From 077ed120f09cdfdb81e95cbb434488569f87bfd1 Mon Sep 17 00:00:00 2001
From: Wang Sijie <wangsijie@silverhand.io>
Date: Wed, 25 May 2022 15:26:40 +0800
Subject: [PATCH] fix(core): prevent session lost for bind social (#948)

---
 packages/core/src/lib/session.ts    | 21 ++++++++++++++++++---
 packages/core/src/routes/session.ts |  6 +++---
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/packages/core/src/lib/session.ts b/packages/core/src/lib/session.ts
index 7c29bd962..d08a684ac 100644
--- a/packages/core/src/lib/session.ts
+++ b/packages/core/src/lib/session.ts
@@ -9,9 +9,24 @@ export const assignInteractionResults = async (
   result: InteractionResults,
   merge = false
 ) => {
-  const redirectTo = await provider.interactionResult(ctx.req, ctx.res, result, {
-    mergeWithLastSubmission: merge,
-  });
+  // The "mergeWithLastSubmission" will only merge current request's interfaction results,
+  // which is stored in ctx.oidc, we need to merge interaction results in two requests,
+  // have to do it manually
+  // refer to: https://github.com/panva/node-oidc-provider/blob/c243bf6b6663c41ff3e75c09b95fb978eba87381/lib/actions/authorization/interactions.js#L106
+  const details = merge ? await provider.interactionDetails(ctx.req, ctx.res) : undefined;
+
+  const redirectTo = await provider.interactionResult(
+    ctx.req,
+    ctx.res,
+    {
+      // Merge with current result
+      ...details?.result,
+      ...result,
+    },
+    {
+      mergeWithLastSubmission: merge,
+    }
+  );
   ctx.body = { redirectTo };
 };
 
diff --git a/packages/core/src/routes/session.ts b/packages/core/src/routes/session.ts
index 08e738139..70bd05b33 100644
--- a/packages/core/src/routes/session.ts
+++ b/packages/core/src/routes/session.ts
@@ -80,7 +80,7 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
       const { id } = await findUserByUsernameAndPassword(username, password);
       ctx.log(type, { userId: id });
       await updateLastSignInAt(id);
-      await assignInteractionResults(ctx, provider, { login: { accountId: id } });
+      await assignInteractionResults(ctx, provider, { login: { accountId: id } }, true);
 
       return next();
     }
@@ -128,7 +128,7 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
       ctx.log(type, { userId: id });
 
       await updateLastSignInAt(id);
-      await assignInteractionResults(ctx, provider, { login: { accountId: id } });
+      await assignInteractionResults(ctx, provider, { login: { accountId: id } }, true);
 
       return next();
     }
@@ -176,7 +176,7 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
       ctx.log(type, { userId: id });
 
       await updateLastSignInAt(id);
-      await assignInteractionResults(ctx, provider, { login: { accountId: id } });
+      await assignInteractionResults(ctx, provider, { login: { accountId: id } }, true);
 
       return next();
     }