paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-15 03:11:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

remote_billing: Implement confirmation flow for RemoteRealm auth.

Browse Source 
The way the flow goes now is this:
1. The user initiaties login via "Billing" in the gear menu.
2. That takes them to `/self-hosted-billing/` (possibly with a
   `next_page` param if we use that for some gear menu options).
3. The server queries the bouncer to give the user a link with a signed
   access token.
4. The user is redirected to that link (on `selfhosting.zulipchat.com`).
Now we have two cases, either the user is logging in for the first time
and already did in the past.
If this is the first time, we have:
5. The user is asked to fill in their email in a form that's shown,
   pre-filled with the value provided inside the signed access token.
   They POST this to the next endpoint.
6. The next endpoint sends a confirmation email to that address and asks
   the user to go check their email.
7. The user clicks the link in their email is taken to the
   from_confirmation endpoint.
8. Their initial RemoteBillingUser is created, a new signed link like in
   (3) is generated and they're transparently taken back to (4),
   where now that they have a RemoteBillingUser, they're handled
   just like a user who already logged in before:
If the user already logged in before, they go straight here:
9. "Confirm login" page - they're shown their information (email and
   full_name), can update
   their full name in the form if they want. They also accept ToS here
   if necessary. They POST this form back to
   the endpoint and finally have a logged in session.
10. They're redirected to billing (or `next_page`) now that they have
    access.
This commit is contained in:
Mateusz Mandera
2023-12-10 17:10:56 +01:00
committed by Tim Abbott
parent 18ec4cd198
commit 423aebf98e
14 changed files with 442 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
corporate/lib/remote_billing_util.py
View File

@@ -28,6 +28,7 @@ class RemoteBillingIdentityDict(TypedDict):
remote_server_uuid: str
remote_realm_uuid: str
remote_billing_user_id: Optional[int]
authenticated_at: int
uri_scheme: Literal["http://", "https://"]
@@ -133,9 +134,8 @@ def get_remote_server_and_user_from_session(
request: HttpRequest,
server_uuid: str,
) -> Tuple[RemoteZulipServer, Optional[RemoteServerBillingUser]]:
identity_dict = cast(
Optional[LegacyServerIdentityDict],
get_identity_dict_from_session(request, realm_uuid=None, server_uuid=server_uuid),
identity_dict: Optional[LegacyServerIdentityDict] = get_identity_dict_from_session(
request, realm_uuid=None, server_uuid=server_uuid
)
if identity_dict is None: