fix: use browser redirect page for mx login
This commit is contained in:
@@ -53,7 +53,7 @@ return static function (): void {
|
|||||||
'event' => 'create_login_url',
|
'event' => 'create_login_url',
|
||||||
'result' => 'success',
|
'result' => 'success',
|
||||||
]);
|
]);
|
||||||
Http::redirectNoStore($url);
|
Http::browserRedirectNoStore($url);
|
||||||
} catch (Throwable $e) {
|
} catch (Throwable $e) {
|
||||||
AuditLog::append(Settings::AUDIT_LOG, $auditBase + [
|
AuditLog::append(Settings::AUDIT_LOG, $auditBase + [
|
||||||
'event' => 'create_login_url',
|
'event' => 'create_login_url',
|
||||||
|
|||||||
@@ -45,6 +45,37 @@ final class Http
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function browserRedirectNoStore(string $url): void
|
||||||
|
{
|
||||||
|
header('Content-Type: text/html; charset=UTF-8');
|
||||||
|
header('Cache-Control: no-store, private');
|
||||||
|
header('Pragma: no-cache');
|
||||||
|
header('Referrer-Policy: no-referrer');
|
||||||
|
header('X-Content-Type-Options: nosniff');
|
||||||
|
header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; base-uri 'none'; form-action 'none'");
|
||||||
|
echo self::redirectPageHtml($url);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function redirectPageHtml(string $url): string
|
||||||
|
{
|
||||||
|
$safeUrl = htmlspecialchars($url, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
|
||||||
|
$jsonUrl = json_encode($url, JSON_UNESCAPED_SLASHES | JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT);
|
||||||
|
if (!is_string($jsonUrl)) {
|
||||||
|
$jsonUrl = '"/"';
|
||||||
|
}
|
||||||
|
|
||||||
|
return '<!doctype html><html lang="pl"><head><meta charset="utf-8">'
|
||||||
|
. '<meta name="viewport" content="width=device-width, initial-scale=1">'
|
||||||
|
. '<meta http-equiv="refresh" content="0;url=' . $safeUrl . '">'
|
||||||
|
. '<title>Serwer poczty</title></head><body>'
|
||||||
|
. '<script>(function(){var target=' . $jsonUrl . ';'
|
||||||
|
. 'try{if(window.top){window.top.location.replace(target);return;}}catch(e){}'
|
||||||
|
. 'window.location.replace(target);}());</script>'
|
||||||
|
. '<p><a rel="noreferrer" href="' . $safeUrl . '">Otwórz panel poczty</a></p>'
|
||||||
|
. '</body></html>';
|
||||||
|
}
|
||||||
|
|
||||||
public static function errorPage(string $message, int $status): void
|
public static function errorPage(string $message, int $status): void
|
||||||
{
|
{
|
||||||
http_response_code($status);
|
http_response_code($status);
|
||||||
|
|||||||
+1
-1
@@ -2,7 +2,7 @@ name=mail-login
|
|||||||
id=mail-login
|
id=mail-login
|
||||||
type=user
|
type=user
|
||||||
author=HITME.PL
|
author=HITME.PL
|
||||||
version=1.0.9
|
version=1.0.10
|
||||||
active=no
|
active=no
|
||||||
installed=no
|
installed=no
|
||||||
user_run_as=root
|
user_run_as=root
|
||||||
|
|||||||
@@ -0,0 +1,14 @@
|
|||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
require_once PLUGIN_ROOT . '/exec/lib/Http.php';
|
||||||
|
|
||||||
|
test('http redirect page performs top level browser navigation', function (): void {
|
||||||
|
$html = Http::redirectPageHtml('https://mx1.domena.pl:2222/api/login/url?key=SECRET&x=1');
|
||||||
|
|
||||||
|
assert_contains('window.top.location.replace', $html);
|
||||||
|
assert_contains('window.location.replace', $html);
|
||||||
|
assert_contains('<meta http-equiv="refresh"', $html);
|
||||||
|
assert_contains('https://mx1.domena.pl:2222/api/login/url?key=SECRET&x=1', $html);
|
||||||
|
assert_contains('https://mx1.domena.pl:2222/api/login/url?key=SECRET\\u0026x=1', $html);
|
||||||
|
});
|
||||||
@@ -8,7 +8,7 @@ test('plugin metadata and packaging docs match project rules', function (): void
|
|||||||
assert_contains('name=mail-login', $conf);
|
assert_contains('name=mail-login', $conf);
|
||||||
assert_contains('id=mail-login', $conf);
|
assert_contains('id=mail-login', $conf);
|
||||||
assert_contains('type=user', $conf);
|
assert_contains('type=user', $conf);
|
||||||
assert_contains('version=1.0.9', $conf);
|
assert_contains('version=1.0.10', $conf);
|
||||||
assert_contains('user_run_as=root', $conf);
|
assert_contains('user_run_as=root', $conf);
|
||||||
assert_contains('/Users/marek/GPT/ChatGPT/da_plugins/mail-login/src', $packing);
|
assert_contains('/Users/marek/GPT/ChatGPT/da_plugins/mail-login/src', $packing);
|
||||||
assert_contains('/Users/marek/GPT/ChatGPT/da_plugins/mail-login/archives/X.Y.Z/mail-login.tar.gz', $packing);
|
assert_contains('/Users/marek/GPT/ChatGPT/da_plugins/mail-login/archives/X.Y.Z/mail-login.tar.gz', $packing);
|
||||||
|
|||||||
Reference in New Issue
Block a user