From ae272074b9f65fb3c969e2d0e27830c003e33673 Mon Sep 17 00:00:00 2001
From: John Preston <johnprestonmail@gmail.com>
Date: Tue, 31 Jul 2018 20:56:54 +0300
Subject: [PATCH] Add a confirmation for internal passport links.

Fixes #5020.
---
 Telegram/Resources/langs/lang.strings         |  1 +
 Telegram/SourceFiles/application.cpp          | 25 +++++++++++++------
 Telegram/SourceFiles/application.h            |  1 +
 .../SourceFiles/core/click_handler_types.cpp  | 19 ++++++++++----
 4 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/Telegram/Resources/langs/lang.strings b/Telegram/Resources/langs/lang.strings
index 68764ad23..99a7a20c1 100644
--- a/Telegram/Resources/langs/lang.strings
+++ b/Telegram/Resources/langs/lang.strings
@@ -1041,6 +1041,7 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
 
 "lng_open_this_link" = "Open this link?";
 "lng_open_link" = "Open";
+"lng_open_passport_link" = "Open this Telegram Passport authorization?";
 "lng_allow_bot_pass" = "Allow {bot_name} to pass your Telegram name and ID to the web pages you open via this bot?";
 "lng_allow_bot" = "Allow";
 
diff --git a/Telegram/SourceFiles/application.cpp b/Telegram/SourceFiles/application.cpp
index 3b5c5f91e..4f4544c7d 100644
--- a/Telegram/SourceFiles/application.cpp
+++ b/Telegram/SourceFiles/application.cpp
@@ -64,11 +64,10 @@ QString _escapeFrom7bit(const QString &str) {
 
 } // namespace
 
-bool StartUrlRequiresActivate(const QString &url) {
+bool InternalPassportLink(const QString &url) {
 	const auto urlTrimmed = url.trimmed();
-	if (!urlTrimmed.startsWith(qstr("tg://"), Qt::CaseInsensitive)
-		|| Messenger::Instance().locked()) {
-		return true;
+	if (!urlTrimmed.startsWith(qstr("tg://"), Qt::CaseInsensitive)) {
+		return false;
 	}
 	const auto command = urlTrimmed.midRef(qstr("tg://").size());
 
@@ -78,11 +77,23 @@ bool StartUrlRequiresActivate(const QString &url) {
 		qsl("^passport/?\\?(.+)(#|$)"),
 		command,
 		matchOptions);
-	const auto authLegacyMatch = regex_match(
-		qsl("^resolve/?\\?domain=telegrampassport&(.+)(#|$)"),
+	const auto usernameMatch = regex_match(
+		qsl("^resolve/?\\?(.+)(#|$)"),
 		command,
 		matchOptions);
-	return !authMatch->hasMatch() && !authLegacyMatch->hasMatch();
+	const auto usernameValue = usernameMatch->hasMatch()
+		? url_parse_params(
+			usernameMatch->captured(1),
+			UrlParamNameTransform::ToLower).value(qsl("domain"))
+		: QString();
+	const auto authLegacy = (usernameValue == qstr("telegrampassport"));
+	return authMatch->hasMatch() || authLegacy;
+}
+
+bool StartUrlRequiresActivate(const QString &url) {
+	return Messenger::Instance().locked()
+		? true
+		: !InternalPassportLink(url);
 }
 
 Application::Application(
diff --git a/Telegram/SourceFiles/application.h b/Telegram/SourceFiles/application.h
index f047f8bd4..1ee681f4d 100644
--- a/Telegram/SourceFiles/application.h
+++ b/Telegram/SourceFiles/application.h
@@ -12,6 +12,7 @@ class Launcher;
 class UpdateChecker;
 } // namespace Core
 
+bool InternalPassportLink(const QString &url);
 bool StartUrlRequiresActivate(const QString &url);
 
 class Application : public QApplication {
diff --git a/Telegram/SourceFiles/core/click_handler_types.cpp b/Telegram/SourceFiles/core/click_handler_types.cpp
index 5d2b552bd..126236518 100644
--- a/Telegram/SourceFiles/core/click_handler_types.cpp
+++ b/Telegram/SourceFiles/core/click_handler_types.cpp
@@ -9,6 +9,7 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
 
 #include "lang/lang_keys.h"
 #include "messenger.h"
+#include "application.h"
 #include "platform/platform_specific.h"
 #include "history/view/history_view_element.h"
 #include "history/history_item.h"
@@ -142,13 +143,21 @@ TextWithEntities UrlClickHandler::getExpandedLinkTextWithEntities(ExpandLinksMod
 
 void HiddenUrlClickHandler::Open(QString url, QVariant context) {
 	auto urlText = tryConvertUrlToLocal(url);
-
+	const auto open = [=] {
+		UrlClickHandler::Open(urlText, context);
+	};
 	if (urlText.startsWith(qstr("tg://"), Qt::CaseInsensitive)) {
-		Messenger::Instance().openLocalUrl(urlText, context);
+		if (InternalPassportLink(urlText)) {
+			Ui::show(
+				Box<ConfirmBox>(
+					lang(lng_open_passport_link),
+					lang(lng_open_link),
+					[=] { Ui::hideLayer(); open(); }),
+				LayerOption::KeepOther);
+		} else {
+			open();
+		}
 	} else {
-		const auto open = [=] {
-			UrlClickHandler::Open(urlText, context);
-		};
 		auto parsedUrl = QUrl::fromUserInput(urlText);
 		if (UrlRequiresConfirmation(urlText)) {
 			auto displayUrl = parsedUrl.isValid()