From d762c2f068796de871555e496413f9a675cded47 Mon Sep 17 00:00:00 2001
From: Armin Felder <Armin.Felder@gmail.com>
Date: Sun, 8 Nov 2020 15:05:37 +0100
Subject: [PATCH] some small fixes
---
Dockerfile | 15 ++++++++++++--
index.html | 61 ++++++++++++++++++++++++++----------------------------
init.sh | 5 +++++
3 files changed, 47 insertions(+), 34 deletions(-)
create mode 100644 init.sh
diff --git a/Dockerfile b/Dockerfile
index 632fd5a..c3bedba 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,17 @@
FROM nginxinc/nginx-unprivileged:1.19.2
-COPY index.html /usr/share/nginx/html
-COPY bower_components /usr/share/nginx/html/bower_components
+ENV RC_OIDC_METHOD_NAME ""
+USER root
+RUN mkdir -p /usr/share/nginx/html/prebind/bower_components
+COPY index.html /usr/share/nginx/html/prebind/index.tmpl
+COPY bower_components /usr/share/nginx/html/prebind/bower_components
+COPY init.sh /
+
+RUN chown 101 /usr/share/nginx/html -R
+RUN chmod +x /init.sh
+
+USER 101
+
+CMD ["/init.sh"]
diff --git a/index.html b/index.html
index cc1629f..c1660ab 100644
--- a/index.html
+++ b/index.html
@@ -2,7 +2,7 @@
<html lang="en">
<head>
<meta charset="UTF-8">
- <title>RocketChat PVP2 preBind Service</title>
+ <title>RocketChat preBind Service</title>
<script src="bower_components/ddp.js/src/ddp.js"></script>
<script src="bower_components/q/q.js"></script>
<script src="bower_components/asteroid/dist/asteroid.browser.js"></script>
@@ -10,6 +10,14 @@
<script>
var secure = window.location.protocol === "https:";
var host = window.location.hostname;
+ var query = window.location.search;
+ var urlParams = new URLSearchParams(query);
+ var path = urlParams.get("path");
+ var redirectPath = ""
+ if (path !== null){
+ redirectPath = path;
+ }
+ var idpHint = urlParams.get("idp_hint");
var authorizePath = "";
var clientId = "";
@@ -17,6 +25,10 @@
var serverURL = "";
var tokenPath = "";
+ var rcOauthMethodName = "${RC_OIDC_METHOD_NAME}";
+ var idpHintParam = "${IDP_HINT_PARAM}"
+
+
var token = "";
var secret = "";
@@ -25,7 +37,7 @@
var client = new Asteroid(host, secure);
var redirectToRC = function () {
- window.location = window.location.protocol+"//"+window.location.hostname;
+ window.location = window.location.protocol+"//"+window.location.hostname+redirectPath;
};
var getCookieObj = function(){
@@ -35,9 +47,9 @@
for(var i=0; i<cookieList.length; i++){
var cookie = cookieList[i];
- if(cookie != "") {
+ if(cookie !== "") {
var cookieSplit = cookie.split("=");
- if(cookieSplit[0] != "" && cookieSplit[1] != "") {
+ if(cookieSplit[0] !== "" && cookieSplit[1] !== "") {
cookieObj[cookieSplit[0].trim()] = cookieSplit[1].trim();
}
}
@@ -70,7 +82,7 @@
if (popupClosed) {
clearInterval(checkPopupOpen);
var secret = localStorage.getItem('Meteor.oauth.credentialSecret-'+token);
- if(token != "" && secret != "") {
+ if(token !== "" && secret !== "") {
LoginWithOpenId(url, token, secret);
}
}
@@ -81,37 +93,18 @@
var iframe = document.getElementById("idpIframe");
iframe.src = url;
- var checkIframeState = setInterval(function(){
- var src = "";
- try {
- src = iframe.contentDocument.location.href;
- }
+ iframe.addEventListener("load",function (){
+ src = iframe.contentDocument.location.href;
if(src.startsWith(redirectUrl)){
- clearInterval(checkIframeState);
var secret = localStorage.getItem('Meteor.oauth.credentialSecret-'+token);
- if(token != "" && secret != "") {
+ if(token !== "" && secret !== "") {
LoginWithOpenId(url, token, secret);
}
}
- }, 100);
+ });
};
- var trySessionRestore = function(){
- var cookieObj = getCookieObj();
- if (cookieObj && cookieObj["rc_uid"] && cookieObj["rc_token"]){
- client.ddp.method("login",[{"resume":cookieObj["rc_token"]}], function(error, data){
- console.log(error);
- if(error === undefined) {
- redirectToRC();
- }else{
- initSamlLogin();
- }
- })
- }else{
- initSamlLogin();
- }
- };
var LoginWithOpenId = function(url, token, secret){
var urlSegements = url.split("/");
@@ -120,7 +113,7 @@
"credentialToken": token,
"credentialSecret": secret
}}],function(error,data){
- if(error == undefined){
+ if(error === undefined){
var date = new Date();
date.setMilliseconds(date.getMilliseconds()+(86400*1000));
document.cookie = "rc_uid="+data["id"]+";expires=session;path=/";
@@ -167,7 +160,7 @@
var generateOIDUrl = function(serverUrl,authorizePath,clientId ){
var hostname = window.location.protocol;
- redirectUrl = window.location.protocol+"//"+window.location.hostname+"/_oauth/fairlogin";
+ redirectUrl = window.location.protocol+"//"+window.location.hostname+"/_oauth/"+rcOauthMethodName;
var chars = "abcdefghijklmnopqrstuvwxyz0123456789";
token = "";
for(var i=0; i<32; i++){
@@ -183,6 +176,10 @@
var oidUrl = serverUrl+authorizePath+"?client_id="+clientId+"&redirect_uri="
+redirectUrl+"&response_type=code&state="+b64+"&scope=openid";
+ if(idpHintParam !== "" && idpHint !== null){
+ oidUrl += "&"+idpHintParam+"="+idpHint;
+ }
+
return oidUrl;
};
@@ -197,7 +194,7 @@
if(fields && fields["service"] && fields["authorizePath"]&&
fields["clientId"]&&fields["identityPath"]&&fields["serverURL"]&&
fields["tokenPath"]){
- if(fields["service"] === "fairlogin") {
+ if(fields["service"] === rcOauthMethodName) {
authorizePath = fields["authorizePath"];
clientId = fields["clientId"];
identityPath = fields["identityPath"];
@@ -219,4 +216,4 @@
<iframe id="idpIframe" src=""></iframe>
</body>
-</html>
\ No newline at end of file
+</html>
diff --git a/init.sh b/init.sh
new file mode 100644
index 0000000..4f09642
--- /dev/null
+++ b/init.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+cat /usr/share/nginx/html/prebind/index.tmpl | envsubst '${RC_OIDC_METHOD_NAME} ${IDP_HINT_PARAM}' > /usr/share/nginx/html/prebind/index.html
+
+nginx -g "daemon off;"
--
GitLab