From 823144630c948387e386d7f062937e39ce3cf09c Mon Sep 17 00:00:00 2001
From: Evgeny Stepanovych <undsoft@gmail.com>
Date: Sat, 25 May 2024 19:30:36 +0200
Subject: [PATCH 1/2] NAS-128632: Fixing Login to Provider

---
 .../cloudcredentials-form/cloudcredentials-form.component.ts   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/app/pages/system/CloudCredentials/cloudcredentials-form/cloudcredentials-form.component.ts b/src/app/pages/system/CloudCredentials/cloudcredentials-form/cloudcredentials-form.component.ts
index 3ba49ab61c2..1fb4ddc4b62 100644
--- a/src/app/pages/system/CloudCredentials/cloudcredentials-form/cloudcredentials-form.component.ts
+++ b/src/app/pages/system/CloudCredentials/cloudcredentials-form/cloudcredentials-form.component.ts
@@ -1245,6 +1245,9 @@ export class CloudCredentialsFormComponent {
         window.addEventListener('message', doAuth, false);
 
         function doAuth(message) {
+          if (message.origin !== 'https://www.truenas.com') {
+            return;
+          }
           window.removeEventListener('message', doAuth);
           if (message.data.oauth_portal) {
             if (message.data.error) {

From 56d584fcea08c08eb5e503c5618a4da5e33010ba Mon Sep 17 00:00:00 2001
From: Evgeny Stepanovych <undsoft@gmail.com>
Date: Sat, 25 May 2024 19:33:44 +0200
Subject: [PATCH 2/2] NAS-128632: Fixing Login to Provider

---
 .../components/form-oauth-login/form-oauth-login.component.ts  | 3 +++
 src/app/pages/system/email/email.component.ts                  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/app/pages/common/entity/entity-form/components/form-oauth-login/form-oauth-login.component.ts b/src/app/pages/common/entity/entity-form/components/form-oauth-login/form-oauth-login.component.ts
index 67440c2cac2..ab8c6dc2b29 100644
--- a/src/app/pages/common/entity/entity-form/components/form-oauth-login/form-oauth-login.component.ts
+++ b/src/app/pages/common/entity/entity-form/components/form-oauth-login/form-oauth-login.component.ts
@@ -35,6 +35,9 @@ export class FormOauthLoginComponent implements Field {
   }
 
   doAuth(message: OauthJiraMessage): void {
+    if (message.origin !== 'https://www.truenas.com') {
+      return;
+    }
     const token = message.data as string;
     this.group.controls[this.config.name].setValue(token);
   }
diff --git a/src/app/pages/system/email/email.component.ts b/src/app/pages/system/email/email.component.ts
index b922f17128b..a1b88779e25 100644
--- a/src/app/pages/system/email/email.component.ts
+++ b/src/app/pages/system/email/email.component.ts
@@ -285,6 +285,9 @@ export class EmailComponent implements OnDestroy {
             window.addEventListener('message', doAuth, false);
 
             function doAuth(message) {
+              if (message.origin !== 'https://www.truenas.com') {
+                return;
+              }
               if (message.data.oauth_portal) {
                 if (message.data.error) {
                   dialogService.errorReport(T('Error'), message.data.error);