From 5d9dbea07b6fcc3c9a33eacb7c68d0021551d60c Mon Sep 17 00:00:00 2001 From: Lenart Rudel Date: Sun, 8 Jan 2017 19:56:57 +0100 Subject: [PATCH] Add parseFrameURL for masking user-facing pages (#3267) * Add parseFrameURL for masking user-facing pages. Allow users to specify a different address which is used to mask parse requests for verifying email and resetting password. This is how Parse.com used to allow customers to gain control over page content, styling etc. On the destination page javascript is used to check the link in the request and embed the parse server page using IFRAME. * Fix code indentation * Rename method for building link and pass config to it. * Add customPages options to README.md. * Add tests for parseFrameURL email link building, and parseFrameURL option. * Add parseFrameURL for masking user-facing pages. Allow users to specify a different address which is used to mask parse requests for verifying email and resetting password. This is how Parse.com used to allow customers to gain control over page content, styling etc. On the destination page javascript is used to check the link in the request and embed the parse server page using IFRAME. * Fix code indentation * Rename method for building link and pass config to it. * Add customPages options to README.md. * Don't Object.assign to defaultConfiguration global --- README.md | 1 + spec/UserController.spec.js | 59 ++++++++++++++++++++++++ spec/ValidationAndPasswordsReset.spec.js | 4 +- src/Config.js | 4 ++ src/Controllers/UserController.js | 17 ++++++- 5 files changed, 82 insertions(+), 3 deletions(-) create mode 100644 spec/UserController.spec.js diff --git a/README.md b/README.md index 188e8d06..ecc41bb7 100644 --- a/README.md +++ b/README.md @@ -216,6 +216,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo * `revokeSessionOnPasswordReset` - When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions. * `accountLockout` - Lock account when a malicious user is attempting to determine an account password by trial and error. * `passwordPolicy` - Optional password policy rules to enforce. +* `customPages` - A hash with urls to override email verification links, password reset links and specify frame url for masking user-facing pages. Available keys: `parseFrameURL`, `invalidLink`, `choosePassword`, `passwordResetSuccess`, `verifyEmailSuccess`. ##### Logging diff --git a/spec/UserController.spec.js b/spec/UserController.spec.js new file mode 100644 index 00000000..498f70b6 --- /dev/null +++ b/spec/UserController.spec.js @@ -0,0 +1,59 @@ +var UserController = require('../src/Controllers/UserController').UserController; +var emailAdapter = require('./MockEmailAdapter') +var AppCache = require('../src/cache').AppCache; + +describe('UserController', () => { + var user = { + _email_verify_token: 'testToken', + username: 'testUser', + email: 'test@example.com' + } + + describe('sendVerificationEmail', () => { + describe('parseFrameURL not provided', () => { + it('uses publicServerURL', (done) => { + + AppCache.put(defaultConfiguration.appId, Object.assign({}, defaultConfiguration, { + publicServerURL: 'http://www.example.com', + customPages: { + parseFrameURL: undefined + } + })) + + emailAdapter.sendVerificationEmail = (options) => { + expect(options.link).toEqual('http://www.example.com/apps/test/verify_email?token=testToken&username=testUser') + done() + } + + var userController = new UserController(emailAdapter, 'test', { + verifyUserEmails: true + }) + + userController.sendVerificationEmail(user) + }) + }) + + describe('parseFrameURL provided', () => { + it('uses parseFrameURL and includes the destination in the link parameter', (done) => { + + AppCache.put(defaultConfiguration.appId, Object.assign({}, defaultConfiguration, { + publicServerURL: 'http://www.example.com', + customPages: { + parseFrameURL: 'http://someother.example.com/handle-parse-iframe' + } + })) + + emailAdapter.sendVerificationEmail = (options) => { + expect(options.link).toEqual('http://someother.example.com/handle-parse-iframe?link=%2Fapps%2Ftest%2Fverify_email&token=testToken&username=testUser') + done() + } + + var userController = new UserController(emailAdapter, 'test', { + verifyUserEmails: true + }) + + userController.sendVerificationEmail(user) + }) + }) + }) +}); diff --git a/spec/ValidationAndPasswordsReset.spec.js b/spec/ValidationAndPasswordsReset.spec.js index f32813fb..cb4de0e6 100644 --- a/spec/ValidationAndPasswordsReset.spec.js +++ b/spec/ValidationAndPasswordsReset.spec.js @@ -12,7 +12,8 @@ describe("Custom Pages, Email Verification, Password Reset", () => { invalidLink: "myInvalidLink", verifyEmailSuccess: "myVerifyEmailSuccess", choosePassword: "myChoosePassword", - passwordResetSuccess: "myPasswordResetSuccess" + passwordResetSuccess: "myPasswordResetSuccess", + parseFrameURL: "http://example.com/handle-parse-iframe" }, publicServerURL: "https://my.public.server.com/1" }) @@ -22,6 +23,7 @@ describe("Custom Pages, Email Verification, Password Reset", () => { expect(config.verifyEmailSuccessURL).toEqual("myVerifyEmailSuccess"); expect(config.choosePasswordURL).toEqual("myChoosePassword"); expect(config.passwordResetSuccessURL).toEqual("myPasswordResetSuccess"); + expect(config.parseFrameURL).toEqual("http://example.com/handle-parse-iframe"); expect(config.verifyEmailURL).toEqual("https://my.public.server.com/1/apps/test/verify_email"); expect(config.requestResetPasswordURL).toEqual("https://my.public.server.com/1/apps/test/request_password_reset"); done(); diff --git a/src/Config.js b/src/Config.js index 01b15303..d262aad4 100644 --- a/src/Config.js +++ b/src/Config.js @@ -246,6 +246,10 @@ export class Config { return this.customPages.passwordResetSuccess || `${this.publicServerURL}/apps/password_reset_success.html`; } + get parseFrameURL() { + return this.customPages.parseFrameURL; + } + get verifyEmailURL() { return `${this.publicServerURL}/apps/${this.applicationId}/verify_email`; } diff --git a/src/Controllers/UserController.js b/src/Controllers/UserController.js index 48b4c7f0..b6ca02a5 100644 --- a/src/Controllers/UserController.js +++ b/src/Controllers/UserController.js @@ -119,7 +119,8 @@ export class UserController extends AdaptableController { // We may need to fetch the user in case of update email this.getUserIfNeeded(user).then((user) => { const username = encodeURIComponent(user.username); - const link = `${this.config.verifyEmailURL}?token=${token}&username=${username}`; + + const link = buildEmailLink(this.config.verifyEmailURL, username, token, this.config); const options = { appName: this.config.appName, link: link, @@ -153,8 +154,8 @@ export class UserController extends AdaptableController { .then(user => { const token = encodeURIComponent(user._perishable_token); const username = encodeURIComponent(user.username); - const link = `${this.config.requestResetPasswordURL}?token=${token}&username=${username}` + const link = buildEmailLink(this.config.requestResetPasswordURL, username, token, this.config); const options = { appName: this.config.appName, link: link, @@ -215,4 +216,16 @@ function updateUserPassword(userId, password, config) { }); } +function buildEmailLink(destination, username, token, config) { + const usernameAndToken = `token=${token}&username=${username}` + + if (config.parseFrameURL) { + const destinationWithoutHost = destination.replace(config.publicServerURL, ''); + + return `${config.parseFrameURL}?link=${encodeURIComponent(destinationWithoutHost)}&${usernameAndToken}`; + } else { + return `${destination}?${usernameAndToken}`; + } +} + export default UserController;