Add parseFrameURL for masking user-facing pages

README.md

@@ -216,6 +216,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo
 * `revokeSessionOnPasswordReset` - When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions.
 * `accountLockout` - Lock account when a malicious user is attempting to determine an account password by trial and error.
 * `passwordPolicy` - Optional password policy rules to enforce.
+* `customPages` - A hash with urls to override email verification links, password reset links and specify frame url for masking user-facing pages. Available keys: `parseFrameURL`, `invalidLink`, `choosePassword`, `passwordResetSuccess`, `verifyEmailSuccess`.
 
 ##### Logging
 

spec/UserController.spec.js

@@ -0,0 +1,59 @@
+var UserController = require('../src/Controllers/UserController').UserController;
+var emailAdapter = require('./MockEmailAdapter')
+var AppCache = require('../src/cache').AppCache;
+
+describe('UserController', () => {
+  var user = {
+    _email_verify_token: 'testToken',
+    username: 'testUser',
+    email: '[email protected]'
+  }
+
+  describe('sendVerificationEmail', () => {
+    describe('parseFrameURL not provided', () => {
+      it('uses publicServerURL', (done) => {
+
+        AppCache.put(defaultConfiguration.appId, Object.assign({}, defaultConfiguration, {
+          publicServerURL: 'http://www.example.com',
+          customPages: {
+            parseFrameURL: undefined
+          }
+        }))
+
+        emailAdapter.sendVerificationEmail = (options) => {
+          expect(options.link).toEqual('http://www.example.com/apps/test/verify_email?token=testToken&username=testUser')
+          done()
+        }
+
+        var userController = new UserController(emailAdapter, 'test', {
+          verifyUserEmails: true
+        })
+
+        userController.sendVerificationEmail(user)
+      })
+    })
+
+    describe('parseFrameURL provided', () => {
+      it('uses parseFrameURL and includes the destination in the link parameter', (done) => {
+
+        AppCache.put(defaultConfiguration.appId, Object.assign({}, defaultConfiguration, {
+          publicServerURL: 'http://www.example.com',
+          customPages: {
+            parseFrameURL: 'http://someother.example.com/handle-parse-iframe'
+          }
+        }))
+
+        emailAdapter.sendVerificationEmail = (options) => {
+          expect(options.link).toEqual('http://someother.example.com/handle-parse-iframe?link=%2Fapps%2Ftest%2Fverify_email&token=testToken&username=testUser')
+          done()
+        }
+
+        var userController = new UserController(emailAdapter, 'test', {
+          verifyUserEmails: true
+        })
+
+        userController.sendVerificationEmail(user)
+      })
+    })
+  })
+});

spec/ValidationAndPasswordsReset.spec.js

@@ -12,7 +12,8 @@ describe("Custom Pages, Email Verification, Password Reset", () => {
         invalidLink: "myInvalidLink",
         verifyEmailSuccess: "myVerifyEmailSuccess",
         choosePassword: "myChoosePassword",
-        passwordResetSuccess: "myPasswordResetSuccess"
+        passwordResetSuccess: "myPasswordResetSuccess",
+        parseFrameURL: "http://example.com/handle-parse-iframe"
       },
       publicServerURL: "https://my.public.server.com/1"
     })
@@ -22,6 +23,7 @@ describe("Custom Pages, Email Verification, Password Reset", () => {
       expect(config.verifyEmailSuccessURL).toEqual("myVerifyEmailSuccess");
       expect(config.choosePasswordURL).toEqual("myChoosePassword");
       expect(config.passwordResetSuccessURL).toEqual("myPasswordResetSuccess");
+      expect(config.parseFrameURL).toEqual("http://example.com/handle-parse-iframe");
       expect(config.verifyEmailURL).toEqual("https://my.public.server.com/1/apps/test/verify_email");
       expect(config.requestResetPasswordURL).toEqual("https://my.public.server.com/1/apps/test/request_password_reset");
       done();

src/Config.js

@@ -240,6 +240,10 @@ export class Config {
     return this.customPages.passwordResetSuccess || `${this.publicServerURL}/apps/password_reset_success.html`;
   }
 
+  get parseFrameURL() {
+    return this.customPages.parseFrameURL;
+  }
+
   get verifyEmailURL() {
     return `${this.publicServerURL}/apps/${this.applicationId}/verify_email`;
   }

src/Controllers/UserController.js

@@ -119,7 +119,8 @@ export class UserController extends AdaptableController {
     // We may need to fetch the user in case of update email
     this.getUserIfNeeded(user).then((user) => {
       const username = encodeURIComponent(user.username);
-      const link = `${this.config.verifyEmailURL}?token=${token}&username=${username}`;
+
+      const link = buildEmailLink(this.config.verifyEmailURL, username, token, this.config);
       const options = {
         appName: this.config.appName,
         link: link,
@@ -153,8 +154,8 @@ export class UserController extends AdaptableController {
     .then(user => {
       const token = encodeURIComponent(user._perishable_token);
       const username = encodeURIComponent(user.username);
-      const link = `${this.config.requestResetPasswordURL}?token=${token}&username=${username}`
 
+      const link = buildEmailLink(this.config.requestResetPasswordURL, username, token, this.config);
       const options = {
         appName: this.config.appName,
         link: link,
@@ -215,4 +216,16 @@ function updateUserPassword(userId, password, config) {
   });
 }
 
+function buildEmailLink(destination, username, token, config) {
+  const usernameAndToken = `token=${token}&username=${username}`
+
+  if (config.parseFrameURL) {
+    const destinationWithoutHost = destination.replace(config.publicServerURL, '');
+
+    return `${config.parseFrameURL}?link=${encodeURIComponent(destinationWithoutHost)}&${usernameAndToken}`;
+  } else {
+    return `${destination}?${usernameAndToken}`;
+  }
+}
+
 export default UserController;