phlux/mattermostest
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[MM-50973] Harden Calls windows URL navigation checks (#2573)

Browse Source 
* Harden Calls windows URL navigation checks

* Update src/main/windows/callsWidgetWindow.ts

Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>

* Fix bad merge

* Extract team name to use isUrlType

* Simplify

---------

Co-authored-by: Eva Sarafianou <eva.sarafianou@gmail.com>
This commit is contained in:
Claudio Costa
2023-03-02 12:10:47 -06:00
committed by GitHub
parent 09debd6adb
commit a52e96694d
7 changed files with 148 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/main/windows/callsWidgetWindow.test.js
View File

@@ -27,7 +27,7 @@ jest.mock('electron', () => ({
}));
jest.mock('../views/webContentEvents', () => ({
generateNewWindowListener: jest.fn(),
addWebContentsEventListeners: jest.fn(),
}));
jest.mock('common/utils/url', () => {
@@ -413,8 +413,15 @@ describe('main/windows/callsWidgetWindow', () => {
it('menubar disabled on popout', () => {
const widgetWindow = new CallsWidgetWindow(mainWindow, mainView, widgetConfig);
expect(widgetWindow.onPopOutOpen()).toHaveProperty('action', 'allow');
expect(widgetWindow.onPopOutOpen().overrideBrowserWindowOptions).toHaveProperty('autoHideMenuBar', true);
const popOutURL = 'http://localhost:8065/team/com.mattermost.calls/expanded/test-call-id';
expect(widgetWindow.onPopOutOpen({url: popOutURL})).toHaveProperty('action', 'allow');
expect(widgetWindow.onPopOutOpen({url: popOutURL}).overrideBrowserWindowOptions).toHaveProperty('autoHideMenuBar', true);
});
it('wrong popout url disabled', () => {
const widgetWindow = new CallsWidgetWindow(mainWindow, mainView, widgetConfig);
const popOutURL = 'http://localhost/team/com.mattermost.calls/expanded/test-call-id';
expect(widgetWindow.onPopOutOpen({url: popOutURL})).toHaveProperty('action', 'deny');
});
it('onPopOutFocus', () => {
@@ -434,7 +441,6 @@ describe('main/windows/callsWidgetWindow', () => {
const popOut = new EventEmitter();
popOut.webContents = {
setWindowOpenHandler: jest.fn(),
on: jest.fn(),
id: 'webContentsId',
};
@@ -448,8 +454,7 @@ describe('main/windows/callsWidgetWindow', () => {
widgetWindow.onPopOutCreate(popOut);
expect(widgetWindow.popOut).toBe(popOut);
expect(popOut.webContents.setWindowOpenHandler).toHaveBeenCalled();
expect(WebContentsEventManager.generateNewWindowListener).toHaveBeenCalledWith('webContentsId', true);
expect(WebContentsEventManager.addWebContentsEventListeners).toHaveBeenCalledWith(popOut.webContents);
widgetWindow.onPopOutFocus();
expect(popOut.focus).toHaveBeenCalled();
@@ -508,5 +513,27 @@ describe('main/windows/callsWidgetWindow', () => {
sender: baseWindow.webContents,
})).toEqual(true);
});
it('getPopOutWebContentsId', () => {
const widgetWindow = new CallsWidgetWindow(mainWindow, mainView, widgetConfig);
widgetWindow.popOut = {
webContents: {
id: 'popOutID',
},
};
expect(widgetWindow.getPopOutWebContentsId()).toBe('popOutID');
});
it('onNavigate', () => {
const widgetWindow = new CallsWidgetWindow(mainWindow, mainView, widgetConfig);
const ev = {preventDefault: jest.fn()};
widgetWindow.onNavigate(ev, widgetWindow.getWidgetURL());
expect(ev.preventDefault).not.toHaveBeenCalled();
widgetWindow.onNavigate(ev, 'http://localhost:8065/invalid/url');
expect(ev.preventDefault).toHaveBeenCalledTimes(1);
});
});
});