Re-fix OpenID requests from widgets
https://github.com/matrix-org/matrix-react-sdk/pull/4591 reverted https://github.com/matrix-org/matrix-react-sdk/pull/4459. We need to pass both URLs as we need both the wURL (for the widget's 'identity' ie. OpenID) and the URL that's actually in the iframe (for the messaging).
This commit is contained in:
parent
ef2678db93
commit
50107ebe47
2 changed files with 21 additions and 12 deletions
|
@ -41,9 +41,18 @@ if (!global.mxToWidgetMessaging) {
|
||||||
const OUTBOUND_API_NAME = 'toWidget';
|
const OUTBOUND_API_NAME = 'toWidget';
|
||||||
|
|
||||||
export default class WidgetMessaging {
|
export default class WidgetMessaging {
|
||||||
constructor(widgetId, widgetUrl, isUserWidget, target) {
|
/**
|
||||||
|
* @param {string} widgetId The widget's ID
|
||||||
|
* @param {string} wurl The raw URL of the widget as in the event (the 'wURL')
|
||||||
|
* @param {string} renderedUrl The url used in the widget's iframe (either similar to the wURL
|
||||||
|
* or a different URL of the clients choosing if it is using its own impl).
|
||||||
|
* @param {bool} isUserWidget If true, the widget is a user widget, otherwise it's a room widget
|
||||||
|
* @param {object} target Where widget messages should be sent (eg. the iframe object)
|
||||||
|
*/
|
||||||
|
constructor(widgetId, wurl, renderedUrl, isUserWidget, target) {
|
||||||
this.widgetId = widgetId;
|
this.widgetId = widgetId;
|
||||||
this.widgetUrl = widgetUrl;
|
this.wurl = wurl;
|
||||||
|
this.renderedUrl = renderedUrl;
|
||||||
this.isUserWidget = isUserWidget;
|
this.isUserWidget = isUserWidget;
|
||||||
this.target = target;
|
this.target = target;
|
||||||
this.fromWidget = global.mxFromWidgetMessaging;
|
this.fromWidget = global.mxFromWidgetMessaging;
|
||||||
|
@ -128,19 +137,19 @@ export default class WidgetMessaging {
|
||||||
}
|
}
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
this.fromWidget.addEndpoint(this.widgetId, this.widgetUrl);
|
this.fromWidget.addEndpoint(this.widgetId, this.renderedUrl);
|
||||||
this.fromWidget.addListener("get_openid", this._onOpenIdRequest);
|
this.fromWidget.addListener("get_openid", this._onOpenIdRequest);
|
||||||
}
|
}
|
||||||
|
|
||||||
stop() {
|
stop() {
|
||||||
this.fromWidget.removeEndpoint(this.widgetId, this.widgetUrl);
|
this.fromWidget.removeEndpoint(this.widgetId, this.renderedUrl);
|
||||||
this.fromWidget.removeListener("get_openid", this._onOpenIdRequest);
|
this.fromWidget.removeListener("get_openid", this._onOpenIdRequest);
|
||||||
}
|
}
|
||||||
|
|
||||||
async _onOpenIdRequest(ev, rawEv) {
|
async _onOpenIdRequest(ev, rawEv) {
|
||||||
if (ev.widgetId !== this.widgetId) return; // not interesting
|
if (ev.widgetId !== this.widgetId) return; // not interesting
|
||||||
|
|
||||||
const widgetSecurityKey = WidgetUtils.getWidgetSecurityKey(this.widgetId, this.widgetUrl, this.isUserWidget);
|
const widgetSecurityKey = WidgetUtils.getWidgetSecurityKey(this.widgetId, this.wurl, this.isUserWidget);
|
||||||
|
|
||||||
const settings = SettingsStore.getValue("widgetOpenIDPermissions");
|
const settings = SettingsStore.getValue("widgetOpenIDPermissions");
|
||||||
if (settings.deny && settings.deny.includes(widgetSecurityKey)) {
|
if (settings.deny && settings.deny.includes(widgetSecurityKey)) {
|
||||||
|
@ -161,7 +170,7 @@ export default class WidgetMessaging {
|
||||||
// Actually ask for permission to send the user's data
|
// Actually ask for permission to send the user's data
|
||||||
Modal.createTrackedDialog("OpenID widget permissions", '',
|
Modal.createTrackedDialog("OpenID widget permissions", '',
|
||||||
WidgetOpenIDPermissionsDialog, {
|
WidgetOpenIDPermissionsDialog, {
|
||||||
widgetUrl: this.widgetUrl,
|
widgetUrl: this.wurl,
|
||||||
widgetId: this.widgetId,
|
widgetId: this.widgetId,
|
||||||
isUserWidget: this.isUserWidget,
|
isUserWidget: this.isUserWidget,
|
||||||
|
|
||||||
|
|
|
@ -424,13 +424,13 @@ export default class AppTile extends React.Component {
|
||||||
_setupWidgetMessaging() {
|
_setupWidgetMessaging() {
|
||||||
// FIXME: There's probably no reason to do this here: it should probably be done entirely
|
// FIXME: There's probably no reason to do this here: it should probably be done entirely
|
||||||
// in ActiveWidgetStore.
|
// in ActiveWidgetStore.
|
||||||
|
|
||||||
// We use the app's URL over the rendered URL so that anything the widget does which could
|
|
||||||
// lead to requesting a "security key" will pass accordingly. The only other thing this URL
|
|
||||||
// is used for is to determine the origin we're talking to, and therefore we don't need the
|
|
||||||
// fully templated URL.
|
|
||||||
const widgetMessaging = new WidgetMessaging(
|
const widgetMessaging = new WidgetMessaging(
|
||||||
this.props.app.id, this._getRenderedUrl(), this.props.userWidget, this._appFrame.current.contentWindow);
|
this.props.app.id,
|
||||||
|
this.props.app.url,
|
||||||
|
this._getRenderedUrl(),
|
||||||
|
this.props.userWidget,
|
||||||
|
this._appFrame.current.contentWindow,
|
||||||
|
);
|
||||||
ActiveWidgetStore.setWidgetMessaging(this.props.app.id, widgetMessaging);
|
ActiveWidgetStore.setWidgetMessaging(this.props.app.id, widgetMessaging);
|
||||||
widgetMessaging.getCapabilities().then((requestedCapabilities) => {
|
widgetMessaging.getCapabilities().then((requestedCapabilities) => {
|
||||||
console.log(`Widget ${this.props.app.id} requested capabilities: ` + requestedCapabilities);
|
console.log(`Widget ${this.props.app.id} requested capabilities: ` + requestedCapabilities);
|
||||||
|
|
Loading…
Reference in a new issue