Fixes #3622 - Display callback urls for third-party applications.

app/assets/javascripts/app/controllers/_ui_element/auth_provider.coffee

@@ -0,0 +1,9 @@
+# coffeelint: disable=camel_case_classes
+class App.UiElement.auth_provider
+  @render: (attribute) ->
+    for key, value of App.Config.get('auth_provider_all')
+      continue if value.config isnt attribute.provider
+      attribute.value = "#{App.Config.get('http_type')}://#{App.Config.get('fqdn')}#{value.url}/callback"
+      break
+
+    $( App.view('generic/auth_provider')( attribute: attribute ) )

app/assets/javascripts/app/views/generic/auth_provider.jst.eco

@@ -0,0 +1 @@
+<input type="text" disabled="disabled" readonly="readonly" value="<%= @attribute.value %>" class="form-control" />

db/migrate/20211123144240_issue3622_add_callback_url.rb

@@ -0,0 +1,30 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class Issue3622AddCallbackUrl < ActiveRecord::Migration[6.0]
+  def change
+    return if !Setting.exists?(name: 'system_init_done')
+
+    configs = {
+      auth_twitter_credentials:             'auth_twitter',
+      auth_facebook_credentials:            'auth_facebook',
+      auth_google_oauth2_credentials:       'auth_google_oauth2',
+      auth_linkedin_credentials:            'auth_linkedin',
+      auth_github_credentials:              'auth_github',
+      auth_gitlab_credentials:              'auth_gitlab',
+      auth_microsoft_office365_credentials: 'auth_microsoft_office365',
+      auth_weibo_credentials:               'auth_weibo',
+      auth_saml_credentials:                'auth_saml',
+    }
+    configs.each do |key, value|
+      config = Setting.find_by(name: key)
+      config.options['form'] << {
+        'display'  => 'Your callback URL',
+        'null'     => true,
+        'name'     => 'callback_url',
+        'tag'      => 'auth_provider',
+        'provider' => value
+      }
+      config.save!
+    end
+  end
+end

db/seeds/settings.rb

@@ -1286,6 +1286,13 @@ Setting.create_if_not_exists(
         name:    'secret',
         tag:     'input',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_twitter',
+      },
     ],
   },
   state:       {},
@@ -1343,6 +1350,13 @@ Setting.create_if_not_exists(
         name:    'app_secret',
         tag:     'input',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_facebook',
+      },
     ],
   },
   state:       {},
@@ -1400,6 +1414,13 @@ Setting.create_if_not_exists(
         name:    'client_secret',
         tag:     'input',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_google_oauth2',
+      },
     ],
   },
   state:       {},
@@ -1457,6 +1478,13 @@ Setting.create_if_not_exists(
         name:    'app_secret',
         tag:     'input',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_linkedin',
+      },
     ],
   },
   state:       {},
@@ -1514,6 +1542,13 @@ Setting.create_if_not_exists(
         name:    'app_secret',
         tag:     'input',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_github',
+      },
     ],
   },
   state:       {},
@@ -1578,6 +1613,13 @@ Setting.create_if_not_exists(
         tag:         'input',
         placeholder: 'https://gitlab.YOURDOMAIN.com/api/v4/',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_gitlab',
+      },
     ],
   },
   state:       {},
@@ -1642,6 +1684,13 @@ Setting.create_if_not_exists(
         tag:         'input',
         placeholder: 'common',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_microsoft_office365',
+      },
     ],
   },
   state:       {},
@@ -1698,6 +1747,13 @@ Setting.create_if_not_exists(
         name:    'client_secret',
         tag:     'input',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_weibo',
+      },
     ],
   },
   state:       {},
@@ -1770,6 +1826,13 @@ Setting.create_if_not_exists(
         tag:         'input',
         placeholder: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
       },
+      {
+        display:  __('Your callback URL'),
+        null:     true,
+        name:     'callback_url',
+        tag:      'auth_provider',
+        provider: 'auth_saml',
+      },
     ],
   },
   state:       {},

i18n/zammad.pot

@@ -10661,6 +10661,7 @@ msgstr ""
 #: app/assets/javascripts/app/views/google/app_config.jst.eco
 #: app/assets/javascripts/app/views/microsoft365/app_config.jst.eco
 #: app/assets/javascripts/app/views/twitter/app_config.jst.eco
+#: db/seeds/settings.rb
 msgid "Your callback URL"
 msgstr ""
 

spec/db/migrate/issue_3622_add_callback_url_spec.rb

@@ -0,0 +1,23 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe Issue3622AddCallbackUrl, type: :db_migration do
+  let(:field) do
+    {
+      'display'  => 'Your callback URL',
+      'null'     => true,
+      'name'     => 'callback_url',
+      'tag'      => 'auth_provider',
+      'provider' => 'auth_twitter'
+    }
+  end
+
+  before do
+    migrate
+  end
+
+  it 'does update settings correctly' do
+    expect(Setting.find_by(name: 'auth_twitter_credentials').options['form']).to include(field)
+  end
+end

spec/system/settings/security_spec.rb

@@ -68,12 +68,32 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
       end
     end
 
+    shared_examples 'Display callback urls for third-party applications #3622' do
+      def callback_url
+        page.evaluate_script("$('[data-name=#{app_setting}]').closest('.page-header').parent().find('[data-attribute-name=callback_url] input').val()")
+      end
+
+      context 'Display callback urls for third-party applications #3622', authenticated_as: true do
+        before do
+          visit '/#settings/security'
+          within :active_content do
+            click 'a[href="#third_party_auth"]'
+          end
+        end
+
+        it 'does have a filled callback url' do
+          expect(callback_url).to be_present
+        end
+      end
+    end
+
     describe 'Authentication via Facebook' do
       let(:app_name) { 'Facebook' }
       let(:app_setting) { 'auth_facebook' }
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
 
     describe 'Authentication via Github' do
@@ -82,6 +102,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
 
     describe 'Authentication via GitLab' do
@@ -90,6 +111,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
 
     describe 'Authentication via Google' do
@@ -98,6 +120,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
 
     describe 'Authentication via LinkedIn' do
@@ -106,6 +129,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
 
     describe 'Authentication via Office 365' do
@@ -114,6 +138,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
 
     describe 'Authentication via SAML' do
@@ -122,6 +147,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
 
     describe 'Authentication via SSO' do
@@ -138,6 +164,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
 
     describe 'Authentication via Weibo' do
@@ -146,6 +173,7 @@ RSpec.describe 'Manage > Settings > Security', type: :system do
 
       include_examples 'for third-party applications button in login page'
       include_examples 'for third-party applications settings'
+      include_examples 'Display callback urls for third-party applications #3622'
     end
   end
 end