From 1091c47f22dd444d463301e8cf932e2bdd43c2bd Mon Sep 17 00:00:00 2001
From: Jamil <jamilbk@users.noreply.github.com>
Date: Thu, 17 Aug 2023 10:34:24 -0700
Subject: [PATCH] Read client_platform and client_csrf_token from params
 (#1919)

Fixes a small bug where `client_platform` wasn't being added to the
redirect_params in the magic link auth flow, so the token form input was
never shown.

Also adds a `hidden` type input that omits the `class=` attribute and
`div` wrapper.

Feel free to build off this or close and open a more thorough fix if
this is not the desired approach.
---
 .../web/lib/web/components/form_components.ex | 14 +++++++++++++-
 .../lib/web/controllers/auth_controller.ex    | 19 ++++++++++---------
 .../web/controllers/auth_controller_test.exs  |  6 +++---
 3 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/elixir/apps/web/lib/web/components/form_components.ex b/elixir/apps/web/lib/web/components/form_components.ex
index 21b037bda..b7198a340 100644
--- a/elixir/apps/web/lib/web/components/form_components.ex
+++ b/elixir/apps/web/lib/web/components/form_components.ex
@@ -129,7 +129,6 @@ defmodule Web.FormComponents do
     """
   end
 
-  # All other inputs text, datetime-local, url, password, etc. are handled here...
   def input(%{type: "taglist"} = assigns) do
     values =
       if is_nil(assigns.value),
@@ -176,6 +175,19 @@ defmodule Web.FormComponents do
     """
   end
 
+  def input(%{type: "hidden"} = assigns) do
+    ~H"""
+    <input
+      type={@type}
+      name={@name}
+      id={@id}
+      value={Phoenix.HTML.Form.normalize_value(@type, @value)}
+      {@rest}
+    />
+    """
+  end
+
+  # All other inputs text, datetime-local, url, password, etc. are handled here...
   def input(assigns) do
     ~H"""
     <div phx-feedback-for={@name}>
diff --git a/elixir/apps/web/lib/web/controllers/auth_controller.ex b/elixir/apps/web/lib/web/controllers/auth_controller.ex
index ab43664cb..5c565ddf1 100644
--- a/elixir/apps/web/lib/web/controllers/auth_controller.ex
+++ b/elixir/apps/web/lib/web/controllers/auth_controller.ex
@@ -65,10 +65,9 @@ defmodule Web.AuthController do
         %{
           "account_id_or_slug" => account_id_or_slug,
           "provider_id" => provider_id,
-          "email" =>
-            %{
-              "provider_identifier" => provider_identifier
-            } = form
+          "email" => %{
+            "provider_identifier" => provider_identifier
+          }
         } = params
       ) do
     _ =
@@ -76,18 +75,20 @@ defmodule Web.AuthController do
            {:ok, identity} <-
              Domain.Auth.fetch_identity_by_provider_and_identifier(provider, provider_identifier),
            {:ok, identity} <- Domain.Auth.Adapters.Email.request_sign_in_token(identity) do
-        params = Map.take(form, ["client_platform", "client_csrf_token"])
+        sign_in_link_params = Map.take(params, ["client_platform", "client_csrf_token"])
 
-        Web.Mailer.AuthEmail.sign_in_link_email(identity, params)
+        Web.Mailer.AuthEmail.sign_in_link_email(identity, sign_in_link_params)
         |> Web.Mailer.deliver()
       end
 
-    redirect_params = Map.take(form, ["client_platform", "provider_identifier"])
+    redirect_params =
+      Map.take(params, ["client_platform"])
+      |> Map.merge(%{"provider_identifier" => provider_identifier})
 
     conn
     |> maybe_put_resent_flash(params)
-    |> put_session(:client_platform, form["client_platform"])
-    |> put_session(:client_csrf_token, form["client_csrf_token"])
+    |> put_session(:client_platform, params["client_platform"])
+    |> put_session(:client_csrf_token, params["client_csrf_token"])
     |> redirect(
       to: ~p"/#{account_id_or_slug}/sign_in/providers/email/#{provider_id}?#{redirect_params}"
     )
diff --git a/elixir/apps/web/test/web/controllers/auth_controller_test.exs b/elixir/apps/web/test/web/controllers/auth_controller_test.exs
index 5327e0a79..313fb0aa5 100644
--- a/elixir/apps/web/test/web/controllers/auth_controller_test.exs
+++ b/elixir/apps/web/test/web/controllers/auth_controller_test.exs
@@ -357,9 +357,9 @@ defmodule Web.AuthControllerTest do
           ~p"/#{provider.account_id}/sign_in/providers/#{provider.id}/request_magic_link",
           %{
             "email" => %{
-              "provider_identifier" => identity.provider_identifier,
-              "client_platform" => "platform"
-            }
+              "provider_identifier" => identity.provider_identifier
+            },
+            "client_platform" => "platform"
           }
         )