[server/dashboard] stop moving identities

* allow our users to disconnect provider identities from their accounts

* when a user tries to connect with a provider, for which there is already a connection to anther account, we redirect to an assistance page. a summary should help to review both accounts. in the end, any user may decide to move to a single account by disconnecting the provider identities from the other account.
  this way we can guarantee to not automagically lock out users from accounts with subscriptions or any meaningful data.

* show `Connected as`

* update terms renderer

Signed-off-by: Alex Tugarev <[email protected]>

Author: AlexTugarev

components/dashboard/public/select-account/index.html

@@ -0,0 +1,34 @@
+<!doctype html>
+<!--
+ Copyright (c) 2021 Gitpod GmbH. All rights reserved.
+ Licensed under the GNU Affero General Public License (AGPL).
+ See License-AGPL.txt in the project root for license information.
+-->
+
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="user-scalable=0, initial-scale=1, minimum-scale=1, width=device-width, height=device-height">
+    <!-- PWA primary color -->
+    <meta name="theme-color" content="#000000">
+    <link rel="manifest" href="/manifest.json">
+    <link rel="apple-touch-icon" type="image/png" href="/images/apple-touch-icon.png" sizes="180x180"/>
+    <link rel="icon" type="image/png" href="/images/gitpod-196x196.png" sizes="196x196"/>
+    <link rel="icon" type="image/svg+xml" href="/images/gitpod.svg" sizes="any"/>
+    <link rel="stylesheet" href="/styles.css"/>
+    <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Montserrat" />
+    <title>Select An Account - Gitpod</title>
+    <meta name="description" content="Describe your dev environment as code and get fully prebuilt, ready-to-code development environments for any GitLab, GitHub, and Bitbucket project.">
+    <meta name="keywords" content="dev environment, development environment, devops, cloud ide, github ide, gitlab ide, javascript, online ide, web ide, code review">
+  </head>
+  <body>
+    <noscript>
+      You need to enable JavaScript to run this app.
+    </noscript>
+    <div id="root"></div>
+    <script crossorigin="anonymous" src="/libs/moment.min.js"></script>
+    <script crossorigin="anonymous" src="/libs/react.production.min.js"></script>
+    <script crossorigin="anonymous" src="/libs/react-dom.production.min.js"></script>
+    <script src="/select-account.js"></script>
+  </body>
+</html>

components/dashboard/public/styles.css

@@ -826,7 +826,6 @@ footer .logo-icon {
 
 
 .access-control__card-container {
-    width: 31%;
     min-width: 300px;
     margin-bottom: 30px !important;
 }

components/dashboard/src/components/access-control/access-control.tsx

@@ -20,6 +20,7 @@ import CardContent from '@material-ui/core/CardActions';
 import DialogContentText from '@material-ui/core/DialogContentText';
 import DialogContent from '@material-ui/core/DialogContent';
 import Dialog from '@material-ui/core/Dialog';
+import HighlightOffOutlined from '@material-ui/icons/HighlightOffOutlined';
 import DialogTitle from '@material-ui/core/DialogTitle';
 import DialogActions from '@material-ui/core/DialogActions';
 import { themeMode } from '../../withRoot';
@@ -37,6 +38,9 @@ interface AccessControlState {
     newScopes?: Map<string, Set<string>>;
     notification?: { hostToBeReviewed: string } | { updatedHost: string; updatedScopes: string[] };
     user?: User;
+    disconnectDialog?: {
+        authHost: string;
+    };
 }
 interface AccessControlProps {
     service: GitpodService;
@@ -185,7 +189,7 @@ export class AccessControl extends React.Component<AccessControlProps, AccessCon
             <div>
                 <Toolbar style={{ padding: 0 }}>
                     <div style={{ width: '100%', justifyContent: 'space-between', marginTop: 30 }}>
-                        <Typography variant="h4" style={{ textAlign: 'center' }}>Access Control</Typography>
+                        <Typography variant="h4">Access Control</Typography>
                     </div>
                 </Toolbar>
                 <Toolbar style={{ display: 'flex', width: '100%', justifyContent: 'space-between' }}>
@@ -195,6 +199,7 @@ export class AccessControl extends React.Component<AccessControlProps, AccessCon
                 </Toolbar>
                 {this.renderTokenContainer()}
                 {this.renderInfoDialog()}
+                {this.renderDisconnectDialog()}
             </div>
         );
     }
@@ -323,7 +328,7 @@ export class AccessControl extends React.Component<AccessControlProps, AccessCon
         const icon = this.getIcon(provider);
         const dirty = !this.equals(oldScopes, newScopes);
         const identity = this.state.user && this.state.user.identities.find(i => i.authProviderId === provider.authProviderId);
-        return (<Card key={this.renderKey++}
+        return (<Card key={`provider-token-${this.renderKey++}`}
             style={{ 
                 verticalAlign: "top", 
                 textAlign: 'center', 
@@ -370,6 +375,15 @@ export class AccessControl extends React.Component<AccessControlProps, AccessCon
                 </CardContent>
             </Grid>
 
+            {identity && (<Grid item direction="column">
+                <span style={{ fontSize: "80%" }}>
+                    Connected as <strong>{identity.authName}</strong>
+                    <IconButton style={{ padding: '4px', marginLeft: '2px' }} onClick={() => this.setState({ disconnectDialog: { authHost: provider.host } })} title="Disconnect">
+                        <HighlightOffOutlined fontSize="small" style={{ verticalAlign: 'middle', color: 'var(--font-color2)' }} />
+                    </IconButton>
+                </span>
+            </Grid>)}
+
             <Grid item direction="column">
                 <CardActions style={{ display: 'block', textAlign: 'center', paddingTop: 15, paddingRight: 10, paddingBottom: 12 }} disableActionSpacing={true}>
                     {!provider.isReadonly && (
@@ -447,4 +461,63 @@ export class AccessControl extends React.Component<AccessControlProps, AccessCon
             search: `returnTo=${returnTo}&host=${provider}&override=true&scopes=${scopes.join(',')}`
         }).toString();
     }
+
+    protected renderDisconnectDialog() {
+        const { disconnectDialog, user, authProviders } = this.state;
+        const authHost = disconnectDialog?.authHost;
+        const authProvider = authProviders.find(a => a.host === authHost);
+        if (!disconnectDialog || !user || !authProvider) {
+            return;
+        }
+
+        let message: JSX.Element;
+        const handleCancel = () => {
+            this.setState({
+                disconnectDialog: undefined
+            });
+        };
+        let buttonLabel: string;
+        let handleButton: () => void;
+
+        const thisUrl = new GitpodHostUrl(new URL(window.location.toString()));
+        const otherIdentitiesOfUser = user.identities.filter(i => i.authProviderId !== authProvider.authProviderId);
+        if (otherIdentitiesOfUser.length === 0) {
+            message = (<DialogContentText>
+                Disconnecting the single remaining provider would make your account unreachable. Please go the settings, if you want to delete the account.
+            </DialogContentText>);
+
+            const settingsUrl = thisUrl.asSettings().toString();
+
+            buttonLabel = "Settings";
+            handleButton = () => window.location.href = settingsUrl;
+        } else {
+            message = (<DialogContentText>
+                You are about to disconnect {authHost}.
+            </DialogContentText>);
+
+            const returnTo = encodeURIComponent(thisUrl.with({ search: `updated=${authHost}` }).toString());
+            const deauthorizeUrl = thisUrl.withApi({
+                pathname: '/deauthorize',
+                search: `returnTo=${returnTo}&host=${authHost}`
+            }).toString();
+
+            buttonLabel = "Proceed";
+            handleButton = () => window.location.href = deauthorizeUrl;
+        }
+
+        return (
+            <Dialog
+                key="diconnect-dialog"
+                open={!!disconnectDialog}
+                onClose={handleCancel}
+            >
+                <DialogTitle>Disconnect {authHost}</DialogTitle>
+                <DialogContent>{message}</DialogContent>
+                <DialogActions>
+                    <Button onClick={handleButton} variant="outlined" color="secondary" autoFocus>{buttonLabel}</Button>
+                    <Button onClick={handleCancel} variant="outlined" color="primary" autoFocus>Cancel</Button>
+                </DialogActions>
+            </Dialog>
+        );
+    }
 }

components/dashboard/src/components/tos/terms-of-service.tsx

@@ -79,11 +79,15 @@ export class TermsOfService extends React.Component<TermsOfServiceProps, TermsOf
 
     protected actionUrl = this.gitpodHost.withApi({ pathname: '/tos/proceed' }).toString();
     render() {
-        const content = this.renderMd(this.state.terms?.content);
         const acceptsTos = this.state.acceptsTos;
-        const updateMessage = this.renderMd(this.state.terms?.updateMessage);
         const update = this.state.isUpdate;
 
+        let tosContentRendered = this.renderMd(update ? this.state.terms?.updateMessage : this.state.terms?.content);
+
+        if (!update && this.state.userInfo?.authHost) {
+            tosContentRendered = tosContentRendered.replace("{{AUTH_HOST}}", this.state.userInfo?.authHost);
+        }
+
         let userSection: JSX.Element = <div></div>;
         if (this.state.userInfo) {
             const avatarUrl: string | undefined = this.state.userInfo.avatarUrl;
@@ -133,7 +137,7 @@ export class TermsOfService extends React.Component<TermsOfServiceProps, TermsOf
                     <form ref={this.formRef} action={this.actionUrl} method="post" id="accept-tos-form">
                         <input type="hidden" id="flowId" name="flowId" value={this.state.flowId} />
                         <div className="tos-checks">
-                            <Typography className="tos-content" dangerouslySetInnerHTML={{ __html: update ? updateMessage : content }} />
+                            <Typography className="tos-content" dangerouslySetInnerHTML={{ __html: tosContentRendered }} />
                             <p>
                                 <label style={{ display: 'none', alignItems: 'center' }}>
                                     <Checkbox

components/dashboard/src/select-account.tsx

@@ -0,0 +1,184 @@
+/**
+ * Copyright (c) 2021 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import "reflect-metadata";
+import * as React from 'react';
+import * as Cookies from 'js-cookie';
+
+import { createGitpodService } from './service-factory';
+import { ApplicationFrame } from "./components/page-frame";
+import { GitpodHostUrl } from "@gitpod/gitpod-protocol/lib/util/gitpod-host-url";
+
+import Avatar from "@material-ui/core/Avatar";
+import Card from "@material-ui/core/Card";
+import CardContent from "@material-ui/core/CardContent";
+import Typography from "@material-ui/core/Typography";
+import { ButtonWithProgress } from "./components/button-with-progress";
+import { themeMode } from './withRoot';
+
+import { renderEntrypoint } from "./entrypoint";
+
+const service = createGitpodService();
+const accountHints = (() => {
+    try {
+        const hints = Cookies.getJSON('SelectAccountCookie');
+        if (accountHints || "currentUser" in hints || "otherUser" in hints) {
+            return hints;
+        }
+    } catch (error) {
+        console.log(error);
+    }
+})();
+
+export class ProceedWithAccount extends React.Component<{}, {}> {
+
+    render() {
+        if (!accountHints) {
+            return (
+                <ApplicationFrame service={service}>
+                    <h3>Oh no! We are missing a cookie here. 🍪</h3>
+                    <h2>A detailed errors message is missing.</h2>
+                </ApplicationFrame>
+            );
+        }
+        const { currentUser, otherUser } = accountHints;
+
+        const accessControlUrl = new GitpodHostUrl(window.location.href).asAccessControl().toString();
+
+        const loginUrl = new GitpodHostUrl(window.location.href).withApi({
+            pathname: '/login/',
+            search: `host=${otherUser.authHost}&returnTo=${encodeURIComponent(accessControlUrl)}`
+        }).toString();
+
+        const logoutUrl = new GitpodHostUrl(window.location.toString()).withApi({
+            pathname: "/logout",
+            search: `returnTo=${encodeURIComponent(loginUrl)}`
+        }).toString();
+
+        const onGoBackClicked = () => {
+            window.location.href = accessControlUrl;
+        };
+        const onSwitchAccountsClicked = () => {
+            window.location.href = logoutUrl;
+        };
+
+        return (
+            <ApplicationFrame service={service}>
+                <div className='content content-area'>
+
+                    <h3 style={{ textAlign: "center" }}>Select An Account</h3>
+
+                    <Typography component="p" style={{ textAlign: "center", fontSize: "110%", marginTop: "50px" }}>
+                        You are attempting to authorize a provider that is already connected with your other account on Gitpod.
+                        <br />
+                        Please switch to the other account or disconnect the provider from your current account in Access Control.
+                    </Typography>
+
+                    <div style={{ display: "flex", marginTop: "50px", width: "100%" }}>
+                        <div style={{ flex: "50%" }}>
+                            <div style={{
+                                width: "300px",
+                                margin: "0 20px 0 auto"
+                            }}>
+                                <Typography component="p" style={{ textAlign: "center", padding: "20px", fontSize: "110%" }}>
+                                    Current account
+                                </Typography>
+                                <Card>
+                                    <CardContent
+                                        style={{
+                                            textAlign: "center"
+                                        }}
+                                    >
+                                        <div>
+                                            <Avatar
+                                                style={{
+                                                    margin: "40px auto 40px",
+                                                    width: 110,
+                                                    height: 110
+                                                }}
+                                                alt={currentUser.name} src={currentUser.avatarUrl}
+                                            />
+                                            <Typography component="p" style={{ textAlign: "center", padding: "20px", fontSize: "110%" }}>
+                                                Connected as <strong>@{currentUser.authName}</strong>
+                                                <br />
+                                                from <strong>{currentUser.authHost}</strong>
+                                            </Typography>
+                                        </div>
+                                    </CardContent>
+                                </Card>
+                            </div>
+                        </div>
+                        <div style={{ flex: "50%" }}>
+                            <div style={{
+                                width: "300px",
+                                margin: "0 auto 0 20px"
+                            }}>
+                                <Typography component="p" style={{ textAlign: "center", padding: "20px", fontSize: "110%" }}>
+                                    Other account
+                                </Typography>
+                                <Card>
+                                    <CardContent
+                                        style={{
+                                            textAlign: "center"
+                                        }}
+                                    >
+                                        <div>
+                                            <Avatar
+                                                style={{
+                                                    margin: "40px auto 40px",
+                                                    width: 110,
+                                                    height: 110
+                                                }}
+                                                alt={otherUser.name} src={otherUser.avatarUrl}
+                                            />
+                                            <Typography component="p" style={{ textAlign: "center", padding: "20px", fontSize: "110%" }}>
+                                                Connected as <strong>@{otherUser.authName}</strong>
+                                                <br />
+                                                from <strong>{otherUser.authHost}</strong>
+                                            </Typography>
+                                        </div>
+                                    </CardContent>
+                                </Card>
+                            </div>
+                        </div>
+                    </div>
+
+                    <div style={{ marginTop: "100px", textAlign: "center" }}>
+                        <ButtonWithProgress
+                            className='button'
+                            onClick={onGoBackClicked}
+                            variant='outlined'
+                            color={'primary'}>
+                            {'Back To Access Control'}
+                        </ButtonWithProgress>
+
+                        <ButtonWithProgress
+                            style={{ marginLeft: "20px" }}
+                            className='button'
+                            onClick={onSwitchAccountsClicked}
+                            variant='outlined'
+                            color={'secondary'}>
+                            {'Switch To Your Other Account'}
+                        </ButtonWithProgress>
+                    </div>
+
+
+                </div>
+            </ApplicationFrame>
+        );
+    }
+
+    protected getAuthProviderType(authProviderType: string): string {
+        switch (authProviderType) {
+            case "GitHub": return themeMode === 'light' ? "/images/github.svg" : "/images/github.dark.svg";
+            case "GitLab": return themeMode === 'light' ? "/images/gitlab.svg" : "/images/gitlab.dark.svg";
+            case "Bitbucket": return themeMode === 'light' ? "/images/bitbucket.svg" : "/images/bitbucket.dark.svg";
+            default: return "";
+        }
+    }
+}
+
+renderEntrypoint(ProceedWithAccount);

components/dashboard/webpack.entrypoints.js

@@ -12,6 +12,7 @@ module.exports = function entrypoints(srcPath, eeSrcPath, isOSSBuild) {
         'create-workspace-from-ref': `${srcPath}/create-workspace-from-ref.tsx`,
         '404': `${srcPath}/404.tsx`,
         'sorry': `${srcPath}/sorry.tsx`,
+        'select-account': `${srcPath}/select-account.tsx`,
         'blocked': `${srcPath}/blocked.tsx`,
         'bootanimation': `${srcPath}/bootanimation.ts`,
         'access-control': `${srcPath}/access-control.tsx`,