From 6c55e1a9a1038b54e6ebf3b28298ede1fb620114 Mon Sep 17 00:00:00 2001
From: Adam Weeden <adamweeden@gmail.com>
Date: Sat, 29 May 2021 20:38:24 -0400
Subject: [PATCH] Add login.microsoftonline.com to internal login pages (#1205)

* Add login.microsoftonline.com to internal login pages

* Update API.md

Co-authored-by: Ronan Jouchet <ronan@jouchet.fr>

* Add extra messaging for adding to internalLoginPages

Co-authored-by: Ronan Jouchet <ronan@jouchet.fr>
---
 API.md                          | 38 ++++++++++++++++++++++++---------
 app/src/helpers/helpers.test.ts |  5 +++++
 app/src/helpers/helpers.ts      |  4 +++-
 3 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/API.md b/API.md
index ac2aba9..02fff53 100644
--- a/API.md
+++ b/API.md
@@ -62,6 +62,7 @@
   - [URL Handling Options](#url-handling-options)
     - [[block-external-urls]](#block-external-urls)
     - [[internal-urls]](#internal-urls)
+      - [[internal-login-pages]](#internal-login-pages)
     - [[proxy-rules]](#proxy-rules)
   - [Auth Options](#auth-options)
     - [[basic-auth-username] and [basic-auth-password]](#basic-auth-username-and-basic-auth-password)
@@ -770,16 +771,6 @@ once stripped of `www.`. For example, by default,
 - URLs from/to `foo.com`, `app.foo.com`, `www.foo.com` are considered internal.
 - URLs from/to `abc.com` and `xyz.com` are considered external.
 
-*[Breaking change in Nativefier 43.0.0]* Finally, URLs for known login pages
-(e.g. `accounts.google.com` or `login.live.com`) are considered internal.
-This does not replace `internal-urls`, it complements it, and happens *before*
-your `internal-urls` rule is applied. So, if you already set the flag to let such
-auth pages open internally, you don't need to change it but it might be unnecessary.
-
-We think this is desirable behavior and are so far unaware of cases where users
-might not want this. If you disagree, please chime in at
-[PR #1124: App: Automatically consider known login pages as internal](https://github.com/nativefier/nativefier/pull/1124)
-
 Example of `--internal-urls` causing all links to Google to be considered internal:
 
 ```bash
@@ -792,6 +783,33 @@ Or, if you never expect Nativefier to open an "external" page in your OS browser
 nativefier https://google.com --internal-urls ".*?"
 ```
 
+##### Internal Login Pages
+
+*[Breaking change in Nativefier 43.0.0]* Finally, URLs for known login pages
+are considered internal. This does not replace `internal-urls`, it complements
+it, and happens *before* your `internal-urls` rule is applied. So, if you
+already set the flag to let such auth pages open internally, you don't need to
+change it but it might be unnecessary.
+
+Current known internal login pages:
+- `amazon.com/signin`
+- `facebook.com/login`
+- `github.com/login`
+- `github.com/session`
+- `accounts.google.com`
+- `mail.google.com/accounts/SetOSID`
+- `linkedin.com/uas/login`
+- `login.live.com`
+- `login.microsoftonline.com`
+- `okta.com`
+- `twitter.com/oauth/authenticate`
+- `appleid.apple.com/auth/authorize`
+
+Note: While .com is specified, for most of these we try to match even on non-US
+based domains such as `.co.uk` as well
+
+If you think this list is missing a login page that you think should be internal, feel free to submit an [issue](https://github.com/nativefier/nativefier/issues/new?assignees=&labels=bug&template=bug_report.md&title=[New%20internal%20login%20page%20request]%20Your%20login%20page%20here) or even better a pull request!
+
 #### [proxy-rules]
 
 ```
diff --git a/app/src/helpers/helpers.test.ts b/app/src/helpers/helpers.test.ts
index 8b59a8a..4198d96 100644
--- a/app/src/helpers/helpers.test.ts
+++ b/app/src/helpers/helpers.test.ts
@@ -101,6 +101,9 @@ const testLoginPages = [
   'https://login.live.co.uk',
   'https://login.live.com',
   'https://login.live.de',
+  'https://login.microsoftonline.com/common/oauth2/authorize',
+  'https://login.microsoftonline.co.uk/common/oauth2/authorize',
+  'https://login.microsoftonline.de/common/oauth2/authorize',
   'https://okta.co.uk',
   'https://okta.com',
   'https://subdomain.okta.com',
@@ -123,6 +126,8 @@ const testNonLoginPages = [
   'https://www.amazon.com/Node-Cookbook-techniques-server-side-development-ebook',
   'https://github.com/nativefier/nativefier',
   'https://github.com/org/nativefier',
+  'https://microsoft.com',
+  'https://office.microsoftonline.com',
   'https://twitter.com/marcoroth_/status/1325938620906287104',
   'https://appleid.apple.com/account',
   'https://mail.google.com/',
diff --git a/app/src/helpers/helpers.ts b/app/src/helpers/helpers.ts
index 09bcef3..cf9ff01 100644
--- a/app/src/helpers/helpers.ts
+++ b/app/src/helpers/helpers.ts
@@ -20,7 +20,7 @@ export function isWindows(): boolean {
 }
 
 function isInternalLoginPage(url: string): boolean {
-  // Making changes? Remember to update the tests in helpers.test.ts
+  // Making changes? Remember to update the tests in helpers.test.ts and in API.md
   const internalLoginPagesArray = [
     'amazon\\.[a-zA-Z\\.]*/[a-zA-Z\\/]*signin', // Amazon
     `facebook\\.[a-zA-Z\\.]*\\/login`, // Facebook
@@ -29,10 +29,12 @@ function isInternalLoginPage(url: string): boolean {
     'mail\\.google\\.[a-zA-Z\\.]*\\/accounts/SetOSID', // Google
     'linkedin\\.[a-zA-Z\\.]*/uas/login', // LinkedIn
     'login\\.live\\.[a-zA-Z\\.]*', // Microsoft
+    'login\\.microsoftonline\\.[a-zA-Z\\.]*', // Microsoft
     'okta\\.[a-zA-Z\\.]*', // Okta
     'twitter\\.[a-zA-Z\\.]*/oauth/authenticate', // Twitter
     'appleid\\.apple\\.com/auth/authorize', // Apple
   ];
+  // Making changes? Remember to update the tests in helpers.test.ts and in API.md
   const regex = RegExp(internalLoginPagesArray.join('|'));
   return regex.test(url);
 }