From 057e5be34cc3f0c588b702b52b07a967e8b5725f Mon Sep 17 00:00:00 2001
From: Andrew Dryga <andrew@dryga.com>
Date: Thu, 10 Aug 2023 16:00:09 -0500
Subject: [PATCH] Add name query param during client auth redirect

---
 elixir/apps/web/lib/web/auth.ex               |  4 ++-
 .../web/controllers/auth_controller_test.exs  | 34 ++++++++++++++-----
 2 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/elixir/apps/web/lib/web/auth.ex b/elixir/apps/web/lib/web/auth.ex
index feb44a120..49a493089 100644
--- a/elixir/apps/web/lib/web/auth.ex
+++ b/elixir/apps/web/lib/web/auth.ex
@@ -41,7 +41,9 @@ defmodule Web.Auth do
       query =
         %{
           client_auth_token: client_token,
-          client_csrf_token: client_csrf_token
+          client_csrf_token: client_csrf_token,
+          actor_name: subject.actor.name,
+          identity_provider_identifier: subject.identity.provider_identifier
         }
         |> Enum.reject(&is_nil(elem(&1, 1)))
         |> URI.encode_query()
diff --git a/elixir/apps/web/test/web/controllers/auth_controller_test.exs b/elixir/apps/web/test/web/controllers/auth_controller_test.exs
index e7451d224..6d599150c 100644
--- a/elixir/apps/web/test/web/controllers/auth_controller_test.exs
+++ b/elixir/apps/web/test/web/controllers/auth_controller_test.exs
@@ -246,10 +246,10 @@ defmodule Web.AuthControllerTest do
           %{
             "userpass" => %{
               "provider_identifier" => identity.provider_identifier,
-              "secret" => password,
-              "client_platform" => "android",
-              "client_csrf_token" => csrf_token
-            }
+              "secret" => password
+            },
+            "client_platform" => "android",
+            "client_csrf_token" => csrf_token
           }
         )
 
@@ -298,9 +298,9 @@ defmodule Web.AuthControllerTest do
           %{
             "userpass" => %{
               "provider_identifier" => identity.provider_identifier,
-              "secret" => password,
-              "client_platform" => "platform"
-            }
+              "secret" => password
+            },
+            "client_platform" => "platform"
           }
         )
 
@@ -525,8 +525,16 @@ defmodule Web.AuthControllerTest do
         })
 
       assert conn.assigns.flash == %{}
-      assert redirected_to(conn) =~ "firezone://handle_client_auth_callback?client_auth_token="
       assert is_nil(get_session(conn, :client_platform))
+
+      assert redirected_to = conn |> redirected_to() |> URI.parse()
+      assert redirected_to.scheme == "firezone"
+      assert redirected_to.host == "handle_client_auth_callback"
+
+      assert query_params = URI.decode_query(redirected_to.query)
+      assert query_params["actor_name"] == Repo.preload(identity, :actor).actor.name
+      assert not is_nil(query_params["client_auth_token"])
+      assert query_params["identity_provider_identifier"] == identity.provider_identifier
     end
 
     test "renews the session when credentials are valid", %{conn: conn} do
@@ -801,8 +809,16 @@ defmodule Web.AuthControllerTest do
         })
 
       assert conn.assigns.flash == %{}
-      assert redirected_to(conn) =~ "firezone://handle_client_auth_callback?client_auth_token="
       assert is_nil(get_session(conn, :client_platform))
+
+      assert redirected_to = conn |> redirected_to() |> URI.parse()
+      assert redirected_to.scheme == "firezone"
+      assert redirected_to.host == "handle_client_auth_callback"
+
+      assert query_params = URI.decode_query(redirected_to.query)
+      assert query_params["actor_name"] == Repo.preload(identity, :actor).actor.name
+      assert not is_nil(query_params["client_auth_token"])
+      assert query_params["identity_provider_identifier"] == identity.provider_identifier
     end
   end