diff --git a/services/web/app/src/Features/Project/ProjectController.js b/services/web/app/src/Features/Project/ProjectController.js index 3736b0b561..06bb39c062 100644 --- a/services/web/app/src/Features/Project/ProjectController.js +++ b/services/web/app/src/Features/Project/ProjectController.js @@ -40,6 +40,10 @@ const UserController = require('../User/UserController') const _ssoAvailable = (affiliation, session, linkedInstitutionIds) => { if (!affiliation.institution) return false + // institution.confirmed is for the domain being confirmed, not the email + // Do not show SSO UI for unconfirmed domains + if (!affiliation.institution.confirmed) return false + // Could have multiple emails at the same institution, and if any are // linked to the institution then do not show notification for others if ( diff --git a/services/web/frontend/js/main/affiliations/controllers/UserAffiliationsController.js b/services/web/frontend/js/main/affiliations/controllers/UserAffiliationsController.js index 86c6740106..c40f695d27 100644 --- a/services/web/frontend/js/main/affiliations/controllers/UserAffiliationsController.js +++ b/services/web/frontend/js/main/affiliations/controllers/UserAffiliationsController.js @@ -35,27 +35,28 @@ define(['../../../base'], App => return { local: null, domain: null } } } - const _ssoAvailable = affiliation => { + + const _ssoAvailableForAffiliation = affiliation => { + if (!affiliation) return false + const institution = affiliation.institution + if (!_ssoAvailableForInstitution(institution)) return false + if (!institution.confirmed) return false // domain is confirmed, not the email + return true + } + + const _ssoAvailableForDomain = domain => { + if (!domain) return false + if (!domain.confirmed) return false // domain is confirmed, not the email + const institution = domain.university + if (!_ssoAvailableForInstitution(institution)) return false + return true + } + + const _ssoAvailableForInstitution = institution => { if (!ExposedSettings.hasSamlFeature) return false - - if (!affiliation) { - return false - } - - // university via v1 for new affiliations - const institution = affiliation.university || affiliation.institution - if (!institution) { - return false - } - - if (institution && institution.ssoEnabled) { - return true - } - - if ($scope.samlBetaSession && institution && institution.ssoBeta) { - return true - } - + if (!institution) return false + if (institution.ssoEnabled) return true + if ($scope.samlBetaSession && institution.ssoBeta) return true return false } @@ -81,7 +82,7 @@ define(['../../../base'], App => ) { $scope.newAffiliation.university = universityDomain.university $scope.newAffiliation.department = universityDomain.department - $scope.newAffiliation.ssoAvailable = _ssoAvailable( + $scope.newAffiliation.ssoAvailable = _ssoAvailableForDomain( universityDomain ) } else { @@ -299,7 +300,7 @@ define(['../../../base'], App => ) .then(emails => { $scope.userEmails = emails.map(email => { - email.ssoAvailable = _ssoAvailable(email.affiliation) + email.ssoAvailable = _ssoAvailableForAffiliation(email.affiliation) return email }) $scope.linkedInstitutionIds = emails diff --git a/services/web/test/unit/src/Project/ProjectControllerTests.js b/services/web/test/unit/src/Project/ProjectControllerTests.js index 811ea906c2..9a50cd1682 100644 --- a/services/web/test/unit/src/Project/ProjectControllerTests.js +++ b/services/web/test/unit/src/Project/ProjectControllerTests.js @@ -123,6 +123,7 @@ describe('ProjectController', function() { email: 'test@overleaf.com', institution: { id: 1, + confirmed: true, name: 'Overleaf', ssoBeta: false, ssoEnabled: true @@ -677,12 +678,12 @@ describe('ProjectController', function() { this.Features.hasFeature.withArgs('overleaf-integration').returns(true) done() }) - it('should show institution SSO available notification', function() { + it('should show institution SSO available notification for confirmed domains', function() { this.res.render = (pageName, opts) => { expect(opts.notificationsInstitution).to.deep.include({ - email: 'test@overleaf.com', + email: this.institutionEmail, institutionId: 1, - institutionName: 'Overleaf', + institutionName: this.institutionName, templateKey: 'notification_institution_sso_available' }) } @@ -792,6 +793,29 @@ describe('ProjectController', function() { } this.ProjectController.projectListPage(this.req, this.res) }) + describe('for an unconfirmed domain for an SSO institution', function() { + beforeEach(function(done) { + this.getUserAffiliations.yields(null, [ + { + email: 'test@overleaf-uncofirmed.com', + institution: { + id: 1, + confirmed: false, + name: 'Overleaf', + ssoBeta: false, + ssoEnabled: true + } + } + ]) + done() + }) + it('should not show institution SSO available notification', function() { + this.res.render = (pageName, opts) => { + expect(opts.notificationsInstitution.length).to.equal(0) + } + this.ProjectController.projectListPage(this.req, this.res) + }) + }) describe('when linking/logging in initiated on institution side', function() { it('should not show a linked another email notification', function() { // this is only used when initated on Overleaf, @@ -821,6 +845,7 @@ describe('ProjectController', function() { email: 'beta@beta.com', institution: { id: 2, + confirmed: true, name: 'Beta University', ssoBeta: true, ssoEnabled: false