Merge pull request #5334 from matrix-org/t3chguy/fix/jitsi-openidc
Fix Jitsi OpenIDC auth
This commit is contained in:
commit
92f89b8dca
1 changed files with 60 additions and 0 deletions
|
@ -17,6 +17,8 @@
|
||||||
import { Room } from "matrix-js-sdk/src/models/room";
|
import { Room } from "matrix-js-sdk/src/models/room";
|
||||||
import {
|
import {
|
||||||
ClientWidgetApi,
|
ClientWidgetApi,
|
||||||
|
IGetOpenIDActionRequest,
|
||||||
|
IGetOpenIDActionResponseData,
|
||||||
IStickerActionRequest,
|
IStickerActionRequest,
|
||||||
IStickyActionRequest,
|
IStickyActionRequest,
|
||||||
ITemplateParams,
|
ITemplateParams,
|
||||||
|
@ -25,8 +27,10 @@ import {
|
||||||
IWidgetApiRequestEmptyData,
|
IWidgetApiRequestEmptyData,
|
||||||
IWidgetData,
|
IWidgetData,
|
||||||
MatrixCapabilities,
|
MatrixCapabilities,
|
||||||
|
OpenIDRequestState,
|
||||||
runTemplate,
|
runTemplate,
|
||||||
Widget,
|
Widget,
|
||||||
|
WidgetApiToWidgetAction,
|
||||||
WidgetApiFromWidgetAction,
|
WidgetApiFromWidgetAction,
|
||||||
} from "matrix-widget-api";
|
} from "matrix-widget-api";
|
||||||
import { StopGapWidgetDriver } from "./StopGapWidgetDriver";
|
import { StopGapWidgetDriver } from "./StopGapWidgetDriver";
|
||||||
|
@ -43,6 +47,8 @@ import ActiveWidgetStore from "../ActiveWidgetStore";
|
||||||
import { objectShallowClone } from "../../utils/objects";
|
import { objectShallowClone } from "../../utils/objects";
|
||||||
import defaultDispatcher from "../../dispatcher/dispatcher";
|
import defaultDispatcher from "../../dispatcher/dispatcher";
|
||||||
import { ElementWidgetActions } from "./ElementWidgetActions";
|
import { ElementWidgetActions } from "./ElementWidgetActions";
|
||||||
|
import Modal from "../../Modal";
|
||||||
|
import WidgetOpenIDPermissionsDialog from "../../components/views/dialogs/WidgetOpenIDPermissionsDialog";
|
||||||
|
|
||||||
// TODO: Destroy all of this code
|
// TODO: Destroy all of this code
|
||||||
|
|
||||||
|
@ -190,12 +196,66 @@ export class StopGapWidget extends EventEmitter {
|
||||||
return !!this.messaging;
|
return !!this.messaging;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private get widgetId() {
|
||||||
|
return this.messaging.widget.id;
|
||||||
|
}
|
||||||
|
|
||||||
|
private onOpenIdReq = async (ev: CustomEvent<IGetOpenIDActionRequest>) => {
|
||||||
|
if (ev?.detail?.widgetId !== this.widgetId) return;
|
||||||
|
|
||||||
|
const rawUrl = this.appTileProps.app.url;
|
||||||
|
const widgetSecurityKey = WidgetUtils.getWidgetSecurityKey(this.widgetId, rawUrl, this.appTileProps.userWidget);
|
||||||
|
|
||||||
|
const settings = SettingsStore.getValue("widgetOpenIDPermissions");
|
||||||
|
if (settings.deny && settings.deny.includes(widgetSecurityKey)) {
|
||||||
|
this.messaging.transport.reply(ev.detail, <IGetOpenIDActionResponseData>{
|
||||||
|
state: OpenIDRequestState.Blocked,
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (settings.allow && settings.allow.includes(widgetSecurityKey)) {
|
||||||
|
const credentials = await MatrixClientPeg.get().getOpenIdToken();
|
||||||
|
this.messaging.transport.reply(ev.detail, <IGetOpenIDActionResponseData>{
|
||||||
|
state: OpenIDRequestState.Allowed,
|
||||||
|
...credentials,
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Confirm that we received the request
|
||||||
|
this.messaging.transport.reply(ev.detail, <IGetOpenIDActionResponseData>{
|
||||||
|
state: OpenIDRequestState.PendingUserConfirmation,
|
||||||
|
});
|
||||||
|
|
||||||
|
// Actually ask for permission to send the user's data
|
||||||
|
Modal.createTrackedDialog("OpenID widget permissions", '', WidgetOpenIDPermissionsDialog, {
|
||||||
|
widgetUrl: rawUrl.substr(0, rawUrl.lastIndexOf("?")),
|
||||||
|
widgetId: this.widgetId,
|
||||||
|
isUserWidget: this.appTileProps.userWidget,
|
||||||
|
|
||||||
|
onFinished: async (confirm) => {
|
||||||
|
const responseBody: IGetOpenIDActionResponseData = {
|
||||||
|
state: confirm ? OpenIDRequestState.Allowed : OpenIDRequestState.Blocked,
|
||||||
|
original_request_id: ev.detail.requestId, // eslint-disable-line camelcase
|
||||||
|
};
|
||||||
|
if (confirm) {
|
||||||
|
const credentials = await MatrixClientPeg.get().getOpenIdToken();
|
||||||
|
Object.assign(responseBody, credentials);
|
||||||
|
}
|
||||||
|
this.messaging.transport.send(WidgetApiToWidgetAction.OpenIDCredentials, responseBody).catch(error => {
|
||||||
|
console.error("Failed to send OpenID credentials: ", error);
|
||||||
|
});
|
||||||
|
},
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
public start(iframe: HTMLIFrameElement) {
|
public start(iframe: HTMLIFrameElement) {
|
||||||
if (this.started) return;
|
if (this.started) return;
|
||||||
const driver = new StopGapWidgetDriver( this.appTileProps.whitelistCapabilities || []);
|
const driver = new StopGapWidgetDriver( this.appTileProps.whitelistCapabilities || []);
|
||||||
this.messaging = new ClientWidgetApi(this.mockWidget, iframe, driver);
|
this.messaging = new ClientWidgetApi(this.mockWidget, iframe, driver);
|
||||||
this.messaging.addEventListener("preparing", () => this.emit("preparing"));
|
this.messaging.addEventListener("preparing", () => this.emit("preparing"));
|
||||||
this.messaging.addEventListener("ready", () => this.emit("ready"));
|
this.messaging.addEventListener("ready", () => this.emit("ready"));
|
||||||
|
this.messaging.addEventListener(`action:${WidgetApiFromWidgetAction.GetOpenIDCredentials}`, this.onOpenIdReq);
|
||||||
WidgetMessagingStore.instance.storeMessaging(this.mockWidget, this.messaging);
|
WidgetMessagingStore.instance.storeMessaging(this.mockWidget, this.messaging);
|
||||||
|
|
||||||
if (!this.appTileProps.userWidget && this.appTileProps.room) {
|
if (!this.appTileProps.userWidget && this.appTileProps.room) {
|
||||||
|
|
Loading…
Reference in a new issue