timestamp('createdAt', { precision: 3, useTz: true }).notNullable()
+    table.timestamp('updatedAt', { precision: 3, useTz: true }).notNullable()
+    table.text('createdByUserId').references('id').inTable('users').onDelete('set null')
+    table.text('workspaceId').references('id').inTable('workspaces').onDelete('cascade')
+    table.unique(['workspaceId', 'domain'])
+    table.index('workspaceId')
+    table.index('domain')
+  })
+}
+
+export async function down(knex: Knex): Promise<void> {
+  await knex.schema.dropTable('workspace_domains')
+}
@@ -0,0 +1,13 @@
+import { Knex } from 'knex'
+
+export async function up(knex: Knex): Promise<void> {
+  await knex.schema.alterTable('workspaces', (table) => {
+    table.boolean('domainBasedMembershipProtectionEnabled').defaultTo(false)
+  })
+}
+
+export async function down(knex: Knex): Promise<void> {
+  await knex.schema.alterTable('workspaces', (table) => {
+    table.dropColumn('domainBasedMembershipProtectionEnabled')
+  })
+}
@@ -0,0 +1,13 @@
+import { Knex } from 'knex'
+
+export async function up(knex: Knex): Promise<void> {
+  await knex.schema.alterTable('workspaces', (table) => {
+    table.boolean('discoverabilityEnabled').defaultTo(false)
+  })
+}
+
+export async function down(knex: Knex): Promise<void> {
+  await knex.schema.alterTable('workspaces', (table) => {
+    table.dropColumn('discoverabilityEnabled')
+  })
+}