Fix integration manager get_open_id_token action and add E2E tests (#…

…9520)

* Fix missing await

* Fix get openID token action requiring room ID and user ID

* Add e2e test for integration manager get openID token

* Remove outdated comment

* Update test description

Co-authored-by: Richard van der Hoff <[email protected]>

* Fix type

* Fix types again

Co-authored-by: Richard van der Hoff <[email protected]>
Co-authored-by: Michael Telatynski <[email protected]>

cypress/e2e/integration-manager/get-openid-token.spec.ts

@@ -0,0 +1,143 @@
+/*
+Copyright 2022 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/// <reference types="cypress" />
+
+import { SynapseInstance } from "../../plugins/synapsedocker";
+import { UserCredentials } from "../../support/login";
+
+const ROOM_NAME = "Integration Manager Test";
+const USER_DISPLAY_NAME = "Alice";
+
+const INTEGRATION_MANAGER_TOKEN = "DefinitelySecret_DoNotUseThisForReal";
+const INTEGRATION_MANAGER_HTML = `
+    <html lang="en">
+        <head>
+            <title>Fake Integration Manager</title>
+        </head>
+        <body>
+            <button name="Send" id="send-action">Press to send action</button>
+            <button name="Close" id="close">Press to close</button>
+            <p id="message-response">No response</p>
+            <script>
+                document.getElementById("send-action").onclick = () => {
+                    window.parent.postMessage(
+                        {
+                            action: "get_open_id_token",
+                        },
+                        '*',
+                    );
+                };
+                document.getElementById("close").onclick = () => {
+                    window.parent.postMessage(
+                        {
+                            action: "close_scalar",
+                        },
+                        '*',
+                    );
+                };
+                // Listen for a postmessage response
+                window.addEventListener("message", (event) => {
+                    document.getElementById("message-response").innerText = JSON.stringify(event.data);
+                });
+            </script>
+        </body>
+    </html>
+`;
+
+function openIntegrationManager() {
+    cy.get(".mx_RightPanel_roomSummaryButton").click();
+    cy.get(".mx_RoomSummaryCard_appsGroup").within(() => {
+        cy.contains("Add widgets, bridges & bots").click();
+    });
+}
+
+function sendActionFromIntegrationManager(integrationManagerUrl: string) {
+    cy.accessIframe(`iframe[src*="${integrationManagerUrl}"]`).within(() => {
+        cy.get("#send-action").should("exist").click();
+    });
+}
+
+describe("Integration Manager: Get OpenID Token", () => {
+    let testUser: UserCredentials;
+    let synapse: SynapseInstance;
+    let integrationManagerUrl: string;
+
+    beforeEach(() => {
+        cy.serveHtmlFile(INTEGRATION_MANAGER_HTML).then(url => {
+            integrationManagerUrl = url;
+        });
+        cy.startSynapse("default").then(data => {
+            synapse = data;
+
+            cy.initTestUser(synapse, USER_DISPLAY_NAME, () => {
+                cy.window().then(win => {
+                    win.localStorage.setItem("mx_scalar_token", INTEGRATION_MANAGER_TOKEN);
+                    win.localStorage.setItem(`mx_scalar_token_at_${integrationManagerUrl}`, INTEGRATION_MANAGER_TOKEN);
+                });
+            }).then(user => {
+                testUser = user;
+            });
+
+            cy.setAccountData("m.widgets", {
+                "m.integration_manager": {
+                    content: {
+                        type: "m.integration_manager",
+                        name: "Integration Manager",
+                        url: integrationManagerUrl,
+                        data: {
+                            api_url: integrationManagerUrl,
+                        },
+                    },
+                    id: "integration-manager",
+                },
+            }).as("integrationManager");
+
+            // Succeed when checking the token is valid
+            cy.intercept(`${integrationManagerUrl}/account?scalar_token=${INTEGRATION_MANAGER_TOKEN}*`, req => {
+                req.continue(res => {
+                    return res.send(200, {
+                        user_id: testUser.userId,
+                    });
+                });
+            });
+
+            cy.createRoom({
+                name: ROOM_NAME,
+            }).as("roomId");
+        });
+    });
+
+    afterEach(() => {
+        cy.stopSynapse(synapse);
+        cy.stopWebServers();
+    });
+
+    it("should successfully obtain an openID token", () => {
+        cy.all([
+            cy.get<{}>("@integrationManager"),
+        ]).then(() => {
+            cy.viewRoomByName(ROOM_NAME);
+
+            openIntegrationManager();
+            sendActionFromIntegrationManager(integrationManagerUrl);
+
+            cy.accessIframe(`iframe[src*="${integrationManagerUrl}"]`).within(() => {
+                cy.get("#message-response").should('include.text', 'access_token');
+            });
+        });
+    });
+});

src/ScalarMessaging.ts

@@ -376,7 +376,7 @@ function kickUser(event: MessageEvent<any>, roomId: string, userId: string): voi
     });
 }
 
-function setWidget(event: MessageEvent<any>, roomId: string): void {
+function setWidget(event: MessageEvent<any>, roomId: string | null): void {
     const widgetId = event.data.widget_id;
     let widgetType = event.data.type;
     const widgetUrl = event.data.url;
@@ -435,6 +435,7 @@ function setWidget(event: MessageEvent<any>, roomId: string): void {
     } else { // Room widget
         if (!roomId) {
             sendError(event, _t('Missing roomId.'), null);
+            return;
         }
         WidgetUtils.setRoomWidget(roomId, widgetId, widgetType, widgetUrl, widgetName, widgetData, widgetAvatarUrl)
             .then(() => {
@@ -651,7 +652,7 @@ function returnStateEvent(event: MessageEvent<any>, roomId: string, eventType: s
 
 async function getOpenIdToken(event: MessageEvent<any>) {
     try {
-        const tokenObject = MatrixClientPeg.get().getOpenIdToken();
+        const tokenObject = await MatrixClientPeg.get().getOpenIdToken();
         sendResponse(event, tokenObject);
     } catch (ex) {
         logger.warn("Unable to fetch openId token.", ex);
@@ -706,15 +707,15 @@ const onMessage = function(event: MessageEvent<any>): void {
 
     if (!roomId) {
         // These APIs don't require roomId
-        // Get and set user widgets (not associated with a specific room)
-        // If roomId is specified, it must be validated, so room-based widgets agreed
-        // handled further down.
         if (event.data.action === Action.GetWidgets) {
             getWidgets(event, null);
             return;
         } else if (event.data.action === Action.SetWidget) {
             setWidget(event, null);
             return;
+        } else if (event.data.action === Action.GetOpenIdToken) {
+            getOpenIdToken(event);
+            return;
         } else {
             sendError(event, _t('Missing room_id in request'));
             return;
@@ -776,9 +777,6 @@ const onMessage = function(event: MessageEvent<any>): void {
         case Action.SetBotPower:
             setBotPower(event, roomId, userId, event.data.level, event.data.ignoreIfGreater);
             break;
-        case Action.GetOpenIdToken:
-            getOpenIdToken(event);
-            break;
         default:
             logger.warn("Unhandled postMessage event with action '" + event.data.action +"'");
             break;