From 1894d8a6c6872f183209a60cc5344b2798e00ec2 Mon Sep 17 00:00:00 2001 From: Devin Binnie <52460000+devinbinnie@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:55:13 -0500 Subject: [PATCH] [MM-61821] Automatically allow permission checks for supported permission types through for GPO configured servers (#3231) * [MM-61821] Automatically allow permission checks for supported permission types through for GPO configured servers * Fix lint * Fix tsc --- src/main/permissionsManager.test.js | 24 +++++++++++++++++++++++- src/main/permissionsManager.ts | 9 ++++++++- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/src/main/permissionsManager.test.js b/src/main/permissionsManager.test.js index 9118b9c0..c89bc63a 100644 --- a/src/main/permissionsManager.test.js +++ b/src/main/permissionsManager.test.js @@ -3,6 +3,7 @@ import {dialog, systemPreferences} from 'electron'; +import Config from 'common/config'; import {parseURL, isTrustedURL} from 'common/utils/url'; import ViewManager from 'main/views/viewManager'; import CallsWidgetWindow from 'main/windows/callsWidgetWindow'; @@ -37,6 +38,12 @@ jest.mock('common/utils/url', () => ({ isTrustedURL: jest.fn(), })); +jest.mock('common/config', () => ({ + registryData: { + servers: [], + }, +})); + jest.mock('main/i18nManager', () => ({ localizeMessage: jest.fn(), })); @@ -72,6 +79,9 @@ describe('main/PermissionsManager', () => { if (id === 2) { return {view: {server: {url: new URL('http://anyurl.com')}}}; } + if (id === 4) { + return {view: {server: {url: new URL('http://gposerver.com')}}}; + } return null; }); @@ -84,6 +94,11 @@ describe('main/PermissionsManager', () => { } }); isTrustedURL.mockImplementation((url, baseURL) => url.toString().startsWith(baseURL.toString())); + Config.registryData.servers = [ + { + url: 'http://gposerver.com', + }, + ]; }); afterEach(() => { @@ -115,10 +130,17 @@ describe('main/PermissionsManager', () => { it('should deny if the server URL can not be found', async () => { const permissionsManager = new PermissionsManager('anyfile.json'); const cb = jest.fn(); - await permissionsManager.handlePermissionRequest({id: 4}, 'media', cb, {securityOrigin: 'http://anyurl.com'}); + await permissionsManager.handlePermissionRequest({id: 5}, 'media', cb, {securityOrigin: 'http://anyurl.com'}); expect(cb).toHaveBeenCalledWith(false); }); + it('should allow if the URL is a GPO configured server', async () => { + const permissionsManager = new PermissionsManager('anyfile.json'); + const cb = jest.fn(); + await permissionsManager.handlePermissionRequest({id: 4}, 'media', cb, {securityOrigin: 'http://gposerver.com'}); + expect(cb).toHaveBeenCalledWith(true); + }); + it('should deny if the URL is not trusted', async () => { const permissionsManager = new PermissionsManager('anyfile.json'); const cb = jest.fn(); diff --git a/src/main/permissionsManager.ts b/src/main/permissionsManager.ts index f759f386..27dca918 100644 --- a/src/main/permissionsManager.ts +++ b/src/main/permissionsManager.ts @@ -22,6 +22,7 @@ import { OPEN_WINDOWS_MICROPHONE_PREFERENCES, UPDATE_PATHS, } from 'common/communication'; +import Config from 'common/config'; import JsonFileManager from 'common/JsonFileManager'; import {Logger} from 'common/log'; import type {MattermostServer} from 'common/servers/MattermostServer'; @@ -141,7 +142,7 @@ export class PermissionsManager extends JsonFileManager { return false; } - let serverURL; + let serverURL: URL | undefined; if (CallsWidgetWindow.isCallsWidget(webContentsId)) { serverURL = CallsWidgetWindow.getViewURL(); } else { @@ -152,6 +153,12 @@ export class PermissionsManager extends JsonFileManager { return false; } + // For GPO servers, we always allow permissions since they are trusted + const serverHref = serverURL.href; + if (Config.registryData?.servers?.some((s) => parseURL(s.url)?.href === serverHref)) { + return true; + } + // Exception for embedded videos such as YouTube // We still want to ask permission to do this though const isExternalFullscreen = permission === 'fullscreen' && parsedURL.origin !== serverURL.origin;