Add name query param during client auth redirect

2026-01-27 10:18:54 +00:00 · 2023-08-10 16:00:09 -05:00
parent 15887a27ea
commit 057e5be34c
2 changed files with 28 additions and 10 deletions
--- a/elixir/apps/web/lib/web/auth.ex
+++ b/elixir/apps/web/lib/web/auth.ex
@@ -41,7 +41,9 @@ defmodule Web.Auth do
      query =
        %{
          client_auth_token: client_token,
-          client_csrf_token: client_csrf_token
+          client_csrf_token: client_csrf_token,
+          actor_name: subject.actor.name,
+          identity_provider_identifier: subject.identity.provider_identifier
        }
        |> Enum.reject(&is_nil(elem(&1, 1)))
        |> URI.encode_query()
--- a/elixir/apps/web/test/web/controllers/auth_controller_test.exs
+++ b/elixir/apps/web/test/web/controllers/auth_controller_test.exs
@@ -246,10 +246,10 @@ defmodule Web.AuthControllerTest do
          %{
            "userpass" => %{
              "provider_identifier" => identity.provider_identifier,
-              "secret" => password,
-              "client_platform" => "android",
-              "client_csrf_token" => csrf_token
-            }
+              "secret" => password
+            },
+            "client_platform" => "android",
+            "client_csrf_token" => csrf_token
          }
        )

@@ -298,9 +298,9 @@ defmodule Web.AuthControllerTest do
          %{
            "userpass" => %{
              "provider_identifier" => identity.provider_identifier,
-              "secret" => password,
-              "client_platform" => "platform"
-            }
+              "secret" => password
+            },
+            "client_platform" => "platform"
          }
        )

@@ -525,8 +525,16 @@ defmodule Web.AuthControllerTest do
        })

      assert conn.assigns.flash == %{}
-      assert redirected_to(conn) =~ "firezone://handle_client_auth_callback?client_auth_token="
      assert is_nil(get_session(conn, :client_platform))
+
+      assert redirected_to = conn |> redirected_to() |> URI.parse()
+      assert redirected_to.scheme == "firezone"
+      assert redirected_to.host == "handle_client_auth_callback"
+
+      assert query_params = URI.decode_query(redirected_to.query)
+      assert query_params["actor_name"] == Repo.preload(identity, :actor).actor.name
+      assert not is_nil(query_params["client_auth_token"])
+      assert query_params["identity_provider_identifier"] == identity.provider_identifier
    end

    test "renews the session when credentials are valid", %{conn: conn} do
@@ -801,8 +809,16 @@ defmodule Web.AuthControllerTest do
        })

      assert conn.assigns.flash == %{}
-      assert redirected_to(conn) =~ "firezone://handle_client_auth_callback?client_auth_token="
      assert is_nil(get_session(conn, :client_platform))
+
+      assert redirected_to = conn |> redirected_to() |> URI.parse()
+      assert redirected_to.scheme == "firezone"
+      assert redirected_to.host == "handle_client_auth_callback"
+
+      assert query_params = URI.decode_query(redirected_to.query)
+      assert query_params["actor_name"] == Repo.preload(identity, :actor).actor.name
+      assert not is_nil(query_params["client_auth_token"])
+      assert query_params["identity_provider_identifier"] == identity.provider_identifier
    end
  end