From ea17496ba31bb35ab2c12e5c2ddb8a55a6c662c3 Mon Sep 17 00:00:00 2001 From: Nathan Muir Date: Sat, 7 Nov 2015 11:31:01 +1000 Subject: [PATCH] OAuth - Move inline javascript for popup/redirect style logins into separate assets. This is necessary to prevent conflict with `browser-policy-content` where inline scripts are disabled. --- packages/oauth/end_of_popup_response.html | 46 ++------------------ packages/oauth/end_of_popup_response.js | 37 ++++++++++++++++ packages/oauth/end_of_redirect_response.html | 21 +-------- packages/oauth/end_of_redirect_response.js | 12 +++++ packages/oauth/package.js | 5 +++ 5 files changed, 59 insertions(+), 62 deletions(-) create mode 100644 packages/oauth/end_of_popup_response.js create mode 100644 packages/oauth/end_of_redirect_response.js diff --git a/packages/oauth/end_of_popup_response.html b/packages/oauth/end_of_popup_response.html index 93d2251d2f..9812af83da 100644 --- a/packages/oauth/end_of_popup_response.html +++ b/packages/oauth/end_of_popup_response.html @@ -1,51 +1,11 @@ - - - - + + diff --git a/packages/oauth/end_of_popup_response.js b/packages/oauth/end_of_popup_response.js new file mode 100644 index 0000000000..739830a241 --- /dev/null +++ b/packages/oauth/end_of_popup_response.js @@ -0,0 +1,37 @@ +(function () { + + var config = JSON.parse(document.getElementById("config").innerHTML); + + if (config.setCredentialToken) { + var credentialToken = config.credentialToken; + var credentialSecret = config.credentialSecret; + + if (config.isCordova) { + var credentialString = JSON.stringify({ + credentialToken: credentialToken, + credentialSecret: credentialSecret + }); + + window.location.hash = credentialString; + } + + if (window.opener && window.opener.Package && + window.opener.Package.oauth) { + window.opener.Package.oauth.OAuth._handleCredentialSecret( + credentialToken, credentialSecret); + } else { + try { + localStorage[config.storagePrefix + credentialToken] = credentialSecret; + } catch (err) { + // We can't do much else, but at least close the popup instead + // of having it hang around on a blank page. + } + } + } + + if (! config.isCordova) { + document.getElementById("completedText").style.display = "block"; + document.getElementById("loginCompleted").onclick = function(){ window.close(); }; + window.close(); + } +})(); diff --git a/packages/oauth/end_of_redirect_response.html b/packages/oauth/end_of_redirect_response.html index 9b3e84100b..af0e9885e5 100644 --- a/packages/oauth/end_of_redirect_response.html +++ b/packages/oauth/end_of_redirect_response.html @@ -1,23 +1,6 @@ - - - - + + diff --git a/packages/oauth/end_of_redirect_response.js b/packages/oauth/end_of_redirect_response.js new file mode 100644 index 0000000000..c91ec5eb4e --- /dev/null +++ b/packages/oauth/end_of_redirect_response.js @@ -0,0 +1,12 @@ +(function () { + + var config = JSON.parse(document.getElementById("config").innerHTML); + + if (config.setCredentialToken) { + sessionStorage[config.storagePrefix + config.credentialToken] = + config.credentialSecret; + } + + window.location = config.redirectUrl; + +})(); diff --git a/packages/oauth/package.js b/packages/oauth/package.js index 69371412bc..c8ea4a117b 100644 --- a/packages/oauth/package.js +++ b/packages/oauth/package.js @@ -35,6 +35,11 @@ Package.onUse(function (api) { 'end_of_redirect_response.html' ], 'server'); + api.addAssets([ + 'end_of_popup_response.js', + 'end_of_redirect_response.js' + ], 'client'); + api.addFiles('oauth_common.js'); // XXX COMPAT WITH 0.8.0