feat(SW-158): Implemented seamless login in magic link login

app/[lang]/(live)/(public)/login/route.ts

@@ -16,6 +16,7 @@ export async function GET(
 
   const returnUrl = request.headers.get("x-returnurl")
   const isMFA = request.headers.get("x-mfa-login")
+  const isMagicLinkLogin = !!request.headers.get("x-magic-link")
 
   if (returnUrl) {
     // Seamless login request from Current web
@@ -86,33 +87,37 @@ export async function GET(
     console.log({ login_env: process.env })
 
     console.log({ login_redirectTo: redirectTo })
-    const params = isMFA
+    const params = {
-      ? {
+      ui_locales: context.params.lang,
-          ui_locales: context.params.lang,
+      scope: ["openid", "profile"].join(" "),
-          scope: ["profile_update", "openid", "profile"].join(" "),
+      /**
-          /**
+       * The `acr_values` param is used to make Curity display the proper login
-           * The below acr value is required as for New Web same Curity Client is used for MFA
+       * page for Scandic. Without the parameter Curity presents some choices
-           * while in current web it is being setup using different Curity Client
+       * to the user which we do not want.
-           */
+       */
-          acr_values:
+      acr_values: "acr",
-            "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web",
+      /**
-          for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
+       * The `for_origin` param is used to make Curity email login functionality working.
-        }
+       * Without the parameter Curity gives Internal Error issue for login with Email link.
-      : {
+       */
-          ui_locales: context.params.lang,
+      for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
-          scope: ["openid", "profile"].join(" "),
+      /**
-          /**
+       * This is new param set for differentiate between
-           * The `acr_values` param is used to make Curity display the proper login
+       * the Magic link login of New web and current web
-           * page for Scandic. Without the parameter Curity presents some choices
+       */
-           * to the user which we do not want.
+      version: "2",
-           */
+    }
-          acr_values: "acr",
+    if (isMFA) {
-          /**
+      params.scope = ["profile_update", "openid", "profile"].join(" ")
-           * The `for_origin` param is used to make Curity email login functionality working.
+      /**
-           * Without the parameter Curity gives Internal Error issue for login with Email link.
+       * The below acr value is required as for New Web same Curity Client is used for MFA
-           */
+       * while in current web it is being setup using different Curity Client
-          for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
+       */
-        }
+      params.acr_values =
+        "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web"
+    } else if (isMagicLinkLogin) {
+      params.acr_values = "abc"
+    }
     const redirectUrl = await signIn(
       "curity",
       {

app/[lang]/(live)/(public)/verifymagiclink/route.ts

@@ -27,13 +27,14 @@ export async function GET(
   }
 
   // Remove Seamless login as it doesn't work with Magic link login due to different authenticators
-  if (redirectTo.indexOf("updatelogin?returnurl") !== -1) {
+  // if (redirectTo.indexOf("updatelogin?returnurl") !== -1) {
-    // Additional URL decode required as url in the query parameter is encoded twice as
+  //   // Additional URL decode required as url in the query parameter is encoded twice as
-    // passed in query param and further in cookie value.
+  //   // passed in query param and further in cookie value.
-    redirectTo = decodeURIComponent(
+  //   redirectTo = decodeURIComponent(
-      redirectTo.substring(redirectTo.indexOf("returnurl") + 10)
+  //     redirectTo.substring(redirectTo.indexOf("returnurl") + 10)
-    )
+  //   )
-  }
+  // }
+  redirectTo = redirectTo.replace("updatelogin", "updateloginemail")
 
   loginKey = request.nextUrl.searchParams.get("loginKey")
 
@@ -61,9 +62,11 @@ export async function GET(
       },
       {
         ui_locales: context.params.lang,
+        scope: ["openid", "profile"].join(" "),
         loginKey: loginKey,
-        acr_values: "cat",
+        for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
-        prompt: "login",
+        acr_values: "abc",
+        version: "2",
       }
     )
 

middleware.ts

@@ -5,6 +5,7 @@ import * as authRequired from "./middlewares/authRequired"
 import * as bookingFlow from "./middlewares/bookingFlow"
 import * as cmsContent from "./middlewares/cmsContent"
 import * as currentWebLogin from "./middlewares/currentWebLogin"
+import * as currentWebLoginEmail from "./middlewares/currentWebLoginEmail"
 import * as currentWebLogout from "./middlewares/currentWebLogout"
 import * as handleAuth from "./middlewares/handleAuth"
 import * as myPages from "./middlewares/myPages"
@@ -31,6 +32,7 @@ export const middleware: NextMiddleware = async (request, event) => {
 
   const middlewares = [
     currentWebLogin,
+    currentWebLoginEmail,
     currentWebLogout,
     authRequired,
     handleAuth,

middlewares/currentWebLoginEmail.ts

@@ -0,0 +1,33 @@
+import { NextResponse } from "next/server"
+
+import { badRequest } from "@/server/errors/next"
+
+import { findLang } from "@/utils/languages"
+
+import type { NextMiddleware } from "next/server"
+
+import type { MiddlewareMatcher } from "@/types/middleware"
+
+export const middleware: NextMiddleware = (request) => {
+  const returnUrl = request.nextUrl.searchParams.get("returnurl")
+
+  if (!returnUrl) {
+    return badRequest()
+  }
+
+  const lang = findLang(request.nextUrl.pathname)!
+
+  const headers = new Headers(request.headers)
+  headers.set("x-returnurl", returnUrl)
+  headers.set("x-magic-link", "1")
+
+  return NextResponse.rewrite(new URL(`/${lang}/login`, request.nextUrl), {
+    request: {
+      headers,
+    },
+  })
+}
+
+export const matcher: MiddlewareMatcher = (request) => {
+  return request.nextUrl.pathname.endsWith("/updateloginemail")
+}