Merge branch 'develop' into update-meteor-2.5.2

sampaiodiego · web-flow · commit 6a46e57bf023 · 2022-01-14T15:18:56.000-03:00
diff --git a/app/apple/server/appleOauthRegisterService.ts b/app/apple/server/appleOauthRegisterService.ts
@@ -0,0 +1,76 @@
+import { KJUR } from 'jsrsasign';
+import { ServiceConfiguration } from 'meteor/service-configuration';
+
+import { CustomOAuth } from '../../custom-oauth/server/custom_oauth_server';
+import { settings, settingsRegistry } from '../../settings/server';
+
+const config = {
+	serverURL: 'https://appleid.apple.com',
+	tokenPath: '/auth/token',
+	scope: 'name email',
+	mergeUsers: true,
+	accessTokenParam: 'access_token',
+	loginStyle: 'popup',
+};
+
+new CustomOAuth('apple', config);
+
+settingsRegistry.addGroup('OAuth', function () {
+	this.section('Apple', function () {
+		this.add('Accounts_OAuth_Apple', false, { type: 'boolean', public: true });
+
+		this.add('Accounts_OAuth_Apple_id', '', { type: 'string', public: true });
+		this.add('Accounts_OAuth_Apple_secretKey', '', { type: 'string', multiline: true });
+
+		this.add('Accounts_OAuth_Apple_iss', '', { type: 'string' });
+		this.add('Accounts_OAuth_Apple_kid', '', { type: 'string' });
+	});
+});
+
+settings.watchMultiple(
+	[
+		'Accounts_OAuth_Apple',
+		'Accounts_OAuth_Apple_id',
+		'Accounts_OAuth_Apple_secretKey',
+		'Accounts_OAuth_Apple_iss',
+		'Accounts_OAuth_Apple_kid',
+	],
+	([enabled, clientId, serverSecret, iss, kid]) => {
+		if (!enabled) {
+			return ServiceConfiguration.configurations.remove({
+				service: 'apple',
+			});
+		}
+
+		const HEADER = {
+			kid,
+			alg: 'ES256',
+		};
+
+		const tokenPayload = {
+			iss,
+			iat: Math.floor(Date.now() / 1000),
+			exp: Math.floor(Date.now() / 1000) + 300,
+			aud: 'https://appleid.apple.com',
+			sub: clientId,
+		};
+
+		const secret = KJUR.jws.JWS.sign(null, HEADER, tokenPayload, serverSecret as string);
+
+		ServiceConfiguration.configurations.upsert(
+			{
+				service: 'apple',
+			},
+			{
+				$set: {
+					// We'll hide this button on Web Client
+					showButton: false,
+					secret,
+					enabled: settings.get('Accounts_OAuth_Apple'),
+					loginStyle: 'popup',
+					clientId,
+				},
+			},
+		);
+	},
+);
diff --git a/app/apple/server/startup.ts b/app/apple/server/startup.ts
@@ -1,30 +1 @@
-import { ServiceConfiguration } from 'meteor/service-configuration';
-
-import { settings, settingsRegistry } from '../../settings/server';
-
-settingsRegistry.addGroup('OAuth', function () {
-	this.section('Apple', function () {
-		this.add('Accounts_OAuth_Apple', false, { type: 'boolean', public: true });
-	});
-});
-
-settings.watch('Accounts_OAuth_Apple', (enabled) => {
-	if (!enabled) {
-		return ServiceConfiguration.configurations.remove({
-			service: 'apple',
-		});
-	}
-
-	ServiceConfiguration.configurations.upsert(
-		{
-			service: 'apple',
-		},
-		{
-			$set: {
-				// We'll hide this button on Web Client
-				showButton: false,
-				enabled: settings.get('Accounts_OAuth_Apple'),
-			},
-		},
-	);
-});
+import './appleOauthRegisterService';
diff --git a/app/apple/server/tokenHandler.js b/app/apple/server/tokenHandler.js
@@ -25,7 +25,7 @@ const isValidAppleJWT = (identityToken, header) => {
 	}
 };
 
-export const handleIdentityToken = ({ identityToken, fullName, email }) => {
+export const handleIdentityToken = ({ identityToken, fullName = {}, email }) => {
 	check(identityToken, String);
 	check(fullName, Match.Maybe(Object));
 	check(email, Match.Maybe(String));
diff --git a/app/cors/server/cors.js b/app/cors/server/cors.js
@@ -35,7 +35,7 @@ WebApp.rawConnectHandlers.use(function (req, res, next) {
 		]
 			.filter(Boolean)
 			.join(' ');
-
+		const external = [settings.get('Accounts_OAuth_Apple') && 'https://appleid.cdn-apple.com'].filter(Boolean).join(' ');
 		res.setHeader(
 			'Content-Security-Policy',
 			[
@@ -45,7 +45,7 @@ WebApp.rawConnectHandlers.use(function (req, res, next) {
 				'frame-src *',
 				'img-src * data: blob:',
 				'media-src * data:',
-				`script-src 'self' 'unsafe-eval' ${inlineHashes} ${cdn_prefixes}`,
+				`script-src 'self' 'unsafe-eval' ${inlineHashes} ${cdn_prefixes} ${external}`,
 				`style-src 'self' 'unsafe-inline' ${cdn_prefixes}`,
 			].join('; '),
 		);
diff --git a/app/ui-login/client/login/services.html b/app/ui-login/client/login/services.html
@@ -1,9 +1,18 @@
-<template name='loginServices'>
+<template name="loginServices">
 	{{#if loginService.length}}
-		<div class="oauth-login buttons-group">
-			{{#each loginService}}
-				<button type="button" class="rc-button rc-button--secondary external-login {{service.service}}" title="{{displayName}}" style="{{#if service.buttonColor}}background-color:{{service.buttonColor}};{{/if}}{{#if service.buttonLabelColor}}color:{{service.buttonLabelColor}};{{/if}}"><i class="icon-{{icon}} service-icon"></i><i class="icon-spin animate-spin loading-icon hidden"></i><span>{{service.buttonLabelText}}</span></button>
-			{{/each}}
-		</div>
-	{{/if}}
+	<div class="oauth-login buttons-group">
+		{{#each loginService}}
+		<button
+			type="button"
+			class="rc-button rc-button--secondary external-login {{service.service}}"
+			title="{{displayName}}"
+			style="{{#if service.buttonColor}}background-color:{{service.buttonColor}};{{/if}}{{#if service.buttonLabelColor}}color:{{service.buttonLabelColor}};{{/if}}"
+		>
+			<i class="icon-{{icon}} service-icon"></i
+			><i class="icon-spin animate-spin loading-icon hidden"></i
+			><span>{{service.buttonLabelText}}</span>
+		</button>
+		{{/each}}
+	</div>
+	{{/if}} {{> AppleOauthButton}}
 </template>
diff --git a/client/components/UserCard/UserCard.js b/client/components/UserCard/UserCard.js
@@ -68,7 +68,9 @@ const UserCard = forwardRef(function UserCard(
 						</Box>
 					)}
 				</Box>
-				{customStatus && <Info>{typeof customStatus === 'string' ? <MarkdownText content={customStatus} /> : customStatus}</Info>}
+				{customStatus && (
+					<Info>{typeof customStatus === 'string' ? <MarkdownText content={customStatus} parseEmoji={true} /> : customStatus}</Info>
+				)}
 				<Roles>{roles}</Roles>
 				<Info>{localTime}</Info>
 				{bio && (
diff --git a/client/lib/utils/createAnchor.ts b/client/lib/utils/createAnchor.ts
@@ -1,6 +1,6 @@
-export const createAnchor = (id: string): HTMLDivElement => {
+export const createAnchor = (id: string, target = document.body): HTMLDivElement => {
 	const div = document.createElement('div');
 	div.id = id;
-	document.body.appendChild(div);
+	target.appendChild(div);
 	return div;
 };
diff --git a/client/sidebar/header/UserDropdown.tsx b/client/sidebar/header/UserDropdown.tsx
@@ -135,7 +135,12 @@ const UserDropdown = ({ user, onClose }: UserDropdownProps): ReactElement => {
 						</Margins>
 					</Box>
 					<Box color='hint'>
-						<MarkdownText withTruncatedText content={statusText || t(status || 'offline')} variant='inlineWithoutBreaks' />
+						<MarkdownText
+							withTruncatedText
+							parseEmoji={true}
+							content={statusText || t(status || 'offline')}
+							variant='inlineWithoutBreaks'
+						/>
 					</Box>
 				</Box>
 			</Box>
@@ -160,7 +165,9 @@ const UserDropdown = ({ user, onClose }: UserDropdownProps): ReactElement => {
 							<Option.Column>
 								<UserStatus status={modifier} />
 							</Option.Column>
-							<Option.Content>{name}</Option.Content>
+							<Option.Content>
+								<MarkdownText content={name} parseEmoji={true} variant='inline' />
+							</Option.Content>
 						</Option>
 					);
 				})}
diff --git a/client/templates.ts b/client/templates.ts
@@ -160,6 +160,10 @@ createTemplateForComponent('SortList', () => import('./components/SortList'));
 
 createTemplateForComponent('CreateRoomList', () => import('./sidebar/header/actions/CreateRoomList'));
 
+createTemplateForComponent('AppleOauthButton', () => import('./views/login/AppleOauth/AppleOauthButton'), {
+	renderContainerView: () => HTML.DIV({ style: 'display: flex; justify-content: center;' }),
+});
+
 createTemplateForComponent('UserDropdown', () => import('./sidebar/header/UserDropdown'));
 
 createTemplateForComponent('sidebarFooter', () => import('./sidebar/footer'));
diff --git a/client/views/login/AppleOauth/AppleOauthButton.tsx b/client/views/login/AppleOauth/AppleOauthButton.tsx
@@ -0,0 +1,93 @@
+import { Accounts } from 'meteor/accounts-base';
+import React, { FC, useCallback, useEffect, useLayoutEffect, useRef } from 'react';
+
+import { useAbsoluteUrl } from '../../../contexts/ServerContext';
+import { useSetting } from '../../../contexts/SettingsContext';
+
+export const AppleOauthButton: FC = () => {
+	const enabled = useSetting('Accounts_OAuth_Apple');
+	const absoluteUrl = useAbsoluteUrl();
+	const appleClientID = useSetting('Accounts_OAuth_Apple_id');
+
+	const redirectURI = absoluteUrl('_oauth/apple');
+
+	useEffect(() => {
+		const success = (data: any): void => {
+			const { authorization, user } = data.detail;
+
+			Accounts.callLoginMethod({
+				methodArguments: [
+					{
+						serviceName: 'apple',
+						identityToken: authorization.id_token,
+						...(user && {
+							fullName: {
+								givenName: user.name.firstName,
+								familyName: user.name.lastName,
+							},
+							email: user.email,
+						}),
+					},
+				],
+				userCallback: console.log,
+			});
+		};
+
+		const error = (error: any): void => {
+			// handle error.
+			console.error(error);
+		};
+		document.addEventListener('AppleIDSignInOnSuccess', success);
+		// Listen for authorization failures
+		document.addEventListener('AppleIDSignInOnFailure', error);
+
+		return (): void => {
+			document.removeEventListener('AppleIDSignInOnSuccess', success);
+			document.removeEventListener('AppleIDSignInOnFailure', error);
+		};
+	}, []);
+
+	const scriptLoadedHandler = useCallback(() => {
+		if (!enabled) {
+			return;
+		}
+		(window as any).AppleID.auth.init({
+			clientId: appleClientID,
+			scope: 'name email',
+			redirectURI,
+			usePopup: true,
+		});
+	}, [enabled, appleClientID, redirectURI]);
+
+	const ref = useRef<HTMLScriptElement>();
+
+	useEffect(() => {
+		if ((window as any).AppleID) {
+			scriptLoadedHandler();
+			return;
+		}
+		if (!ref.current) {
+			return;
+		}
+		ref.current.onload = scriptLoadedHandler;
+	}, [scriptLoadedHandler]);
+
+	useLayoutEffect(() => {
+		const script = document.createElement('script');
+		script.src = 'https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js';
+		script.async = true;
+		ref.current = script;
+		document.body.appendChild(script);
+		return (): void => {
+			document.body.removeChild(script);
+		};
+	}, []);
+
+	if (!enabled) {
+		return null;
+	}
+
+	return <div id='appleid-signin' data-height='40px'></div>;
+};
+
+export default AppleOauthButton;
diff --git a/client/views/room/Header/RoomHeader.tsx b/client/views/room/Header/RoomHeader.tsx
@@ -47,7 +47,9 @@ const RoomHeader: FC<RoomHeaderProps> = ({ room, topic = '', slots = {} }) => (
 				{slots?.insideContent}
 			</Header.Content.Row>
 			<Header.Content.Row>
-				<Header.Subtitle>{topic && <MarkdownText variant='inlineWithoutBreaks' withTruncatedText content={topic} />}</Header.Subtitle>
+				<Header.Subtitle>
+					{topic && <MarkdownText parseEmoji={true} variant='inlineWithoutBreaks' withTruncatedText content={topic} />}
+				</Header.Subtitle>
 			</Header.Content.Row>
 		</Header.Content>
 		{slots?.posContent}
diff --git a/client/views/room/contextualBar/UserInfo/UserInfo.js b/client/views/room/contextualBar/UserInfo/UserInfo.js
@@ -65,7 +65,7 @@ function UserInfo({
 					<InfoPanel.Title title={(showRealNames && name) || username || name} icon={status} />
 
 					<InfoPanel.Text>
-						<MarkdownText content={customStatus} variant='inline' />
+						<MarkdownText content={customStatus} parseEmoji={true} variant='inline' />
 					</InfoPanel.Text>
 				</InfoPanel.Section>
 
diff --git a/definition/rest/v1/settings.ts b/definition/rest/v1/settings.ts
@@ -17,7 +17,7 @@ export type OauthCustomConfiguration = {
 	identityPath: unknown;
 	authorizePath: unknown;
 	scope: unknown;
-	loginStyle: unknown;
+	loginStyle: 'popup' | 'redirect';
 	tokenSentVia: unknown;
 	identityTokenSentVia: unknown;
 	keyField: unknown;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -88,6 +88,7 @@
 		"@types/imap": "^0.8.35",
 		"@types/jsdom": "^16.2.12",
 		"@types/jsdom-global": "^3.0.2",
+		"@types/jsrsasign": "^9.0.1",
 		"@types/ldapjs": "^2.2.1",
 		"@types/less": "^3.0.2",
 		"@types/lodash.get": "^4.4.6",
@@ -174,7 +175,7 @@
 		"@nivo/heatmap": "0.73.0",
 		"@nivo/line": "0.62.0",
 		"@nivo/pie": "0.73.0",
-		"@rocket.chat/apps-engine": "^1.29.1",
+		"@rocket.chat/apps-engine": "^1.29.2",
 		"@rocket.chat/css-in-js": "^0.31.0",
 		"@rocket.chat/emitter": "^0.31.0",
 		"@rocket.chat/fuselage": "^0.6.3-dev.392",
diff --git a/server/configuration/accounts_meld.js b/server/configuration/accounts_meld.js
@@ -6,7 +6,7 @@ import { Users } from '../../app/models';
 const orig_updateOrCreateUserFromExternalService = Accounts.updateOrCreateUserFromExternalService;
 
 Accounts.updateOrCreateUserFromExternalService = function (serviceName, serviceData = {}, ...args /* , options*/) {
-	const services = ['facebook', 'github', 'gitlab', 'google', 'meteor-developer', 'linkedin', 'twitter'];
+	const services = ['facebook', 'github', 'gitlab', 'google', 'meteor-developer', 'linkedin', 'twitter', 'apple'];
 
 	if (services.includes(serviceName) === false && serviceData._OAuthCustom !== true) {
 		return orig_updateOrCreateUserFromExternalService.apply(this, [serviceName, serviceData, ...args]);

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ const isValidAppleJWT = (identityToken, header) => {`
`25`	`25`	`}`
`26`	`26`	`};`
`27`	`27`
`28`		`-export const handleIdentityToken = ({ identityToken, fullName, email }) => {`
	`28`	`+export const handleIdentityToken = ({ identityToken, fullName = {}, email }) => {`
`29`	`29`	`check(identityToken, String);`
`30`	`30`	`check(fullName, Match.Maybe(Object));`
`31`	`31`	`check(email, Match.Maybe(String));`