diff --git a/cypress/e2e/integration-manager/get-openid-token.spec.ts b/cypress/e2e/integration-manager/get-openid-token.spec.ts new file mode 100644 index 0000000000..6f4f977c36 --- /dev/null +++ b/cypress/e2e/integration-manager/get-openid-token.spec.ts @@ -0,0 +1,143 @@ +/* +Copyright 2022 The Matrix.org Foundation C.I.C. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +/// + +import { SynapseInstance } from "../../plugins/synapsedocker"; +import { UserCredentials } from "../../support/login"; + +const ROOM_NAME = "Integration Manager Test"; +const USER_DISPLAY_NAME = "Alice"; + +const INTEGRATION_MANAGER_TOKEN = "DefinitelySecret_DoNotUseThisForReal"; +const INTEGRATION_MANAGER_HTML = ` + + + Fake Integration Manager + + + + +

No response

+ + + +`; + +function openIntegrationManager() { + cy.get(".mx_RightPanel_roomSummaryButton").click(); + cy.get(".mx_RoomSummaryCard_appsGroup").within(() => { + cy.contains("Add widgets, bridges & bots").click(); + }); +} + +function sendActionFromIntegrationManager(integrationManagerUrl: string) { + cy.accessIframe(`iframe[src*="${integrationManagerUrl}"]`).within(() => { + cy.get("#send-action").should("exist").click(); + }); +} + +describe("Integration Manager: Get OpenID Token", () => { + let testUser: UserCredentials; + let synapse: SynapseInstance; + let integrationManagerUrl: string; + + beforeEach(() => { + cy.serveHtmlFile(INTEGRATION_MANAGER_HTML).then(url => { + integrationManagerUrl = url; + }); + cy.startSynapse("default").then(data => { + synapse = data; + + cy.initTestUser(synapse, USER_DISPLAY_NAME, () => { + cy.window().then(win => { + win.localStorage.setItem("mx_scalar_token", INTEGRATION_MANAGER_TOKEN); + win.localStorage.setItem(`mx_scalar_token_at_${integrationManagerUrl}`, INTEGRATION_MANAGER_TOKEN); + }); + }).then(user => { + testUser = user; + }); + + cy.setAccountData("m.widgets", { + "m.integration_manager": { + content: { + type: "m.integration_manager", + name: "Integration Manager", + url: integrationManagerUrl, + data: { + api_url: integrationManagerUrl, + }, + }, + id: "integration-manager", + }, + }).as("integrationManager"); + + // Succeed when checking the token is valid + cy.intercept(`${integrationManagerUrl}/account?scalar_token=${INTEGRATION_MANAGER_TOKEN}*`, req => { + req.continue(res => { + return res.send(200, { + user_id: testUser.userId, + }); + }); + }); + + cy.createRoom({ + name: ROOM_NAME, + }).as("roomId"); + }); + }); + + afterEach(() => { + cy.stopSynapse(synapse); + cy.stopWebServers(); + }); + + it("should successfully obtain an openID token", () => { + cy.all([ + cy.get<{}>("@integrationManager"), + ]).then(() => { + cy.viewRoomByName(ROOM_NAME); + + openIntegrationManager(); + sendActionFromIntegrationManager(integrationManagerUrl); + + cy.accessIframe(`iframe[src*="${integrationManagerUrl}"]`).within(() => { + cy.get("#message-response").should('include.text', 'access_token'); + }); + }); + }); +}); diff --git a/src/ScalarMessaging.ts b/src/ScalarMessaging.ts index 72ff94d4d3..2b0c874490 100644 --- a/src/ScalarMessaging.ts +++ b/src/ScalarMessaging.ts @@ -376,7 +376,7 @@ function kickUser(event: MessageEvent, roomId: string, userId: string): voi }); } -function setWidget(event: MessageEvent, roomId: string): void { +function setWidget(event: MessageEvent, roomId: string | null): void { const widgetId = event.data.widget_id; let widgetType = event.data.type; const widgetUrl = event.data.url; @@ -435,6 +435,7 @@ function setWidget(event: MessageEvent, roomId: string): void { } else { // Room widget if (!roomId) { sendError(event, _t('Missing roomId.'), null); + return; } WidgetUtils.setRoomWidget(roomId, widgetId, widgetType, widgetUrl, widgetName, widgetData, widgetAvatarUrl) .then(() => { @@ -651,7 +652,7 @@ function returnStateEvent(event: MessageEvent, roomId: string, eventType: s async function getOpenIdToken(event: MessageEvent) { try { - const tokenObject = MatrixClientPeg.get().getOpenIdToken(); + const tokenObject = await MatrixClientPeg.get().getOpenIdToken(); sendResponse(event, tokenObject); } catch (ex) { logger.warn("Unable to fetch openId token.", ex); @@ -706,15 +707,15 @@ const onMessage = function(event: MessageEvent): void { if (!roomId) { // These APIs don't require roomId - // Get and set user widgets (not associated with a specific room) - // If roomId is specified, it must be validated, so room-based widgets agreed - // handled further down. if (event.data.action === Action.GetWidgets) { getWidgets(event, null); return; } else if (event.data.action === Action.SetWidget) { setWidget(event, null); return; + } else if (event.data.action === Action.GetOpenIdToken) { + getOpenIdToken(event); + return; } else { sendError(event, _t('Missing room_id in request')); return; @@ -776,9 +777,6 @@ const onMessage = function(event: MessageEvent): void { case Action.SetBotPower: setBotPower(event, roomId, userId, event.data.level, event.data.ignoreIfGreater); break; - case Action.GetOpenIdToken: - getOpenIdToken(event); - break; default: logger.warn("Unhandled postMessage event with action '" + event.data.action +"'"); break;