[MM-22558] fix loginurls on subpath and server's with team in the url (#1192)
* fix loginurls on subpath and server's with team in the url * remove console logs * support both subpath and teamurls * improve readability
This commit is contained in:
Guillermo Vayá
22
src/main.js
22
src/main.js
@@ -448,11 +448,13 @@ function handleAppWebContentsCreated(dc, contents) {
|
||||
contents.on('will-navigate', (event, url) => {
|
||||
const contentID = event.sender.id;
|
||||
const parsedURL = Utils.parseURL(url);
|
||||
const serverURL = Utils.getServer(parsedURL, config.teams);
|
||||
if ((serverURL !== null && Utils.isTeamUrl(serverURL.url, parsedURL)) || isTrustedPopupWindow(event.sender)) {
|
||||
const server = Utils.getServer(parsedURL, config.teams);
|
||||
|
||||
if ((server !== null && Utils.isTeamUrl(server.url, parsedURL)) || isTrustedPopupWindow(event.sender)) {
|
||||
return;
|
||||
}
|
||||
if (isCustomLoginURL(parsedURL)) {
|
||||
|
||||
if (isCustomLoginURL(parsedURL, server)) {
|
||||
return;
|
||||
}
|
||||
if (parsedURL.protocol === 'mailto:') {
|
||||
@@ -976,7 +978,8 @@ function isTrustedPopupWindow(webContents) {
|
||||
return BrowserWindow.fromWebContents(webContents) === popupWindow;
|
||||
}
|
||||
|
||||
function isCustomLoginURL(url) {
|
||||
function isCustomLoginURL(url, server) {
|
||||
const subpath = (server === null || typeof server === 'undefined') ? '' : server.url.pathname;
|
||||
const parsedURL = Utils.parseURL(url);
|
||||
if (!parsedURL) {
|
||||
return false;
|
||||
@@ -985,6 +988,17 @@ function isCustomLoginURL(url) {
|
||||
return false;
|
||||
}
|
||||
const urlPath = parsedURL.pathname;
|
||||
if ((subpath !== '' || subpath !== '/') && urlPath.startsWith(subpath)) {
|
||||
const replacement = subpath.endsWith('/') ? '/' : '';
|
||||
const replacedPath = urlPath.replace(subpath, replacement);
|
||||
for (const regexPath of customLoginRegexPaths) {
|
||||
if (replacedPath.match(regexPath)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// if there is no subpath, or we are adding the team and got redirected to the real server it'll be caught here
|
||||
for (const regexPath of customLoginRegexPaths) {
|
||||
if (urlPath.match(regexPath)) {
|
||||
return true;
|
||||
|
||||
@@ -63,14 +63,17 @@ function getServerInfo(serverUrl) {
|
||||
function isTeamUrl(serverUrl, inputUrl, withApi) {
|
||||
const parsedURL = parseURL(inputUrl);
|
||||
const server = getServerInfo(serverUrl);
|
||||
if (!parsedURL || !server) {
|
||||
if (!parsedURL || !server || (!equalUrlsIgnoringSubpath(server, parsedURL))) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const nonTeamUrlPaths = ['plugins', 'signup', 'login', 'admin', 'channel', 'post', 'oauth', 'admin_console'];
|
||||
if (withApi) {
|
||||
nonTeamUrlPaths.push('api');
|
||||
}
|
||||
return !(nonTeamUrlPaths.some((testPath) => parsedURL.pathname.toLowerCase().startsWith(`${server.subpath}${testPath}/`)));
|
||||
return !(nonTeamUrlPaths.some((testPath) => (
|
||||
parsedURL.pathname.toLowerCase().startsWith(`${server.subpath}${testPath}/`) ||
|
||||
parsedURL.pathname.toLowerCase().startsWith(`/${testPath}/`))));
|
||||
}
|
||||
|
||||
function isPluginUrl(serverUrl, inputURL) {
|
||||
@@ -79,7 +82,10 @@ function isPluginUrl(serverUrl, inputURL) {
|
||||
if (!parsedURL || !server) {
|
||||
return false;
|
||||
}
|
||||
return server.origin === parsedURL.origin && parsedURL.pathname.toLowerCase().startsWith(`${server.subpath}plugins/`);
|
||||
return (
|
||||
equalUrlsIgnoringSubpath(server, parsedURL) &&
|
||||
(parsedURL.pathname.toLowerCase().startsWith(`${server.subpath}plugins/`) ||
|
||||
parsedURL.pathname.toLowerCase().startsWith('/plugins/')));
|
||||
}
|
||||
|
||||
function getServer(inputURL, teams) {
|
||||
@@ -88,15 +94,23 @@ function getServer(inputURL, teams) {
|
||||
return null;
|
||||
}
|
||||
let parsedServerUrl;
|
||||
let secondOption = null;
|
||||
for (let i = 0; i < teams.length; i++) {
|
||||
parsedServerUrl = parseURL(teams[i].url);
|
||||
|
||||
// check server and subpath matches (without subpath pathname is \ so it always matches)
|
||||
if (parsedServerUrl.origin === parsedURL.origin && parsedURL.pathname.startsWith(parsedServerUrl.pathname)) {
|
||||
if (equalUrlsWithSubpath(parsedServerUrl, parsedURL)) {
|
||||
return {name: teams[i].name, url: parsedServerUrl, index: i};
|
||||
}
|
||||
if (equalUrlsIgnoringSubpath(parsedServerUrl, parsedURL)) {
|
||||
// in case the user added something on the path that doesn't really belong to the server
|
||||
// there might be more than one that matches, but we can't differentiate, so last one
|
||||
// is as good as any other in case there is no better match (e.g.: two subpath servers with the same origin)
|
||||
// e.g.: https://community.mattermost.com/core
|
||||
secondOption = {name: teams[i].name, url: parsedServerUrl, index: i};
|
||||
}
|
||||
}
|
||||
return null;
|
||||
return secondOption;
|
||||
}
|
||||
|
||||
function getDisplayBoundaries() {
|
||||
@@ -116,6 +130,15 @@ function getDisplayBoundaries() {
|
||||
});
|
||||
}
|
||||
|
||||
// next two functions are defined to clarify intent
|
||||
function equalUrlsWithSubpath(url1, url2) {
|
||||
return url1.origin === url2.origin && url2.pathname.toLowerCase().startsWith(url1.pathname.toLowerCase());
|
||||
}
|
||||
|
||||
function equalUrlsIgnoringSubpath(url1, url2) {
|
||||
return url1.origin.toLowerCase() === url2.origin.toLowerCase();
|
||||
}
|
||||
|
||||
export default {
|
||||
getDomain,
|
||||
isValidURL,
|
||||
|
||||
Reference in New Issue
Block a user