Add phone verification

Author: svenefftinge

components/dashboard/package.json

@@ -15,6 +15,7 @@
     "query-string": "^7.1.1",
     "react": "^17.0.1",
     "react-dom": "^17.0.1",
+    "react-intl-tel-input": "^8.2.0",
     "react-router-dom": "^5.2.0",
     "xterm": "^4.11.0",
     "xterm-addon-fit": "^0.5.0"

components/dashboard/src/admin/UserDetail.tsx

@@ -123,6 +123,7 @@ export default function UserDetail(p: { user: User }) {
                             <h3>{user.fullName}</h3>
                             {user.blocked ? <Label text="Blocked" color="red" /> : null}{" "}
                             {user.markedDeleted ? <Label text="Deleted" color="red" /> : null}
+                            {user.lastVerificationTime ? <Label text="Verified" color="green" /> : null}
                         </div>
                         <p>
                             {user.identities

components/dashboard/src/components/Alert.tsx

@@ -9,8 +9,11 @@ import { ReactComponent as Exclamation } from "../images/exclamation.svg";
 import { ReactComponent as Exclamation2 } from "../images/exclamation2.svg";
 import { ReactComponent as InfoSvg } from "../images/info.svg";
 import { ReactComponent as XSvg } from "../images/x.svg";
+import { ReactComponent as Check } from "../images/check-circle.svg";
 
 export type AlertType =
+    // Green
+    | "success"
     // Yellow
     | "warning"
     // Gray alert
@@ -40,6 +43,12 @@ interface AlertInfo {
 }
 
 const infoMap: Record<AlertType, AlertInfo> = {
+    success: {
+        bgCls: "bg-green-100 dark:bg-green-800",
+        txtCls: "text-green-700 dark:text-green-50",
+        icon: <Check className="w-4 h-4"></Check>,
+        iconColor: "text-green-700 dark:text-green-100",
+    },
     warning: {
         bgCls: "bg-yellow-100 dark:bg-yellow-700",
         txtCls: "text-yellow-600 dark:text-yellow-50",

components/dashboard/src/index.css

@@ -79,6 +79,7 @@
 
     textarea,
     input[type="text"],
+    input[type="tel"],
     input[type="number"],
     input[type="search"],
     input[type="password"],
@@ -87,12 +88,14 @@
     }
     textarea::placeholder,
     input[type="text"]::placeholder,
+    input[type="tel"]::placeholder,
     input[type="number"]::placeholder,
     input[type="search"]::placeholder,
     input[type="password"]::placeholder {
         @apply text-gray-400 dark:text-gray-500;
     }
     input[type="text"].error,
+    input[type="tel"].error,
     input[type="number"].error,
     input[type="search"].error,
     input[type="password"].error,

components/dashboard/src/start/StartPage.tsx

@@ -4,10 +4,12 @@
  * See License-AGPL.txt in the project root for license information.
  */
 
+import { ErrorCodes } from "@gitpod/gitpod-protocol/lib/messaging/error";
 import { useEffect } from "react";
 import Alert from "../components/Alert";
 import gitpodIconUA from "../icons/gitpod.svg";
 import { gitpodHostUrl } from "../service/service";
+import { VerifyModal } from "./VerifyModal";
 
 export enum StartPhase {
     Checking = 0,
@@ -106,6 +108,7 @@ export function StartPage(props: StartPageProps) {
                 {typeof phase === "number" && phase < StartPhase.IdeReady && (
                     <ProgressBar phase={phase} error={!!error} />
                 )}
+                {error && error.code === ErrorCodes.NEEDS_VERIFICATION && <VerifyModal />}
                 {error && <StartError error={error} />}
                 {props.children}
                 {props.showLatestIdeWarning && (

components/dashboard/src/start/VerifyModal.tsx

@@ -0,0 +1,241 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { useState } from "react";
+import Alert, { AlertType } from "../components/Alert";
+import Modal from "../components/Modal";
+import { getGitpodService } from "../service/service";
+import PhoneInput from "react-intl-tel-input";
+import "react-intl-tel-input/dist/main.css";
+import "./phone-input.css";
+
+interface VerifyModalState {
+    phoneNumber?: string;
+    phoneNumberValid?: boolean;
+    sent?: Date;
+    sending?: boolean;
+    message?: {
+        type: AlertType;
+        text: string;
+    };
+    token?: string;
+    verified?: boolean;
+}
+
+export function VerifyModal() {
+    const [state, setState] = useState<VerifyModalState>({});
+
+    if (!state.sent) {
+        const sendCode = async () => {
+            try {
+                setState({
+                    ...state,
+                    message: undefined,
+                    sending: true,
+                });
+                await getGitpodService().server.sendPhoneNumberVerificationToken(state.phoneNumber || "");
+                setState({
+                    ...state,
+                    sending: false,
+                    sent: new Date(),
+                });
+                return true;
+            } catch (err) {
+                setState({
+                    sent: undefined,
+                    sending: false,
+                    message: {
+                        type: "error",
+                        text: err.toString(),
+                    },
+                });
+                return false;
+            }
+        };
+        return (
+            <Modal
+                onClose={() => {}}
+                closeable={false}
+                onEnter={sendCode}
+                title="User Validation Required"
+                buttons={
+                    <div>
+                        <button className="ml-2" disabled={!state.phoneNumberValid || state.sending} onClick={sendCode}>
+                            Send Code via SMS
+                        </button>
+                    </div>
+                }
+                visible={true}
+            >
+                <Alert type="warning" className="mt-2">
+                    To use Gitpod you'll need to validate your account with your phone number. This is required to
+                    discourage and reduce abuse on Gitpod infrastructure.
+                </Alert>
+                <div className="text-gray-600 dark:text-gray-400 mt-2">
+                    Enter a mobile phone number you would like to use to verify your account.
+                </div>
+                {state.message ? (
+                    <Alert type={state.message.type} className="mt-4 py-3">
+                        {state.message.text}
+                    </Alert>
+                ) : (
+                    <></>
+                )}
+                <div className="mt-4">
+                    <h4>Mobile Phone Number</h4>
+                    {/* HACK: Below we are adding a dummy dom element that is not visible, to reference the classes so they are not removed by purgeCSS. */}
+                    <input type="tel" className="hidden intl-tel-input country-list" />
+                    <PhoneInput
+                        autoFocus={true}
+                        containerClassName={"allow-dropdown w-full intl-tel-input"}
+                        inputClassName={"w-full"}
+                        allowDropdown={true}
+                        defaultCountry={""}
+                        autoHideDialCode={false}
+                        onPhoneNumberChange={(isValid, phoneNumberRaw, countryData) => {
+                            let phoneNumber = phoneNumberRaw;
+                            if (!phoneNumber.startsWith("+") && !phoneNumber.startsWith("00")) {
+                                phoneNumber = "+" + countryData.dialCode + phoneNumber;
+                            }
+                            setState({
+                                ...state,
+                                phoneNumber,
+                                phoneNumberValid: isValid,
+                            });
+                        }}
+                    />
+                </div>
+            </Modal>
+        );
+    } else if (!state.verified) {
+        const isTokenFilled = () => {
+            return state.token && /\d{6}/.test(state.token);
+        };
+        const verifyToken = async () => {
+            try {
+                const verified = await getGitpodService().server.verifyPhoneNumberVerificationToken(
+                    state.phoneNumber!,
+                    state.token!,
+                );
+                if (verified) {
+                    setState({
+                        ...state,
+                        verified: true,
+                        message: undefined,
+                    });
+                } else {
+                    setState({
+                        ...state,
+                        message: {
+                            type: "error",
+                            text: `Invalid verification code.`,
+                        },
+                    });
+                }
+                return verified;
+            } catch (err) {
+                setState({
+                    sent: undefined,
+                    sending: false,
+                    message: {
+                        type: "error",
+                        text: err.toString(),
+                    },
+                });
+                return false;
+            }
+        };
+
+        const reset = () => {
+            setState({
+                ...state,
+                sent: undefined,
+                message: undefined,
+                token: undefined,
+            });
+        };
+        return (
+            <Modal
+                onClose={() => {}}
+                closeable={false}
+                onEnter={verifyToken}
+                title="User Validation Required"
+                buttons={
+                    <div>
+                        <button className="ml-2" disabled={!isTokenFilled()} onClick={verifyToken}>
+                            Validate Account
+                        </button>
+                    </div>
+                }
+                visible={true}
+            >
+                <Alert type="warning" className="mt-2">
+                    To use Gitpod you'll need to validate your account with your phone number. This is required to
+                    discourage and reduce abuse on Gitpod infrastructure.
+                </Alert>
+                <div className="pt-4">
+                    <button className="gp-link" onClick={reset}>
+                        &larr; Use a different phone number
+                    </button>
+                </div>
+                <div className="text-gray-600 dark:text-gray-400 pt-4">
+                    Enter the verification code we sent to {state.phoneNumber}.<br />
+                    Having trouble?{" "}
+                    <a className="gp-link" href="https://www.gitpod.io/contact/support">
+                        Contact support
+                    </a>
+                </div>
+                {state.message ? (
+                    <Alert type={state.message.type} className="mt-4 py-3">
+                        {state.message.text}
+                    </Alert>
+                ) : (
+                    <></>
+                )}
+                <div className="mt-4">
+                    <h4>Verification Code</h4>
+                    <input
+                        autoFocus={true}
+                        className="w-full"
+                        type="text"
+                        placeholder="Enter code sent via SMS"
+                        onChange={(v) => {
+                            setState({
+                                ...state,
+                                token: v.currentTarget.value,
+                            });
+                        }}
+                    />
+                </div>
+            </Modal>
+        );
+    } else {
+        const continueStartWorkspace = () => {
+            window.location.reload();
+            return true;
+        };
+        return (
+            <Modal
+                onClose={continueStartWorkspace}
+                closeable={false}
+                onEnter={continueStartWorkspace}
+                title="User Validation Successful"
+                buttons={
+                    <div>
+                        <button className="ml-2" onClick={continueStartWorkspace}>
+                            Continue
+                        </button>
+                    </div>
+                }
+                visible={true}
+            >
+                <Alert type="success" className="mt-2">
+                    Your account has been successfully verified.
+                </Alert>
+            </Modal>
+        );
+    }
+}

components/dashboard/src/start/phone-input.css

@@ -0,0 +1,18 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+.country-list {
+    width: 29rem !important;
+}
+
+input[type="tel"],
+.country-list {
+    @apply block w-56 text-gray-600 dark:text-gray-400 bg-white dark:bg-gray-800 rounded-md border border-gray-300 dark:border-gray-500 focus:border-gray-400 dark:focus:border-gray-400 focus:ring-0;
+}
+
+input[type="tel"]::placeholder {
+    @apply text-gray-400 dark:text-gray-500;
+}

components/gitpod-db/src/typeorm/entity/db-user.ts

@@ -84,4 +84,16 @@ export class DBUser implements User {
         transformer: Transformer.MAP_EMPTY_STR_TO_UNDEFINED,
     })
     usageAttributionId?: string;
+
+    @Column({
+        default: "",
+        transformer: Transformer.MAP_EMPTY_STR_TO_UNDEFINED,
+    })
+    lastVerificationTime?: string;
+
+    @Column({
+        default: "",
+        transformer: Transformer.MAP_EMPTY_STR_TO_UNDEFINED,
+    })
+    verificationPhoneNumber?: string;
 }

components/gitpod-db/src/typeorm/migration/1661519441407-PhoneVerification.ts

@@ -0,0 +1,29 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { MigrationInterface, QueryRunner } from "typeorm";
+import { columnExists } from "./helper/helper";
+
+const D_B_USER = "d_b_user";
+const COL_VERIFICATIONTIME = "lastVerificationTime";
+const COL_PHONE_NUMBER = "verificationPhoneNumber";
+
+export class PhoneVerification1661519441407 implements MigrationInterface {
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        if (!(await columnExists(queryRunner, D_B_USER, COL_VERIFICATIONTIME))) {
+            await queryRunner.query(
+                `ALTER TABLE ${D_B_USER} ADD COLUMN ${COL_VERIFICATIONTIME} varchar(30) NOT NULL DEFAULT '', ALGORITHM=INPLACE, LOCK=NONE `,
+            );
+        }
+        if (!(await columnExists(queryRunner, D_B_USER, COL_PHONE_NUMBER))) {
+            await queryRunner.query(
+                `ALTER TABLE ${D_B_USER} ADD COLUMN ${COL_PHONE_NUMBER} varchar(30) NOT NULL DEFAULT '', ALGORITHM=INPLACE, LOCK=NONE `,
+            );
+        }
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {}
+}