From d9980c0d8fdbdfa859d399ba83b13e1ebc458937 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Wed, 27 Aug 2025 11:19:59 +0200
Subject: [PATCH] feat(baserow): add one-time SSO warning JavaScript

- Introduced a generic sso_warning.js.j2 template under
  templates/roles/web-app/templates/javascripts/
- Included this template in web-app-baserow/templates/javascript.js.j2
- Added new variable js_application_name in
  roles/web-app-baserow/vars/main.yml to make the warning
  application-specific
- Implemented cookie-based logic so the warning is only shown once
  per user (default: 365 days)

Reference: https://chatgpt.com/share/68aecdae-82d0-800f-b05e-f2cb680664f1
---
 roles/web-app-baserow/config/main.yml         |  1 +
 .../templates/javascript.js.j2                |  1 +
 roles/web-app-baserow/vars/main.yml           | 17 +++++-----
 .../templates/javascripts/sso_warning.js.j2   | 34 +++++++++++++++++++
 4 files changed, 45 insertions(+), 8 deletions(-)
 create mode 100644 roles/web-app-baserow/templates/javascript.js.j2
 create mode 100644 templates/roles/web-app/templates/javascripts/sso_warning.js.j2

diff --git a/roles/web-app-baserow/config/main.yml b/roles/web-app-baserow/config/main.yml
index fc5a911a..5cfba5be 100644
--- a/roles/web-app-baserow/config/main.yml
+++ b/roles/web-app-baserow/config/main.yml
@@ -4,6 +4,7 @@ features:
   desktop:          true
   central_database: true
   logout:           true
+  javascript:       true
 docker:
   services:
     redis:
diff --git a/roles/web-app-baserow/templates/javascript.js.j2 b/roles/web-app-baserow/templates/javascript.js.j2
new file mode 100644
index 00000000..26bb609c
--- /dev/null
+++ b/roles/web-app-baserow/templates/javascript.js.j2
@@ -0,0 +1 @@
+{% include 'templates/roles/web-app/templates/javascripts/sso_warning.js.j2' %}
diff --git a/roles/web-app-baserow/vars/main.yml b/roles/web-app-baserow/vars/main.yml
index a764b9da..3f922fd1 100644
--- a/roles/web-app-baserow/vars/main.yml
+++ b/roles/web-app-baserow/vars/main.yml
@@ -1,11 +1,12 @@
 # General
-application_id:     "web-app-baserow"
-database_password:  "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}"
-database_type:      "postgres"
+application_id:       "web-app-baserow"
+database_password:    "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}"
+database_type:        "postgres"
+js_application_name:  "Baserow"
 
 # Baserow
-BASEROW_PUBLIC_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
-BASEROW_VERSION:    "{{ applications | get_app_conf(application_id, 'docker.services.baserow.version') }}"
-BASEROW_IMAGE:      "{{ applications | get_app_conf(application_id, 'docker.services.baserow.image') }}"
-BASEROW_CONTAINER:  "{{ applications | get_app_conf(application_id, 'docker.services.baserow.name') }}"
-BASEROW_VOLUME:     "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+BASEROW_PUBLIC_URL:   "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+BASEROW_VERSION:      "{{ applications | get_app_conf(application_id, 'docker.services.baserow.version') }}"
+BASEROW_IMAGE:        "{{ applications | get_app_conf(application_id, 'docker.services.baserow.image') }}"
+BASEROW_CONTAINER:    "{{ applications | get_app_conf(application_id, 'docker.services.baserow.name') }}"
+BASEROW_VOLUME:       "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
diff --git a/templates/roles/web-app/templates/javascripts/sso_warning.js.j2 b/templates/roles/web-app/templates/javascripts/sso_warning.js.j2
new file mode 100644
index 00000000..21091f22
--- /dev/null
+++ b/templates/roles/web-app/templates/javascripts/sso_warning.js.j2
@@ -0,0 +1,34 @@
+// Jinja2 variable for the application name
+const appName = "{{ js_application_name }}";
+const cookieName = appName + "SSONoticeShown";
+
+// Function to set a cookie with expiration (in days)
+function setCookie(name, value, days) {
+    const d = new Date();
+    d.setTime(d.getTime() + (days*24*60*60*1000));
+    const expires = "expires="+ d.toUTCString();
+    document.cookie = name + "=" + value + ";" + expires + ";path=/";
+}
+
+// Function to read a cookie
+function getCookie(name) {
+    const cname = name + "=";
+    const decodedCookie = decodeURIComponent(document.cookie);
+    const ca = decodedCookie.split(';');
+    for(let i = 0; i < ca.length; i++) {
+        let c = ca[i].trim();
+        if (c.indexOf(cname) === 0) {
+            return c.substring(cname.length, c.length);
+        }
+    }
+    return "";
+}
+
+// Main logic: show notice only once
+window.addEventListener("DOMContentLoaded", function() {
+    if (!getCookie(cookieName)) {
+        alert("Notice: " + appName + " is not integrated into the SSO. Login is not possible.");
+        // Set cookie for 365 days
+        setCookie(cookieName, "true", 365);
+    }
+});
\ No newline at end of file