3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-05-10 03:26:38 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add :insecure-register flag.

Browse source 
This allows on-premise users skip the email validation.
This commit is contained in:
Andrey Antukh 2021-11-10 15:53:54 +01:00 committed by Andrés Moya
parent bf2a393fd3
commit e7003dde83
10 changed files with 79 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

11
backend/src/app/config.clj
View file

@ -268,10 +268,17 @@
::telemetry-with-taiga
::tenant]))
(def default-flags
[:enable-backend-asserts
:enable-backend-api-doc
:enable-insecure-register
:enable-secure-session-cookies])
(defn- parse-flags
[config]
(-> (:flags config)
(flags/parse flags/default)))
(flags/parse flags/default
default-flags
(:flags config)))
(defn read-env
[prefix]

2
backend/src/app/http/doc.clj
View file

@ -45,7 +45,7 @@
(defn handler
[rpc]
(let [context (prepare-context rpc)]
(if (contains? cf/flags :api-doc)
(if (contains? cf/flags :backend-api-doc)
(fn [_]
{:status 200
:body (-> (io/resource "api-doc.tmpl")

1
backend/src/app/http/oauth.clj
View file

@ -203,6 +203,7 @@
(sxf request)))
(let [info (assoc info
:iss :prepared-register
:is-active true
:exp (dt/in-future {:hours 48}))
token (tokens :generate info)
params (d/without-nils

5
backend/src/app/http/session.clj
View file

@ -53,12 +53,13 @@
(defn- add-cookies
[response {:keys [id] :as session}]
(let [cors? (contains? cfg/flags :cors)]
(let [cors? (contains? cfg/flags :cors)
secure? (contains? cfg/flags :secure-session-cookies)]
(assoc response :cookies {cookie-name {:path "/"
:http-only true
:value id
:same-site (if cors? :none :strict)
:secure true}})))
:secure secure?}})))
(defn- clear-cookies
[response]

2
backend/src/app/rpc/mutations/demo.clj
View file

@ -34,7 +34,7 @@
params {:id id
:email email
:fullname fullname
:is-demo true
:is-active true
:deleted-at (dt/in-future cf/deletion-delay)
:password password
:props {:onboarding-viewed true}}]

29
backend/src/app/rpc/mutations/profile.clj
View file

@ -124,9 +124,7 @@
;; --- MUTATION: Register Profile
(s/def ::accept-terms-and-privacy ::us/boolean)
(s/def ::token ::us/not-empty-string)
(s/def ::register-profile
(s/keys :req-un [::token ::fullname]))
@ -146,13 +144,17 @@
(defn register-profile
[{:keys [conn tokens session metrics] :as cfg} {:keys [token] :as params}]
(let [claims (tokens :verify {:token token :iss :prepared-register})
params (merge params claims)]
(let [claims (tokens :verify {:token token :iss :prepared-register})
params (merge params claims)]
(check-profile-existence! conn params)
(let [profile (->> params
(create-profile conn)
(create-profile-relations conn)
(decode-profile-row))]
(let [is-active (or (:is-active params)
(contains? cf/flags :insecure-register))
profile (->> (assoc params :is-active is-active)
(create-profile conn)
(create-profile-relations conn)
(decode-profile-row))]
(cond
;; If invitation token comes in params, this is because the
;; user comes from team-invitation process; in this case,
@ -182,6 +184,15 @@
::audit/props (audit/profile->props profile)
::audit/profile-id (:id profile)})
;; If the `:enable-insecure-register` flag is set, we proceed
;; to sign in the user directly, without email verification.
(true? is-active)
(with-meta (profile/strip-private-attrs profile)
{:transform-response ((:create session) (:id profile))
:before-complete (annotate-profile-register metrics)
::audit/props (audit/profile->props profile)
::audit/profile-id (:id profile)})
;; In all other cases, send a verification email.
:else
(let [vtoken (tokens :generate
@ -226,7 +237,7 @@
backend (:backend params "penpot")
is-demo (:is-demo params false)
is-muted (:is-muted params false)
is-active (:is-active params (or (not= "penpot" backend) is-demo))
is-active (:is-active params false)
email (str/lower (:email params))
params {:id id