mirror of https://github.com/coder/coder.git
feat: specify a custom "terms of service" link (#13068)
This commit is contained in:
parent
341114a020
commit
74f27719b8
|
@ -60,6 +60,10 @@ OPTIONS:
|
|||
--support-links struct[[]codersdk.LinkConfig], $CODER_SUPPORT_LINKS
|
||||
Support links to display in the top right drop down menu.
|
||||
|
||||
--terms-of-service-url string, $CODER_TERMS_OF_SERVICE_URL
|
||||
A URL to an external Terms of Service that must be accepted by users
|
||||
when logging in.
|
||||
|
||||
--update-check bool, $CODER_UPDATE_CHECK (default: false)
|
||||
Periodically check for new releases of Coder and inform the owner. The
|
||||
check is performed once per day.
|
||||
|
|
|
@ -414,6 +414,10 @@ inMemoryDatabase: false
|
|||
# Type of auth to use when connecting to postgres.
|
||||
# (default: password, type: enum[password\|awsiamrds])
|
||||
pgAuth: password
|
||||
# A URL to an external Terms of Service that must be accepted by users when
|
||||
# logging in.
|
||||
# (default: <unset>, type: string)
|
||||
termsOfServiceURL: ""
|
||||
# The algorithm to use for generating ssh keys. Accepted values are "ed25519",
|
||||
# "ecdsa", or "rsa4096".
|
||||
# (default: ed25519, type: string)
|
||||
|
|
|
@ -8446,6 +8446,9 @@ const docTemplate = `{
|
|||
},
|
||||
"password": {
|
||||
"$ref": "#/definitions/codersdk.AuthMethod"
|
||||
},
|
||||
"terms_of_service_url": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -9408,6 +9411,9 @@ const docTemplate = `{
|
|||
"telemetry": {
|
||||
"$ref": "#/definitions/codersdk.TelemetryConfig"
|
||||
},
|
||||
"terms_of_service_url": {
|
||||
"type": "string"
|
||||
},
|
||||
"tls": {
|
||||
"$ref": "#/definitions/codersdk.TLSConfig"
|
||||
},
|
||||
|
|
|
@ -7515,6 +7515,9 @@
|
|||
},
|
||||
"password": {
|
||||
"$ref": "#/definitions/codersdk.AuthMethod"
|
||||
},
|
||||
"terms_of_service_url": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -8413,6 +8416,9 @@
|
|||
"telemetry": {
|
||||
"$ref": "#/definitions/codersdk.TelemetryConfig"
|
||||
},
|
||||
"terms_of_service_url": {
|
||||
"type": "string"
|
||||
},
|
||||
"tls": {
|
||||
"$ref": "#/definitions/codersdk.TLSConfig"
|
||||
},
|
||||
|
|
|
@ -472,6 +472,7 @@ func (api *API) userAuthMethods(rw http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.AuthMethods{
|
||||
TermsOfServiceURL: api.DeploymentValues.TermsOfServiceURL.Value(),
|
||||
Password: codersdk.AuthMethod{
|
||||
Enabled: !api.DeploymentValues.DisablePasswordAuth.Value(),
|
||||
},
|
||||
|
|
|
@ -200,6 +200,7 @@ type DeploymentValues struct {
|
|||
AllowWorkspaceRenames serpent.Bool `json:"allow_workspace_renames,omitempty" typescript:",notnull"`
|
||||
Healthcheck HealthcheckConfig `json:"healthcheck,omitempty" typescript:",notnull"`
|
||||
CLIUpgradeMessage serpent.String `json:"cli_upgrade_message,omitempty" typescript:",notnull"`
|
||||
TermsOfServiceURL serpent.String `json:"terms_of_service_url,omitempty" typescript:",notnull"`
|
||||
|
||||
Config serpent.YAMLConfigPath `json:"config,omitempty" typescript:",notnull"`
|
||||
WriteConfig serpent.Bool `json:"write_config,omitempty" typescript:",notnull"`
|
||||
|
@ -1683,6 +1684,14 @@ when required by your organization's security policy.`,
|
|||
YAML: "secureAuthCookie",
|
||||
Annotations: serpent.Annotations{}.Mark(annotationExternalProxies, "true"),
|
||||
},
|
||||
{
|
||||
Name: "Terms of Service URL",
|
||||
Description: "A URL to an external Terms of Service that must be accepted by users when logging in.",
|
||||
Flag: "terms-of-service-url",
|
||||
Env: "CODER_TERMS_OF_SERVICE_URL",
|
||||
YAML: "termsOfServiceURL",
|
||||
Value: &c.TermsOfServiceURL,
|
||||
},
|
||||
{
|
||||
Name: "Strict-Transport-Security",
|
||||
Description: "Controls if the 'Strict-Transport-Security' header is set on all static file responses. " +
|
||||
|
|
|
@ -209,9 +209,10 @@ type CreateOrganizationRequest struct {
|
|||
|
||||
// AuthMethods contains authentication method information like whether they are enabled or not or custom text, etc.
|
||||
type AuthMethods struct {
|
||||
Password AuthMethod `json:"password"`
|
||||
Github AuthMethod `json:"github"`
|
||||
OIDC OIDCAuthMethod `json:"oidc"`
|
||||
TermsOfServiceURL string `json:"terms_of_service_url,omitempty"`
|
||||
Password AuthMethod `json:"password"`
|
||||
Github AuthMethod `json:"github"`
|
||||
OIDC OIDCAuthMethod `json:"oidc"`
|
||||
}
|
||||
|
||||
type AuthMethod struct {
|
||||
|
|
|
@ -377,6 +377,7 @@ curl -X GET http://coder-server:8080/api/v2/deployment/config \
|
|||
"user": {}
|
||||
}
|
||||
},
|
||||
"terms_of_service_url": "string",
|
||||
"tls": {
|
||||
"address": {
|
||||
"host": "string",
|
||||
|
|
|
@ -1040,17 +1040,19 @@
|
|||
},
|
||||
"password": {
|
||||
"enabled": true
|
||||
}
|
||||
},
|
||||
"terms_of_service_url": "string"
|
||||
}
|
||||
```
|
||||
|
||||
### Properties
|
||||
|
||||
| Name | Type | Required | Restrictions | Description |
|
||||
| ---------- | -------------------------------------------------- | -------- | ------------ | ----------- |
|
||||
| `github` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | |
|
||||
| `oidc` | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false | | |
|
||||
| `password` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | |
|
||||
| Name | Type | Required | Restrictions | Description |
|
||||
| ---------------------- | -------------------------------------------------- | -------- | ------------ | ----------- |
|
||||
| `github` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | |
|
||||
| `oidc` | [codersdk.OIDCAuthMethod](#codersdkoidcauthmethod) | false | | |
|
||||
| `password` | [codersdk.AuthMethod](#codersdkauthmethod) | false | | |
|
||||
| `terms_of_service_url` | string | false | | |
|
||||
|
||||
## codersdk.AuthorizationCheck
|
||||
|
||||
|
@ -2102,6 +2104,7 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
|
|||
"user": {}
|
||||
}
|
||||
},
|
||||
"terms_of_service_url": "string",
|
||||
"tls": {
|
||||
"address": {
|
||||
"host": "string",
|
||||
|
@ -2474,6 +2477,7 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
|
|||
"user": {}
|
||||
}
|
||||
},
|
||||
"terms_of_service_url": "string",
|
||||
"tls": {
|
||||
"address": {
|
||||
"host": "string",
|
||||
|
@ -2562,6 +2566,7 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o
|
|||
| `support` | [codersdk.SupportConfig](#codersdksupportconfig) | false | | |
|
||||
| `swagger` | [codersdk.SwaggerConfig](#codersdkswaggerconfig) | false | | |
|
||||
| `telemetry` | [codersdk.TelemetryConfig](#codersdktelemetryconfig) | false | | |
|
||||
| `terms_of_service_url` | string | false | | |
|
||||
| `tls` | [codersdk.TLSConfig](#codersdktlsconfig) | false | | |
|
||||
| `trace` | [codersdk.TraceConfig](#codersdktraceconfig) | false | | |
|
||||
| `update_check` | boolean | false | | |
|
||||
|
|
|
@ -157,7 +157,8 @@ curl -X GET http://coder-server:8080/api/v2/users/authmethods \
|
|||
},
|
||||
"password": {
|
||||
"enabled": true
|
||||
}
|
||||
},
|
||||
"terms_of_service_url": "string"
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
@ -928,6 +928,16 @@ Type of auth to use when connecting to postgres.
|
|||
|
||||
Controls if the 'Secure' property is set on browser session cookies.
|
||||
|
||||
### --terms-of-service-url
|
||||
|
||||
| | |
|
||||
| ----------- | ---------------------------------------- |
|
||||
| Type | <code>string</code> |
|
||||
| Environment | <code>$CODER_TERMS_OF_SERVICE_URL</code> |
|
||||
| YAML | <code>termsOfServiceURL</code> |
|
||||
|
||||
A URL to an external Terms of Service that must be accepted by users when logging in.
|
||||
|
||||
### --strict-transport-security
|
||||
|
||||
| | |
|
||||
|
|
|
@ -61,6 +61,10 @@ OPTIONS:
|
|||
--support-links struct[[]codersdk.LinkConfig], $CODER_SUPPORT_LINKS
|
||||
Support links to display in the top right drop down menu.
|
||||
|
||||
--terms-of-service-url string, $CODER_TERMS_OF_SERVICE_URL
|
||||
A URL to an external Terms of Service that must be accepted by users
|
||||
when logging in.
|
||||
|
||||
--update-check bool, $CODER_UPDATE_CHECK (default: false)
|
||||
Periodically check for new releases of Coder and inform the owner. The
|
||||
check is performed once per day.
|
||||
|
|
|
@ -124,6 +124,7 @@ export interface AuthMethod {
|
|||
|
||||
// From codersdk/users.go
|
||||
export interface AuthMethods {
|
||||
readonly terms_of_service_url?: string;
|
||||
readonly password: AuthMethod;
|
||||
readonly github: AuthMethod;
|
||||
readonly oidc: OIDCAuthMethod;
|
||||
|
@ -445,6 +446,7 @@ export interface DeploymentValues {
|
|||
readonly allow_workspace_renames?: boolean;
|
||||
readonly healthcheck?: HealthcheckConfig;
|
||||
readonly cli_upgrade_message?: string;
|
||||
readonly terms_of_service_url?: string;
|
||||
readonly config?: string;
|
||||
readonly write_config?: boolean;
|
||||
readonly address?: string;
|
||||
|
|
|
@ -3,6 +3,8 @@ import {
|
|||
MockAuthMethodsAll,
|
||||
MockAuthMethodsExternal,
|
||||
MockAuthMethodsPasswordOnly,
|
||||
MockAuthMethodsPasswordTermsOfService,
|
||||
MockBuildInfo,
|
||||
mockApiError,
|
||||
} from "testHelpers/entities";
|
||||
import { LoginPageView } from "./LoginPageView";
|
||||
|
@ -10,6 +12,9 @@ import { LoginPageView } from "./LoginPageView";
|
|||
const meta: Meta<typeof LoginPageView> = {
|
||||
title: "pages/LoginPage",
|
||||
component: LoginPageView,
|
||||
args: {
|
||||
buildInfo: MockBuildInfo,
|
||||
},
|
||||
};
|
||||
|
||||
export default meta;
|
||||
|
@ -33,6 +38,12 @@ export const WithAllAuthMethods: Story = {
|
|||
},
|
||||
};
|
||||
|
||||
export const WithTermsOfService: Story = {
|
||||
args: {
|
||||
authMethods: MockAuthMethodsPasswordTermsOfService,
|
||||
},
|
||||
};
|
||||
|
||||
export const AuthError: Story = {
|
||||
args: {
|
||||
error: mockApiError({
|
||||
|
@ -53,6 +64,7 @@ export const ExternalAuthError: Story = {
|
|||
|
||||
export const LoadingAuthMethods: Story = {
|
||||
args: {
|
||||
isLoading: true,
|
||||
authMethods: undefined,
|
||||
},
|
||||
};
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import type { Interpolation, Theme } from "@emotion/react";
|
||||
import type { FC } from "react";
|
||||
import Button from "@mui/material/Button";
|
||||
import { type FC, useState } from "react";
|
||||
import { useLocation } from "react-router-dom";
|
||||
import type { AuthMethods, BuildInfoResponse } from "api/typesGenerated";
|
||||
import { CoderIcon } from "components/Icons/CoderIcon";
|
||||
|
@ -7,6 +8,7 @@ import { Loader } from "components/Loader/Loader";
|
|||
import { getApplicationName, getLogoURL } from "utils/appearance";
|
||||
import { retrieveRedirect } from "utils/redirect";
|
||||
import { SignInForm } from "./SignInForm";
|
||||
import { TermsOfServiceLink } from "./TermsOfServiceLink";
|
||||
|
||||
export interface LoginPageViewProps {
|
||||
authMethods: AuthMethods | undefined;
|
||||
|
@ -49,12 +51,21 @@ export const LoginPageView: FC<LoginPageViewProps> = ({
|
|||
<CoderIcon fill="white" opacity={1} css={styles.icon} />
|
||||
);
|
||||
|
||||
const [tosAccepted, setTosAccepted] = useState(false);
|
||||
const tosAcceptanceRequired =
|
||||
authMethods?.terms_of_service_url && !tosAccepted;
|
||||
|
||||
return (
|
||||
<div css={styles.root}>
|
||||
<div css={styles.container}>
|
||||
{applicationLogo}
|
||||
{isLoading ? (
|
||||
<Loader />
|
||||
) : tosAcceptanceRequired ? (
|
||||
<>
|
||||
<TermsOfServiceLink url={authMethods.terms_of_service_url} />
|
||||
<Button onClick={() => setTosAccepted(true)}>I agree</Button>
|
||||
</>
|
||||
) : (
|
||||
<SignInForm
|
||||
authMethods={authMethods}
|
||||
|
@ -70,6 +81,12 @@ export const LoginPageView: FC<LoginPageViewProps> = ({
|
|||
Copyright © {new Date().getFullYear()} Coder Technologies, Inc.
|
||||
</div>
|
||||
<div>{buildInfo?.version}</div>
|
||||
{tosAccepted && (
|
||||
<TermsOfServiceLink
|
||||
url={authMethods?.terms_of_service_url}
|
||||
css={{ fontSize: 12 }}
|
||||
/>
|
||||
)}
|
||||
</footer>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -110,7 +110,7 @@ export const SignInForm: FC<SignInFormProps> = ({
|
|||
{passwordEnabled && oAuthEnabled && (
|
||||
<div css={styles.divider}>
|
||||
<div css={styles.dividerLine} />
|
||||
<div css={styles.dividerLabel}>Or</div>
|
||||
<div css={styles.dividerLabel}>or</div>
|
||||
<div css={styles.dividerLine} />
|
||||
</div>
|
||||
)}
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
import LaunchIcon from "@mui/icons-material/LaunchOutlined";
|
||||
import Link from "@mui/material/Link";
|
||||
import type { FC } from "react";
|
||||
|
||||
interface TermsOfServiceLinkProps {
|
||||
className?: string;
|
||||
url?: string;
|
||||
}
|
||||
|
||||
export const TermsOfServiceLink: FC<TermsOfServiceLinkProps> = ({
|
||||
className,
|
||||
url,
|
||||
}) => {
|
||||
return (
|
||||
<div css={{ paddingTop: 12, fontSize: 16 }} className={className}>
|
||||
By continuing, you agree to the{" "}
|
||||
<Link
|
||||
css={{ fontWeight: 500, textWrap: "nowrap" }}
|
||||
href={url}
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
>
|
||||
Terms of Service
|
||||
<LaunchIcon css={{ fontSize: 12 }} />
|
||||
</Link>
|
||||
</div>
|
||||
);
|
||||
};
|
|
@ -136,10 +136,7 @@ export const SingleSignOnSection: FC<SingleSignOnSectionProps> = ({
|
|||
}) => {
|
||||
const theme = useTheme();
|
||||
|
||||
const authList = Object.values(
|
||||
authMethods,
|
||||
) as (typeof authMethods)[keyof typeof authMethods][];
|
||||
const noSsoEnabled = !authList.some((method) => method.enabled);
|
||||
const noSsoEnabled = !authMethods.github.enabled && !authMethods.oidc.enabled;
|
||||
|
||||
return (
|
||||
<>
|
||||
|
|
|
@ -1373,6 +1373,13 @@ export const MockAuthMethodsPasswordOnly: TypesGen.AuthMethods = {
|
|||
oidc: { enabled: false, signInText: "", iconUrl: "" },
|
||||
};
|
||||
|
||||
export const MockAuthMethodsPasswordTermsOfService: TypesGen.AuthMethods = {
|
||||
terms_of_service_url: "https://www.youtube.com/watch?v=C2f37Vb2NAE",
|
||||
password: { enabled: true },
|
||||
github: { enabled: false },
|
||||
oidc: { enabled: false, signInText: "", iconUrl: "" },
|
||||
};
|
||||
|
||||
export const MockAuthMethodsExternal: TypesGen.AuthMethods = {
|
||||
password: { enabled: false },
|
||||
github: { enabled: true },
|
||||
|
|
Loading…
Reference in New Issue