From d3ae62eff1ad907f04968207da3f460ffe6b344f Mon Sep 17 00:00:00 2001 From: Hrishikesh Vaipurkar Date: Tue, 23 Jul 2024 14:19:48 +0200 Subject: [PATCH] feat: SW-158 Updated new param loginKey and callback url support --- .../(live)/(public)/verifymagiclink/route.ts | 59 ++++++------------- auth.ts | 12 +++- 2 files changed, 28 insertions(+), 43 deletions(-) diff --git a/app/[lang]/(live)/(public)/verifymagiclink/route.ts b/app/[lang]/(live)/(public)/verifymagiclink/route.ts index d372a4f3c..9efc07a28 100644 --- a/app/[lang]/(live)/(public)/verifymagiclink/route.ts +++ b/app/[lang]/(live)/(public)/verifymagiclink/route.ts @@ -1,4 +1,3 @@ -import { encode } from "@auth/core/jwt" import { NextRequest, NextResponse } from "next/server" import { AuthError } from "next-auth" @@ -14,12 +13,10 @@ export async function GET( ) { let redirectHeaders: Headers | undefined = undefined let redirectTo: string - let value: string + let loginKey: string redirectTo = - request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware - request.nextUrl.searchParams.get("redirectTo") || - "/" + request.cookies.get("Scandic-auth.callback-url")?.value || "/" // Cookie gets set by NextAuth from login initiation // Make relative URL to absolute URL if (redirectTo.startsWith("/")) { @@ -29,13 +26,14 @@ export async function GET( redirectTo = new URL(redirectTo, env.PUBLIC_URL).href } - // Clean up cookie from authRequired middleware - redirectHeaders = new Headers() - redirectHeaders.append( - "set-cookie", - "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax" - ) - value = "" + request.nextUrl.searchParams.get("nonce")?.toString() + // Remove Seamless login as it doesn't work with Magic link login + if (redirectTo.indexOf("updatelogin?returnurl") !== -1) { + // Additional URL decode required as url in the query parameter is encoded twice due to passed in query param and further in cookie value. + redirectTo = decodeURIComponent( + redirectTo.substring(redirectTo.indexOf("returnurl") + 10) + ) + } + loginKey = "" + request.nextUrl.searchParams.get("loginKey")?.toString() try { /** @@ -50,39 +48,16 @@ export async function GET( redirectTo, redirect: false, }, - [ - ["ui_locales", context.params.lang], - ["nonce", value], - ["acr_values", "cat"], - ] + { + ui_locales: context.params.lang, + loginKey: loginKey, + acr_values: "cat", + prompt: "login", + } ) if (redirectUrl) { - // Check if needed based on discussion with Curity support for custom nonce - const token = { value } - const secret = env.NEXTAUTH_SECRET - const maxAge = 60 * 15 - const name = "authjs.nonce" - const testingCookie = await encode({ secret, maxAge, token, salt: name }) - console.log(testingCookie) - const expires = new Date() - expires.setTime(expires.getTime() + maxAge * 1000) - redirectHeaders.append( - "set-cookie", - "authjs.nonce=" + - testingCookie + - "; Expires=" + - expires + - "; Path=/; HttpOnly; SameSite=Lax" - ) - redirectUrl = redirectUrl.replace( - /nonce=.*&code_challenge=/gi, - "nonce=" + value + "&code_challenge=" - ) - - return NextResponse.redirect(redirectUrl, { - headers: redirectHeaders, - }) + return NextResponse.redirect(redirectUrl) } } catch (error) { if (error instanceof AuthError) { diff --git a/auth.ts b/auth.ts index 1a241582a..6f5992154 100644 --- a/auth.ts +++ b/auth.ts @@ -95,7 +95,6 @@ const curityProvider = { authorization: { url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`, }, - checks: ["pkce", "nonce"], token: { url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`, }, @@ -195,6 +194,17 @@ export const config = { return token }, }, + cookies: { + callbackUrl: { + name: `Scandic-auth.callback-url`, + options: { + sameSite: "lax", + path: "/", + secure: true, + maxAge: 900, + }, + }, + }, // events: { // async signIn() { // console.log("#### SIGNIN EVENT ARGS ######")