Merge pull request #2712 from overleaf/jel-sso-ui-confirmed-domains

SSO UI only for confirmed domains

GitOrigin-RevId: cd8d7b93860a45d9527e717c6fc42876e9c9829e

services/web/app/src/Features/Project/ProjectController.js

@@ -40,6 +40,10 @@ const UserController = require('../User/UserController')
 const _ssoAvailable = (affiliation, session, linkedInstitutionIds) => {
   if (!affiliation.institution) return false
 
+  // institution.confirmed is for the domain being confirmed, not the email
+  // Do not show SSO UI for unconfirmed domains
+  if (!affiliation.institution.confirmed) return false
+
   // Could have multiple emails at the same institution, and if any are
   // linked to the institution then do not show notification for others
   if (

services/web/frontend/js/main/affiliations/controllers/UserAffiliationsController.js

@@ -35,27 +35,28 @@ define(['../../../base'], App =>
         return { local: null, domain: null }
       }
     }
-    const _ssoAvailable = affiliation => {
+
+    const _ssoAvailableForAffiliation = affiliation => {
+      if (!affiliation) return false
+      const institution = affiliation.institution
+      if (!_ssoAvailableForInstitution(institution)) return false
+      if (!institution.confirmed) return false // domain is confirmed, not the email
+      return true
+    }
+
+    const _ssoAvailableForDomain = domain => {
+      if (!domain) return false
+      if (!domain.confirmed) return false // domain is confirmed, not the email
+      const institution = domain.university
+      if (!_ssoAvailableForInstitution(institution)) return false
+      return true
+    }
+
+    const _ssoAvailableForInstitution = institution => {
       if (!ExposedSettings.hasSamlFeature) return false
-
-      if (!affiliation) {
-        return false
-      }
-
-      // university via v1 for new affiliations
-      const institution = affiliation.university || affiliation.institution
-      if (!institution) {
-        return false
-      }
-
-      if (institution && institution.ssoEnabled) {
-        return true
-      }
-
-      if ($scope.samlBetaSession && institution && institution.ssoBeta) {
-        return true
-      }
-
+      if (!institution) return false
+      if (institution.ssoEnabled) return true
+      if ($scope.samlBetaSession && institution.ssoBeta) return true
       return false
     }
 
@@ -81,7 +82,7 @@ define(['../../../base'], App =>
             ) {
               $scope.newAffiliation.university = universityDomain.university
               $scope.newAffiliation.department = universityDomain.department
-              $scope.newAffiliation.ssoAvailable = _ssoAvailable(
+              $scope.newAffiliation.ssoAvailable = _ssoAvailableForDomain(
                 universityDomain
               )
             } else {
@@ -299,7 +300,7 @@ define(['../../../base'], App =>
       )
         .then(emails => {
           $scope.userEmails = emails.map(email => {
-            email.ssoAvailable = _ssoAvailable(email.affiliation)
+            email.ssoAvailable = _ssoAvailableForAffiliation(email.affiliation)
             return email
           })
           $scope.linkedInstitutionIds = emails

services/web/test/unit/src/Project/ProjectControllerTests.js

@@ -123,6 +123,7 @@ describe('ProjectController', function() {
         email: 'test@overleaf.com',
         institution: {
           id: 1,
+          confirmed: true,
           name: 'Overleaf',
           ssoBeta: false,
           ssoEnabled: true
@@ -677,12 +678,12 @@ describe('ProjectController', function() {
         this.Features.hasFeature.withArgs('overleaf-integration').returns(true)
         done()
       })
-      it('should show institution SSO available notification', function() {
+      it('should show institution SSO available notification for confirmed domains', function() {
         this.res.render = (pageName, opts) => {
           expect(opts.notificationsInstitution).to.deep.include({
-            email: 'test@overleaf.com',
+            email: this.institutionEmail,
             institutionId: 1,
-            institutionName: 'Overleaf',
+            institutionName: this.institutionName,
             templateKey: 'notification_institution_sso_available'
           })
         }
@@ -792,6 +793,29 @@ describe('ProjectController', function() {
         }
         this.ProjectController.projectListPage(this.req, this.res)
       })
+      describe('for an unconfirmed domain for an SSO institution', function() {
+        beforeEach(function(done) {
+          this.getUserAffiliations.yields(null, [
+            {
+              email: 'test@overleaf-uncofirmed.com',
+              institution: {
+                id: 1,
+                confirmed: false,
+                name: 'Overleaf',
+                ssoBeta: false,
+                ssoEnabled: true
+              }
+            }
+          ])
+          done()
+        })
+        it('should not show institution SSO available notification', function() {
+          this.res.render = (pageName, opts) => {
+            expect(opts.notificationsInstitution.length).to.equal(0)
+          }
+          this.ProjectController.projectListPage(this.req, this.res)
+        })
+      })
       describe('when linking/logging in initiated on institution side', function() {
         it('should not show a linked another email notification', function() {
           // this is only used when initated on Overleaf,
@@ -821,6 +845,7 @@ describe('ProjectController', function() {
               email: 'beta@beta.com',
               institution: {
                 id: 2,
+                confirmed: true,
                 name: 'Beta University',
                 ssoBeta: true,
                 ssoEnabled: false