Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NEW] Accept multiple redirect URIs on OAuth Apps #14935

Merged
merged 9 commits into from
Jul 21, 2019
2 changes: 1 addition & 1 deletion .meteor/versions
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ rocketchat:i18n@0.0.1
rocketchat:livechat@0.0.1
rocketchat:mongo-config@0.0.1
rocketchat:monitoring@2.30.2_3
rocketchat:oauth2-server@2.0.0
rocketchat:oauth2-server@2.1.0
rocketchat:push@3.3.1
rocketchat:streamer@1.0.2
rocketchat:version@1.0.0
Expand Down
2 changes: 1 addition & 1 deletion app/oauth2-server-config/client/admin/views/oauthApp.html
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
<div class="input-line double-col">
<label>{{_ "Redirect_URI"}}</label>
<div>
<input type="text" class="rc-input__element" name="redirectUri" value="{{data.redirectUri}}" />
<textarea class="rc-input__element" name="redirectUri" rows="4" style="height: auto">{{data.redirectUri}}</textarea>
Hudell marked this conversation as resolved.
Show resolved Hide resolved
<div class="settings-description secondary-font-color">{{_ "After_OAuth2_authentication_users_will_be_redirected_to_this_URL"}}</div>
Hudell marked this conversation as resolved.
Show resolved Hide resolved
</div>
</div>
Expand Down
21 changes: 21 additions & 0 deletions app/oauth2-server-config/server/admin/functions/parseUriList.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
export const parseUriList = (userUri) => {
if (userUri.indexOf('\n') < 0 && userUri.indexOf(',') < 0) {
return userUri;
}

const uriList = [];
userUri.split(/[,\n]/).forEach((item) => {
const uri = item.trim();
if (uri === '') {
return;
}

uriList.push(uri);
});

if (uriList.length === 1) {
return uriList.pop();
Hudell marked this conversation as resolved.
Show resolved Hide resolved
}

return uriList;
};
8 changes: 8 additions & 0 deletions app/oauth2-server-config/server/admin/methods/addOAuthApp.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import _ from 'underscore';

import { hasPermission } from '../../../../authorization';
import { Users, OAuthApps } from '../../../../models';
import { parseUriList } from '../functions/parseUriList';

Meteor.methods({
addOAuthApp(application) {
Expand All @@ -19,6 +20,13 @@ Meteor.methods({
if (!_.isBoolean(application.active)) {
throw new Meteor.Error('error-invalid-arguments', 'Invalid arguments', { method: 'addOAuthApp' });
}

application.redirectUri = parseUriList(application.redirectUri);

if (Array.isArray(application.redirectUri) && application.redirectUri.length === 0) {
throw new Meteor.Error('error-invalid-redirectUri', 'Invalid redirectUri', { method: 'addOAuthApp' });
}

application.clientId = Random.id();
application.clientSecret = Random.secret();
application._createdAt = new Date();
Expand Down
10 changes: 9 additions & 1 deletion app/oauth2-server-config/server/admin/methods/updateOAuthApp.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import _ from 'underscore';

import { hasPermission } from '../../../../authorization';
import { OAuthApps, Users } from '../../../../models';
import { parseUriList } from '../functions/parseUriList';

Meteor.methods({
updateOAuthApp(applicationId, application) {
Expand All @@ -22,11 +23,18 @@ Meteor.methods({
if (currentApplication == null) {
throw new Meteor.Error('error-application-not-found', 'Application not found', { method: 'updateOAuthApp' });
}

const redirectUri = parseUriList(application.redirectUri);

if (Array.isArray(redirectUri) && redirectUri.length === 0) {
throw new Meteor.Error('error-invalid-redirectUri', 'Invalid redirectUri', { method: 'updateOAuthApp' });
}

OAuthApps.update(applicationId, {
$set: {
name: application.name,
active: application.active,
redirectUri: application.redirectUri,
redirectUri,
_updatedAt: new Date(),
_updatedBy: Users.findOne(this.userId, {
fields: {
Expand Down