From ba27c580f41b3a05a34460f41d3f66e946a4e7fa Mon Sep 17 00:00:00 2001
From: Diego Mello <diegolmello@gmail.com>
Date: Tue, 28 Jan 2020 10:21:50 -0300
Subject: [PATCH] [FIX] Make SAML to work on Rocket.Chat < 2.3.0 (#1629)

---
 app/views/AuthenticationWebView.js | 64 ++++++++++++++----------------
 app/views/LoginSignupView.js       |  5 ++-
 2 files changed, 33 insertions(+), 36 deletions(-)

diff --git a/app/views/AuthenticationWebView.js b/app/views/AuthenticationWebView.js
index cd5f9078c..b129d821b 100644
--- a/app/views/AuthenticationWebView.js
+++ b/app/views/AuthenticationWebView.js
@@ -11,7 +11,7 @@ import StatusBar from '../containers/StatusBar';
 import ActivityIndicator from '../containers/ActivityIndicator';
 import { withTheme } from '../theme';
 import { themedHeader } from '../utils/navigation';
-import log from '../utils/log';
+import debounce from '../utils/debounce';
 
 const userAgent = isIOS
 	? 'Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1'
@@ -43,6 +43,12 @@ class AuthenticationWebView extends React.PureComponent {
 		this.redirectRegex = new RegExp(`(?=.*(${ props.server }))(?=.*(credentialToken))(?=.*(credentialSecret))`, 'g');
 	}
 
+	componentWillUnmount() {
+		if (this.debouncedLogin && this.debouncedLogin.stop) {
+			this.debouncedLogin.stop();
+		}
+	}
+
 	dismiss = () => {
 		const { navigation } = this.props;
 		navigation.pop();
@@ -65,44 +71,34 @@ class AuthenticationWebView extends React.PureComponent {
 		this.dismiss();
 	}
 
+	// eslint-disable-next-line react/sort-comp
+	debouncedLogin = debounce(params => this.login(params), 3000);
+
 	onNavigationStateChange = (webViewState) => {
-		try {
-			const url = decodeURIComponent(webViewState.url);
-
-			if (this.authType === 'cas') {
-				const { navigation } = this.props;
-				const ssoToken = navigation.getParam('ssoToken');
-				if (url.includes('ticket') || url.includes('validate')) {
-					const payload = { cas: { credentialToken: ssoToken } };
-					// We need to set a timeout when the login is done with SSO in order to make it work on our side.
-					// It is actually due to the SSO server processing the response.
-					setTimeout(() => {
-						this.login(payload);
-					}, 3000);
+		const url = decodeURIComponent(webViewState.url);
+		if (this.authType === 'saml' || this.authType === 'cas') {
+			const { navigation } = this.props;
+			const ssoToken = navigation.getParam('ssoToken');
+			if (url.includes('ticket') || url.includes('validate') || url.includes('saml_idp_credentialToken')) {
+				let payload;
+				if (this.authType === 'saml') {
+					const parsedUrl = parse(url, true);
+					const token = (parsedUrl.query && parsedUrl.query.saml_idp_credentialToken) || ssoToken;
+					const credentialToken = { credentialToken: token };
+					payload = { ...credentialToken, saml: true };
+				} else {
+					payload = { cas: { credentialToken: ssoToken } };
 				}
+				this.debouncedLogin(payload);
 			}
+		}
 
-			if (this.authType === 'saml') {
-				const parsedUrl = parse(url, true);
-				if (parsedUrl.query && parsedUrl.query.saml_idp_credentialToken) {
-					const payload = { credentialToken: parsedUrl.query.saml_idp_credentialToken, saml: true };
-					// We need to set a timeout when the login is done with SSO in order to make it work on our side.
-					// It is actually due to the SSO server processing the response.
-					setTimeout(() => {
-						this.login(payload);
-					}, 3000);
-				}
+		if (this.authType === 'oauth') {
+			if (this.redirectRegex.test(url)) {
+				const parts = url.split('#');
+				const credentials = JSON.parse(parts[1]);
+				this.login({ oauth: { ...credentials } });
 			}
-
-			if (this.authType === 'oauth') {
-				if (this.redirectRegex.test(url)) {
-					const parts = url.split('#');
-					const credentials = JSON.parse(parts[1]);
-					this.login({ oauth: { ...credentials } });
-				}
-			}
-		} catch (e) {
-			log(e);
 		}
 	}
 
diff --git a/app/views/LoginSignupView.js b/app/views/LoginSignupView.js
index 09e0462dd..937596e55 100644
--- a/app/views/LoginSignupView.js
+++ b/app/views/LoginSignupView.js
@@ -250,8 +250,9 @@ class LoginSignupView extends React.Component {
 		const { server } = this.props;
 		const {	clientConfig } = loginService;
 		const {	provider } = clientConfig;
-		const url = `${ server }/_saml/authorize/${ provider }/`;
-		this.openOAuth({ url, authType: 'saml' });
+		const ssoToken = random(17);
+		const url = `${ server }/_saml/authorize/${ provider }/${ ssoToken }`;
+		this.openOAuth({ url, ssoToken, authType: 'saml' });
 	}
 
 	onPressCas = () => {