-
Notifications
You must be signed in to change notification settings - Fork 10.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'upgradeTab' of github.com:RocketChat/Rocket.Chat into i…
…framePageUpgrade * 'upgradeTab' of github.com:RocketChat/Rocket.Chat: [FIX] Ignore customClass on messages (#24845) [FIX] Apple OAuth (#24879) Language update from LingoHub 🤖 (#24895) [IMPROVE] New omnichannel statistics and async statistics processing. (#24749) [FIX] Missing dependency on useEffect at CallProvider (#24882) Chore: Fix MongoDB versions on release notes (#24877) [FIX] auto-join team channels not honoring user preferences (#24779) Bump pino from 7.8.1 to 7.9.1 in /ee/server/services (#24869) Bump pino-pretty from 7.5.3 to 7.5.4 in /ee/server/services (#24870) [FIX] Disable voip button when call is in progress (#24864) [FIX] Broken build caused by PRs modifying same file differently(#24863) Regression: Role Sync not always working (#24850) [FIX] Match SidebarFooter component with design (#24838) [IMPROVE] Standarize queue behavior for managers and agents when subscribing (#24837) [FIX] VoIP button gets disabled whenever user status changes (#24789) [FIX] Wrong param usage on queue summary call (#24799)
- Loading branch information
Showing
44 changed files
with
701 additions
and
457 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
import { CustomOAuth } from '../../custom-oauth/client/custom_oauth_client'; | ||
import { config } from '../lib/config'; | ||
|
||
new CustomOAuth('apple', config); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
export const config = { | ||
serverURL: 'https://appleid.apple.com', | ||
authorizePath: '/auth/authorize?response_mode=form_post', | ||
responseType: 'code id_token', | ||
tokenPath: '/auth/token', | ||
scope: 'name email', | ||
mergeUsers: true, | ||
accessTokenParam: 'access_token', | ||
loginStyle: 'popup', | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
import { Accounts } from 'meteor/accounts-base'; | ||
import { HTTP } from 'meteor/http'; | ||
import NodeRSA from 'node-rsa'; | ||
import { KJUR } from 'jsrsasign'; | ||
|
||
import { CustomOAuth } from '../../custom-oauth/server/custom_oauth_server'; | ||
import { MeteorError } from '../../../server/sdk/errors'; | ||
|
||
const isValidAppleJWT = (identityToken: string, header: any): any => { | ||
const applePublicKeys = HTTP.get('https://appleid.apple.com/auth/keys').data.keys as any; | ||
const { kid } = header; | ||
|
||
const key = applePublicKeys.find((k: any) => k.kid === kid); | ||
|
||
const pubKey = new NodeRSA(); | ||
pubKey.importKey({ n: Buffer.from(key.n, 'base64'), e: Buffer.from(key.e, 'base64') }, 'components-public'); | ||
const userKey = pubKey.exportKey('public'); | ||
|
||
try { | ||
return KJUR.jws.JWS.verify(identityToken, userKey, ['RS256']); | ||
} catch { | ||
return false; | ||
} | ||
}; | ||
|
||
export class AppleCustomOAuth extends CustomOAuth { | ||
getIdentity(_accessToken: string, query: Record<string, any>): any { | ||
const { id_token: identityToken, user: userStr = '' } = query; | ||
|
||
let user = {} as any; | ||
try { | ||
user = JSON.parse(userStr); | ||
} catch (e) { | ||
// ignore | ||
} | ||
|
||
const decodedToken = KJUR.jws.JWS.parse(identityToken); | ||
|
||
if (!isValidAppleJWT(identityToken, decodedToken.headerObj)) { | ||
return { | ||
type: 'apple', | ||
error: new MeteorError(Accounts.LoginCancelledError.numericError, 'identityToken is a invalid JWT'), | ||
}; | ||
} | ||
|
||
const { iss, sub, email } = decodedToken.payloadObj as any; | ||
if (!iss) { | ||
return { | ||
type: 'apple', | ||
error: new MeteorError(Accounts.LoginCancelledError.numericError, 'Insufficient data in auth response token'), | ||
}; | ||
} | ||
|
||
const serviceData = { | ||
id: sub, | ||
email, | ||
name: '', | ||
}; | ||
|
||
if (email) { | ||
serviceData.email = email; | ||
} | ||
|
||
if (user?.name) { | ||
serviceData.name = `${user.name.firstName}${user.name.middleName ? ` ${user.name.middleName}` : ''}${ | ||
user.name.lastName ? ` ${user.name.lastName}` : '' | ||
}`; | ||
} | ||
|
||
return serviceData; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
File renamed without changes.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
export class CustomOAuth { | ||
constructor(name: string, options: Record<string, any>); | ||
|
||
getIdentity(accessToken: string, query: Record<string, any>): any; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.