From bac2eb564cb1a007de3d39dad16e607d06d16690 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= <clement@oodo.net>
Date: Tue, 2 Apr 2019 15:05:41 +0200
Subject: [PATCH] Remove antiframe protection in portal javascript (#1696)

---
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm      | 1 -
 lemonldap-ng-portal/site/coffee/portal.coffee                | 2 --
 lemonldap-ng-portal/site/htdocs/static/common/js/portal.js   | 5 +----
 .../site/htdocs/static/common/js/portal.min.js               | 2 +-
 lemonldap-ng-portal/site/templates/common/script.tpl         | 1 -
 5 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index ca5cb93bd..023ec89b1 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -917,7 +917,6 @@ sub tplParams {
         SKIN       => $self->getSkin($req),
         PORTAL_URL => $self->conf->{portal},
         SKIN_PATH  => $portalPath . "skins",
-        ANTIFRAME  => $self->conf->{portalAntiFrame},
         SKIN_BG    => $self->conf->{portalSkinBackground},
         ( $self->customParameters ? ( %{ $self->customParameters } ) : () ),
         %templateParams
diff --git a/lemonldap-ng-portal/site/coffee/portal.coffee b/lemonldap-ng-portal/site/coffee/portal.coffee
index 540d9d308..c372647ed 100644
--- a/lemonldap-ng-portal/site/coffee/portal.coffee
+++ b/lemonldap-ng-portal/site/coffee/portal.coffee
@@ -228,8 +228,6 @@ $(document).ready ->
 	datas = getValues()
 	# Export datas for other scripts
 	window.datas = datas
-	if datas['antiframe'] and top != self
-		top.location.href = location.href
 
 	$("#appslist").sortable
 		axis: "y"
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
index 76f0583ba..bce6738a4 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.js
@@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.12.8
+// Generated by CoffeeScript 1.12.7
 
 /*
 LemonLDAP::NG Portal jQuery scripts
@@ -226,9 +226,6 @@ LemonLDAP::NG Portal jQuery scripts
     var action, al, authMenuTabs, back_url, i, l, lang, langdiv, langs, langs2, len, len1, len2, len3, link, m, menuIndex, menuTabs, method, n, nl, nlangs, re, ref, ref1, ref2;
     datas = getValues();
     window.datas = datas;
-    if (datas['antiframe'] && top !== self) {
-      top.location.href = location.href;
-    }
     $("#appslist").sortable({
       axis: "y",
       cursor: "move",
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
index 47fbf2760..6a34ec0d9 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/portal.min.js
@@ -1 +1 @@
-(function(){var datas,delKey,getCookie,getValues,isHiddenFormValueSet,ping,removeOidcConsent,restoreOrder,setCookie,setKey,setOrder,setSelector,translate,translatePage,translationFields,indexOf=[].indexOf||function(item){for(var i=0,l=this.length;i<l;i++){if(i in this&&this[i]===item)return i}return-1};translationFields={};translatePage=function(lang){return $.getJSON(window.staticPrefix+"languages/"+lang+".json",function(data){var k,ref,ref1,v;translationFields=data;ref=window.datas.trOver.all;for(k in ref){v=ref[k];translationFields[k]=v}if(window.datas.trOver[lang]){ref1=window.datas.trOver[lang];for(k in ref1){v=ref1[k];translationFields[k]=v}}$("[trspan]").each(function(){var args,i,len,txt;args=$(this).attr("trspan").split(",");txt=translate(args.shift());for(i=0,len=args.length;i<len;i++){v=args[i];txt=txt.replace(/%[sd]/,v)}return $(this).text(txt)});$("[trmsg]").each(function(){var msg;$(this).text(translate("PE"+$(this).attr("trmsg")));msg=translate("PE"+$(this).attr("trmsg"));if(msg.match(/_hide_/)){return $(this).parent().hide()}});$("[trplaceholder]").each(function(){return $(this).attr("placeholder",translate($(this).attr("trplaceholder")))});return $("[localtime]").each(function(){var d;d=new Date($(this).attr("localtime")*1e3);return $(this).text(d.toLocaleString())})})};translate=function(str){if(translationFields[str]){return translationFields[str]}else{return str}};window.translate=translate;getValues=function(){var values;values={};$("script[type='application/init']").each(function(){var e,k,results,tmp;try{tmp=JSON.parse($(this).text());results=[];for(k in tmp){results.push(values[k]=tmp[k])}return results}catch(error1){e=error1;console.log("Parsing error",e);return console.log("JSON",$(this).text())}});console.log(values);return values};setSelector="#appslist";setOrder=function(){return setKey("_appsListOrder",$(setSelector).sortable("toArray").join())};removeOidcConsent=function(partner){var e;e=function(j,s,e){return alert(s+" "+e)};return delKey("_oidcConsents",partner,function(){return $("[partner='"+partner+"']").hide()},e)};setKey=function(key,val,success,error){return $.ajax({type:"GET",url:datas["scriptname"]+"/mysession/?gettoken",dataType:"json",error:error,success:function(data){var d;d={token:data.token};d[key]=val;return $.ajax({type:"PUT",url:datas["scriptname"]+"/mysession/persistent",dataType:"json",data:d,success:success,error:error})}})};delKey=function(key,sub,success,error){return $.ajax({type:"GET",url:datas["scriptname"]+"/mysession/?gettoken",dataType:"json",error:error,success:function(data){return $.ajax({type:"DELETE",url:datas["scriptname"]+"/mysession/persistent/"+key+"?sub="+sub+"&token="+data.token,dataType:"json",success:success,error:error})}})};restoreOrder=function(){var IDs,child,i,item,itemID,items,l,len,len1,list,rebuild,savedOrd,v;list=$(setSelector);if(!(list!=null&&datas["appslistorder"])){return null}IDs=datas["appslistorder"].split(",");items=list.sortable("toArray");rebuild=[];for(i=0,len=items.length;i<len;i++){v=items[i];rebuild[v]=v}for(l=0,len1=IDs.length;l<len1;l++){itemID=IDs[l];if(rebuild[itemID]){item=rebuild[itemID];child=$(setSelector+".ui-sortable").children("#"+item);savedOrd=$(setSelector+".ui-sortable").children("#"+itemID);child.remove();$(setSelector+".ui-sortable").filter(":first").append(savedOrd)}}return 1};isHiddenFormValueSet=function(option){return $("#lmhidden_"+option).length};ping=function(){return $.ajax({type:"POST",url:datas["scriptname"],data:{ping:1},dataType:"json",success:function(data){if(data.result!=null&&data.result===1){return setTimeout(ping,datas["pingInterval"])}else{return location.reload(true)}},error:function(j,t,e){return location.reload(true)}})};window.ping=ping;getCookie=function(cname){var c,ca,i,len,name,re;name=cname+"=";ca=decodeURIComponent(document.cookie).split(";");re=new RegExp("^ *"+cname+"=");for(i=0,len=ca.length;i<len;i++){c=ca[i];if(c.match(re)){c=c.replace(re,"");return c}}return""};setCookie=function(name,value,exdays){var d;d=new Date;d.setTime(d.getTime()+exdays*864e5);return document.cookie=name+"="+value+"; expires="+d.toUTCString()+"; path=/"};datas={};$(document).ready(function(){var action,al,authMenuTabs,back_url,i,l,lang,langdiv,langs,langs2,len,len1,len2,len3,link,m,menuIndex,menuTabs,method,n,nl,nlangs,re,ref,ref1,ref2;datas=getValues();window.datas=datas;if(datas["antiframe"]&&top!==self){top.location.href=location.href}$("#appslist").sortable({axis:"y",cursor:"move",opacity:.5,revert:true,items:"> div.category",update:function(){return setOrder()}});restoreOrder();$("div.message").fadeIn("slow");$("input[name=timezone]").val(-((new Date).getTimezoneOffset()/60));menuTabs=$("#menu").tabs({active:0});menuIndex=$('#menu a[href="#'+datas["displaytab"]+'"]').parent().index();if(menuIndex<0){menuIndex=0}menuTabs.tabs("option","active",menuIndex);authMenuTabs=$("#authMenu").tabs({active:0});if(datas["choicetab"]){authMenuTabs.tabs("option","active",$('#authMenu a[href="#'+datas["choicetab"]+'"]').parent().index())}if(datas["login"]){$("input[type=password]:first").focus()}else{$("input[type!=hidden]:first").focus()}if(datas["newwindow"]){$("#appslist a").attr("target","_blank")}if($("p.removeOther").length){action=$("form.login").attr("action");method=$("form.login").attr("method");back_url="";if(action.indexOf("?")!==-1){action.substring(0,action.indexOf("?"))+"?"}else{back_url=action+"?"}$("form.login input[type=hidden]").each(function(index){return back_url+="&"+$(this).attr("name")+"="+$(this).val()});link=$("p.removeOther a").attr("href")+"&method="+method+"&url="+btoa(back_url);$("p.removeOther a").attr("href",link)}lang=getCookie("llnglanguage");if(!lang){if(navigator){langs=[];langs2=[];nlangs=[navigator.language];if(navigator.languages){nlangs=navigator.languages}ref=window.availableLanguages;for(i=0,len=ref.length;i<len;i++){al=ref[i];langdiv+='<img class="langicon" src="'+window.staticPrefix+"common/"+al+'.png" title="'+al+'" alt="['+al+']"> '}for(l=0,len1=nlangs.length;l<len1;l++){nl=nlangs[l];console.log("Navigator lang",nl);ref1=window.availableLanguages;for(m=0,len2=ref1.length;m<len2;m++){al=ref1[m];console.log(" Available lang",al);re=new RegExp("^"+al+"-?");if(nl.match(re)){console.log("  Matching lang =",al);langs.push(al)}else if(al.substring(0,1)===nl.substring(0,1)){langs2.push(al)}}}lang=langs[0]?langs[0]:langs2[0]?langs2[0]:window.availableLanguages[0]}else{lang=window.availableLanguages[0]}}else if(indexOf.call(window.availableLanguages,lang)<0){lang=window.availableLanguages[0]}console.log("Selected lang ->",lang);setCookie("llnglanguage",lang);translatePage(lang);langdiv="";ref2=window.availableLanguages;for(n=0,len3=ref2.length;n<len3;n++){al=ref2[n];langdiv+='<img class="langicon" src="'+window.staticPrefix+"common/"+al+'.png" title="'+al+'" alt="['+al+']"> '}$("#languages").html(langdiv);$(".langicon").on("click",function(){lang=$(this).attr("title");setCookie("llnglanguage",lang);return translatePage(lang)});if(datas["pingInterval"]&&datas["pingInterval"]>0){window.setTimeout(ping,datas["pingInterval"])}$(".localeDate").each(function(){var s;s=new Date($(this).attr("val")*1e3);return $(this).text(s.toLocaleString())});return $(".oidcConsent").on("click",function(){return removeOidcConsent($(this).attr("partner"))})})}).call(this);
+(function(){var datas,delKey,getCookie,getValues,isHiddenFormValueSet,ping,removeOidcConsent,restoreOrder,setCookie,setKey,setOrder,setSelector,translate,translatePage,translationFields,indexOf=[].indexOf||function(item){for(var i=0,l=this.length;i<l;i++){if(i in this&&this[i]===item)return i}return-1};translationFields={};translatePage=function(lang){return $.getJSON(window.staticPrefix+"languages/"+lang+".json",function(data){var k,ref,ref1,v;translationFields=data;ref=window.datas.trOver.all;for(k in ref){v=ref[k];translationFields[k]=v}if(window.datas.trOver[lang]){ref1=window.datas.trOver[lang];for(k in ref1){v=ref1[k];translationFields[k]=v}}$("[trspan]").each(function(){var args,i,len,txt;args=$(this).attr("trspan").split(",");txt=translate(args.shift());for(i=0,len=args.length;i<len;i++){v=args[i];txt=txt.replace(/%[sd]/,v)}return $(this).text(txt)});$("[trmsg]").each(function(){var msg;$(this).text(translate("PE"+$(this).attr("trmsg")));msg=translate("PE"+$(this).attr("trmsg"));if(msg.match(/_hide_/)){return $(this).parent().hide()}});$("[trplaceholder]").each(function(){return $(this).attr("placeholder",translate($(this).attr("trplaceholder")))});return $("[localtime]").each(function(){var d;d=new Date($(this).attr("localtime")*1e3);return $(this).text(d.toLocaleString())})})};translate=function(str){if(translationFields[str]){return translationFields[str]}else{return str}};window.translate=translate;getValues=function(){var values;values={};$("script[type='application/init']").each(function(){var e,k,results,tmp;try{tmp=JSON.parse($(this).text());results=[];for(k in tmp){results.push(values[k]=tmp[k])}return results}catch(error1){e=error1;console.log("Parsing error",e);return console.log("JSON",$(this).text())}});console.log(values);return values};setSelector="#appslist";setOrder=function(){return setKey("_appsListOrder",$(setSelector).sortable("toArray").join())};removeOidcConsent=function(partner){var e;e=function(j,s,e){return alert(s+" "+e)};return delKey("_oidcConsents",partner,function(){return $("[partner='"+partner+"']").hide()},e)};setKey=function(key,val,success,error){return $.ajax({type:"GET",url:datas["scriptname"]+"/mysession/?gettoken",dataType:"json",error:error,success:function(data){var d;d={token:data.token};d[key]=val;return $.ajax({type:"PUT",url:datas["scriptname"]+"/mysession/persistent",dataType:"json",data:d,success:success,error:error})}})};delKey=function(key,sub,success,error){return $.ajax({type:"GET",url:datas["scriptname"]+"/mysession/?gettoken",dataType:"json",error:error,success:function(data){return $.ajax({type:"DELETE",url:datas["scriptname"]+"/mysession/persistent/"+key+"?sub="+sub+"&token="+data.token,dataType:"json",success:success,error:error})}})};restoreOrder=function(){var IDs,child,i,item,itemID,items,l,len,len1,list,rebuild,savedOrd,v;list=$(setSelector);if(!(list!=null&&datas["appslistorder"])){return null}IDs=datas["appslistorder"].split(",");items=list.sortable("toArray");rebuild=[];for(i=0,len=items.length;i<len;i++){v=items[i];rebuild[v]=v}for(l=0,len1=IDs.length;l<len1;l++){itemID=IDs[l];if(rebuild[itemID]){item=rebuild[itemID];child=$(setSelector+".ui-sortable").children("#"+item);savedOrd=$(setSelector+".ui-sortable").children("#"+itemID);child.remove();$(setSelector+".ui-sortable").filter(":first").append(savedOrd)}}return 1};isHiddenFormValueSet=function(option){return $("#lmhidden_"+option).length};ping=function(){return $.ajax({type:"POST",url:datas["scriptname"],data:{ping:1},dataType:"json",success:function(data){if(data.result!=null&&data.result===1){return setTimeout(ping,datas["pingInterval"])}else{return location.reload(true)}},error:function(j,t,e){return location.reload(true)}})};window.ping=ping;getCookie=function(cname){var c,ca,i,len,name,re;name=cname+"=";ca=decodeURIComponent(document.cookie).split(";");re=new RegExp("^ *"+cname+"=");for(i=0,len=ca.length;i<len;i++){c=ca[i];if(c.match(re)){c=c.replace(re,"");return c}}return""};setCookie=function(name,value,exdays){var d;d=new Date;d.setTime(d.getTime()+exdays*864e5);return document.cookie=name+"="+value+"; expires="+d.toUTCString()+"; path=/"};datas={};$(document).ready(function(){var action,al,authMenuTabs,back_url,i,l,lang,langdiv,langs,langs2,len,len1,len2,len3,link,m,menuIndex,menuTabs,method,n,nl,nlangs,re,ref,ref1,ref2;datas=getValues();window.datas=datas;$("#appslist").sortable({axis:"y",cursor:"move",opacity:.5,revert:true,items:"> div.category",update:function(){return setOrder()}});restoreOrder();$("div.message").fadeIn("slow");$("input[name=timezone]").val(-((new Date).getTimezoneOffset()/60));menuTabs=$("#menu").tabs({active:0});menuIndex=$('#menu a[href="#'+datas["displaytab"]+'"]').parent().index();if(menuIndex<0){menuIndex=0}menuTabs.tabs("option","active",menuIndex);authMenuTabs=$("#authMenu").tabs({active:0});if(datas["choicetab"]){authMenuTabs.tabs("option","active",$('#authMenu a[href="#'+datas["choicetab"]+'"]').parent().index())}if(datas["login"]){$("input[type=password]:first").focus()}else{$("input[type!=hidden]:first").focus()}if(datas["newwindow"]){$("#appslist a").attr("target","_blank")}if($("p.removeOther").length){action=$("form.login").attr("action");method=$("form.login").attr("method");back_url="";if(action.indexOf("?")!==-1){action.substring(0,action.indexOf("?"))+"?"}else{back_url=action+"?"}$("form.login input[type=hidden]").each(function(index){return back_url+="&"+$(this).attr("name")+"="+$(this).val()});link=$("p.removeOther a").attr("href")+"&method="+method+"&url="+btoa(back_url);$("p.removeOther a").attr("href",link)}lang=getCookie("llnglanguage");if(!lang){if(navigator){langs=[];langs2=[];nlangs=[navigator.language];if(navigator.languages){nlangs=navigator.languages}ref=window.availableLanguages;for(i=0,len=ref.length;i<len;i++){al=ref[i];langdiv+='<img class="langicon" src="'+window.staticPrefix+"common/"+al+'.png" title="'+al+'" alt="['+al+']"> '}for(l=0,len1=nlangs.length;l<len1;l++){nl=nlangs[l];console.log("Navigator lang",nl);ref1=window.availableLanguages;for(m=0,len2=ref1.length;m<len2;m++){al=ref1[m];console.log(" Available lang",al);re=new RegExp("^"+al+"-?");if(nl.match(re)){console.log("  Matching lang =",al);langs.push(al)}else if(al.substring(0,1)===nl.substring(0,1)){langs2.push(al)}}}lang=langs[0]?langs[0]:langs2[0]?langs2[0]:window.availableLanguages[0]}else{lang=window.availableLanguages[0]}}else if(indexOf.call(window.availableLanguages,lang)<0){lang=window.availableLanguages[0]}console.log("Selected lang ->",lang);setCookie("llnglanguage",lang);translatePage(lang);langdiv="";ref2=window.availableLanguages;for(n=0,len3=ref2.length;n<len3;n++){al=ref2[n];langdiv+='<img class="langicon" src="'+window.staticPrefix+"common/"+al+'.png" title="'+al+'" alt="['+al+']"> '}$("#languages").html(langdiv);$(".langicon").on("click",function(){lang=$(this).attr("title");setCookie("llnglanguage",lang);return translatePage(lang)});if(datas["pingInterval"]&&datas["pingInterval"]>0){window.setTimeout(ping,datas["pingInterval"])}$(".localeDate").each(function(){var s;s=new Date($(this).attr("val")*1e3);return $(this).text(s.toLocaleString())});return $(".oidcConsent").on("click",function(){return removeOidcConsent($(this).attr("partner"))})})}).call(this);
diff --git a/lemonldap-ng-portal/site/templates/common/script.tpl b/lemonldap-ng-portal/site/templates/common/script.tpl
index 306bf45e3..3c74d46ee 100644
--- a/lemonldap-ng-portal/site/templates/common/script.tpl
+++ b/lemonldap-ng-portal/site/templates/common/script.tpl
@@ -22,7 +22,6 @@
  "choicetab":"<TMPL_VAR NAME="CHOICE_VALUE">",
  "login":"<TMPL_VAR NAME="LOGIN">",
  "newwindow":<TMPL_VAR NAME="NEWWINDOW" DEFAULT="0">,
- "antiframe":<TMPL_VAR NAME="ANTIFRAME" DEFAULT="1">,
  "appslistorder":"<TMPL_VAR NAME="APPSLIST_ORDER">",
  "scriptname":"<TMPL_VAR NAME="SCRIPT_NAME">",
  "activeTimer":<TMPL_VAR NAME="ACTIVE_TIMER" DEFAULT="0">,