♻️ Refactor LDAP auth backend.

And reorganize oauth backend namespaces.

frontend/src/app/main/data/auth.cljs

@@ -79,30 +79,6 @@
     (watch [this state s]
       (rx/of (logged-in profile)))))
 
-(defn login-with-ldap
-  [{:keys [email password] :as data}]
-  (us/verify ::login-params data)
-  (ptk/reify ::login-with-ldap
-    ptk/UpdateEvent
-    (update [_ state]
-      (merge state (dissoc initial-state :route :router)))
-
-    ptk/WatchEvent
-    (watch [this state s]
-      (let [{:keys [on-error on-success]
-             :or {on-error identity
-                  on-success identity}} (meta data)
-            params {:email email
-                    :password password
-                    :scope "webapp"}]
-        (->> (rx/timer 100)
-          (rx/mapcat #(rp/mutation :login-with-ldap params))
-          (rx/tap on-success)
-          (rx/catch (fn [err]
-                      (on-error err)
-                      (rx/empty)))
-          (rx/map logged-in))))))
-
 ;; --- Logout
 
 (def clear-user-data
@@ -131,10 +107,11 @@
 
 ;; --- Register
 
+(s/def ::invitation-token ::us/not-empty-string)
+
 (s/def ::register
-  (s/keys :req-un [::fullname
-                   ::password
-                   ::email]))
+  (s/keys :req-un [::fullname ::password ::email]
+          :opt-un [::invitation-token]))
 
 (defn register
   "Create a register event instance."

frontend/src/app/main/repo.cljs

@@ -122,11 +122,5 @@
           (seq params))
     (send-mutation! id form)))
 
-(defmethod mutation :login-with-ldap
-  [id params]
-  (let [uri (str cfg/public-uri "/api/login-ldap")]
-    (->> (http/send! {:method :post :uri uri :body params})
-         (rx/mapcat handle-response))))
-
 (def client-error? http/client-error?)
 (def server-error? http/server-error?)

frontend/src/app/main/ui/auth.cljs

@@ -49,7 +49,7 @@
         [:& register-success-page {:params params}]
 
         :auth-login
-        [:& login-page {:locale locale :params params}]
+        [:& login-page {:params params}]
 
         :auth-recovery-request
         [:& recovery-request-page {:locale locale}]

frontend/src/app/main/ui/auth/login.cljs

@@ -55,21 +55,40 @@
        (rx/subs (fn [{:keys [redirect-uri] :as rsp}]
                   (.replace js/location redirect-uri)))))
 
+(defn- login-with-ldap
+  [event params]
+  (dom/prevent-default event)
+  (dom/stop-propagation event)
+  (let [{:keys [on-error]} (meta params)]
+    (->> (rp/mutation! :login-with-ldap params)
+         (rx/subs (fn [profile]
+                    (if-let [token (:invitation-token profile)]
+                      (st/emit! (rt/nav :auth-verify-token {} {:token token}))
+                      (st/emit! (da/logged-in profile))))
+                  (fn [{:keys [type code] :as error}]
+                    (cond
+                      (and (= type :restriction)
+                           (= code :ldap-disabled))
+                      (st/emit! (dm/error (tr "errors.ldap-disabled")))
+
+                      (fn? on-error)
+                      (on-error error)))))))
+
 (mf/defc login-form
-  []
-  (let [error? (mf/use-state false)
-        form   (fm/use-form :spec ::login-form
-                            :inital {})
+  [{:keys [params] :as props}]
+  (let [error (mf/use-state false)
+        form  (fm/use-form :spec ::login-form
+                           :inital {})
 
         on-error
-        (fn [form event]
-          (reset! error? true))
+        (fn [_]
+          (reset! error (tr "errors.wrong-credentials")))
 
         on-submit
         (mf/use-callback
          (mf/deps form)
          (fn [event]
-           (reset! error? false)
+           (reset! error nil)
            (let [params (with-meta (:clean-data @form)
                           {:on-error on-error})]
              (st/emit! (da/login params)))))
@@ -78,17 +97,15 @@
         (mf/use-callback
          (mf/deps form)
          (fn [event]
-           (reset! error? false)
-           (let [params (with-meta (:clean-data @form)
-                          {:on-error on-error})]
-             (st/emit! (da/login-with-ldap params)))))]
+           (let [params (merge (:clean-data @form) params)]
+             (login-with-ldap event (with-meta params {:on-error on-error})))))]
 
     [:*
-     (when @error?
+     (when-let [message @error]
        [:& msgs/inline-banner
         {:type :warning
-         :content (tr "errors.auth.unauthorized")
-         :on-close #(reset! error? false)}])
+         :content message
+         :on-close #(reset! error nil)}])
 
      [:& fm/form {:on-submit on-submit :form form}
       [:div.fields-row
@@ -114,13 +131,13 @@
           :on-click on-submit-ldap}])]]))
 
 (mf/defc login-page
-  []
+  [{:keys [params] :as props}]
   [:div.generic-form.login-form
    [:div.form-container
     [:h1 (tr "auth.login-title")]
     [:div.subtitle (tr "auth.login-subtitle")]
 
-    [:& login-form {}]
+    [:& login-form {:params params}]
 
     [:div.links
      [:div.link-entry
@@ -130,25 +147,25 @@
 
      [:div.link-entry
       [:span (tr "auth.register") " "]
-      [:a {:on-click #(st/emit! (rt/nav :auth-register))
+      [:a {:on-click #(st/emit! (rt/nav :auth-register {} params))
            :tab-index "6"}
        (tr "auth.register-submit")]]]
 
     (when cfg/google-client-id
       [:a.btn-ocean.btn-large.btn-google-auth
-       {:on-click login-with-google}
+       {:on-click #(login-with-google % params)}
        "Login with Google"])
 
     (when cfg/gitlab-client-id
       [:a.btn-ocean.btn-large.btn-gitlab-auth
-       {:on-click login-with-gitlab}
+       {:on-click #(login-with-gitlab % params)}
        [:img.logo
         {:src "/images/icons/brand-gitlab.svg"}]
        (tr "auth.login-with-gitlab-submit")])
 
     (when cfg/github-client-id
       [:a.btn-ocean.btn-large.btn-github-auth
-       {:on-click login-with-github}
+       {:on-click #(login-with-github % params)}
        [:img.logo
         {:src "/images/icons/brand-github.svg"}]
        (tr "auth.login-with-github-submit")])

frontend/src/app/main/ui/auth/register.cljs

@@ -43,13 +43,11 @@
 (s/def ::fullname ::us/not-empty-string)
 (s/def ::password ::us/not-empty-string)
 (s/def ::email ::us/email)
-(s/def ::token ::us/not-empty-string)
+(s/def ::invitation-token ::us/not-empty-string)
 
 (s/def ::register-form
-  (s/keys :req-un [::password
-                   ::fullname
-                   ::email]
-          :opt-un [::token]))
+  (s/keys :req-un [::password ::fullname ::email]
+          :opt-un [::invitation-token]))
 
 (mf/defc register-form
   [{:keys [params] :as props}]
@@ -145,7 +143,7 @@
    [:div.links
     [:div.link-entry
      [:span (tr "auth.already-have-account") " "]
-     [:a {:on-click #(st/emit! (rt/nav :auth-login))
+     [:a {:on-click #(st/emit! (rt/nav :auth-login {} params))
           :tab-index "4"}
       (tr "auth.login-here")]]
 

frontend/src/app/main/ui/auth/verify_token.cljs

@@ -52,10 +52,9 @@
   [tdata]
   (case (:state tdata)
     :created
-    (let [message (tr "auth.notifications.team-invitation-accepted")]
-      (st/emit! (du/fetch-profile)
-                (rt/nav :dashboard-projects {:team-id (:team-id tdata)})
-                (dm/success message)))
+    (st/emit! (dm/success (tr "auth.notifications.team-invitation-accepted"))
+              (du/fetch-profile)
+              (rt/nav :dashboard-projects {:team-id (:team-id tdata)}))
 
     :pending
     (let [token (:invitation-token tdata)]