fix(core): prevent session lost for bind social (#948)

2025-01-06 20:40:08 -05:00 · 2022-05-25 15:26:40 +08:00 · 2022-05-25 15:26:40 +08:00 · 077ed120f0
commit 077ed120f0
parent edd04c91d4
2 changed files with 21 additions and 6 deletions
--- a/packages/core/src/lib/session.ts
+++ b/packages/core/src/lib/session.ts
@ -9,9 +9,24 @@ export const assignInteractionResults = async (
  result: InteractionResults,
  merge = false
 ) => {
-  const redirectTo = await provider.interactionResult(ctx.req, ctx.res, result, {
-    mergeWithLastSubmission: merge,
-  });
+  // The "mergeWithLastSubmission" will only merge current request's interfaction results,
+  // which is stored in ctx.oidc, we need to merge interaction results in two requests,
+  // have to do it manually
+  // refer to: https://github.com/panva/node-oidc-provider/blob/c243bf6b6663c41ff3e75c09b95fb978eba87381/lib/actions/authorization/interactions.js#L106
+  const details = merge ? await provider.interactionDetails(ctx.req, ctx.res) : undefined;
+
+  const redirectTo = await provider.interactionResult(
+    ctx.req,
+    ctx.res,
+    {
+      // Merge with current result
+      ...details?.result,
+      ...result,
+    },
+    {
+      mergeWithLastSubmission: merge,
+    }
+  );
  ctx.body = { redirectTo };
 };

--- a/packages/core/src/routes/session.ts
+++ b/packages/core/src/routes/session.ts
@ -80,7 +80,7 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
      const { id } = await findUserByUsernameAndPassword(username, password);
      ctx.log(type, { userId: id });
      await updateLastSignInAt(id);
-      await assignInteractionResults(ctx, provider, { login: { accountId: id } });
+      await assignInteractionResults(ctx, provider, { login: { accountId: id } }, true);

      return next();
    }
@ -128,7 +128,7 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
      ctx.log(type, { userId: id });

      await updateLastSignInAt(id);
-      await assignInteractionResults(ctx, provider, { login: { accountId: id } });
+      await assignInteractionResults(ctx, provider, { login: { accountId: id } }, true);

      return next();
    }
@ -176,7 +176,7 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
      ctx.log(type, { userId: id });

      await updateLastSignInAt(id);
-      await assignInteractionResults(ctx, provider, { login: { accountId: id } });
+      await assignInteractionResults(ctx, provider, { login: { accountId: id } }, true);

      return next();
    }