From 8d1885cd5039d360783eb9df63dd36bf45298fd9 Mon Sep 17 00:00:00 2001
From: Jessica Lawshe <5312836+lawshe@users.noreply.github.com>
Date: Wed, 24 Apr 2024 10:35:23 -0500
Subject: [PATCH] Merge pull request #18073 from
 overleaf/jel-sso-disabled-email-alert

[web] Send SSO disabled email to non-managed and linked users

GitOrigin-RevId: d5e6739efd432b396dcd7fa3dd37e18d2b9dc933
---
 .../app/src/Features/Email/EmailBuilder.js    |  45 ++++----
 .../src/Features/Email/EmailMessageHelper.js  |   3 +-
 .../test/unit/src/Email/EmailBuilderTests.js  | 103 ++++++++++++++++++
 3 files changed, 131 insertions(+), 20 deletions(-)

diff --git a/services/web/app/src/Features/Email/EmailBuilder.js b/services/web/app/src/Features/Email/EmailBuilder.js
index c6d686cd16..ad0bdc3eda 100644
--- a/services/web/app/src/Features/Email/EmailBuilder.js
+++ b/services/web/app/src/Features/Email/EmailBuilder.js
@@ -549,27 +549,37 @@ templates.groupSSOReauthenticate = ctaTemplate({
 
 templates.groupSSODisabled = ctaTemplate({
   subject(opts) {
-    return `Action required: Set your Overleaf password`
+    if (opts.userIsManaged) {
+      return `Action required: Set your Overleaf password`
+    } else {
+      return 'A change to your Overleaf login options'
+    }
   },
   title(opts) {
     return `Single sign-on disabled`
   },
-  message(opts) {
-    return [
-      `Hi,
-      <div>
-        Your group administrator has disabled single sign-on for your group.
-      </div>
-      </br>
-      <div>
-        <strong>What does this mean for you?</strong>
-      </div>
-      </br>
-      <div>
-        You now need an email address and password to sign in to your Overleaf account.
-      </div>
-      `,
+  message(opts, isPlainText) {
+    const loginUrl = `${settings.siteUrl}/login`
+    let whatDoesThisMeanExplanation = [
+      `You can still log in to Overleaf using one of our other <a href="${loginUrl}" style="color: #0F7A06; text-decoration: none;">login options</a> or with your email address and password.`,
+      `If you don't have a password, you can set one now.`,
     ]
+    if (opts.userIsManaged) {
+      whatDoesThisMeanExplanation = [
+        'You now need an email address and password to sign in to your Overleaf account.',
+      ]
+    }
+
+    const message = [
+      'Your group administrator has disabled single sign-on for your group.',
+      '<br/>',
+      '<b>What does this mean for you?</b>',
+      ...whatDoesThisMeanExplanation,
+    ]
+
+    return message.map(m => {
+      return EmailMessageHelper.cleanHTML(m, isPlainText)
+    })
   },
   secondaryMessage(opts) {
     return [``]
@@ -580,9 +590,6 @@ templates.groupSSODisabled = ctaTemplate({
   ctaText(opts) {
     return 'Set your new password'
   },
-  greeting() {
-    return ''
-  },
 })
 
 templates.surrenderAccountForManagedUsers = ctaTemplate({
diff --git a/services/web/app/src/Features/Email/EmailMessageHelper.js b/services/web/app/src/Features/Email/EmailMessageHelper.js
index 8c6b2fd3bd..d8fcc7d120 100644
--- a/services/web/app/src/Features/Email/EmailMessageHelper.js
+++ b/services/web/app/src/Features/Email/EmailMessageHelper.js
@@ -1,8 +1,9 @@
 const sanitizeHtml = require('sanitize-html')
 const sanitizeOptions = {
   html: {
-    allowedTags: ['span', 'b', 'br', 'i'],
+    allowedTags: ['a', 'span', 'b', 'br', 'i'],
     allowedAttributes: {
+      a: ['href', 'style'],
       span: ['style', 'class'],
     },
   },
diff --git a/services/web/test/unit/src/Email/EmailBuilderTests.js b/services/web/test/unit/src/Email/EmailBuilderTests.js
index d9fdc1e97a..e4dde40dfa 100644
--- a/services/web/test/unit/src/Email/EmailBuilderTests.js
+++ b/services/web/test/unit/src/Email/EmailBuilderTests.js
@@ -628,6 +628,109 @@ describe('EmailBuilder', function () {
           })
         })
       })
+
+      describe('groupSSODisabled', function () {
+        it('should build the email for non managed and linked users', function () {
+          const setNewPasswordUrl = `${this.settings.siteUrl}/user/password/reset`
+          const emailAddress = 'example@overleaf.com'
+          const opts = {
+            to: emailAddress,
+            setNewPasswordUrl,
+            userIsManaged: false,
+          }
+          const email = this.EmailBuilder.buildEmail('groupSSODisabled', opts)
+          expect(email.subject).to.equal(
+            'A change to your Overleaf login options'
+          )
+          const dom = cheerio.load(email.html)
+          expect(email.html).to.exist
+          expect(email.html).to.contain(
+            'Your group administrator has disabled single sign-on for your group.'
+          )
+          expect(email.html).to.contain(
+            'You can still log in to Overleaf using one of our other'
+          )
+          const links = dom('a')
+          expect(links[0].attribs.href).to.equal(
+            `${this.settings.siteUrl}/login`
+          )
+          expect(links[1].attribs.href).to.equal(setNewPasswordUrl)
+          expect(email.html).to.contain(
+            "If you don't have a password, you can set one now."
+          )
+          expect(email.text).to.exist
+          const expectedPlainText = [
+            'Hi,',
+            '',
+            'Your group administrator has disabled single sign-on for your group.',
+            '',
+            '',
+            '',
+            'What does this mean for you?',
+            '',
+            'You can still log in to Overleaf using one of our other login options or with your email address and password.',
+            '',
+            "If you don't have a password, you can set one now.",
+            '',
+            `Set your new password: ${setNewPasswordUrl}`,
+            '',
+            '',
+            '',
+            'Regards,',
+            `The ${this.settings.appName} Team - ${this.settings.siteUrl}`,
+          ]
+          expect(email.text.split(/\r?\n/)).to.deep.equal(expectedPlainText)
+        })
+
+        it('should build the email for managed and linked users', function () {
+          const emailAddress = 'example@overleaf.com'
+          const setNewPasswordUrl = `${this.settings.siteUrl}/user/password/reset`
+          const opts = {
+            to: emailAddress,
+            setNewPasswordUrl,
+            userIsManaged: true,
+          }
+          const email = this.EmailBuilder.buildEmail('groupSSODisabled', opts)
+          expect(email.subject).to.equal(
+            'Action required: Set your Overleaf password'
+          )
+          const dom = cheerio.load(email.html)
+          expect(email.html).to.exist
+          expect(email.html).to.contain(
+            'Your group administrator has disabled single sign-on for your group.'
+          )
+          expect(email.html).to.contain(
+            'You now need an email address and password to sign in to your Overleaf account.'
+          )
+          const links = dom('a')
+          expect(links[0].attribs.href).to.equal(
+            `${this.settings.siteUrl}/user/password/reset`
+          )
+
+          expect(email.text).to.exist
+
+          const expectedPlainText = [
+            'Hi,',
+            '',
+            'Your group administrator has disabled single sign-on for your group.',
+            '',
+            '',
+            '',
+            'What does this mean for you?',
+            '',
+            'You now need an email address and password to sign in to your Overleaf account.',
+            '',
+            `Set your new password: ${setNewPasswordUrl}`,
+            '',
+            '',
+            '',
+            'Regards,',
+            `The ${this.settings.appName} Team - ${this.settings.siteUrl}`,
+          ]
+
+          expect(email.text.split(/\r?\n/)).to.deep.equal(expectedPlainText)
+        })
+      })
     })
 
     describe('no CTA', function () {