From 7bbc2e64e83b3f1c5ecd3fc506b0a3c36080fa65 Mon Sep 17 00:00:00 2001 From: Rolf Schmidt Date: Fri, 26 Nov 2021 11:37:16 +0100 Subject: [PATCH] Fixes #3622 - Display callback urls for third-party applications. --- .../_ui_element/auth_provider.coffee | 9 +++ .../app/views/generic/auth_provider.jst.eco | 1 + ...211123144240_issue3622_add_callback_url.rb | 30 +++++++++ db/seeds/settings.rb | 63 +++++++++++++++++++ i18n/zammad.pot | 1 + .../issue_3622_add_callback_url_spec.rb | 23 +++++++ spec/system/settings/security_spec.rb | 28 +++++++++ 7 files changed, 155 insertions(+) create mode 100644 app/assets/javascripts/app/controllers/_ui_element/auth_provider.coffee create mode 100644 app/assets/javascripts/app/views/generic/auth_provider.jst.eco create mode 100644 db/migrate/20211123144240_issue3622_add_callback_url.rb create mode 100644 spec/db/migrate/issue_3622_add_callback_url_spec.rb diff --git a/app/assets/javascripts/app/controllers/_ui_element/auth_provider.coffee b/app/assets/javascripts/app/controllers/_ui_element/auth_provider.coffee new file mode 100644 index 000000000..07900dedd --- /dev/null +++ b/app/assets/javascripts/app/controllers/_ui_element/auth_provider.coffee @@ -0,0 +1,9 @@ +# coffeelint: disable=camel_case_classes +class App.UiElement.auth_provider + @render: (attribute) -> + for key, value of App.Config.get('auth_provider_all') + continue if value.config isnt attribute.provider + attribute.value = "#{App.Config.get('http_type')}://#{App.Config.get('fqdn')}#{value.url}/callback" + break + + $( App.view('generic/auth_provider')( attribute: attribute ) ) diff --git a/app/assets/javascripts/app/views/generic/auth_provider.jst.eco b/app/assets/javascripts/app/views/generic/auth_provider.jst.eco new file mode 100644 index 000000000..0447f0ce6 --- /dev/null +++ b/app/assets/javascripts/app/views/generic/auth_provider.jst.eco @@ -0,0 +1 @@ + diff --git a/db/migrate/20211123144240_issue3622_add_callback_url.rb b/db/migrate/20211123144240_issue3622_add_callback_url.rb new file mode 100644 index 000000000..29358d9f1 --- /dev/null +++ b/db/migrate/20211123144240_issue3622_add_callback_url.rb @@ -0,0 +1,30 @@ +# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/ + +class Issue3622AddCallbackUrl < ActiveRecord::Migration[6.0] + def change + return if !Setting.exists?(name: 'system_init_done') + + configs = { + auth_twitter_credentials: 'auth_twitter', + auth_facebook_credentials: 'auth_facebook', + auth_google_oauth2_credentials: 'auth_google_oauth2', + auth_linkedin_credentials: 'auth_linkedin', + auth_github_credentials: 'auth_github', + auth_gitlab_credentials: 'auth_gitlab', + auth_microsoft_office365_credentials: 'auth_microsoft_office365', + auth_weibo_credentials: 'auth_weibo', + auth_saml_credentials: 'auth_saml', + } + configs.each do |key, value| + config = Setting.find_by(name: key) + config.options['form'] << { + 'display' => 'Your callback URL', + 'null' => true, + 'name' => 'callback_url', + 'tag' => 'auth_provider', + 'provider' => value + } + config.save! + end + end +end diff --git a/db/seeds/settings.rb b/db/seeds/settings.rb index b4a05800c..85f929647 100644 --- a/db/seeds/settings.rb +++ b/db/seeds/settings.rb @@ -1286,6 +1286,13 @@ Setting.create_if_not_exists( name: 'secret', tag: 'input', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_twitter', + }, ], }, state: {}, @@ -1343,6 +1350,13 @@ Setting.create_if_not_exists( name: 'app_secret', tag: 'input', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_facebook', + }, ], }, state: {}, @@ -1400,6 +1414,13 @@ Setting.create_if_not_exists( name: 'client_secret', tag: 'input', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_google_oauth2', + }, ], }, state: {}, @@ -1457,6 +1478,13 @@ Setting.create_if_not_exists( name: 'app_secret', tag: 'input', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_linkedin', + }, ], }, state: {}, @@ -1514,6 +1542,13 @@ Setting.create_if_not_exists( name: 'app_secret', tag: 'input', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_github', + }, ], }, state: {}, @@ -1578,6 +1613,13 @@ Setting.create_if_not_exists( tag: 'input', placeholder: 'https://gitlab.YOURDOMAIN.com/api/v4/', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_gitlab', + }, ], }, state: {}, @@ -1642,6 +1684,13 @@ Setting.create_if_not_exists( tag: 'input', placeholder: 'common', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_microsoft_office365', + }, ], }, state: {}, @@ -1698,6 +1747,13 @@ Setting.create_if_not_exists( name: 'client_secret', tag: 'input', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_weibo', + }, ], }, state: {}, @@ -1770,6 +1826,13 @@ Setting.create_if_not_exists( tag: 'input', placeholder: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', }, + { + display: __('Your callback URL'), + null: true, + name: 'callback_url', + tag: 'auth_provider', + provider: 'auth_saml', + }, ], }, state: {}, diff --git a/i18n/zammad.pot b/i18n/zammad.pot index 6299b46d2..6418b535a 100644 --- a/i18n/zammad.pot +++ b/i18n/zammad.pot @@ -10661,6 +10661,7 @@ msgstr "" #: app/assets/javascripts/app/views/google/app_config.jst.eco #: app/assets/javascripts/app/views/microsoft365/app_config.jst.eco #: app/assets/javascripts/app/views/twitter/app_config.jst.eco +#: db/seeds/settings.rb msgid "Your callback URL" msgstr "" diff --git a/spec/db/migrate/issue_3622_add_callback_url_spec.rb b/spec/db/migrate/issue_3622_add_callback_url_spec.rb new file mode 100644 index 000000000..6d6bbf84c --- /dev/null +++ b/spec/db/migrate/issue_3622_add_callback_url_spec.rb @@ -0,0 +1,23 @@ +# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/ + +require 'rails_helper' + +RSpec.describe Issue3622AddCallbackUrl, type: :db_migration do + let(:field) do + { + 'display' => 'Your callback URL', + 'null' => true, + 'name' => 'callback_url', + 'tag' => 'auth_provider', + 'provider' => 'auth_twitter' + } + end + + before do + migrate + end + + it 'does update settings correctly' do + expect(Setting.find_by(name: 'auth_twitter_credentials').options['form']).to include(field) + end +end diff --git a/spec/system/settings/security_spec.rb b/spec/system/settings/security_spec.rb index 4449ef959..dfa2c4e49 100644 --- a/spec/system/settings/security_spec.rb +++ b/spec/system/settings/security_spec.rb @@ -68,12 +68,32 @@ RSpec.describe 'Manage > Settings > Security', type: :system do end end + shared_examples 'Display callback urls for third-party applications #3622' do + def callback_url + page.evaluate_script("$('[data-name=#{app_setting}]').closest('.page-header').parent().find('[data-attribute-name=callback_url] input').val()") + end + + context 'Display callback urls for third-party applications #3622', authenticated_as: true do + before do + visit '/#settings/security' + within :active_content do + click 'a[href="#third_party_auth"]' + end + end + + it 'does have a filled callback url' do + expect(callback_url).to be_present + end + end + end + describe 'Authentication via Facebook' do let(:app_name) { 'Facebook' } let(:app_setting) { 'auth_facebook' } include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end describe 'Authentication via Github' do @@ -82,6 +102,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end describe 'Authentication via GitLab' do @@ -90,6 +111,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end describe 'Authentication via Google' do @@ -98,6 +120,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end describe 'Authentication via LinkedIn' do @@ -106,6 +129,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end describe 'Authentication via Office 365' do @@ -114,6 +138,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end describe 'Authentication via SAML' do @@ -122,6 +147,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end describe 'Authentication via SSO' do @@ -138,6 +164,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end describe 'Authentication via Weibo' do @@ -146,6 +173,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do include_examples 'for third-party applications button in login page' include_examples 'for third-party applications settings' + include_examples 'Display callback urls for third-party applications #3622' end end end