diff --git a/app/[lang]/(live)/(public)/login/route.ts b/app/[lang]/(live)/(public)/login/route.ts index 0a82def28..c3eace66f 100644 --- a/app/[lang]/(live)/(public)/login/route.ts +++ b/app/[lang]/(live)/(public)/login/route.ts @@ -16,6 +16,7 @@ export async function GET( const returnUrl = request.headers.get("x-returnurl") const isMFA = request.headers.get("x-mfa-login") + const isMagicLinkLogin = !!request.headers.get("x-magic-link") if (returnUrl) { // Seamless login request from Current web @@ -86,33 +87,37 @@ export async function GET( console.log({ login_env: process.env }) console.log({ login_redirectTo: redirectTo }) - const params = isMFA - ? { - ui_locales: context.params.lang, - scope: ["profile_update", "openid", "profile"].join(" "), - /** - * The below acr value is required as for New Web same Curity Client is used for MFA - * while in current web it is being setup using different Curity Client - */ - acr_values: - "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web", - for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "", - } - : { - ui_locales: context.params.lang, - scope: ["openid", "profile"].join(" "), - /** - * The `acr_values` param is used to make Curity display the proper login - * page for Scandic. Without the parameter Curity presents some choices - * to the user which we do not want. - */ - acr_values: "acr", - /** - * The `for_origin` param is used to make Curity email login functionality working. - * Without the parameter Curity gives Internal Error issue for login with Email link. - */ - for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "", - } + const params = { + ui_locales: context.params.lang, + scope: ["openid", "profile"].join(" "), + /** + * The `acr_values` param is used to make Curity display the proper login + * page for Scandic. Without the parameter Curity presents some choices + * to the user which we do not want. + */ + acr_values: "acr", + /** + * The `for_origin` param is used to make Curity email login functionality working. + * Without the parameter Curity gives Internal Error issue for login with Email link. + */ + for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "", + /** + * This is new param set for differentiate between + * the Magic link login of New web and current web + */ + version: "2", + } + if (isMFA) { + params.scope = ["profile_update", "openid", "profile"].join(" ") + /** + * The below acr value is required as for New Web same Curity Client is used for MFA + * while in current web it is being setup using different Curity Client + */ + params.acr_values = + "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web" + } else if (isMagicLinkLogin) { + params.acr_values = "abc" + } const redirectUrl = await signIn( "curity", { diff --git a/app/[lang]/(live)/(public)/verifymagiclink/route.ts b/app/[lang]/(live)/(public)/verifymagiclink/route.ts index 829379bf8..0544f9b97 100644 --- a/app/[lang]/(live)/(public)/verifymagiclink/route.ts +++ b/app/[lang]/(live)/(public)/verifymagiclink/route.ts @@ -27,13 +27,14 @@ export async function GET( } // Remove Seamless login as it doesn't work with Magic link login due to different authenticators - if (redirectTo.indexOf("updatelogin?returnurl") !== -1) { - // Additional URL decode required as url in the query parameter is encoded twice as - // passed in query param and further in cookie value. - redirectTo = decodeURIComponent( - redirectTo.substring(redirectTo.indexOf("returnurl") + 10) - ) - } + // if (redirectTo.indexOf("updatelogin?returnurl") !== -1) { + // // Additional URL decode required as url in the query parameter is encoded twice as + // // passed in query param and further in cookie value. + // redirectTo = decodeURIComponent( + // redirectTo.substring(redirectTo.indexOf("returnurl") + 10) + // ) + // } + redirectTo = redirectTo.replace("updatelogin", "updateloginemail") loginKey = request.nextUrl.searchParams.get("loginKey") @@ -61,9 +62,11 @@ export async function GET( }, { ui_locales: context.params.lang, + scope: ["openid", "profile"].join(" "), loginKey: loginKey, - acr_values: "cat", - prompt: "login", + for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "", + acr_values: "abc", + version: "2", } ) diff --git a/middleware.ts b/middleware.ts index 8400a3596..c5ddc12db 100644 --- a/middleware.ts +++ b/middleware.ts @@ -5,6 +5,7 @@ import * as authRequired from "./middlewares/authRequired" import * as bookingFlow from "./middlewares/bookingFlow" import * as cmsContent from "./middlewares/cmsContent" import * as currentWebLogin from "./middlewares/currentWebLogin" +import * as currentWebLoginEmail from "./middlewares/currentWebLoginEmail" import * as currentWebLogout from "./middlewares/currentWebLogout" import * as handleAuth from "./middlewares/handleAuth" import * as myPages from "./middlewares/myPages" @@ -31,6 +32,7 @@ export const middleware: NextMiddleware = async (request, event) => { const middlewares = [ currentWebLogin, + currentWebLoginEmail, currentWebLogout, authRequired, handleAuth, diff --git a/middlewares/currentWebLoginEmail.ts b/middlewares/currentWebLoginEmail.ts new file mode 100644 index 000000000..9e27016ed --- /dev/null +++ b/middlewares/currentWebLoginEmail.ts @@ -0,0 +1,33 @@ +import { NextResponse } from "next/server" + +import { badRequest } from "@/server/errors/next" + +import { findLang } from "@/utils/languages" + +import type { NextMiddleware } from "next/server" + +import type { MiddlewareMatcher } from "@/types/middleware" + +export const middleware: NextMiddleware = (request) => { + const returnUrl = request.nextUrl.searchParams.get("returnurl") + + if (!returnUrl) { + return badRequest() + } + + const lang = findLang(request.nextUrl.pathname)! + + const headers = new Headers(request.headers) + headers.set("x-returnurl", returnUrl) + headers.set("x-magic-link", "1") + + return NextResponse.rewrite(new URL(`/${lang}/login`, request.nextUrl), { + request: { + headers, + }, + }) +} + +export const matcher: MiddlewareMatcher = (request) => { + return request.nextUrl.pathname.endsWith("/updateloginemail") +}