Commit Graph

64 Commits

Author SHA1 Message Date
Erik Tews 1ecb87ec80 auth: show _OR_ during login only when other methods are available.
There might be good reasons to have other external authentication
methods such as SAML configured, but none of them is available.

This happens, for example, when you have enabled SAML so that Zulip is
able to generate the metadata in XML format, but you haven't
configured an IdP yet. This commit makes sure that the phrase _OR_ is
only shown on the login/account page when there are actually other
authentication methods available. When they are just configured, but
not available yet, the page looks like as if no external
authentication methods are be configured.

We achieve this by deleting any_social_backend_enabled, which was very
similar to page_params.external_authentication_methods, which
correctly has one entry per configured SAML IdP.
2021-07-20 14:29:48 -07:00
Anders Kaseorg dd3fa4ac52 templates: Mark all void tags as self-closing.
This reverses the policy that was set, but incompletely enforced, by
commit 951514dd7d.  The self-closing tag
syntax is clearer, more consistent, simpler to parse, compatible with
XML, preferred by Prettier, and (most importantly now) required by
FormatJS.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-21 09:49:34 -07:00
Dinesh 0445311430 auth: Make apple log in and sign up buttons consistent with others. 2020-06-18 13:06:10 -07:00
Dinesh dc90d54b08 auth: Add Sign in with Apple support.
This implementation overrides some of PSA's internal backend
functions to handle `state` value with redis as the standard
way doesn't work because of apple sending required details
in the form of POST request.

Includes a mixin test class that'll be useful for testing
Native auth flow.

Thanks to Mateusz Mandera for the idea of using redis and
other important work on this.

Documentation rewritten by tabbott.

Co-authored-by: Mateusz Mandera <mateusz.mandera@zulip.com>
2020-06-09 17:29:35 -07:00
Steve Howell cf78cb0d6e templates: Use `<hr>` and `<br>` consistently.
We now prevent these variations:

    * <hr/>
    * <hr />
    * <br/>
    * <br />

We could enforce similar consistency for other void
tags, if we wished, but these two are particularly
prevalent.
2020-04-28 17:05:48 -07:00
Mateusz Mandera 6aacc4195e login: Make authentication_methods data available to JavaScript.
This is intended to simplify overriding these buttons' controls in the
desktop app to do the authentication in the user's default browser.
2020-02-02 20:22:49 -08:00
Mateusz Mandera 34a540bacb context: Rename social_backends to external_authentication_methods.
The main purpose of this is to make that name change happen in
/server_settings. external_authentication_methods is a much better, more
descriptive name than social_backends from API perspective.
2019-11-03 15:55:44 -08:00
Mateusz Mandera a62d084247 social_backends: Rename display_logo to display_icon. 2019-11-03 15:54:05 -08:00
Mateusz Mandera 9d14b50186 auth: Support not using an icon when rendering social login buttons.
Since we were using a placeholder emote for SAML, we change the
defaults to no icon now that it's possible.
2019-10-28 15:14:57 -07:00
Mateusz Mandera 28dd1b34f2 auth: Refactor social login rendering.
login_context now gets the social_backends list through
get_social_backend_dicts and we  move display_logo customization
to backend class definition.

This prepares for easily adding multiple IdP support in SAML
authentication - there will be a social_backend dict for each configured
IdP, also allowing display_name and icon customization per IdP.
2019-10-28 15:06:26 -07:00
Mateusz Mandera 935702b6ec auth: Rename any_oauth_backend_enabled to any_social_backend_enabled.
any_oauth_backend_enabled is all about whether we will have extra
buttons on the login/register pages for logging in with some non-native
backends (like Github, Google etc.). And this isn't about specifically
oauth backends, but generally "social" backends - that may not rely
specifically rely on Oauth. This will have more concrete relevance when
SAML authentication is added - which will be a "social" backend,
requiring an additional button, but not Oauth-based.
2019-09-19 12:35:27 -07:00
Anders Kaseorg ed63042480 templates: Replace focusing scripts with autofocus attribute.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-16 17:23:20 -07:00
Harshit Bansal bf14a0af4d auth: Migrate google auth to python-social-auth.
This replaces the two custom Google authentication backends originally
written in 2012 with using the shared python-social-auth codebase that
we already use for the GitHub authentication backend.  These are:

* GoogleMobileOauth2Backend, the ancient code path for mobile
  authentication last used by the EOL original Zulip Android app.

* The `finish_google_oauth2` code path in zerver/views/auth.py, which
  was the webapp (and modern mobile app) Google authentication code
  path.

This change doesn't fix any known bugs; its main benefit is that we
get to remove hundreds of lines of security-sensitive semi-duplicated
code, replacing it with a widely trusted, high quality third-party
library.
2019-07-21 20:51:34 -07:00
Abhinav Singh 2a14fcf3e9 refactor: Remove inline javascript code from accounts_home.html.
This commit removes inline javascript code present in
accounts_home.html and moves it to signup.js. The accounts_home.html
page is rendered when the user visits "/register". An empty div
element is added in accounts_home.html with unique data-page-id
attribute to make it more easy to find in which page we are, while
working with the javascript code.
2019-03-25 15:14:24 -07:00
Harshit Bansal 0be410d3fe refactor: De-duplicate code in `accounts_home.html` for social auth. 2019-03-05 14:02:12 -08:00
Vishnu Ks 868a763cec auth2: Don't use session for passing multiuse invite key.
For Google auth, the multiuse invite key should be stored in the
csrf_state sent to google along with other values like is_signup,
mobile_flow_otp.

For social auth, the multiuse invite key should be passed as params to
the social-auth backend. The passing of the key is handled by
social_auth pipeline and made available to us when the auth is
completed.
2019-02-12 15:51:11 -08:00
Tim Abbott 792b08c3b8 auth: Remove unused CSS/HTML for social auth buttons.
The margin-left CSS was incorrect and overridden anyway, and after
removing that, login-github-button no longer appeared in the project.
2018-10-11 17:18:04 -07:00
Tim Abbott fd4c23e12d login: Clean up CSS/HTML for google/github login buttons.
This removes some unnecessary code duplication in the CSS classes for
Google and GitHub authentication social auth buttons.

This will, in turn, help us avoid extra work every time we add a new
authentication backend.
2018-10-11 16:52:41 -07:00
Anders Kaseorg f75c0e29f4 HTML validation: Remove obsolete attributes from <script>, <style>.
<script charset=…>, <script type=…>, and <style type=…> are “obsolete
but conforming” in HTML5.  They make the validator.nu output noisier
and real problems a little harder to find.

(type was required in HTML 4, which is not relevant to us.)

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-13 10:27:23 +05:30
Anders Kaseorg c28ab72124 HTML validation: Remove invalid attributes.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-13 10:27:23 +05:30
Tim Abbott b91de0e283 i18n: Pass the name of the single-sign on system into strings.
This should avoid us needing to add a new set of translated strings
every time we add a new authentication method.
2018-04-22 13:34:37 -07:00
Aditya Bansal b9f1acb300 linter: Enforce 2 space indents on tags spread over multiple lines.
We make some specific cases of tags use 2 space indents.
The case description:
* A tag with opening tag spread over multiple lines and closing tag
on the same line as of the closing angle bracket of the opening tag.
* A tag with opening tag spread over multiple lines and closing tag
not on the same line as of the closing angle bracket of the opening
tag.

Example:
Case 1:

Not linted:
<button type="button"
class="btn btn-primary btn-small">{{t "Yes" }}</button>

After linting:
<button type="button"
  class="btn btn-primary btn-small">{{t "Yes" }}</button>

Case 2:

Before linting:
<div class = "foo"
     id = "bar"
     role = "whatever">
     {{ bla }}
</div>

After linting:
<div class = "foo"
  id = "bar"
  role = "whatever">
    {{ bla }}
</div>
2018-04-07 20:08:44 -07:00
Cynthia Lin c5d5efa9be portico-signin: Remove fixed-width styling for OR lines.
Fixes #8977.
2018-04-05 15:25:36 -07:00
Yago González 044fb0a42b i18n: Fix handling of OR on login/register pages.
Closes #8860
2018-03-29 11:13:59 -07:00
Anupam-dagar 865480ec42 portico: Fix positioning of "disposable email address" errors.
Modified by tabbott to prevent losing the frontend errors, and make it
more clear which errors are from the frontend vs. backend.

Fixes: #8784.
2018-03-22 14:38:57 -07:00
Umair Khan 06b57e8512 style: Merge css of social login/register buttons. 2017-11-17 11:44:13 -08:00
Tim Abbott 638eb7a8e4 docs: Update links to ReadTheDocs to always use https.
This is better security practice.

We also add a lint rule to enforce this for the future.
2017-11-16 10:59:24 -08:00
Tim Abbott 054952a44a docs: Update links from codebase to point to ReadTheDocs. 2017-11-16 10:53:49 -08:00
Vishnu Ks b4fedaa765 backend: Add support for multiuse user invite link. 2017-09-22 07:56:53 -07:00
Brock Whittaker cc8de243a5 Switch from #errors to new .alert.alert-error.
This switches to the newer style of displaying alerts.
2017-08-15 13:27:48 -07:00
Umair Khan 4a3fde023f google: Respect is_signup argument.
This allows us to go to Registration form directly. This behaviour is
similar to what we follow in GitHub oAuth. Before this, in registration
flow if an account was not found, user was asked if they wanted to go to
registration flow. This confirmation behavior is followed for login
oauth path.
2017-08-09 13:44:57 -07:00
Brock Whittaker 36f6da9ebf /register/: Hide sign up on invite-only realms.
This hides the right-hand sign up form for realms that are
invite-only, and shows some text that states the realm is invite-only.
2017-07-27 16:53:57 -07:00
Vaida Plankyte f9ec2b395e frontend: Modify google/github auth buttons to use forms.
Those buttons were contained in an anchor element. This isn't
valid HTML5 and caused the buttons to be focused on twice when
using tab-based navigation. Replacing the anchor with a form
element fixes this issue.
2017-07-25 18:12:19 -07:00
Vaida Plankyte 388acbbfcb frontend: Remove old required div & css from registration pages.
Removes class="required" divs that used to contain an asterisk
for valid/invalid input, and their associated css.
2017-07-25 13:39:34 -07:00
Jack Zhang c938c3be2d portico: Remove green checkboxes from forms.
More than half of these are buggy. Adding them back will be
separate project for the future.
2017-07-21 13:09:06 -07:00
Brock Whittaker bd664b0dd5 portico: Fix background color; remove need for bg-image classes. 2017-07-07 15:30:47 -07:00
Harshit Bansal 6615f2f2e8 common.js: Migrate `common.js` module to use IIFE module style.
This module was exposing its functions as globals. This PR fixes
it use the IIFE module style that we use in our other modules.
2017-06-22 19:06:32 -04:00
Aditya Bansal f9edf8bc0e Clean accounts_home.html to use 4 space and consistent indentation. 2017-06-06 22:04:32 -07:00
Jeremy Bowman 2137aadda0 portico: Make the realm icon an img element.
The realm avatar icon on the login and registration pages was
being set as a background image, which could vanish in high
contrast mode in many browsers.  Converted it to an img tag and
verified that it is still styled correctly.  I think the empty
alt attribute (to remove it from the audio description) is
appropriate in this context, since the realm name and description
are already provided immediately afterwards in the page content.

Fixes #4889.
2017-06-01 22:07:43 -07:00
Jeremy Bowman 5436f872f7 Provide alt text for validation check mark
The check mark which appears for valid input in assorted forms
(such as login and registration) didn't have alternative text
for better accessibility.  Added "Valid" as the alt text in all
places it's used.

Fixes #4876.
2017-05-25 16:06:47 -07:00
Jeremy Bowman 7053103896 Fix registration email field label association
The label element for the registration form's email field was
missing a "for" attribute to link it to the input field.  Added
the missing attribute.

Fixes #4896.
2017-05-25 13:36:27 -07:00
Brock Whittaker 07ecf971c6 Fix accounts_home and login to display no-password correctly.
This fixes the /register/ (accounts_home) and /login/ pages to not
display the login form if login isn’t allowed at the organization level.
2017-05-15 15:49:02 -07:00
Tim Abbott 223624be25 settings: Add support for longer, markdown-powered realm descriptions.
This makes it possible to create much prettier login pages.

Further work on styling may be necessary.
2017-05-11 13:59:46 -07:00
Umair Khan dc2a9a4c5b github: Add sign up button on registration page. 2017-05-10 17:49:08 -07:00
Brock Whittaker 48ac49385e Fix lack of uniformity with box content layout.
The various portico pages had various styling differences that made
them less consistent when responsive.
2017-05-04 16:09:12 -07:00
Brock Whittaker 89242da269 Remove .footer_padder in favor of proper screen tolerances.
This removes the .footer_padder element in favor of just having correct
min/max heights and margins on the footers.
2017-05-04 16:09:12 -07:00
Brock Whittaker 58d00af6c3 portico-pages: Fix flex height issues with content.
This fixes the existing issue where the titles of content is chopped
off when the screen height is too small.
2017-05-04 16:09:12 -07:00
Tim Abbott 07db233ffd register: Remove long-unused company-email HTML/CSS. 2017-05-01 17:18:03 -07:00
Rohitt Vashishtha 47eb19331d ux: Display error on login/registration if no auth backends are enabled.
Also makes a small tweak to CSS to ensure the styling is consistent on
the two pages.

Fixes #4525.
2017-05-01 17:17:37 -07:00
Brock Whittaker 7afbc9ddd6 Redesign login and registration pages.
This completes a major redesign of the Zulip login and registration
pages, making them look much more slick and modern.

Major features include:
* Display of the realm name, description and icon on the login page
  and registration pages in the subdomains case.
* Much slicker looking buttons and input fields.
* A new overall style for the exterior of these portico pages.
2017-04-26 18:04:05 -07:00