Add login_hint to permitted params (#123)

* Add login_hint on redirect Permit autofil username/email on redirect * spec(auth0): add login_hint spec on redirect * spec(auth0): add login_hint not_to in other specs * Add more tests Co-authored-by: David <[email protected]>
auth0 · Apr 1, 2021 · 59dc9b7 · 59dc9b7
1 parent 43030b5
commit 59dc9b7
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 1 deletion.
diff --git a/lib/omniauth/strategies/auth0.rb b/lib/omniauth/strategies/auth0.rb
@@ -84,7 +84,7 @@ def client
       # Define the parameters used for the /authorize endpoint
       def authorize_params
         params = super
-        %w[connection connection_scope prompt screen_hint organization invitation].each do |key|
+        %w[connection connection_scope prompt screen_hint login_hint organization invitation].each do |key|
           params[key] = request.params[key] if request.params.key?(key)
         end
 

diff --git a/spec/omniauth/strategies/auth0_spec.rb b/spec/omniauth/strategies/auth0_spec.rb
@@ -91,6 +91,9 @@
       expect(redirect_url).not_to have_query('connection_scope')
       expect(redirect_url).not_to have_query('prompt')
       expect(redirect_url).not_to have_query('screen_hint')
+      expect(redirect_url).not_to have_query('login_hint')
+      expect(redirect_url).not_to have_query('organization')
+      expect(redirect_url).not_to have_query('invitation')
     end
 
     it 'redirects to hosted login page' do
@@ -107,6 +110,9 @@
       expect(redirect_url).not_to have_query('connection_scope')
       expect(redirect_url).not_to have_query('prompt')
       expect(redirect_url).not_to have_query('screen_hint')
+      expect(redirect_url).not_to have_query('login_hint')
+      expect(redirect_url).not_to have_query('organization')
+      expect(redirect_url).not_to have_query('invitation')
     end
 
     it 'redirects to the hosted login page with connection_scope' do
@@ -130,6 +136,9 @@
       expect(redirect_url).to have_query('prompt', 'login')
       expect(redirect_url).not_to have_query('auth0Client')
       expect(redirect_url).not_to have_query('connection')
+      expect(redirect_url).not_to have_query('login_hint')
+      expect(redirect_url).not_to have_query('organization')
+      expect(redirect_url).not_to have_query('invitation')
     end
 
     it 'redirects to hosted login page with screen_hint=signup' do
@@ -144,6 +153,47 @@
       expect(redirect_url).to have_query('screen_hint', 'signup')
       expect(redirect_url).not_to have_query('auth0Client')
       expect(redirect_url).not_to have_query('connection')
+      expect(redirect_url).not_to have_query('login_hint')
+      expect(redirect_url).not_to have_query('organization')
+      expect(redirect_url).not_to have_query('invitation')
+    end
+
+    it 'redirects to hosted login page with organization=TestOrg and invitation=TestInvite' do
+      get 'auth/auth0?organization=TestOrg&invitation=TestInvite'
+      expect(last_response.status).to eq(302)
+      redirect_url = last_response.headers['Location']
+      expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
+      expect(redirect_url).to have_query('response_type', 'code')
+      expect(redirect_url).to have_query('state')
+      expect(redirect_url).to have_query('client_id')
+      expect(redirect_url).to have_query('redirect_uri')
+      expect(redirect_url).to have_query('organization', 'TestOrg')
+      expect(redirect_url).to have_query('invitation', 'TestInvite')
+      expect(redirect_url).not_to have_query('auth0Client')
+      expect(redirect_url).not_to have_query('connection')
+      expect(redirect_url).not_to have_query('connection_scope')
+      expect(redirect_url).not_to have_query('prompt')
+      expect(redirect_url).not_to have_query('screen_hint')
+      expect(redirect_url).not_to have_query('login_hint')
+    end
+
+    it 'redirects to hosted login page with [email protected]' do
+      get 'auth/[email protected]'
+      expect(last_response.status).to eq(302)
+      redirect_url = last_response.headers['Location']
+      expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
+      expect(redirect_url).to have_query('response_type', 'code')
+      expect(redirect_url).to have_query('state')
+      expect(redirect_url).to have_query('client_id')
+      expect(redirect_url).to have_query('redirect_uri')
+      expect(redirect_url).to have_query('login_hint', '[email protected]')
+      expect(redirect_url).not_to have_query('auth0Client')
+      expect(redirect_url).not_to have_query('connection')
+      expect(redirect_url).not_to have_query('connection_scope')
+      expect(redirect_url).not_to have_query('prompt')
+      expect(redirect_url).not_to have_query('screen_hint')
+      expect(redirect_url).not_to have_query('organization')
+      expect(redirect_url).not_to have_query('invitation')
     end
 
     describe 'callback' do