From ba27c580f41b3a05a34460f41d3f66e946a4e7fa Mon Sep 17 00:00:00 2001 From: Diego Mello Date: Tue, 28 Jan 2020 10:21:50 -0300 Subject: [PATCH] [FIX] Make SAML to work on Rocket.Chat < 2.3.0 (#1629) --- app/views/AuthenticationWebView.js | 64 ++++++++++++++---------------- app/views/LoginSignupView.js | 5 ++- 2 files changed, 33 insertions(+), 36 deletions(-) diff --git a/app/views/AuthenticationWebView.js b/app/views/AuthenticationWebView.js index cd5f9078..b129d821 100644 --- a/app/views/AuthenticationWebView.js +++ b/app/views/AuthenticationWebView.js @@ -11,7 +11,7 @@ import StatusBar from '../containers/StatusBar'; import ActivityIndicator from '../containers/ActivityIndicator'; import { withTheme } from '../theme'; import { themedHeader } from '../utils/navigation'; -import log from '../utils/log'; +import debounce from '../utils/debounce'; const userAgent = isIOS ? 'Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1' @@ -43,6 +43,12 @@ class AuthenticationWebView extends React.PureComponent { this.redirectRegex = new RegExp(`(?=.*(${ props.server }))(?=.*(credentialToken))(?=.*(credentialSecret))`, 'g'); } + componentWillUnmount() { + if (this.debouncedLogin && this.debouncedLogin.stop) { + this.debouncedLogin.stop(); + } + } + dismiss = () => { const { navigation } = this.props; navigation.pop(); @@ -65,44 +71,34 @@ class AuthenticationWebView extends React.PureComponent { this.dismiss(); } + // eslint-disable-next-line react/sort-comp + debouncedLogin = debounce(params => this.login(params), 3000); + onNavigationStateChange = (webViewState) => { - try { - const url = decodeURIComponent(webViewState.url); - - if (this.authType === 'cas') { - const { navigation } = this.props; - const ssoToken = navigation.getParam('ssoToken'); - if (url.includes('ticket') || url.includes('validate')) { - const payload = { cas: { credentialToken: ssoToken } }; - // We need to set a timeout when the login is done with SSO in order to make it work on our side. - // It is actually due to the SSO server processing the response. - setTimeout(() => { - this.login(payload); - }, 3000); + const url = decodeURIComponent(webViewState.url); + if (this.authType === 'saml' || this.authType === 'cas') { + const { navigation } = this.props; + const ssoToken = navigation.getParam('ssoToken'); + if (url.includes('ticket') || url.includes('validate') || url.includes('saml_idp_credentialToken')) { + let payload; + if (this.authType === 'saml') { + const parsedUrl = parse(url, true); + const token = (parsedUrl.query && parsedUrl.query.saml_idp_credentialToken) || ssoToken; + const credentialToken = { credentialToken: token }; + payload = { ...credentialToken, saml: true }; + } else { + payload = { cas: { credentialToken: ssoToken } }; } + this.debouncedLogin(payload); } + } - if (this.authType === 'saml') { - const parsedUrl = parse(url, true); - if (parsedUrl.query && parsedUrl.query.saml_idp_credentialToken) { - const payload = { credentialToken: parsedUrl.query.saml_idp_credentialToken, saml: true }; - // We need to set a timeout when the login is done with SSO in order to make it work on our side. - // It is actually due to the SSO server processing the response. - setTimeout(() => { - this.login(payload); - }, 3000); - } + if (this.authType === 'oauth') { + if (this.redirectRegex.test(url)) { + const parts = url.split('#'); + const credentials = JSON.parse(parts[1]); + this.login({ oauth: { ...credentials } }); } - - if (this.authType === 'oauth') { - if (this.redirectRegex.test(url)) { - const parts = url.split('#'); - const credentials = JSON.parse(parts[1]); - this.login({ oauth: { ...credentials } }); - } - } - } catch (e) { - log(e); } } diff --git a/app/views/LoginSignupView.js b/app/views/LoginSignupView.js index 09e0462d..937596e5 100644 --- a/app/views/LoginSignupView.js +++ b/app/views/LoginSignupView.js @@ -250,8 +250,9 @@ class LoginSignupView extends React.Component { const { server } = this.props; const { clientConfig } = loginService; const { provider } = clientConfig; - const url = `${ server }/_saml/authorize/${ provider }/`; - this.openOAuth({ url, authType: 'saml' }); + const ssoToken = random(17); + const url = `${ server }/_saml/authorize/${ provider }/${ ssoToken }`; + this.openOAuth({ url, ssoToken, authType: 'saml' }); } onPressCas = () => {