Deprecate sso_immediate_redirect and add welcome-page only option (#19437)

* Deprecate `sso_immediate_redirect` and add welcome-page only option

The old `sso_immediate_redirect` option is kept in code for backwards compatibility, but is replaced by `sso_redirect_options.immediate`, where a new `on_welcome_page` option is also introduced to only target entry points to the app. 

The path matching is a bit brittle, but still ideal in the sense of not showing UI while the app realizes it needs to redirect.

The new welcome page-only option is fully intended to avoid breaking permalinks and such while still redirecting when needed. In future, other options might be added here to further tune the experience.

* Add note about guests
This commit is contained in:
Travis Ralston 2021-10-21 08:35:05 -06:00 committed by GitHub
parent d24348de81
commit 004e8edcb2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 5 deletions

View file

@ -22,9 +22,19 @@ For a good example, see https://develop.element.io/config.json.
`default_hs_url` is specified. When multiple sources are specified, it is unclear `default_hs_url` is specified. When multiple sources are specified, it is unclear
which should take priority and therefore the application cannot continue. which should take priority and therefore the application cannot continue.
* As of Element 1.4.0, identity servers are optional. See [Identity servers](#identity-servers) below. * As of Element 1.4.0, identity servers are optional. See [Identity servers](#identity-servers) below.
1. `sso_immediate_redirect`: When `true`, Element will assume the default server supports SSO 1. `sso_redirect_options`: Optionally defines how Element will behave with a server which supports
and attempt to send the user there to continue (if they aren't already logged in). Default Single Sign On (SSO). By default, Element will do nothing special and simply show a button where
`false`. Note that this disables all usage of the welcome page. needed for the user to click to navigate to the SSO system. This behaviour can be tuned with the
config options below (as properties of the `sso_redirect_options` object). None of the options apply
if Element thinks the user is already logged in, and similarly Element will assume the default server
supports SSO if these redirect options are used.
* `immediate`: When `true` (default `false`), Element will automatically redirect all unauthenticated
users to the SSO system to log in regardless of how they reached the app. This overrides the use of
other redirect options.
* `on_welcome_page`: When `true` (default `false`), Element will automatically redirect all unauthenticated
users to the SSO to log in if the user lands on the welcome page or no specific page. For example,
https://app.element.io/#/welcome and https://app.element.io would redirect if set up to use this option.
This can be useful to maintain guest experience until an account is needed.
1. `features`: Lookup of optional features that may be force-enabled (`true`) or force-disabled (`false`). 1. `features`: Lookup of optional features that may be force-enabled (`true`) or force-disabled (`false`).
When features are not listed here, their defaults will be used, and users can turn them on/off if `showLabsSettings` When features are not listed here, their defaults will be used, and users can turn them on/off if `showLabsSettings`
allows them to. The available optional experimental features vary from release to release and are allows them to. The available optional experimental features vary from release to release and are

View file

@ -30,7 +30,7 @@ import AutoDiscoveryUtils from 'matrix-react-sdk/src/utils/AutoDiscoveryUtils';
import { AutoDiscovery } from "matrix-js-sdk/src/autodiscovery"; import { AutoDiscovery } from "matrix-js-sdk/src/autodiscovery";
import * as Lifecycle from "matrix-react-sdk/src/Lifecycle"; import * as Lifecycle from "matrix-react-sdk/src/Lifecycle";
import type MatrixChatType from "matrix-react-sdk/src/components/structures/MatrixChat"; import type MatrixChatType from "matrix-react-sdk/src/components/structures/MatrixChat";
import SdkConfig from "matrix-react-sdk/src/SdkConfig"; import SdkConfig, { parseSsoRedirectOptions } from "matrix-react-sdk/src/SdkConfig";
import { logger } from "matrix-js-sdk/src/logger"; import { logger } from "matrix-js-sdk/src/logger";
import { parseQs, parseQsFromFragment } from './url_utils'; import { parseQs, parseQsFromFragment } from './url_utils';
@ -159,7 +159,13 @@ export async function loadApp(fragParams: {}) {
const [userId] = await Lifecycle.getStoredSessionOwner(); const [userId] = await Lifecycle.getStoredSessionOwner();
const hasPossibleToken = !!userId; const hasPossibleToken = !!userId;
const isReturningFromSso = !!params.loginToken; const isReturningFromSso = !!params.loginToken;
const autoRedirect = config['sso_immediate_redirect'] === true; const ssoRedirects = parseSsoRedirectOptions(config);
let autoRedirect = ssoRedirects.immediate === true;
// XXX: This path matching is a bit brittle, but better to do it early instead of in the app code.
const isWelcomeOrLanding = window.location.hash === '#/welcome' || window.location.hash === '#';
if (!autoRedirect && ssoRedirects.on_welcome_page && isWelcomeOrLanding) {
autoRedirect = true;
}
if (!hasPossibleToken && !isReturningFromSso && autoRedirect) { if (!hasPossibleToken && !isReturningFromSso && autoRedirect) {
logger.log("Bypassing app load to redirect to SSO"); logger.log("Bypassing app load to redirect to SSO");
const tempCli = createClient({ const tempCli = createClient({