From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 2F3771FF138 for ; Wed, 04 Feb 2026 17:14:30 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 69B2F1A3CC; Wed, 4 Feb 2026 17:14:34 +0100 (CET) From: Arthur Bied-Charreton To: pve-devel@lists.proxmox.com Subject: [PATCH pve-manager 4/5] notifications: Handle OAuth2 callback in login handler Date: Wed, 4 Feb 2026 17:13:51 +0100 Message-ID: <20260204161354.458814-13-a.bied-charreton@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260204161354.458814-1-a.bied-charreton@proxmox.com> References: <20260204161354.458814-1-a.bied-charreton@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.116 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Message-ID-Hash: AKYJ2MJIRKWDZHCFAZ7E53XT4DQCQRPX X-Message-ID-Hash: AKYJ2MJIRKWDZHCFAZ7E53XT4DQCQRPX X-MailFrom: abied-charreton@jett.proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The OAuth2 flow redirects to the service's origin (window.location.origin) after successful authentication. The callback handler infers whether the login was triggered as the result of an OAuth2 redirect based on the presence of the code, scope, and state URL parameters. It then communicates the authentication results back to the parent window, which is responsible for closing it. Signed-off-by: Arthur Bied-Charreton --- www/manager6/Workspace.js | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/www/manager6/Workspace.js b/www/manager6/Workspace.js index b8061c2a..1e79dd57 100644 --- a/www/manager6/Workspace.js +++ b/www/manager6/Workspace.js @@ -150,9 +150,29 @@ Ext.define('PVE.StdWorkspace', { me.down('pveResourceTree').selectById(nodeid); }, + handleOauth2Callback: function (params) { + const code = params.get('code'); + const scope = params.get('scope'); + const state = params.get('state'); + + // If true, this window was opened by the OAuth2 button handler from the + // SMTP notification targets edit panel. + // + // Since we got here through a redirect, this window is not script-closable, + // and we rely on the parent window to close it in its broadcast channel's + // message handler. + if (code && scope && state) { + const { channelName } = JSON.parse(decodeURIComponent(state)); + const bc = new BroadcastChannel(channelName); + bc.postMessage({ code, scope }); + } + }, + onLogin: function (loginData) { let me = this; + me.handleOauth2Callback(new URLSearchParams(window.location.search)); + me.updateUserInfo(); if (loginData) { -- 2.47.3