[login] first user must accept ToS

Signed-off-by: Alex Tugarev <[email protected]>

Author: AlexTugarev

components/dashboard/src/components/tos/terms-of-service.tsx

@@ -20,15 +20,13 @@ interface TermsOfServiceProps {
 }
 interface TermsOfServiceState {
     acceptsTos?: boolean;
-    acceptsComs?: boolean;
 }
 export class TermsOfService extends React.Component<TermsOfServiceProps, TermsOfServiceState> {
 
     constructor(props: TermsOfServiceProps) {
         super(props);
         this.state = {
             acceptsTos: false,
-            acceptsComs: false
         };
     }
 
@@ -62,25 +60,17 @@ export class TermsOfService extends React.Component<TermsOfServiceProps, TermsOf
                     </Toolbar>
                 </AppBar>
                 <div className='content content-area'>
-                    <h1>Create account</h1>
+                    <h1>Before we proceed</h1>
                     <form action={ gitpodHost.withApi({ pathname: '/tos/proceed' }).toString() } method="post" id="accept-tos-form">
                         <div className="tos-checks">
-                            <p><label style={{ display: 'flex', alignItems: 'center' }}>
-                                <Checkbox
-                                    value="true"
-                                    name="agreeCOMS"
-                                    checked={this.state.acceptsComs}
-                                    onChange={() => this.setState({ acceptsComs: !this.state.acceptsComs })} />
-                                I wish to receive news and updates via email
-                            </label></p>
                             <p><label style={{ display: 'flex', alignItems: 'center' }}>
                                 <Checkbox
                                     value="true"
                                     name="agreeTOS"
                                     checked={this.state.acceptsTos}
                                     onChange={() => this.setState({ acceptsTos: !this.state.acceptsTos })} />
                                 <span>
-                                    I agree to the <a target="_blank" href="https://www.gitpod.io/terms/" rel="noopener">terms of service</a>
+                                    I agree to the <a target="_blank" href="https://www.gitpod.io/self-hosted-terms/" rel="noopener">terms</a>
                                 </span>
                             </label></p>
                         </div>
@@ -92,7 +82,7 @@ export class TermsOfService extends React.Component<TermsOfServiceProps, TermsOf
                                 color={this.state.acceptsTos ? 'secondary' : 'primary'}
                                 onClick={this.submitForm.bind(this)}
                                 data-testid="submit">
-                                { this.state.acceptsTos ? 'Create Free Account' : 'Please Accept the Terms of Service' }
+                                { this.state.acceptsTos ? 'Continue' : 'Please Accept the Terms' }
                             </ButtonWithProgress>
                         </div>
                     </form>

components/server/ee/src/user/user-service.ts

@@ -23,13 +23,17 @@ export class UserServiceEE extends UserService {
     }
 
     async checkSignUp(params: CheckSignUpParams) {
+        // 1. check the license
         const userCount = await this.userDb.getUserCount(true);
         if (!this.licenseEvaluator.hasEnoughSeats(userCount)) {
             // TODO: bail out to EE license flow
 
             const msg = `Maximum number of users permitted by the license exceeded`;
             throw AuthException.create("Cannot sign up", msg, { userCount });
         }
+
+        // 2. check for ToS
+        await super.checkSignUp(params);
     }
 
 }

components/server/src/auth/auth-error-handler.ts

@@ -4,20 +4,31 @@
  * See License-AGPL.txt in the project root for license information.
  */
 
-import { injectable } from "inversify";
+import { inject, injectable } from "inversify";
+import { Env } from "../env";
+import { TosNotAcceptedYetException } from "./errors";
 
 
 @injectable()
 export class AuthErrorHandler {
+    @inject(Env) protected readonly env: Env;
 
     async check(error: any): Promise<AuthErrorHandler.DidHandleResult | undefined> {
-        // no-op
+        if (TosNotAcceptedYetException.is(error)) {
+            const { identity } = error;
+
+            const redirectToUrl = this.env.hostUrl.withApi({ pathname: '/tos' }).toString();
+            return <AuthErrorHandler.DidHandleResult>{
+                redirectToUrl,
+                identity
+            }
+        }
         return undefined;
     }
 }
 
 export namespace AuthErrorHandler {
     export interface DidHandleResult {
-        redirectToUrl: string;
+        readonly redirectToUrl: string;
     }
 }

components/server/src/auth/errors.ts

@@ -13,7 +13,7 @@ export namespace TosNotAcceptedYetException {
     export function create(identity: Identity) {
         return Object.assign(new Error("TosNotAcceptedYetException"), { identity });
     }
-    export function is(error: Error | null): error is TosNotAcceptedYetException {
+    export function is(error: any): error is TosNotAcceptedYetException {
         return !!error && error.message === 'TosNotAcceptedYetException';
     }
 }

components/server/src/auth/generic-auth-provider.ts

@@ -274,9 +274,13 @@ export class GenericAuthProvider implements AuthProvider {
 
         const handledError = await this.authErrorHandler.check(err);
         if (handledError) {
+            if (request.session) {
+                await AuthBag.attach(request.session, { ...authBag, ...handledError});
+            }
             const { redirectToUrl } = handledError;
             log.info(context, `(${strategyName}) Handled auth error. Redirecting to ${redirectToUrl}`, { ...logPayload, err });
             response.redirect(redirectToUrl);
+            return;
         }
         if (err) {
             let message = 'Authorization failed. Please try again.';

components/server/src/express-util.ts

@@ -110,6 +110,18 @@ export function saveSession(reqOrSession: express.Request | Express.Session): Pr
         });
     });
 }
+export function destroySession(reqOrSession: express.Request | Express.Session): Promise<void> {
+    const session = reqOrSession.session ? reqOrSession.session : reqOrSession;
+    return new Promise<void>((resolve, reject) => {
+        session.destroy((error: any) => {
+            if (error) {
+                reject(error);
+            } else {
+                resolve();
+            }
+        });
+    });
+}
 
 /**
  * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For

components/server/src/user/user-controller.ts

@@ -19,9 +19,10 @@ import { WorkspacePortAuthorizationService } from "./workspace-port-auth-service
 import { parseWorkspaceIdFromHostname } from "@gitpod/gitpod-protocol/lib/util/parse-workspace-id";
 import { SessionHandlerProvider } from "../session-handler";
 import { URL } from 'url';
-import { saveSession, getRequestingClientInfo } from "../express-util";
-import { User } from "@gitpod/gitpod-protocol";
+import { saveSession, getRequestingClientInfo, destroySession } from "../express-util";
+import { Identity, User } from "@gitpod/gitpod-protocol";
 import { HostContextProvider } from "../auth/host-context-provider";
+import { AuthBag } from "../auth/auth-provider";
 
 @injectable()
 export class UserController {
@@ -234,9 +235,71 @@ export class UserController {
 
             res.sendStatus(403);
         });
+        router.get("/tos", async (req, res, next) => {
+            const clientInfo = getRequestingClientInfo(req);
+            log.info({ sessionId: req.sessionID }, "(TOS) Redirecting to /tos. (Request to /login is expected next.)", { 'login-flow': true, clientInfo });
+            res.redirect(this.env.hostUrl.with(() => ({ pathname: '/tos/' })).toString());
+        });
+        router.post("/tos/proceed", async (req, res, next) => {
+            const clientInfo = getRequestingClientInfo(req);
+            const dashboardUrl = this.env.hostUrl.asDashboard().toString();
+            if (req.isAuthenticated() && User.is(req.user)) {
+                res.redirect(dashboardUrl);
+                return;
+            }
+            const authBag = AuthBag.get(req.session);
+            if (!req.session || !authBag || authBag.requestType !== "authenticate" || !authBag.identity) {
+                log.info({ sessionId: req.sessionID }, '(TOS) No identity.', { 'login-flow': true, session: req.session, clientInfo });
+                res.redirect(this.getSorryUrl("Oops! Something went wrong in the previous step."));
+                return;
+            }
+            const agreeTOS = req.body.agreeTOS;
+            if (!agreeTOS) {
+                /* The user did not accept our Terms of Service, thus we must not store any of their data.
+                 * For good measure we destroy the user session, so that any data we may have stored in there
+                 * gets removed from our session cache.
+                 */
+                log.info({ sessionId: req.sessionID }, '(TOS) User did NOT agree. Aborting sign-up.', { 'login-flow': true, clientInfo });
+                try {
+                    await destroySession(req.session)
+                } catch (error) {
+                    log.warn('(TOS) Unable to destroy session.', { error, 'login-flow': true, clientInfo });
+                }
+                res.redirect(dashboardUrl);
+                return;
+            }
+
+            // The user has accepted our Terms of Service. Create the identity/user in the database and repeat login.
+            log.info({ sessionId: req.sessionID }, '(TOS) User did agree. Creating new user in database', { 'login-flow': true, clientInfo });
+
+            const identity = authBag.identity;
+            await AuthBag.attach(req.session, { ...authBag, identity: undefined });
+            try {
+                await this.createUserAfterTosAgreement(identity, req.body);
+            } catch (error) {
+                log.error({ sessionId: req.sessionID }, '(TOS) Unable to create create the user in database.', error, { 'login-flow': true, error, clientInfo });
+                res.redirect(this.getSorryUrl("Oops! Something went wrong during the login."));
+                return;
+            }
+
+            // Make sure, the session is stored
+            try {
+                await retryAsync(3, saveSession(req));
+            } catch (error) {
+                log.error({ sessionId: req.sessionID }, `(TOS) Login failed due to session save error; redirecting to /sorry`, { req, error, clientInfo });
+                res.redirect(this.getSorryUrl("Login failed 🦄 Please try again"));
+                return;
+            }
+
+            // Continue with login after ToS
+            res.redirect(authBag.returnToAfterTos);
+        });
 
         return router;
     }
+    protected async createUserAfterTosAgreement(identity: Identity, tosProceedParams: any) {
+        await this.userService.createUserForIdentity(identity);
+    }
 
     protected getSorryUrl(message: string) {
         return this.env.hostUrl.with({ pathname: '/sorry', hash: message }).toString();
@@ -299,7 +362,7 @@ export class UserController {
 
             if (!!contextUrlHost && authProvidersOnDashboard.find(a => a === contextUrlHost)) {
                 req.query.host = contextUrlHost;
-                log.debug({ sessionId: req.sessionID }, "Guessed auth provider from returnTo URL: " + contextUrlHost, { 'login-flow': true, query: req.query});
+                log.debug({ sessionId: req.sessionID }, "Guessed auth provider from returnTo URL: " + contextUrlHost, { 'login-flow': true, query: req.query });
                 return;
             }
         }

components/server/src/user/user-service.ts

@@ -9,9 +9,9 @@ import { User, Identity, WorkspaceTimeoutDuration } from "@gitpod/gitpod-protoco
 import { UserDB } from "@gitpod/gitpod-db/lib/user-db";
 import { HostContextProvider } from "../auth/host-context-provider";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
-import { TokenProvider } from "./token-provider";
 import { Env } from "../env";
 import { AuthProviderParams } from "../auth/auth-provider";
+import { TosNotAcceptedYetException } from "../auth/errors";
 
 export interface FindUserByIdentityStrResult {
     user: User;
@@ -28,7 +28,6 @@ export interface CheckSignUpParams {
 export class UserService {
     @inject(UserDB) protected readonly userDb: UserDB;
     @inject(HostContextProvider) protected readonly hostContextProvider: HostContextProvider;
-    @inject(TokenProvider) protected readonly tokenProvider: TokenProvider;
     @inject(Env) protected readonly env: Env;
 
     /**
@@ -95,14 +94,9 @@ export class UserService {
     }
     protected handleNewUser(newUser: User) {
         if (this.env.blockNewUsers) {
-            // By default we block all new users on staging as we don't expected that many new ones.
-            // Any legitimate new user on gitpod-staging can talk to the team to get unblocked.
-            // TODO Replace this with a more precise mechanism, maybe based on email domains
             newUser.blocked = true;
         }
-
         if (this.env.makeNewUsersAdmin) {
-            // In devstaging we want all users to become admins to make debugging easier.
             newUser.rolesOrPermissions = ['admin'];
         }
     }
@@ -117,6 +111,12 @@ export class UserService {
     }
 
     async checkSignUp(params: CheckSignUpParams) {
-        // no-op here
+        const { identity, config } = params;
+        if (config.requireTOS !== false) {
+            const userCount = await this.userDb.getUserCount();
+            if (userCount === 0) {
+                throw TosNotAcceptedYetException.create(identity);
+            }
+        }
     }
 }