Support whitelisting/blacklisting widgets for OpenID
This commit is contained in:
parent
44d8f9ee9f
commit
f045beafc3
7 changed files with 199 additions and 33 deletions
|
@ -70,6 +70,7 @@
|
||||||
@import "./views/dialogs/_ShareDialog.scss";
|
@import "./views/dialogs/_ShareDialog.scss";
|
||||||
@import "./views/dialogs/_UnknownDeviceDialog.scss";
|
@import "./views/dialogs/_UnknownDeviceDialog.scss";
|
||||||
@import "./views/dialogs/_UserSettingsDialog.scss";
|
@import "./views/dialogs/_UserSettingsDialog.scss";
|
||||||
|
@import "./views/dialogs/_WidgetOpenIDPermissionsDialog.scss";
|
||||||
@import "./views/dialogs/keybackup/_CreateKeyBackupDialog.scss";
|
@import "./views/dialogs/keybackup/_CreateKeyBackupDialog.scss";
|
||||||
@import "./views/dialogs/keybackup/_KeyBackupFailedDialog.scss";
|
@import "./views/dialogs/keybackup/_KeyBackupFailedDialog.scss";
|
||||||
@import "./views/dialogs/keybackup/_RestoreKeyBackupDialog.scss";
|
@import "./views/dialogs/keybackup/_RestoreKeyBackupDialog.scss";
|
||||||
|
|
28
res/css/views/dialogs/_WidgetOpenIDPermissionsDialog.scss
Normal file
28
res/css/views/dialogs/_WidgetOpenIDPermissionsDialog.scss
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
/*
|
||||||
|
Copyright 2019 Travis Ralston
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
.mx_WidgetOpenIDPermissionsDialog .mx_SettingsFlag {
|
||||||
|
.mx_ToggleSwitch {
|
||||||
|
display: inline-block;
|
||||||
|
vertical-align: middle;
|
||||||
|
margin-right: 8px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.mx_SettingsFlag_label {
|
||||||
|
display: inline-block;
|
||||||
|
vertical-align: middle;
|
||||||
|
}
|
||||||
|
}
|
|
@ -26,6 +26,8 @@ import Modal from "./Modal";
|
||||||
import QuestionDialog from "./components/views/dialogs/QuestionDialog";
|
import QuestionDialog from "./components/views/dialogs/QuestionDialog";
|
||||||
import {_t} from "./languageHandler";
|
import {_t} from "./languageHandler";
|
||||||
import MatrixClientPeg from "./MatrixClientPeg";
|
import MatrixClientPeg from "./MatrixClientPeg";
|
||||||
|
import SettingsStore from "./settings/SettingsStore";
|
||||||
|
import WidgetOpenIDPermissionsDialog from "./components/views/dialogs/WidgetOpenIDPermissionsDialog";
|
||||||
|
|
||||||
if (!global.mxFromWidgetMessaging) {
|
if (!global.mxFromWidgetMessaging) {
|
||||||
global.mxFromWidgetMessaging = new FromWidgetPostMessageApi();
|
global.mxFromWidgetMessaging = new FromWidgetPostMessageApi();
|
||||||
|
@ -123,40 +125,46 @@ export default class WidgetMessaging {
|
||||||
this.fromWidget.removeListener("get_openid", this._openIdHandlerRef);
|
this.fromWidget.removeListener("get_openid", this._openIdHandlerRef);
|
||||||
}
|
}
|
||||||
|
|
||||||
_onOpenIdRequest(ev, rawEv) {
|
async _onOpenIdRequest(ev, rawEv) {
|
||||||
if (ev.widgetId !== this.widgetId) return; // not interesting
|
if (ev.widgetId !== this.widgetId) return; // not interesting
|
||||||
|
|
||||||
|
const settings = SettingsStore.getValue("widgetOpenIDPermissions");
|
||||||
|
if (settings.blacklist && settings.blacklist.includes(this.widgetId)) {
|
||||||
|
this.fromWidget.sendResponse(rawEv, {state: "blocked"});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (settings.whitelist && settings.whitelist.includes(this.widgetId)) {
|
||||||
|
const responseBody = {state: "allowed"};
|
||||||
|
const credentials = await MatrixClientPeg.get().getOpenIdToken();
|
||||||
|
Object.assign(responseBody, credentials);
|
||||||
|
this.fromWidget.sendResponse(rawEv, responseBody);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Confirm that we received the request
|
// Confirm that we received the request
|
||||||
this.fromWidget.sendResponse(rawEv, {state: "request"});
|
this.fromWidget.sendResponse(rawEv, {state: "request"});
|
||||||
|
|
||||||
// TODO: Support blacklisting widgets
|
|
||||||
// TODO: Support whitelisting widgets
|
|
||||||
|
|
||||||
// Actually ask for permission to send the user's data
|
// Actually ask for permission to send the user's data
|
||||||
Modal.createTrackedDialog("OpenID widget permissions", '', QuestionDialog, {
|
Modal.createTrackedDialog("OpenID widget permissions", '',
|
||||||
title: _t("A widget would like to verify your identity"),
|
WidgetOpenIDPermissionsDialog, {
|
||||||
description: _t(
|
widgetUrl: this.widgetUrl,
|
||||||
"A widget located at %(widgetUrl)s would like to verify your identity. " +
|
widgetId: this.widgetId,
|
||||||
"By allowing this, the widget will be able to verify your user ID, but not " +
|
|
||||||
"perform actions as you.", {
|
onFinished: async (confirm) => {
|
||||||
widgetUrl: this.widgetUrl,
|
const responseBody = {success: confirm};
|
||||||
|
if (confirm) {
|
||||||
|
const credentials = await MatrixClientPeg.get().getOpenIdToken();
|
||||||
|
Object.assign(responseBody, credentials);
|
||||||
|
}
|
||||||
|
this.messageToWidget({
|
||||||
|
api: OUTBOUND_API_NAME,
|
||||||
|
action: "openid_credentials",
|
||||||
|
data: responseBody,
|
||||||
|
}).catch((error) => {
|
||||||
|
console.error("Failed to send OpenID credentials: ", error);
|
||||||
|
});
|
||||||
},
|
},
|
||||||
),
|
|
||||||
button: _t("Allow"),
|
|
||||||
onFinished: async (confirm) => {
|
|
||||||
const responseBody = {success: confirm};
|
|
||||||
if (confirm) {
|
|
||||||
const credentials = await MatrixClientPeg.get().getOpenIdToken();
|
|
||||||
Object.assign(responseBody, credentials);
|
|
||||||
}
|
|
||||||
this.messageToWidget({
|
|
||||||
api: OUTBOUND_API_NAME,
|
|
||||||
action: "openid_credentials",
|
|
||||||
data: responseBody,
|
|
||||||
}).catch((error) => {
|
|
||||||
console.error("Failed to send OpenID credentials: ", error);
|
|
||||||
});
|
|
||||||
},
|
},
|
||||||
});
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
106
src/components/views/dialogs/WidgetOpenIDPermissionsDialog.js
Normal file
106
src/components/views/dialogs/WidgetOpenIDPermissionsDialog.js
Normal file
|
@ -0,0 +1,106 @@
|
||||||
|
/*
|
||||||
|
Copyright 2019 Travis Ralston
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import React from 'react';
|
||||||
|
import PropTypes from 'prop-types';
|
||||||
|
import {Tab, TabbedView} from "../../structures/TabbedView";
|
||||||
|
import {_t, _td} from "../../../languageHandler";
|
||||||
|
import GeneralUserSettingsTab from "../settings/tabs/user/GeneralUserSettingsTab";
|
||||||
|
import SettingsStore, {SettingLevel} from "../../../settings/SettingsStore";
|
||||||
|
import LabsUserSettingsTab from "../settings/tabs/user/LabsUserSettingsTab";
|
||||||
|
import SecurityUserSettingsTab from "../settings/tabs/user/SecurityUserSettingsTab";
|
||||||
|
import NotificationUserSettingsTab from "../settings/tabs/user/NotificationUserSettingsTab";
|
||||||
|
import PreferencesUserSettingsTab from "../settings/tabs/user/PreferencesUserSettingsTab";
|
||||||
|
import VoiceUserSettingsTab from "../settings/tabs/user/VoiceUserSettingsTab";
|
||||||
|
import HelpUserSettingsTab from "../settings/tabs/user/HelpUserSettingsTab";
|
||||||
|
import FlairUserSettingsTab from "../settings/tabs/user/FlairUserSettingsTab";
|
||||||
|
import sdk from "../../../index";
|
||||||
|
import LabelledToggleSwitch from "../elements/LabelledToggleSwitch";
|
||||||
|
|
||||||
|
export default class WidgetOpenIDPermissionsDialog extends React.Component {
|
||||||
|
static propTypes = {
|
||||||
|
onFinished: PropTypes.func.isRequired,
|
||||||
|
widgetUrl: PropTypes.string.isRequired,
|
||||||
|
widgetId: PropTypes.string.isRequired,
|
||||||
|
};
|
||||||
|
|
||||||
|
constructor() {
|
||||||
|
super();
|
||||||
|
|
||||||
|
this.state = {
|
||||||
|
rememberSelection: false,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
_onAllow = () => {
|
||||||
|
this._onPermissionSelection(true);
|
||||||
|
};
|
||||||
|
|
||||||
|
_onDeny = () => {
|
||||||
|
this._onPermissionSelection(false);
|
||||||
|
};
|
||||||
|
|
||||||
|
_onPermissionSelection(allowed) {
|
||||||
|
if (this.state.rememberSelection) {
|
||||||
|
console.log(`Remembering ${this.props.widgetId} as allowed=${allowed} for OpenID`);
|
||||||
|
|
||||||
|
const currentValues = SettingsStore.getValue("widgetOpenIDPermissions");
|
||||||
|
if (!currentValues.whitelist) currentValues.whitelist = [];
|
||||||
|
if (!currentValues.blacklist) currentValues.blacklist = [];
|
||||||
|
|
||||||
|
(allowed ? currentValues.whitelist : currentValues.blacklist).push(this.props.widgetId);
|
||||||
|
SettingsStore.setValue("widgetOpenIDPermissions", null, SettingLevel.DEVICE, currentValues);
|
||||||
|
}
|
||||||
|
|
||||||
|
this.props.onFinished(allowed);
|
||||||
|
}
|
||||||
|
|
||||||
|
_onRememberSelectionChange = (newVal) => {
|
||||||
|
this.setState({rememberSelection: newVal});
|
||||||
|
};
|
||||||
|
|
||||||
|
render() {
|
||||||
|
const BaseDialog = sdk.getComponent('views.dialogs.BaseDialog');
|
||||||
|
const DialogButtons = sdk.getComponent('views.elements.DialogButtons');
|
||||||
|
|
||||||
|
return (
|
||||||
|
<BaseDialog className='mx_WidgetOpenIDPermissionsDialog' hasCancel={true}
|
||||||
|
onFinished={this.props.onFinished}
|
||||||
|
title={_t("A widget would like to verify your identity")}>
|
||||||
|
<div className='mx_WidgetOpenIDPermissionsDialog_content'>
|
||||||
|
<p>
|
||||||
|
{_t(
|
||||||
|
"A widget located at %(widgetUrl)s would like to verify your identity. " +
|
||||||
|
"By allowing this, the widget will be able to verify your user ID, but not " +
|
||||||
|
"perform actions as you.", {
|
||||||
|
widgetUrl: this.props.widgetUrl,
|
||||||
|
},
|
||||||
|
)}
|
||||||
|
</p>
|
||||||
|
<LabelledToggleSwitch value={this.state.rememberSelection} toggleInFront={true}
|
||||||
|
onChange={this._onRememberSelectionChange}
|
||||||
|
label={_t("Remember my selection for this widget")} />
|
||||||
|
</div>
|
||||||
|
<DialogButtons
|
||||||
|
primaryButton={_t("Allow")}
|
||||||
|
onPrimaryButtonClick={this._onAllow}
|
||||||
|
cancelButton={_t("Deny")}
|
||||||
|
onCancel={this._onDeny}
|
||||||
|
/>
|
||||||
|
</BaseDialog>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
|
@ -31,15 +31,29 @@ export default class LabelledToggleSwitch extends React.Component {
|
||||||
|
|
||||||
// Whether or not to disable the toggle switch
|
// Whether or not to disable the toggle switch
|
||||||
disabled: PropTypes.bool,
|
disabled: PropTypes.bool,
|
||||||
|
|
||||||
|
// True to put the toggle in front of the label
|
||||||
|
// Default false.
|
||||||
|
toggleInFront: PropTypes.bool,
|
||||||
};
|
};
|
||||||
|
|
||||||
render() {
|
render() {
|
||||||
// This is a minimal version of a SettingsFlag
|
// This is a minimal version of a SettingsFlag
|
||||||
|
|
||||||
|
let firstPart = <span className="mx_SettingsFlag_label">{this.props.label}</span>;
|
||||||
|
let secondPart = <ToggleSwitch checked={this.props.value} disabled={this.props.disabled}
|
||||||
|
onChange={this.props.onChange} />;
|
||||||
|
|
||||||
|
if (this.props.toggleInFront) {
|
||||||
|
const temp = firstPart;
|
||||||
|
firstPart = secondPart;
|
||||||
|
secondPart = temp;
|
||||||
|
}
|
||||||
|
|
||||||
return (
|
return (
|
||||||
<div className="mx_SettingsFlag">
|
<div className="mx_SettingsFlag">
|
||||||
<span className="mx_SettingsFlag_label">{this.props.label}</span>
|
{firstPart}
|
||||||
<ToggleSwitch checked={this.props.value} disabled={this.props.disabled}
|
{secondPart}
|
||||||
onChange={this.props.onChange} />
|
|
||||||
</div>
|
</div>
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -230,9 +230,6 @@
|
||||||
"%(names)s and %(count)s others are typing …|other": "%(names)s and %(count)s others are typing …",
|
"%(names)s and %(count)s others are typing …|other": "%(names)s and %(count)s others are typing …",
|
||||||
"%(names)s and %(count)s others are typing …|one": "%(names)s and one other is typing …",
|
"%(names)s and %(count)s others are typing …|one": "%(names)s and one other is typing …",
|
||||||
"%(names)s and %(lastPerson)s are typing …": "%(names)s and %(lastPerson)s are typing …",
|
"%(names)s and %(lastPerson)s are typing …": "%(names)s and %(lastPerson)s are typing …",
|
||||||
"A widget would like to verify your identity": "A widget would like to verify your identity",
|
|
||||||
"A widget located at %(widgetUrl)s would like to verify your identity. By allowing this, the widget will be able to verify your user ID, but not perform actions as you.": "A widget located at %(widgetUrl)s would like to verify your identity. By allowing this, the widget will be able to verify your user ID, but not perform actions as you.",
|
|
||||||
"Allow": "Allow",
|
|
||||||
"This homeserver has hit its Monthly Active User limit.": "This homeserver has hit its Monthly Active User limit.",
|
"This homeserver has hit its Monthly Active User limit.": "This homeserver has hit its Monthly Active User limit.",
|
||||||
"This homeserver has exceeded one of its resource limits.": "This homeserver has exceeded one of its resource limits.",
|
"This homeserver has exceeded one of its resource limits.": "This homeserver has exceeded one of its resource limits.",
|
||||||
"Please <a>contact your service administrator</a> to continue using the service.": "Please <a>contact your service administrator</a> to continue using the service.",
|
"Please <a>contact your service administrator</a> to continue using the service.": "Please <a>contact your service administrator</a> to continue using the service.",
|
||||||
|
@ -927,6 +924,7 @@
|
||||||
"NOTE: Apps are not end-to-end encrypted": "NOTE: Apps are not end-to-end encrypted",
|
"NOTE: Apps are not end-to-end encrypted": "NOTE: Apps are not end-to-end encrypted",
|
||||||
"Warning: This widget might use cookies.": "Warning: This widget might use cookies.",
|
"Warning: This widget might use cookies.": "Warning: This widget might use cookies.",
|
||||||
"Do you want to load widget from URL:": "Do you want to load widget from URL:",
|
"Do you want to load widget from URL:": "Do you want to load widget from URL:",
|
||||||
|
"Allow": "Allow",
|
||||||
"Delete Widget": "Delete Widget",
|
"Delete Widget": "Delete Widget",
|
||||||
"Deleting a widget removes it for all users in this room. Are you sure you want to delete this widget?": "Deleting a widget removes it for all users in this room. Are you sure you want to delete this widget?",
|
"Deleting a widget removes it for all users in this room. Are you sure you want to delete this widget?": "Deleting a widget removes it for all users in this room. Are you sure you want to delete this widget?",
|
||||||
"Delete widget": "Delete widget",
|
"Delete widget": "Delete widget",
|
||||||
|
@ -1176,6 +1174,10 @@
|
||||||
"Room contains unknown devices": "Room contains unknown devices",
|
"Room contains unknown devices": "Room contains unknown devices",
|
||||||
"\"%(RoomName)s\" contains devices that you haven't seen before.": "\"%(RoomName)s\" contains devices that you haven't seen before.",
|
"\"%(RoomName)s\" contains devices that you haven't seen before.": "\"%(RoomName)s\" contains devices that you haven't seen before.",
|
||||||
"Unknown devices": "Unknown devices",
|
"Unknown devices": "Unknown devices",
|
||||||
|
"A widget would like to verify your identity": "A widget would like to verify your identity",
|
||||||
|
"A widget located at %(widgetUrl)s would like to verify your identity. By allowing this, the widget will be able to verify your user ID, but not perform actions as you.": "A widget located at %(widgetUrl)s would like to verify your identity. By allowing this, the widget will be able to verify your user ID, but not perform actions as you.",
|
||||||
|
"Remember my selection for this widget": "Remember my selection for this widget",
|
||||||
|
"Deny": "Deny",
|
||||||
"Unable to load backup status": "Unable to load backup status",
|
"Unable to load backup status": "Unable to load backup status",
|
||||||
"Recovery Key Mismatch": "Recovery Key Mismatch",
|
"Recovery Key Mismatch": "Recovery Key Mismatch",
|
||||||
"Backup could not be decrypted with this key: please verify that you entered the correct recovery key.": "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.",
|
"Backup could not be decrypted with this key: please verify that you entered the correct recovery key.": "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.",
|
||||||
|
|
|
@ -340,6 +340,13 @@ export const SETTINGS = {
|
||||||
displayName: _td('Show developer tools'),
|
displayName: _td('Show developer tools'),
|
||||||
default: false,
|
default: false,
|
||||||
},
|
},
|
||||||
|
"widgetOpenIDPermissions": {
|
||||||
|
supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
|
||||||
|
default: {
|
||||||
|
whitelisted: [],
|
||||||
|
blacklisted: [],
|
||||||
|
},
|
||||||
|
},
|
||||||
"RoomList.orderByImportance": {
|
"RoomList.orderByImportance": {
|
||||||
supportedLevels: LEVELS_ACCOUNT_SETTINGS,
|
supportedLevels: LEVELS_ACCOUNT_SETTINGS,
|
||||||
displayName: _td('Order rooms in the room list by most important first instead of most recent'),
|
displayName: _td('Order rooms in the room list by most important first instead of most recent'),
|
||||||
|
|
Loading…
Reference in a new issue