Skip to content

Draft: POC for organization sign in

Peter Hegmanrequested to merge
organization-login-poc into master

What does this MR do and why?

POC for #572901.

Disclaimer: This is a POC to help better understand the organization sign in flow and the challenges we may face. The code is not production ready, will need refactoring, and will have bugs. See below "Caveats and requires further investigation" section below:

Caveats and requires further investigation

  • This POC focuses on the main password flow. This POC does not look at omniauth sign in. Member invites, admin mode, etc have not yet been checked. More investigation required to make sure all these flows work as expected.
  • Need to figure out UX flow around if a user can click Continue without entering a value. Currently not in the POC. There is some tricky logic around password managers to figure out when we do this.
  • This needs to be reviewed by Application Security team and the flow may need to be modified.
  • Because we are adding interactivity to the sign in form I used Vue for the POC. This needs further thought to decide if this is the route we want to go.
  • I was running into some issues with CSRF mismatch when using devise_for :users in routes. Seems related to devise and I was able to get it working when using devise_scope :user and manually defining the organization scoped sign in routes. Ideally we don't have to manually define the routes, more investigation required.
  • I think there are some issues around caching of redirects when signing in and out that need to be looked into. If you try to sign into an organization that is not your primary sometimes you are not redirected to the that organization. See 5:10 in demo video for demonstration.
  • This has only been checked with 1Password. We will want to make sure it works with other password managers too.
  • This is not talking to the Topology service. More discussion in gitlab-com/gl-infra/tenant-scale/cells-infrastructure/team#361
  • This is not checking feature flags. We need to figure out how we will roll this out.
  • I have the new "Project Studio" UI turned on in the demo, that is why the UI looks different when I sign in.

Demo

Video is private, need to sign into GitLab Unfiltered YouTube account

https://www.youtube.com/watch?v=0dY5tt30lDo

How to set up and validate locally

  1. Enable the following feature flags in /rails/features
    • ui_for_organizations
    • organization_scoped_paths
    • organization_switching
  2. Go to /-/organizations/new and create an organization
  3. Go to /admin/users/new
  4. Create a user and assign the organization you created in step 2 in the Organization section
  5. Edit that user and set a password
  6. Try to sign in with that user

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Peter Hegman

Merge request reports