Read client_platform and client_csrf_token from params (#1919)

Fixes a small bug where `client_platform` wasn't being added to the redirect_params in the magic link auth flow, so the token form input was never shown. Also adds a `hidden` type input that omits the `class=` attribute and `div` wrapper. Feel free to build off this or close and open a more thorough fix if this is not the desired approach.
2026-01-27 10:18:54 +00:00 · 2023-08-17 10:34:24 -07:00
parent 82e70411ae
commit 1091c47f22
3 changed files with 26 additions and 13 deletions
--- a/elixir/apps/web/lib/web/components/form_components.ex
+++ b/elixir/apps/web/lib/web/components/form_components.ex
@@ -129,7 +129,6 @@ defmodule Web.FormComponents do
    """
  end

-  # All other inputs text, datetime-local, url, password, etc. are handled here...
  def input(%{type: "taglist"} = assigns) do
    values =
      if is_nil(assigns.value),
@@ -176,6 +175,19 @@ defmodule Web.FormComponents do
    """
  end

+  def input(%{type: "hidden"} = assigns) do
+    ~H"""
+    <input
+      type={@type}
+      name={@name}
+      id={@id}
+      value={Phoenix.HTML.Form.normalize_value(@type, @value)}
+      {@rest}
+    />
+    """
+  end
+
+  # All other inputs text, datetime-local, url, password, etc. are handled here...
  def input(assigns) do
    ~H"""
    <div phx-feedback-for={@name}>
--- a/elixir/apps/web/lib/web/controllers/auth_controller.ex
+++ b/elixir/apps/web/lib/web/controllers/auth_controller.ex
@@ -65,10 +65,9 @@ defmodule Web.AuthController do
        %{
          "account_id_or_slug" => account_id_or_slug,
          "provider_id" => provider_id,
-          "email" =>
-            %{
-              "provider_identifier" => provider_identifier
-            } = form
+          "email" => %{
+            "provider_identifier" => provider_identifier
+          }
        } = params
      ) do
    _ =
@@ -76,18 +75,20 @@ defmodule Web.AuthController do
           {:ok, identity} <-
             Domain.Auth.fetch_identity_by_provider_and_identifier(provider, provider_identifier),
           {:ok, identity} <- Domain.Auth.Adapters.Email.request_sign_in_token(identity) do
-        params = Map.take(form, ["client_platform", "client_csrf_token"])
+        sign_in_link_params = Map.take(params, ["client_platform", "client_csrf_token"])

-        Web.Mailer.AuthEmail.sign_in_link_email(identity, params)
+        Web.Mailer.AuthEmail.sign_in_link_email(identity, sign_in_link_params)
        |> Web.Mailer.deliver()
      end

-    redirect_params = Map.take(form, ["client_platform", "provider_identifier"])
+    redirect_params =
+      Map.take(params, ["client_platform"])
+      |> Map.merge(%{"provider_identifier" => provider_identifier})

    conn
    |> maybe_put_resent_flash(params)
-    |> put_session(:client_platform, form["client_platform"])
-    |> put_session(:client_csrf_token, form["client_csrf_token"])
+    |> put_session(:client_platform, params["client_platform"])
+    |> put_session(:client_csrf_token, params["client_csrf_token"])
    |> redirect(
      to: ~p"/#{account_id_or_slug}/sign_in/providers/email/#{provider_id}?#{redirect_params}"
    )
--- a/elixir/apps/web/test/web/controllers/auth_controller_test.exs
+++ b/elixir/apps/web/test/web/controllers/auth_controller_test.exs
@@ -357,9 +357,9 @@ defmodule Web.AuthControllerTest do
          ~p"/#{provider.account_id}/sign_in/providers/#{provider.id}/request_magic_link",
          %{
            "email" => %{
-              "provider_identifier" => identity.provider_identifier,
-              "client_platform" => "platform"
-            }
+              "provider_identifier" => identity.provider_identifier
+            },
+            "client_platform" => "platform"
          }
        )