Track OpenID automatic permissions by (widgetLocation, widgetUrl)
This commit is contained in:
Travis Ralston
parent
21d52a8311
commit
2dcb40f1be
5 changed files with 41 additions and 7 deletions
|
|
@ -1,6 +1,7 @@
|
|||
/*
|
||||
Copyright 2017 Vector Creations Ltd
|
||||
Copyright 2018 New Vector Ltd
|
||||
Copyright 2019 Travis Ralston
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
@ -25,6 +26,7 @@ import WidgetEchoStore from '../stores/WidgetEchoStore';
|
|||
// before waitFor[Room/User]Widget rejects its promise
|
||||
const WIDGET_WAIT_TIME = 20000;
|
||||
import SettingsStore from "../settings/SettingsStore";
|
||||
import ActiveWidgetStore from "../stores/ActiveWidgetStore";
|
||||
|
||||
/**
|
||||
* Encodes a URI according to a set of template variables. Variables will be
|
||||
|
|
@ -396,4 +398,25 @@ export default class WidgetUtils {
|
|||
|
||||
return capWhitelist;
|
||||
}
|
||||
|
||||
static getWidgetSecurityKey(widgetId, widgetUrl, isUserWidget) {
|
||||
let widgetLocation = ActiveWidgetStore.getRoomId(widgetId);
|
||||
|
||||
if (isUserWidget) {
|
||||
const userWidget = WidgetUtils.getUserWidgetsArray()
|
||||
.find((w) => w.id === widgetId && w.content && w.content.url === widgetUrl);
|
||||
|
||||
if (!userWidget) {
|
||||
throw new Error("No matching user widget to form security key");
|
||||
}
|
||||
|
||||
widgetLocation = userWidget.sender;
|
||||
}
|
||||
|
||||
if (!widgetLocation) {
|
||||
throw new Error("Failed to locate where the widget resides");
|
||||
}
|
||||
|
||||
return encodeURIComponent(`${widgetLocation}::${widgetUrl}`);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue