feat: SW-158 Magic Link login support

2024-07-10 11:34:09 +02:00
parent 2ce21626b9
commit e14e3aaffa
2 changed files with 28 additions and 15 deletions
--- a/app/[lang]/(live)/(public)/login/route.ts
+++ b/app/[lang]/(live)/(public)/login/route.ts
@@ -96,6 +96,7 @@ export async function GET(
           */
          acr_values:
            "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web",
+          for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
        }
      : {
          ui_locales: context.params.lang,
@@ -110,7 +111,7 @@ export async function GET(
           * The `for_origin` param is used to make Curity email login functionality working.
           * Without the parameter Curity gives Internal Error issue for login with Email link.
           */
-          for_origin: env.PUBLIC_URL,
+          for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
        }
    const redirectUrl = await signIn(
      "curity",
@@ -122,6 +123,11 @@ export async function GET(
    )

    if (redirectUrl) {
+      // Remove nonce for User to be able to login via Magic Link, but normal login fails as nonce becomes absent in the token response
+      // if (redirectUrl.indexOf("nonce") != -1) {
+      //   redirectUrl = redirectUrl.replace(/nonce=.*&code_challenge=/gi, "&code_challenge=");
+      //   redirectUrl = redirectUrl.replace(/&nonce=.*/gi, "");
+      // }
      return NextResponse.redirect(redirectUrl, {
        headers: redirectHeaders,
      })
--- a/app/[lang]/(live)/(public)/verifymagiclink/route.ts
+++ b/app/[lang]/(live)/(public)/verifymagiclink/route.ts
@@ -1,3 +1,4 @@
+import { encode } from "@auth/core/jwt"
 import { NextRequest, NextResponse } from "next/server"
 import { AuthError } from "next-auth"

@@ -6,7 +7,6 @@ import { env } from "@/env/server"
 import { internalServerError } from "@/server/errors/next"

 import { signIn } from "@/auth"
-// import { encode } from "@auth/core/jwt"

 export async function GET(
  request: NextRequest,
@@ -59,19 +59,26 @@ export async function GET(

    if (redirectUrl) {
      // Check if needed based on discussion with Curity support for custom nonce
-      // const token = { value };
-      // const secret = env.NEXTAUTH_SECRET;
-      // const maxAge = 60 * 15;
-      // const name = "authjs.nonce";
-      // const testingCookie = await encode({ secret, maxAge, token, salt: name });
-      // console.log(testingCookie);
-      // const expires = new Date();
-      // expires.setTime(expires.getTime() + maxAge * 1000);
-      // redirectHeaders.append(
-      //   "set-cookie",
-      //   "authjs.nonce=" + testingCookie + "; Expires=" + expires + "; Path=/; HttpOnly; SameSite=Lax"
-      // )
-      // redirectUrl = redirectUrl.replace(/nonce=.*&code_challenge=/gi, "nonce="+value+"&code_challenge=");
+      const token = { value }
+      const secret = env.NEXTAUTH_SECRET
+      const maxAge = 60 * 15
+      const name = "authjs.nonce"
+      const testingCookie = await encode({ secret, maxAge, token, salt: name })
+      console.log(testingCookie)
+      const expires = new Date()
+      expires.setTime(expires.getTime() + maxAge * 1000)
+      redirectHeaders.append(
+        "set-cookie",
+        "authjs.nonce=" +
+          testingCookie +
+          "; Expires=" +
+          expires +
+          "; Path=/; HttpOnly; SameSite=Lax"
+      )
+      redirectUrl = redirectUrl.replace(
+        /nonce=.*&code_challenge=/gi,
+        "nonce=" + value + "&code_challenge="
+      )

      return NextResponse.redirect(redirectUrl, {
        headers: redirectHeaders,