mirror of
https://github.com/zulip/zulip-desktop.git
synced 2025-11-07 23:43:23 +00:00
49b29bfed6
Moves the social login to browser since there was no way to verify the authencity of the auth process for a custom server and to prevent phishing attacks. Fixes #849. Co-authored-by: Kanishk Kakar <kanishk.kakar@gmail.com>
37 lines
848 B
TypeScript
37 lines
848 B
TypeScript
import { remote } from 'electron';
|
|
|
|
import cryptoRandomString = require('crypto-random-string');
|
|
import ConfigUtil = require('./config-util');
|
|
|
|
const { shell } = remote;
|
|
|
|
class AuthUtil {
|
|
openInBrowser = (link: string) => {
|
|
const otp = cryptoRandomString({length: 64});
|
|
ConfigUtil.setConfigItem('desktopOtp', otp);
|
|
shell.openExternal(`${link}?desktop_flow_otp=${otp}`);
|
|
};
|
|
|
|
xorStrings = (a: string, b: string): string => {
|
|
if (a.length === b.length) {
|
|
return a
|
|
.split('')
|
|
.map((char, i) => (parseInt(a[i], 16) ^ parseInt(b[i], 16)).toString(16))
|
|
.join('')
|
|
.toUpperCase();
|
|
} else {
|
|
return '';
|
|
}
|
|
};
|
|
|
|
hexToAscii = (hex: string) => {
|
|
let ascii = '';
|
|
for (let i = 0; i < hex.length; i += 2) {
|
|
ascii += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
|
|
}
|
|
return ascii;
|
|
};
|
|
}
|
|
|
|
export = new AuthUtil();
|