зеркало из https://github.com/mozilla/fxa.git
Merge pull request #16430 from mozilla/fxa-9035-prompt-none
feat(auth): allow prompt=none without hint
This commit is contained in:
Коммит
e4e6863100
|
@ -9,8 +9,15 @@
|
|||
"name": "next"
|
||||
}
|
||||
],
|
||||
"types": ["jest", "node"],
|
||||
"lib": ["dom", "dom.iterable", "esnext"]
|
||||
"types": [
|
||||
"jest",
|
||||
"node"
|
||||
],
|
||||
"lib": [
|
||||
"dom",
|
||||
"dom.iterable",
|
||||
"esnext"
|
||||
]
|
||||
},
|
||||
"include": [
|
||||
"**/*.ts",
|
||||
|
@ -19,7 +26,8 @@
|
|||
"**/*.jsx",
|
||||
"../../../apps/payments/next/.next/types/**/*.ts",
|
||||
"../../../dist/apps/payments/next/.next/types/**/*.ts",
|
||||
"next-env.d.ts"
|
||||
"next-env.d.ts",
|
||||
".next/types/**/*.ts"
|
||||
],
|
||||
"exclude": [
|
||||
"node_modules",
|
||||
|
|
|
@ -165,36 +165,6 @@ test.describe('severity-1 #smoke', () => {
|
|||
}
|
||||
});
|
||||
|
||||
test('fails if no login_hint', async ({
|
||||
page,
|
||||
target,
|
||||
pages: { relier, login },
|
||||
}) => {
|
||||
await target.auth.signUp(email, password, {
|
||||
lang: 'en',
|
||||
preVerified: 'true',
|
||||
});
|
||||
await page.goto(target.contentServerUrl, {
|
||||
waitUntil: 'load',
|
||||
});
|
||||
await login.fillOutEmailFirstSignIn(email, password);
|
||||
|
||||
//Verify logged in on Settings page
|
||||
expect(await login.isUserLoggedIn()).toBe(true);
|
||||
|
||||
const query = new URLSearchParams({
|
||||
return_on_error: 'false',
|
||||
});
|
||||
await page.goto(`${target.relierUrl}/?${query.toString()}`);
|
||||
|
||||
await relier.signInPromptNone();
|
||||
|
||||
//Verify error message
|
||||
expect(await relier.promptNoneError()).toContain(
|
||||
'Missing OAuth parameter: login_hint'
|
||||
);
|
||||
});
|
||||
|
||||
test('fails if login_hint is different to logged in user', async ({
|
||||
page,
|
||||
target,
|
||||
|
@ -254,5 +224,33 @@ test.describe('severity-1 #smoke', () => {
|
|||
//Verify logged in to relier
|
||||
expect(await relier.isLoggedIn()).toBe(true);
|
||||
});
|
||||
|
||||
test('succeeds if no login_hint is provided', async ({
|
||||
page,
|
||||
target,
|
||||
pages: { relier, login },
|
||||
}) => {
|
||||
await target.auth.signUp(email, password, {
|
||||
lang: 'en',
|
||||
preVerified: 'true',
|
||||
});
|
||||
await page.goto(target.contentServerUrl, {
|
||||
waitUntil: 'load',
|
||||
});
|
||||
await login.fillOutEmailFirstSignIn(email, password);
|
||||
|
||||
//Verify logged in on Settings page
|
||||
expect(await login.isUserLoggedIn()).toBe(true);
|
||||
|
||||
const query = new URLSearchParams({
|
||||
return_on_error: 'false',
|
||||
});
|
||||
await page.goto(`${target.relierUrl}/?${query.toString()}`);
|
||||
|
||||
await relier.signInPromptNone();
|
||||
|
||||
//Verify logged in to relier
|
||||
expect(await relier.isLoggedIn()).toBe(true);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
@ -449,23 +449,13 @@ var OAuthRelier = Relier.extend({
|
|||
);
|
||||
}
|
||||
});
|
||||
} else {
|
||||
if (!requestedEmail) {
|
||||
// yeah yeah, it's a bit strange to look at `email`
|
||||
// and then say `login_hint` is missing. `login_hint`
|
||||
// is the OIDC spec compliant name, we supported `email` first
|
||||
// and don't want to break backwards compatibility.
|
||||
// `login_hint` is copied to the `email` field if no `email`
|
||||
// is specified. If neither is available, throw an error
|
||||
// about `login_hint` since it's spec compliant.
|
||||
throw OAuthErrors.toMissingParameterError('login_hint');
|
||||
}
|
||||
|
||||
if (requestedEmail !== account.get('email')) {
|
||||
throw OAuthErrors.toError('PROMPT_NONE_DIFFERENT_USER_SIGNED_IN');
|
||||
}
|
||||
return Promise.resolve();
|
||||
}
|
||||
|
||||
if (requestedEmail && requestedEmail !== account.get('email')) {
|
||||
throw OAuthErrors.toError('PROMPT_NONE_DIFFERENT_USER_SIGNED_IN');
|
||||
}
|
||||
|
||||
return Promise.resolve();
|
||||
})
|
||||
.then(() => {
|
||||
// account has all the right bits associated with it,
|
||||
|
|
|
@ -871,9 +871,14 @@ describe('models/reliers/oauth', () => {
|
|||
});
|
||||
});
|
||||
|
||||
it('rejects if the client does not specify an email or id_token_hint', () => {
|
||||
it('allow if the client does not specify an email or id_token_hint', () => {
|
||||
relier.unset('email');
|
||||
relier.unset('idTokenHint');
|
||||
sinon.stub(account, 'sessionVerificationStatus').callsFake(() => {
|
||||
return Promise.resolve({
|
||||
verified: true,
|
||||
});
|
||||
});
|
||||
account.set({
|
||||
email: 'testuser@testuser.com',
|
||||
sessionToken: 'token',
|
||||
|
@ -881,10 +886,7 @@ describe('models/reliers/oauth', () => {
|
|||
});
|
||||
return relier
|
||||
.validatePromptNoneRequest(account)
|
||||
.then(assert.fail, (err) => {
|
||||
assert.isTrue(OAuthErrors.is(err, 'MISSING_PARAMETER'));
|
||||
assert.equal(err.param, 'login_hint');
|
||||
});
|
||||
.then(assert.true, assert.fail);
|
||||
});
|
||||
|
||||
it('rejects if no user is signed in', () => {
|
||||
|
|
Загрузка…
Ссылка в новой задаче