Merge branch 'main' into issue-759-oidc-identify-using-sub-claim

gristlabs · Nov 24, 2023 · 4f84197 · 4f84197
2 parents 1c0afb3 + c06828d
commit 4f84197
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 8 deletions.
diff --git a/app/server/lib/OIDCConfig.ts b/app/server/lib/OIDCConfig.ts
@@ -29,6 +29,9 @@
  *    env GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT
  *        If set to "true", on logout, there won't be any attempt to call the IdP's end_session_endpoint
  *        (the user will remain logged in in the IdP).
+ *    env GRIST_OIDC_SP_IGNORE_EMAIL_VERIFIED
+ *        If set to "true", the user will be allowed to login even if the email is not verified by the IDP.
+ *        Defaults to false.
  *
  * This version of OIDCConfig has been tested with Keycloak OIDC IdP following the instructions
  * at:
@@ -61,6 +64,7 @@ export class OIDCConfig {
   private _namePropertyKey?: string;
   private _emailPropertyKey: string;
   private _skipEndSessionEndpoint: boolean;
+  private _ignoreEmailVerified: boolean;
 
   public constructor() {
   }
@@ -95,6 +99,11 @@ export class OIDCConfig {
       defaultValue: false,
     })!;
 
+    this._ignoreEmailVerified = section.flag('ignoreEmailVerified').readBool({
+      envVar: 'GRIST_OIDC_SP_IGNORE_EMAIL_VERIFIED',
+      defaultValue: false,
+    })!;
+
     const issuer = await Issuer.discover(issuerUrl);
     this._redirectUrl = new URL(CALLBACK_URL, spHost).href;
     this._client = new issuer.Client({
@@ -134,6 +143,11 @@ export class OIDCConfig {
       );
 
       const userInfo = await this._client.userinfo(tokenSet);
+
+      if (!this._ignoreEmailVerified && userInfo.email_verified !== true) {
+        throw new Error(`OIDCConfig: email not verified for ${userInfo.email}`);
+      }
+
       const profile = this._makeUserProfileFromUserInfo(userInfo);
       log.info(`OIDCConfig: got OIDC response for ${profile.email} (${profile.name}) redirecting to ${targetUrl}`);
 

diff --git a/static/locales/de.client.json b/static/locales/de.client.json
@@ -217,7 +217,13 @@
         "Duplicate Table": "Tabelle duplizieren",
         "Raw Data Tables": "Rohdaten-Tabellen",
         "Table ID copied to clipboard": "Tabellen-ID in die Zwischenablage kopiert",
-        "You do not have edit access to this document": "Sie haben keinen Bearbeitungszugriff auf dieses Dokument"
+        "You do not have edit access to this document": "Sie haben keinen Bearbeitungszugriff auf dieses Dokument",
+        "Edit Record Card": "Karteikarte bearbeiten",
+        "Rename Table": "Tabelle umbenennen",
+        "{{action}} Record Card": "{{action}} Karteikarte",
+        "Record Card": "Karteikarte",
+        "Remove Table": "Tabelle entfernen",
+        "Record Card Disabled": "Karteikarte Deaktiviert"
     },
     "DocHistory": {
         "Activity": "Aktivität",
@@ -663,7 +669,8 @@
         "Insert row above": "Zeile oben einfügen",
         "Insert row below": "Zeile unten einfügen",
         "Duplicate rows_one": "Zeile duplizieren",
-        "Duplicate rows_other": "Zeilen duplizieren"
+        "Duplicate rows_other": "Zeilen duplizieren",
+        "View as card": "Ansicht als Karte"
     },
     "SelectionSummary": {
         "Copied to clipboard": "In die Zwischenablage kopiert"
@@ -1295,5 +1302,13 @@
     },
     "searchDropdown": {
         "Search": "Suchen"
+    },
+    "CardContextMenu": {
+        "Insert card above": "Karte oben einfügen",
+        "Duplicate card": "Karte duplizieren",
+        "Insert card below": "Karte unten einfügen",
+        "Delete card": "Karte löschen",
+        "Copy anchor link": "Ankerlink kopieren",
+        "Insert card": "Karte einfügen"
     }
 }
diff --git a/static/locales/es.client.json b/static/locales/es.client.json
@@ -543,7 +543,8 @@
         "Insert row above": "Insertar fila arriba",
         "Insert row below": "Insertar fila debajo",
         "Duplicate rows_one": "Duplicar fila",
-        "Duplicate rows_other": "Duplicar filas"
+        "Duplicate rows_other": "Duplicar filas",
+        "View as card": "Ver como tarjeta"
     },
     "ShareMenu": {
         "Access Details": "Detalles de Acceso",
@@ -718,7 +719,13 @@
         "Duplicate Table": "Duplicar tabla",
         "Raw Data Tables": "Tablas de datos brutos",
         "Table ID copied to clipboard": "ID de tabla copiado al portapapeles",
-        "Click to copy": "Haga clic para copiar"
+        "Click to copy": "Haga clic para copiar",
+        "Edit Record Card": "Editar la ficha del registro",
+        "Rename Table": "Cambiar el nombre de la tabla",
+        "{{action}} Record Card": "{{action}} Ficha",
+        "Record Card": "Ficha de registro",
+        "Remove Table": "Quitar la tabla",
+        "Record Card Disabled": "Tarjeta de registro desactivada"
     },
     "DocPageModel": {
         "Add Empty Table": "Agregar tabla vacía",
@@ -1285,5 +1292,13 @@
     "FloatingPopup": {
         "Maximize": "Maximizar",
         "Minimize": "Minimizar"
+    },
+    "CardContextMenu": {
+        "Insert card above": "Inserte la tarjeta arriba",
+        "Duplicate card": "Tarjeta duplicada",
+        "Insert card below": "Inserte la tarjeta a continuación",
+        "Delete card": "Borrar la tarjeta",
+        "Copy anchor link": "Copiar enlace fijado",
+        "Insert card": "Insertar la tarjeta"
     }
 }
diff --git a/static/locales/pt_BR.client.json b/static/locales/pt_BR.client.json
@@ -217,7 +217,13 @@
         "Duplicate Table": "Duplicar a Tabela",
         "Raw Data Tables": "Tabelas de Dados Primários",
         "Table ID copied to clipboard": "ID da Tabela copiada para a área de transferência",
-        "You do not have edit access to this document": "Você não tem permissão de edição desse documento"
+        "You do not have edit access to this document": "Você não tem permissão de edição desse documento",
+        "Edit Record Card": "Editar cartão de registro",
+        "Rename Table": "Renomear tabela",
+        "{{action}} Record Card": "{{action}} Cartão de registro",
+        "Record Card": "Cartão de registro",
+        "Remove Table": "Remover tabela",
+        "Record Card Disabled": "Cartão de registro desabilitado"
     },
     "DocHistory": {
         "Activity": "Atividade",
@@ -663,7 +669,8 @@
         "Insert row above": "Inserir linha acima",
         "Insert row below": "Inserir linha abaixo",
         "Duplicate rows_one": "Duplicar linha",
-        "Duplicate rows_other": "Duplicar linhas"
+        "Duplicate rows_other": "Duplicar linhas",
+        "View as card": "Ver como cartão"
     },
     "SelectionSummary": {
         "Copied to clipboard": "Copiado para a área de transferência"
@@ -1295,5 +1302,13 @@
     "FloatingPopup": {
         "Maximize": "Maximizar",
         "Minimize": "Minimizar"
+    },
+    "CardContextMenu": {
+        "Insert card above": "Inserir cartão acima",
+        "Duplicate card": "Duplicar o cartão",
+        "Insert card below": "Inserir cartão abaixo",
+        "Delete card": "Excluir cartão",
+        "Copy anchor link": "Copiar link de ancoragem",
+        "Insert card": "Inserir cartão"
     }
 }
diff --git a/static/locales/sl.client.json b/static/locales/sl.client.json
@@ -260,7 +260,8 @@
         "Copy anchor link": "Kopiraj sidrno povezavo",
         "Duplicate rows_one": "Podvoji vrstico",
         "Duplicate rows_other": "Podvoji vrstice",
-        "Insert row above": "Vstavi vrstico zgoraj"
+        "Insert row above": "Vstavi vrstico zgoraj",
+        "View as card": "Kartični pogled"
     },
     "Tools": {
         "Delete": "Izbriši",
@@ -298,7 +299,13 @@
         "Duplicate Table": "Podvojena tabela",
         "Table ID copied to clipboard": "ID tabele kopiran v odložišče",
         "You do not have edit access to this document": "Nimate dostopa za urejanje tega dokumenta",
-        "Raw Data Tables": "Neobdelana tabela"
+        "Raw Data Tables": "Neobdelana tabela",
+        "Edit Record Card": "Uredi evidenčno kartico",
+        "Rename Table": "Preimenuj Tabelo",
+        "{{action}} Record Card": "{{action}} Evidenčno Kartico",
+        "Record Card": "Evidenčna kartica",
+        "Remove Table": "Odstrani Tabelo",
+        "Record Card Disabled": "Evidenčna kartica onemogočena"
     },
     "ViewLayoutMenu": {
         "Delete record": "Brisanje zapisa",
@@ -1231,5 +1238,13 @@
     },
     "sendToDrive": {
         "Sending file to Google Drive": "Pošiljanje datoteke v Google Drive"
+    },
+    "CardContextMenu": {
+        "Insert card above": "Vstavi kartico zgoraj",
+        "Duplicate card": "Podvoji kartico",
+        "Insert card below": "Vstavi kartico spodaj",
+        "Delete card": "Briši kartico",
+        "Copy anchor link": "Kopiraj sidrno povezavo",
+        "Insert card": "Vstavi kartico"
     }
 }