Merge pull request #16430 from mozilla/fxa-9035-prompt-none

feat(auth): allow prompt=none without hint
This commit is contained in:
Reino Muhl 2024-02-21 10:16:12 -05:00 коммит произвёл GitHub
Родитель 5cbe36242d 7ebc865705
Коммит e4e6863100
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
4 изменённых файлов: 52 добавлений и 54 удалений

Просмотреть файл

@ -9,8 +9,15 @@
"name": "next"
}
],
"types": ["jest", "node"],
"lib": ["dom", "dom.iterable", "esnext"]
"types": [
"jest",
"node"
],
"lib": [
"dom",
"dom.iterable",
"esnext"
]
},
"include": [
"**/*.ts",
@ -19,7 +26,8 @@
"**/*.jsx",
"../../../apps/payments/next/.next/types/**/*.ts",
"../../../dist/apps/payments/next/.next/types/**/*.ts",
"next-env.d.ts"
"next-env.d.ts",
".next/types/**/*.ts"
],
"exclude": [
"node_modules",

Просмотреть файл

@ -165,36 +165,6 @@ test.describe('severity-1 #smoke', () => {
}
});
test('fails if no login_hint', async ({
page,
target,
pages: { relier, login },
}) => {
await target.auth.signUp(email, password, {
lang: 'en',
preVerified: 'true',
});
await page.goto(target.contentServerUrl, {
waitUntil: 'load',
});
await login.fillOutEmailFirstSignIn(email, password);
//Verify logged in on Settings page
expect(await login.isUserLoggedIn()).toBe(true);
const query = new URLSearchParams({
return_on_error: 'false',
});
await page.goto(`${target.relierUrl}/?${query.toString()}`);
await relier.signInPromptNone();
//Verify error message
expect(await relier.promptNoneError()).toContain(
'Missing OAuth parameter: login_hint'
);
});
test('fails if login_hint is different to logged in user', async ({
page,
target,
@ -254,5 +224,33 @@ test.describe('severity-1 #smoke', () => {
//Verify logged in to relier
expect(await relier.isLoggedIn()).toBe(true);
});
test('succeeds if no login_hint is provided', async ({
page,
target,
pages: { relier, login },
}) => {
await target.auth.signUp(email, password, {
lang: 'en',
preVerified: 'true',
});
await page.goto(target.contentServerUrl, {
waitUntil: 'load',
});
await login.fillOutEmailFirstSignIn(email, password);
//Verify logged in on Settings page
expect(await login.isUserLoggedIn()).toBe(true);
const query = new URLSearchParams({
return_on_error: 'false',
});
await page.goto(`${target.relierUrl}/?${query.toString()}`);
await relier.signInPromptNone();
//Verify logged in to relier
expect(await relier.isLoggedIn()).toBe(true);
});
});
});

Просмотреть файл

@ -449,23 +449,13 @@ var OAuthRelier = Relier.extend({
);
}
});
} else {
if (!requestedEmail) {
// yeah yeah, it's a bit strange to look at `email`
// and then say `login_hint` is missing. `login_hint`
// is the OIDC spec compliant name, we supported `email` first
// and don't want to break backwards compatibility.
// `login_hint` is copied to the `email` field if no `email`
// is specified. If neither is available, throw an error
// about `login_hint` since it's spec compliant.
throw OAuthErrors.toMissingParameterError('login_hint');
}
if (requestedEmail !== account.get('email')) {
throw OAuthErrors.toError('PROMPT_NONE_DIFFERENT_USER_SIGNED_IN');
}
return Promise.resolve();
}
if (requestedEmail && requestedEmail !== account.get('email')) {
throw OAuthErrors.toError('PROMPT_NONE_DIFFERENT_USER_SIGNED_IN');
}
return Promise.resolve();
})
.then(() => {
// account has all the right bits associated with it,

Просмотреть файл

@ -871,9 +871,14 @@ describe('models/reliers/oauth', () => {
});
});
it('rejects if the client does not specify an email or id_token_hint', () => {
it('allow if the client does not specify an email or id_token_hint', () => {
relier.unset('email');
relier.unset('idTokenHint');
sinon.stub(account, 'sessionVerificationStatus').callsFake(() => {
return Promise.resolve({
verified: true,
});
});
account.set({
email: 'testuser@testuser.com',
sessionToken: 'token',
@ -881,10 +886,7 @@ describe('models/reliers/oauth', () => {
});
return relier
.validatePromptNoneRequest(account)
.then(assert.fail, (err) => {
assert.isTrue(OAuthErrors.is(err, 'MISSING_PARAMETER'));
assert.equal(err.param, 'login_hint');
});
.then(assert.true, assert.fail);
});
it('rejects if no user is signed in', () => {