Back end for link sharing #759

Andrewdt97 · 2019-08-09T04:26:04Z

Overview:
In order to better support users without emails and to streamline project sharing, it was determined that we should allow project managers to create invite links, which, upon accessing, add a user to a project with a specified role. This PR includes all of the back-end support for this link sharing. It includes three major partitions:

1. Creation and management of share link:
There are four new API calls related to the shareable link

'project_createInviteLink', [defaultRole<string>]: link<string>
- Takes a roleKey and returns the invite Url
'project_getInviteLink', []: link<string>
- Returns the current invite Url
'project_disableInviteToken', []: void
- Makes the inviteToken an empty string, thereby disabling it
'project_updateInviteTokenRole', [newRole<string>]: void
- Given a roleKey will update the role a user is assigned when joining via the link

All API calls require Domain::USERS + Operation::EDIT permission except project_getInviteLink, which requires Domain::PROJECTS + Operation::VIEW permission. These calls invoke ProjectCommands that manipulate a ProjectModel's new inviteToken object.

2. Joining via the link:
All links point towards https://<app>.org/invite/<invite code>. When such a link is accessed, the server looks up a project with that invite code. If it is found and the user is logged in, the user is added to the project and redirected there. If it is found and the user is not logged in, there are taken to the login page with a message encouraging them to register. The invite code is tracked within $app['session'] and is processed when the projects or lexicon apps are next accessed. If the project is not found, the user is show an error message on whatever page is appropriate to take them to based on their log-in status.

3. Miscellaneous Refactors:
The following changes are also included to support the above features:

The NoticeService now has an checkUrlForNotices() method which checks the Url for base-64 encoded messages in the errorMessage, infoMessage, and successMessage parameters.
The login page has been turned into an angular component in order to use the NoticeService

Screenshots:

Login page displaying a notice that a project could not be found with a given invite link.

Successfully being added to a project after signing up

Tests:
All PHP unit tests run (including new ones for the ProjectCommands)

E2E tests fail at Update and store different username. Login with new credentials. My guess is that this is due to the fact that migrating to an angular component from Silex on the login page no longer saves the username when logging out and logging back in. I am looking into as you read this.

If you wish to manually test the invite link. /invite/test is set up to create a new project and handle it's invite code. Use branch feature/linkSharingBackEndTestable.

Ideas for continued development:

Increase/test support for non-Lf apps (if desired)

This change is

megahirt

It's looking very close to being done! You're almost there :)

Reviewed 13 of 15 files at r1, 2 of 2 files at r2.
Reviewable status: all files reviewed, 9 unresolved discussions (waiting on @Andrewdt97)

src/Api/Model/Shared/InviteToken.php, line 10 at r1 (raw file):

{

    public function __construct() {

I think you can just leave out the empty constructor...not required.

src/Api/Model/Shared/ProjectModel.php, line 231 at r1 (raw file):

        if(!$validRole)
        {
            throw new ResourceNotAvailableException('Project ' . $projectId . '\'s invite token is associated with nonexistant role '

spelling correction to "nonexistent" :)

src/Api/Model/Shared/ProjectModel.php, line 343 at r1 (raw file):

            $this->inviteToken->defaultRole = $newRole;
        } else {
            throw new \InvalidArgumentException("A nonexistant role tried to be linked to an invite token.");

"nonexistent"

src/Api/Model/Shared/ProjectModel.php, line 468 at r1 (raw file):

readByProperty('inviteToken.token', $token);

does this actually work? Cool! I didn't realize that you could address a sub-property in the readByProperty method - I learn something new everyday...

src/Api/Model/Shared/Dto/RightsHelper.php, line 116 at r2 (raw file):

                return true;
            case 'project_getInviteLink':
                return $this-userHasProjectRight(Domain::USERS + Operation::EDIT);

I'm thinking that the permissions for project_getInviteLink should actually be less than "manager" which is what this currently is. I think that
project_getInviteLink should have a base permission of project user, since anyone should be able to get the link once it is enabled, and not just managers. This function should simply return an existing link stored in the database, and generate one if it doesn't exist.

Seeing this line here now reminds me that we also need a project_generateLink or something similar.

src/angular-app/bellows/apps/public/login/login-app.component.ts, line 10 at r2 (raw file):

  $onInit() {
    this.notice.checkUrlForNotices();

This feels like it should be in the $onInit() of the notice component itself, that way we don't have to remember to call this for every controller that uses the notice service, and also every instance of the notice component will automatically gain this feature.

src/Site/Controller/App.php, line 31 at r2 (raw file):

($appName == LfProjectModel::LEXICON_APP || $appName == 'projects')

We probably should not make this Lexicon app specific.

This whole section might fit better in Auth.php immediately after a successful login.

src/Site/Controller/Validate.php, line 16 at r2 (raw file):

class Validate extends Base
{
    public static function check(Application $app, $validateKey = '')

should be public static function

src/Site/Controller/Validate.php, line 37 at r2 (raw file):

    }

    public function processInviteAndRedirect(Application $app, $inviteToken = '')

should be public static function

Add InivteLink object to ProjectModel . Add ProjectCommands for invite link generation Add API end points for link sharing operations Logged-in and valid token redirection Skeleton for proper redirection Display messages from URL Error messages for invalid invite link Make checkUrlForNotices() self-contained Also consumes the error message Add Array.includes polyfill to fix lots of Bugsnag errors Bugsnag was seeing errors mainly from IE11 and UC Browser. Also alphabetize the list of polyfill imports to make TSLint happy. add new build-agent to hosts tag this so it doesn't run for build-agents add buildagent install shell script fix hostnames Remove references to temp/jsonSessionData Remove references to temp/jsonSessionData Rendered entries now show correct part of speech Previously the optionLists data wasn't making it all the way to the dc-rendered component, so the component couldn't look up proper abbreviations for parts of speech and had to resort to using the key instead. This was mostly invisible for projects that had an English language user interface, but for non-English interfaces the English part-of-speech abbreviations were being wrongly shown. Fixed. This should fix https://jira.sil.org/browse/LF-319 Invite token is tracked through authentication process Polish for back end link sharing Convert login to angular component Return id instead of model when looking up by invite token And minor polish Add FlashBag support to Login app to pass E2E tests Return id instead of model when looking up by invite token And minor polish Distinguish between createInviteLink and getInviteLink Merge master

megahirt

Reviewed 5 of 7 files at r3, 4 of 4 files at r4, 2 of 2 files at r5.
Reviewable status: all files reviewed, 8 unresolved discussions (waiting on @Andrewdt97)

Also added PHP Code Sniffer as dev dependency for use in VS Code project_getInviteLink can be accessed by project members The specific API security checks will be done inside the method

megahirt

I have finished Andrew's PR on his behalf, and we will now carry on with the feature on Brant's branch.

Reviewed 5 of 5 files at r6.
Reviewable status: complete! all files reviewed, all discussions resolved

src/Api/Model/Shared/InviteToken.php, line 10 at r1 (raw file):