yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: show a distinct error message when a user tries to create an account using a personal gmail (#3710)

Browse Source 
* fix: show a different error message when a user tries to create an account using a personal gmail

* throw only after attempting to find the team
This commit is contained in:
Nan Yu
2022-07-01 13:21:23 -07:00
committed by GitHub
parent adb55fa965
commit 4b166432e6
4 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -3,6 +3,7 @@ build
node_modules/* node_modules/*
.env .env
.log .log
.vscode/*
npm-debug.log npm-debug.log
stats.json stats.json
.DS_Store .DS_Store

7
app/scenes/Login/Notices.tsx
View File

@@ -18,6 +18,13 @@ export default function Notices() {
invite email. invite email.
</NoticeAlert> </NoticeAlert>
)} )}
{notice === "gmail-account-creation" && (
<NoticeAlert>
Sorry, a new account cannot be created with a personal Gmail address.
<hr />
Please use a Google Workspaces account instead.
</NoticeAlert>
)}
{notice === "maximum-teams" && ( {notice === "maximum-teams" && (
<NoticeAlert> <NoticeAlert>
The team you authenticated with is not authorized on this The team you authenticated with is not authorized on this

8
server/errors.ts
View File

@@ -136,6 +136,14 @@ export function TeamDomainRequiredError(
}); });
} }
export function GmailAccountCreationError(
message = "Cannot create account using personal gmail address"
) {
return httpErrors(400, message, {
id: "gmail_account_creation",
});
}
export function AuthRedirectError( export function AuthRedirectError(
message = "Redirect to the correct domain after authentication", message = "Redirect to the correct domain after authentication",
redirectUrl: string redirectUrl: string

20
server/routes/auth/providers/google.ts
View File

@@ -9,7 +9,11 @@ import accountProvisioner, {
AccountProvisionerResult, AccountProvisionerResult,
} from "@server/commands/accountProvisioner"; } from "@server/commands/accountProvisioner";
import env from "@server/env"; import env from "@server/env";
import { InviteRequiredError, TeamDomainRequiredError } from "@server/errors"; import {
GmailAccountCreationError,
InviteRequiredError,
TeamDomainRequiredError,
} from "@server/errors";
import passportMiddleware from "@server/middlewares/passport"; import passportMiddleware from "@server/middlewares/passport";
import { Team, User } from "@server/models"; import { Team, User } from "@server/models";
import { StateStore, parseState } from "@server/utils/passport"; import { StateStore, parseState } from "@server/utils/passport";
@@ -99,7 +103,8 @@ if (env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET) {
}); });
} else { } else {
// No domain means it's a personal Gmail account // No domain means it's a personal Gmail account
// We only allow sign-in to existing invites here // We only allow sign-in to existing user accounts
let team; let team;
if (appDomain.custom) { if (appDomain.custom) {
team = await Team.findOne({ where: { domain: appDomain.host } }); team = await Team.findOne({ where: { domain: appDomain.host } });
@@ -112,6 +117,17 @@ if (env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET) {
} }
if (!team) { if (!team) {
// No team usually means this is the apex domain
// Throw different errors depending on whether we think the user is
// trying to create a new account, or log-in to an existing one
const userExists = await User.count({
where: { email: profile.email.toLowerCase() },
});
if (!userExists) {
throw GmailAccountCreationError();
}
throw TeamDomainRequiredError(); throw TeamDomainRequiredError();
} }