Merge pull request #5334 from matrix-org/t3chguy/fix/jitsi-openidc

Fix Jitsi OpenIDC auth
2024-11-16 13:14:58 +08:00 · 2020-10-19 11:11:17 +01:00 · 2020-10-19 11:11:17 +01:00 · 92f89b8dca
commit 92f89b8dca
parent b10f7a47fd 81990d36b5
1 changed files with 60 additions and 0 deletions
--- a/src/stores/widgets/StopGapWidget.ts
+++ b/src/stores/widgets/StopGapWidget.ts
@ -17,6 +17,8 @@
 import { Room } from "matrix-js-sdk/src/models/room";
 import {
    ClientWidgetApi,
+    IGetOpenIDActionRequest,
+    IGetOpenIDActionResponseData,
    IStickerActionRequest,
    IStickyActionRequest,
    ITemplateParams,
@ -25,8 +27,10 @@ import {
    IWidgetApiRequestEmptyData,
    IWidgetData,
    MatrixCapabilities,
+    OpenIDRequestState,
    runTemplate,
    Widget,
+    WidgetApiToWidgetAction,
    WidgetApiFromWidgetAction,
 } from "matrix-widget-api";
 import { StopGapWidgetDriver } from "./StopGapWidgetDriver";
@ -43,6 +47,8 @@ import ActiveWidgetStore from "../ActiveWidgetStore";
 import { objectShallowClone } from "../../utils/objects";
 import defaultDispatcher from "../../dispatcher/dispatcher";
 import { ElementWidgetActions } from "./ElementWidgetActions";
+import Modal from "../../Modal";
+import WidgetOpenIDPermissionsDialog from "../../components/views/dialogs/WidgetOpenIDPermissionsDialog";

 // TODO: Destroy all of this code

@ -190,12 +196,66 @@ export class StopGapWidget extends EventEmitter {
        return !!this.messaging;
    }

+    private get widgetId() {
+        return this.messaging.widget.id;
+    }
+
+    private onOpenIdReq = async (ev: CustomEvent<IGetOpenIDActionRequest>) => {
+        if (ev?.detail?.widgetId !== this.widgetId) return;
+
+        const rawUrl = this.appTileProps.app.url;
+        const widgetSecurityKey = WidgetUtils.getWidgetSecurityKey(this.widgetId, rawUrl, this.appTileProps.userWidget);
+
+        const settings = SettingsStore.getValue("widgetOpenIDPermissions");
+        if (settings.deny && settings.deny.includes(widgetSecurityKey)) {
+            this.messaging.transport.reply(ev.detail, <IGetOpenIDActionResponseData>{
+                state: OpenIDRequestState.Blocked,
+            });
+            return;
+        }
+        if (settings.allow && settings.allow.includes(widgetSecurityKey)) {
+            const credentials = await MatrixClientPeg.get().getOpenIdToken();
+            this.messaging.transport.reply(ev.detail, <IGetOpenIDActionResponseData>{
+                state: OpenIDRequestState.Allowed,
+                ...credentials,
+            });
+            return;
+        }
+
+        // Confirm that we received the request
+        this.messaging.transport.reply(ev.detail, <IGetOpenIDActionResponseData>{
+            state: OpenIDRequestState.PendingUserConfirmation,
+        });
+
+        // Actually ask for permission to send the user's data
+        Modal.createTrackedDialog("OpenID widget permissions", '', WidgetOpenIDPermissionsDialog, {
+            widgetUrl: rawUrl.substr(0, rawUrl.lastIndexOf("?")),
+            widgetId: this.widgetId,
+            isUserWidget: this.appTileProps.userWidget,
+
+            onFinished: async (confirm) => {
+                const responseBody: IGetOpenIDActionResponseData = {
+                    state: confirm ? OpenIDRequestState.Allowed : OpenIDRequestState.Blocked,
+                    original_request_id: ev.detail.requestId, // eslint-disable-line camelcase
+                };
+                if (confirm) {
+                    const credentials = await MatrixClientPeg.get().getOpenIdToken();
+                    Object.assign(responseBody, credentials);
+                }
+                this.messaging.transport.send(WidgetApiToWidgetAction.OpenIDCredentials, responseBody).catch(error => {
+                    console.error("Failed to send OpenID credentials: ", error);
+                });
+            },
+        });
+    };
+
    public start(iframe: HTMLIFrameElement) {
        if (this.started) return;
        const driver = new StopGapWidgetDriver( this.appTileProps.whitelistCapabilities || []);
        this.messaging = new ClientWidgetApi(this.mockWidget, iframe, driver);
        this.messaging.addEventListener("preparing", () => this.emit("preparing"));
        this.messaging.addEventListener("ready", () => this.emit("ready"));
+        this.messaging.addEventListener(`action:${WidgetApiFromWidgetAction.GetOpenIDCredentials}`, this.onOpenIdReq);
        WidgetMessagingStore.instance.storeMessaging(this.mockWidget, this.messaging);

        if (!this.appTileProps.userWidget && this.appTileProps.room) {