feat: SW-158 Updated new param loginKey and callback url support

2024-07-23 14:19:48 +02:00
parent e14e3aaffa
commit d3ae62eff1
2 changed files with 28 additions and 43 deletions
--- a/app/[lang]/(live)/(public)/verifymagiclink/route.ts
+++ b/app/[lang]/(live)/(public)/verifymagiclink/route.ts
@@ -1,4 +1,3 @@
-import { encode } from "@auth/core/jwt"
 import { NextRequest, NextResponse } from "next/server"
 import { AuthError } from "next-auth"

@@ -14,12 +13,10 @@ export async function GET(
 ) {
  let redirectHeaders: Headers | undefined = undefined
  let redirectTo: string
-  let value: string
+  let loginKey: string

  redirectTo =
-    request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware
-    request.nextUrl.searchParams.get("redirectTo") ||
-    "/"
+    request.cookies.get("Scandic-auth.callback-url")?.value || "/" // Cookie gets set by NextAuth from login initiation

  // Make relative URL to absolute URL
  if (redirectTo.startsWith("/")) {
@@ -29,13 +26,14 @@ export async function GET(
    redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
  }

-  // Clean up cookie from authRequired middleware
-  redirectHeaders = new Headers()
-  redirectHeaders.append(
-    "set-cookie",
-    "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax"
-  )
-  value = "" + request.nextUrl.searchParams.get("nonce")?.toString()
+  // Remove Seamless login as it doesn't work with Magic link login
+  if (redirectTo.indexOf("updatelogin?returnurl") !== -1) {
+    // Additional URL decode required as url in the query parameter is encoded twice due to passed in query param and further in cookie value.
+    redirectTo = decodeURIComponent(
+      redirectTo.substring(redirectTo.indexOf("returnurl") + 10)
+    )
+  }
+  loginKey = "" + request.nextUrl.searchParams.get("loginKey")?.toString()

  try {
    /**
@@ -50,39 +48,16 @@ export async function GET(
        redirectTo,
        redirect: false,
      },
-      [
-        ["ui_locales", context.params.lang],
-        ["nonce", value],
-        ["acr_values", "cat"],
-      ]
+      {
+        ui_locales: context.params.lang,
+        loginKey: loginKey,
+        acr_values: "cat",
+        prompt: "login",
+      }
    )

    if (redirectUrl) {
-      // Check if needed based on discussion with Curity support for custom nonce
-      const token = { value }
-      const secret = env.NEXTAUTH_SECRET
-      const maxAge = 60 * 15
-      const name = "authjs.nonce"
-      const testingCookie = await encode({ secret, maxAge, token, salt: name })
-      console.log(testingCookie)
-      const expires = new Date()
-      expires.setTime(expires.getTime() + maxAge * 1000)
-      redirectHeaders.append(
-        "set-cookie",
-        "authjs.nonce=" +
-          testingCookie +
-          "; Expires=" +
-          expires +
-          "; Path=/; HttpOnly; SameSite=Lax"
-      )
-      redirectUrl = redirectUrl.replace(
-        /nonce=.*&code_challenge=/gi,
-        "nonce=" + value + "&code_challenge="
-      )
-
-      return NextResponse.redirect(redirectUrl, {
-        headers: redirectHeaders,
-      })
+      return NextResponse.redirect(redirectUrl)
    }
  } catch (error) {
    if (error instanceof AuthError) {
--- a/auth.ts
+++ b/auth.ts
@@ -95,7 +95,6 @@ const curityProvider = {
  authorization: {
    url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
  },
-  checks: ["pkce", "nonce"],
  token: {
    url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
  },
@@ -195,6 +194,17 @@ export const config = {
      return token
    },
  },
+  cookies: {
+    callbackUrl: {
+      name: `Scandic-auth.callback-url`,
+      options: {
+        sameSite: "lax",
+        path: "/",
+        secure: true,
+        maxAge: 900,
+      },
+    },
+  },
  // events: {
  //   async signIn() {
  //     console.log("#### SIGNIN EVENT ARGS ######")