From 3750711cdf908b38759250826371be9746a98d26 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 30 Mar 2020 21:02:48 +0200 Subject: [PATCH] * OpenIdConnect/OAuth: manage access and display OAuth apps inside EGroupware --- api/js/framework/fw_browser.js | 9 +++++---- api/setup/setup.inc.php | 3 ++- api/setup/tables_current.inc.php | 4 ++-- api/setup/tables_update.inc.php | 14 ++++++++++++++ api/src/Framework.php | 31 +++++++++++++++++++++++++++---- 5 files changed, 50 insertions(+), 11 deletions(-) diff --git a/api/js/framework/fw_browser.js b/api/js/framework/fw_browser.js index de0a28a8f8..92bbe108d2 100644 --- a/api/js/framework/fw_browser.js +++ b/api/js/framework/fw_browser.js @@ -51,10 +51,11 @@ var fw_browser = (function(){ "use strict"; return Class.extend( } // Call the resize handler (we have to use the jquery object of the iframe!) - if (wnd && typeof wnd.jQuery != "undefined") - { - wnd.jQuery(wnd).trigger("resize"); - } + try { + if (wnd && typeof wnd.jQuery != "undefined") { + wnd.jQuery(wnd).trigger("resize"); + } + } catch(e) {} // ignore if iframe runs of a different origin }, /** diff --git a/api/setup/setup.inc.php b/api/setup/setup.inc.php index 88b52691ef..50da3274af 100644 --- a/api/setup/setup.inc.php +++ b/api/setup/setup.inc.php @@ -11,7 +11,7 @@ /* Basic information about this app */ $setup_info['api']['name'] = 'api'; $setup_info['api']['title'] = 'EGroupware API'; -$setup_info['api']['version'] = '19.1.003'; +$setup_info['api']['version'] = '19.1.004'; $setup_info['api']['versions']['current_header'] = '1.29'; // maintenance release in sync with changelog in doc/rpm-build/debian.changes $setup_info['api']['versions']['maintenance_release'] = '19.1.20200318'; @@ -135,3 +135,4 @@ $setup_info['groupdav']['author'] = $setup_info['groupdav']['maintainer'] = arra $setup_info['groupdav']['license'] = 'GPL'; $setup_info['groupdav']['hooks']['preferences'] = 'EGroupware\\Api\\CalDAV\\Hooks::menus'; $setup_info['groupdav']['hooks']['settings'] = 'EGroupware\\Api\\CalDAV\\Hooks::settings'; + diff --git a/api/setup/tables_current.inc.php b/api/setup/tables_current.inc.php index 69dc024367..a5486597bd 100644 --- a/api/setup/tables_current.inc.php +++ b/api/setup/tables_current.inc.php @@ -30,9 +30,9 @@ $phpgw_baseline = array( 'app_order' => array('type' => 'int','precision' => '4','nullable' => False), 'app_tables' => array('type' => 'ascii','precision' => '8192','nullable' => False), 'app_version' => array('type' => 'ascii','precision' => '20','nullable' => False,'default' => '0.0'), - 'app_icon' => array('type' => 'ascii','precision' => '32'), + 'app_icon' => array('type' => 'ascii','precision' => '128'), 'app_icon_app' => array('type' => 'ascii','precision' => '16'), - 'app_index' => array('type' => 'ascii','precision' => '64') + 'app_index' => array('type' => 'ascii','precision' => '128') ), 'pk' => array('app_id'), 'fk' => array(), diff --git a/api/setup/tables_update.inc.php b/api/setup/tables_update.inc.php index 645ee2559f..e9dc6913d1 100644 --- a/api/setup/tables_update.inc.php +++ b/api/setup/tables_update.inc.php @@ -704,3 +704,17 @@ function api_upgrade19_1_002() return $GLOBALS['setup_info']['api']['currentver'] = '19.1.003'; } + +function api_upgrade19_1_003() +{ + $GLOBALS['egw_setup']->oProc->AlterColumn('egw_applications','app_icon',array( + 'type' => 'ascii', + 'precision' => '128' + )); + $GLOBALS['egw_setup']->oProc->AlterColumn('egw_applications','app_index',array( + 'type' => 'ascii', + 'precision' => '128' + )); + + return $GLOBALS['setup_info']['api']['currentver'] = '19.1.004'; +} diff --git a/api/src/Framework.php b/api/src/Framework.php index ab589f2b5c..cae05dda8f 100644 --- a/api/src/Framework.php +++ b/api/src/Framework.php @@ -9,11 +9,12 @@ * @package api * @subpackage framework * @access public - * @version $Id$ */ namespace EGroupware\Api; +use EGroupware\Api\Header\ContentSecurityPolicy; + /** * Framework: virtual base class for all template sets * @@ -147,6 +148,16 @@ abstract class Framework extends Framework\Extra // add a content-type header to overwrite an existing default charset in apache (AddDefaultCharset directiv) header('Content-type: text/html; charset='.Translation::charset()); + // add CSP frame-src for apps which are just iframes + foreach($GLOBALS['egw_info']['user']['apps'] as $app => $data) + { + if ($GLOBALS['egw_info']['apps'][$app]['status'] == 1 && !empty($data['index']) && + preg_match('|^(https?://[^/]+)|', $data['index'], $matches)) + { + ContentSecurityPolicy::add_frame_src($matches[1]); + } + } + Header\ContentSecurityPolicy::send(); // allow client-side to detect first load aka just logged in @@ -743,6 +754,10 @@ abstract class Framework extends Framework\Extra $index = '/'.$app.'/index.php'; if (isset($data['index'])) { + if (preg_match('|^https?://|', $data['index'])) + { + return $data['index']; + } if ($data['index'][0] == '/') { $index = $data['index']; @@ -845,9 +860,17 @@ abstract class Framework extends Framework\Extra // for instance: applications with status 5 will run in background $apps[$app]['status'] = $data['status']; - $icon = isset($data['icon']) ? $data['icon'] : 'navbar'; - $icon_app = isset($data['icon_app']) ? $data['icon_app'] : $app; - $apps[$app]['icon'] = $apps[$app]['icon_hover'] = Image::find($icon_app,Array($icon,'nonav'),''); + if (!empty($data['icon']) && preg_match('#^(https?://|/)#', $data['icon'])) + { + $icon_url = $data['icon']; + } + else + { + $icon = isset($data['icon']) ? $data['icon'] : 'navbar'; + $icon_app = isset($data['icon_app']) ? $data['icon_app'] : $app; + $icon_url = Image::find($icon_app,Array($icon,'nonav'),''); + } + $apps[$app]['icon'] = $apps[$app]['icon_hover'] = $icon_url; } }