0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-13 21:30:30 -05:00

feat: support direct sign-in (#5536)

* feat: support direct sign-in

* chore: add changesets

* refactor: add test cases

* chore(deps): upgrade logto sdks
This commit is contained in:
Gao Sun 2024-03-26 13:23:41 +08:00 committed by GitHub
parent 80487fae78
commit 2cbc591ff6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
45 changed files with 573 additions and 131 deletions

View file

@ -0,0 +1,27 @@
---
"@logto/core": minor
---
support `first_screen` parameter in authentication request
Sign-in experience can be initiated with a specific screen by setting the `first_screen` parameter in the OIDC authentication request. This parameter is intended to replace the `interaction_mode` parameter, which is now deprecated.
The `first_screen` parameter can have the following values:
- `signIn`: The sign-in screen is displayed first.
- `register`: The registration screen is displayed first.
Here's a non-normative example of how to use the `first_screen` parameter:
```
GET /authorize?
response_type=code
&client_id=your_client_id
&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
&scope=openid
&state=af0ifjsldkj
&nonce=n-0S6_WzA2Mj
&first_screen=signIn
```
When `first_screen` is set, the legacy `interaction_mode` parameter is ignored.

View file

@ -0,0 +1,9 @@
---
"@logto/schemas": minor
---
add oidc params variables and types
- Add `ExtraParamsKey` enum for all possible OIDC extra parameters that Logto supports.
- Add `FirstScreen` enum for the `first_screen` parameter.
- Add `extraParamsObjectGuard` guard and `ExtraParamsObject` type for shaping the extra parameters object in the OIDC authentication request.

View file

@ -0,0 +1,15 @@
---
"@logto/experience": minor
"@logto/core": minor
---
support direct sign-in
Instead of showing a screen for the user to choose between the sign-in methods, a specific sign-in method can be initiated directly by setting the `direct_sign_in` parameter in the OIDC authentication request.
This parameter follows the format of `direct_sign_in=<method>:<target>`, where:
- `<method>` is the sign-in method to trigger. Currently the only supported value is `social`.
- `<target>` is the target value for the sign-in method. If the method is `social`, the value is the social connector's `target`.
When a valid `direct_sign_in` parameter is set, the first screen will be skipped and the specified sign-in method will be triggered immediately upon entering the sign-in experience. If the parameter is invalid, the default behavior of showing the first screen will be used.

View file

@ -0,0 +1,7 @@
---
"@logto/demo-app": minor
---
carry over search params to the authentication request
When entering the Logto demo app with search parameters, if the user is not authenticated, the search parameters are now carried over to the authentication request. This allows manual testing of the OIDC authentication flow with specific parameters.

View file

@ -2,12 +2,10 @@ import { useHandleSignInCallback } from '@logto/react';
import { useNavigate } from 'react-router-dom'; import { useNavigate } from 'react-router-dom';
import AppLoading from '@/components/AppLoading'; import AppLoading from '@/components/AppLoading';
import useTenantPathname from '@/hooks/use-tenant-pathname';
import { consumeSavedRedirect } from '@/utils/storage'; import { consumeSavedRedirect } from '@/utils/storage';
/** The global callback page for all sign-in redirects from Logto main flow. */ /** The global callback page for all sign-in redirects from Logto main flow. */
function Callback() { function Callback() {
const { getTo } = useTenantPathname();
const navigate = useNavigate(); const navigate = useNavigate();
useHandleSignInCallback(() => { useHandleSignInCallback(() => {

View file

@ -1,10 +1,11 @@
import { generateStandardId } from '@logto/shared'; import { generateStandardId } from '@logto/shared';
import RequestError from '#src/errors/RequestError/index.js'; import RequestError from '#src/errors/RequestError/index.js';
import { verificationTimeout } from '#src/routes/consts.js';
import type Queries from '#src/tenants/Queries.js'; import type Queries from '#src/tenants/Queries.js';
import assertThat from '#src/utils/assert-that.js'; import assertThat from '#src/utils/assert-that.js';
const verificationTimeout = 10 * 60 * 1000; // 10 mins
export const createVerificationStatusLibrary = (queries: Queries) => { export const createVerificationStatusLibrary = (queries: Queries) => {
const { const {
findVerificationStatusByUserId, findVerificationStatusByUserId,

View file

@ -8,11 +8,13 @@ import type { I18nKey } from '@logto/phrases';
import { import {
customClientMetadataDefault, customClientMetadataDefault,
CustomClientMetadataKey, CustomClientMetadataKey,
demoAppApplicationId, experience,
extraParamsObjectGuard,
inSeconds, inSeconds,
logtoCookieKey, logtoCookieKey,
type LogtoUiCookie, type LogtoUiCookie,
LogtoJwtTokenKey, LogtoJwtTokenKey,
ExtraParamsKey,
} from '@logto/schemas'; } from '@logto/schemas';
import { conditional, trySafe, tryThat } from '@silverhand/essentials'; import { conditional, trySafe, tryThat } from '@silverhand/essentials';
import i18next from 'i18next'; import i18next from 'i18next';
@ -28,8 +30,11 @@ import { type LogtoConfigLibrary } from '#src/libraries/logto-config.js';
import koaAuditLog from '#src/middleware/koa-audit-log.js'; import koaAuditLog from '#src/middleware/koa-audit-log.js';
import koaBodyEtag from '#src/middleware/koa-body-etag.js'; import koaBodyEtag from '#src/middleware/koa-body-etag.js';
import postgresAdapter from '#src/oidc/adapter.js'; import postgresAdapter from '#src/oidc/adapter.js';
import { isOriginAllowed, validateCustomClientMetadata } from '#src/oidc/utils.js'; import {
import { routes } from '#src/routes/consts.js'; buildLoginPromptUrl,
isOriginAllowed,
validateCustomClientMetadata,
} from '#src/oidc/utils.js';
import type Libraries from '#src/tenants/Libraries.js'; import type Libraries from '#src/tenants/Libraries.js';
import type Queries from '#src/tenants/Queries.js'; import type Queries from '#src/tenants/Queries.js';
@ -43,7 +48,6 @@ import {
filterResourceScopesForTheThirdPartyApplication, filterResourceScopesForTheThirdPartyApplication,
} from './resource.js'; } from './resource.js';
import { getAcceptedUserClaims, getUserClaimsData } from './scope.js'; import { getAcceptedUserClaims, getUserClaimsData } from './scope.js';
import { OIDCExtraParametersKey, InteractionMode } from './type.js';
// Temporarily removed 'EdDSA' since it's not supported by browser yet // Temporarily removed 'EdDSA' since it's not supported by browser yet
const supportedSigningAlgs = Object.freeze(['RS256', 'PS256', 'ES256', 'ES384', 'ES512'] as const); const supportedSigningAlgs = Object.freeze(['RS256', 'PS256', 'ES256', 'ES384', 'ES512'] as const);
@ -174,8 +178,6 @@ export default function initOidc(
}, },
interactions: { interactions: {
url: (ctx, { params: { client_id: appId }, prompt }) => { url: (ctx, { params: { client_id: appId }, prompt }) => {
const isDemoApp = appId === demoAppApplicationId;
ctx.cookies.set( ctx.cookies.set(
logtoCookieKey, logtoCookieKey,
JSON.stringify({ JSON.stringify({
@ -184,20 +186,15 @@ export default function initOidc(
{ sameSite: 'lax', overwrite: true, httpOnly: false } { sameSite: 'lax', overwrite: true, httpOnly: false }
); );
const appendParameters = (path: string) => { const params = trySafe(() => extraParamsObjectGuard.parse(ctx.oidc.params ?? {})) ?? {};
return isDemoApp ? path + `?no_cache` : path;
};
switch (prompt.name) { switch (prompt.name) {
case 'login': { case 'login': {
const isSignUp = return '/' + buildLoginPromptUrl(params, appId);
ctx.oidc.params?.[OIDCExtraParametersKey.InteractionMode] === InteractionMode.signUp;
return appendParameters(isSignUp ? routes.signUp : routes.signIn);
} }
case 'consent': { case 'consent': {
return routes.consent; return '/' + experience.routes.consent;
} }
default: { default: {
@ -206,7 +203,7 @@ export default function initOidc(
} }
}, },
}, },
extraParams: [OIDCExtraParametersKey.InteractionMode], extraParams: Object.values(ExtraParamsKey),
extraTokenClaims: async (ctx, token) => { extraTokenClaims: async (ctx, token) => {
const { isDevFeaturesEnabled, isCloud } = EnvSet.values; const { isDevFeaturesEnabled, isCloud } = EnvSet.values;

View file

@ -1,8 +0,0 @@
export enum OIDCExtraParametersKey {
InteractionMode = 'interaction_mode',
}
export enum InteractionMode {
signIn = 'signIn',
signUp = 'signUp',
}

View file

@ -1,4 +1,11 @@
import { ApplicationType, CustomClientMetadataKey, GrantType } from '@logto/schemas'; import {
ApplicationType,
CustomClientMetadataKey,
FirstScreen,
GrantType,
InteractionMode,
demoAppApplicationId,
} from '@logto/schemas';
import { mockEnvSet } from '#src/test-utils/env-set.js'; import { mockEnvSet } from '#src/test-utils/env-set.js';
@ -7,6 +14,7 @@ import {
buildOidcClientMetadata, buildOidcClientMetadata,
getConstantClientMetadata, getConstantClientMetadata,
validateCustomClientMetadata, validateCustomClientMetadata,
buildLoginPromptUrl,
} from './utils.js'; } from './utils.js';
describe('getConstantClientMetadata()', () => { describe('getConstantClientMetadata()', () => {
@ -121,3 +129,49 @@ describe('isOriginAllowed', () => {
).toBeTruthy(); ).toBeTruthy();
}); });
}); });
describe('buildLoginPromptUrl', () => {
it('should return the correct url for empty parameters', () => {
expect(buildLoginPromptUrl({})).toBe('sign-in');
expect(buildLoginPromptUrl({}, 'foo')).toBe('sign-in');
expect(buildLoginPromptUrl({}, demoAppApplicationId)).toBe('sign-in?no_cache=');
});
it('should return the correct url for firstScreen', () => {
expect(buildLoginPromptUrl({ first_screen: FirstScreen.Register })).toBe('register');
expect(buildLoginPromptUrl({ first_screen: FirstScreen.Register }, 'foo')).toBe('register');
expect(buildLoginPromptUrl({ first_screen: FirstScreen.SignIn }, demoAppApplicationId)).toBe(
'sign-in?no_cache='
);
// Legacy interactionMode support
expect(buildLoginPromptUrl({ interaction_mode: InteractionMode.SignUp })).toBe('register');
});
it('should return the correct url for directSignIn', () => {
expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' })).toBe(
'direct/method/target?fallback=sign-in'
);
expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' }, 'foo')).toBe(
'direct/method/target?fallback=sign-in'
);
expect(buildLoginPromptUrl({ direct_sign_in: 'method:target' }, demoAppApplicationId)).toBe(
'direct/method/target?no_cache=&fallback=sign-in'
);
expect(buildLoginPromptUrl({ direct_sign_in: 'method' })).toBe(
'direct/method?fallback=sign-in'
);
expect(buildLoginPromptUrl({ direct_sign_in: '' })).toBe('sign-in');
});
it('should return the correct url for mixed parameters', () => {
expect(
buildLoginPromptUrl({ first_screen: FirstScreen.Register, direct_sign_in: 'method:target' })
).toBe('direct/method/target?fallback=register');
expect(
buildLoginPromptUrl(
{ first_screen: FirstScreen.Register, direct_sign_in: 'method:target' },
demoAppApplicationId
)
).toBe('direct/method/target?no_cache=&fallback=register');
});
});

View file

@ -1,5 +1,15 @@
import type { CustomClientMetadata, OidcClientMetadata } from '@logto/schemas'; import path from 'node:path';
import { ApplicationType, customClientMetadataGuard, GrantType } from '@logto/schemas';
import type { CustomClientMetadata, ExtraParamsObject, OidcClientMetadata } from '@logto/schemas';
import {
ApplicationType,
customClientMetadataGuard,
GrantType,
ExtraParamsKey,
demoAppApplicationId,
FirstScreen,
experience,
} from '@logto/schemas';
import { conditional } from '@silverhand/essentials'; import { conditional } from '@silverhand/essentials';
import { type AllClientMetadata, type ClientAuthMethod, errors } from 'oidc-provider'; import { type AllClientMetadata, type ClientAuthMethod, errors } from 'oidc-provider';
@ -69,3 +79,27 @@ export const getUtcStartOfTheDay = (date: Date) => {
Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate(), 0, 0, 0, 0) Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate(), 0, 0, 0, 0)
); );
}; };
export const buildLoginPromptUrl = (params: ExtraParamsObject, appId?: unknown): string => {
const firstScreenKey =
params[ExtraParamsKey.FirstScreen] ??
params[ExtraParamsKey.InteractionMode] ??
FirstScreen.SignIn;
const firstScreen =
firstScreenKey === 'signUp' ? experience.routes.register : experience.routes[firstScreenKey];
const directSignIn = params[ExtraParamsKey.DirectSignIn];
const searchParams = new URLSearchParams();
const getSearchParamString = () => (searchParams.size > 0 ? `?${searchParams.toString()}` : '');
if (appId === demoAppApplicationId) {
searchParams.append('no_cache', '');
}
if (directSignIn) {
searchParams.append('fallback', firstScreen);
const [method, target] = directSignIn.split(':');
return path.join('direct', method ?? '', target ?? '') + getSearchParamString();
}
return firstScreen + getSearchParamString();
};

View file

@ -1,11 +0,0 @@
const signIn = '/sign-in';
const signUp = '/register';
const consent = '/consent';
export const routes = Object.freeze({
signIn,
signUp,
consent,
} as const);
export const verificationTimeout = 10 * 60 * 1000; // 10 mins.

View file

@ -1,4 +1,4 @@
import { adminTenantId } from '@logto/schemas'; import { adminTenantId, experience } from '@logto/schemas';
import type { MiddlewareType } from 'koa'; import type { MiddlewareType } from 'koa';
import Koa from 'koa'; import Koa from 'koa';
import compose from 'koa-compose'; import compose from 'koa-compose';
@ -25,7 +25,6 @@ import koaSpaProxy from '#src/middleware/koa-spa-proxy.js';
import koaSpaSessionGuard from '#src/middleware/koa-spa-session-guard.js'; import koaSpaSessionGuard from '#src/middleware/koa-spa-session-guard.js';
import initOidc from '#src/oidc/init.js'; import initOidc from '#src/oidc/init.js';
import { mountCallbackRouter } from '#src/routes/callback.js'; import { mountCallbackRouter } from '#src/routes/callback.js';
import { routes } from '#src/routes/consts.js';
import initApis from '#src/routes/init.js'; import initApis from '#src/routes/init.js';
import initMeApis from '#src/routes-me/init.js'; import initMeApis from '#src/routes-me/init.js';
import BasicSentinel from '#src/sentinel/basic-sentinel.js'; import BasicSentinel from '#src/sentinel/basic-sentinel.js';
@ -147,7 +146,7 @@ export default class Tenant implements TenantContext {
app.use( app.use(
compose([ compose([
koaSpaSessionGuard(provider, queries), koaSpaSessionGuard(provider, queries),
mount(`${routes.consent}`, koaAutoConsent(provider, queries)), mount(`/${experience.routes.consent}`, koaAutoConsent(provider, queries)),
koaSpaProxy(mountedApps), koaSpaProxy(mountedApps),
]) ])
); );

View file

@ -38,7 +38,10 @@ const Main = () => {
// If user is not authenticated, redirect to sign-in page // If user is not authenticated, redirect to sign-in page
if (!isAuthenticated) { if (!isAuthenticated) {
void signIn(window.location.href); void signIn({
redirectUri: window.location.origin + window.location.pathname,
extraParams: Object.fromEntries(new URLSearchParams(window.location.search).entries()),
});
} }
}, [getIdTokenClaims, isAuthenticated, isInCallback, isLoading, signIn, user]); }, [getIdTokenClaims, isAuthenticated, isInCallback, isLoading, signIn, user]);

View file

@ -1,5 +1,5 @@
import { AppInsightsBoundary } from '@logto/app-insights/react'; import { AppInsightsBoundary } from '@logto/app-insights/react';
import { MfaFactor } from '@logto/schemas'; import { MfaFactor, experience } from '@logto/schemas';
import { Route, Routes, BrowserRouter } from 'react-router-dom'; import { Route, Routes, BrowserRouter } from 'react-router-dom';
import AppLayout from './Layout/AppLayout'; import AppLayout from './Layout/AppLayout';
@ -8,10 +8,10 @@ import LoadingLayerProvider from './Providers/LoadingLayerProvider';
import PageContextProvider from './Providers/PageContextProvider'; import PageContextProvider from './Providers/PageContextProvider';
import SettingsProvider from './Providers/SettingsProvider'; import SettingsProvider from './Providers/SettingsProvider';
import SingleSignOnContextProvider from './Providers/SingleSignOnContextProvider'; import SingleSignOnContextProvider from './Providers/SingleSignOnContextProvider';
import { singleSignOnPath } from './constants/env';
import Callback from './pages/Callback'; import Callback from './pages/Callback';
import Consent from './pages/Consent'; import Consent from './pages/Consent';
import Continue from './pages/Continue'; import Continue from './pages/Continue';
import DirectSignIn from './pages/DirectSignIn';
import ErrorPage from './pages/ErrorPage'; import ErrorPage from './pages/ErrorPage';
import ForgotPassword from './pages/ForgotPassword'; import ForgotPassword from './pages/ForgotPassword';
import MfaBinding from './pages/MfaBinding'; import MfaBinding from './pages/MfaBinding';
@ -31,7 +31,7 @@ import SingleSignOnConnectors from './pages/SingleSignOnConnectors';
import SingleSignOnEmail from './pages/SingleSignOnEmail'; import SingleSignOnEmail from './pages/SingleSignOnEmail';
import SocialLanding from './pages/SocialLanding'; import SocialLanding from './pages/SocialLanding';
import SocialLinkAccount from './pages/SocialLinkAccount'; import SocialLinkAccount from './pages/SocialLinkAccount';
import SocialSignIn from './pages/SocialSignInCallback'; import SocialSignInWebCallback from './pages/SocialSignInWebCallback';
import Springboard from './pages/Springboard'; import Springboard from './pages/Springboard';
import VerificationCode from './pages/VerificationCode'; import VerificationCode from './pages/VerificationCode';
import { UserMfaFlow } from './types'; import { UserMfaFlow } from './types';
@ -50,23 +50,29 @@ const App = () => {
<AppBoundary> <AppBoundary>
<AppInsightsBoundary cloudRole="ui"> <AppInsightsBoundary cloudRole="ui">
<Routes> <Routes>
<Route element={<LoadingLayerProvider />}>
<Route path="springboard" element={<Springboard />} />
<Route path="callback/:connectorId" element={<Callback />} />
<Route
path="callback/social/:connectorId"
element={<SocialSignInWebCallback />}
/>
<Route path="direct/:method/:target?" element={<DirectSignIn />} />
<Route element={<AppLayout />}> <Route element={<AppLayout />}>
<Route <Route
path="unknown-session" path="unknown-session"
element={<ErrorPage message="error.invalid_session" />} element={<ErrorPage message="error.invalid_session" />}
/> />
<Route path="springboard" element={<Springboard />} />
<Route element={<LoadingLayerProvider />}>
{/* Sign-in */} {/* Sign-in */}
<Route path="sign-in"> <Route path={experience.routes.signIn}>
<Route index element={<SignIn />} /> <Route index element={<SignIn />} />
<Route path="password" element={<SignInPassword />} /> <Route path="password" element={<SignInPassword />} />
<Route path="social/:connectorId" element={<SocialSignIn />} />
</Route> </Route>
{/* Register */} {/* Register */}
<Route path="register"> <Route path={experience.routes.register}>
<Route index element={<Register />} /> <Route index element={<Register />} />
<Route path="password" element={<RegisterPassword />} /> <Route path="password" element={<RegisterPassword />} />
</Route> </Route>
@ -106,11 +112,9 @@ const App = () => {
<Route path="link/:connectorId" element={<SocialLinkAccount />} /> <Route path="link/:connectorId" element={<SocialLinkAccount />} />
<Route path="landing/:connectorId" element={<SocialLanding />} /> <Route path="landing/:connectorId" element={<SocialLanding />} />
</Route> </Route>
<Route path="callback/:connectorId" element={<Callback />} />
</Route>
{/* Single sign-on */} {/* Single sign-on */}
<Route path={singleSignOnPath} element={<LoadingLayerProvider />}> <Route path={experience.routes.sso} element={<LoadingLayerProvider />}>
<Route path="email" element={<SingleSignOnEmail />} /> <Route path="email" element={<SingleSignOnEmail />} />
<Route path="connectors" element={<SingleSignOnConnectors />} /> <Route path="connectors" element={<SingleSignOnConnectors />} />
</Route> </Route>
@ -120,6 +124,7 @@ const App = () => {
<Route path="*" element={<ErrorPage />} /> <Route path="*" element={<ErrorPage />} />
</Route> </Route>
</Route>
</Routes> </Routes>
</AppInsightsBoundary> </AppInsightsBoundary>
</AppBoundary> </AppBoundary>

View file

@ -12,12 +12,17 @@ type Props = {
}; };
const SettingsProvider = ({ settings = mockSignInExperienceSettings, children }: Props) => { const SettingsProvider = ({ settings = mockSignInExperienceSettings, children }: Props) => {
const { setExperienceSettings } = useContext(PageContext); const { setExperienceSettings, experienceSettings } = useContext(PageContext);
useEffect(() => { useEffect(() => {
setExperienceSettings(settings); setExperienceSettings(settings);
}, [setExperienceSettings, settings]); }, [setExperienceSettings, settings]);
// Don't render children until the settings are set to avoid false positives
if (!experienceSettings) {
return null;
}
return children; return children;
}; };

View file

@ -4,5 +4,3 @@ export const isDevFeaturesEnabled =
process.env.NODE_ENV !== 'production' || process.env.NODE_ENV !== 'production' ||
yes(process.env.DEV_FEATURES_ENABLED) || yes(process.env.DEV_FEATURES_ENABLED) ||
yes(process.env.INTEGRATION_TEST); yes(process.env.INTEGRATION_TEST);
export const singleSignOnPath = 'single-sign-on';

View file

@ -1,11 +1,10 @@
import { type SsoConnectorMetadata } from '@logto/schemas'; import { experience, type SsoConnectorMetadata } from '@logto/schemas';
import { useCallback, useState, useContext } from 'react'; import { useCallback, useState, useContext } from 'react';
import { useTranslation } from 'react-i18next'; import { useTranslation } from 'react-i18next';
import { useNavigate } from 'react-router-dom'; import { useNavigate } from 'react-router-dom';
import SingleSignOnContext from '@/Providers/SingleSignOnContextProvider/SingleSignOnContext'; import SingleSignOnContext from '@/Providers/SingleSignOnContextProvider/SingleSignOnContext';
import { getSingleSignOnConnectors } from '@/apis/single-sign-on'; import { getSingleSignOnConnectors } from '@/apis/single-sign-on';
import { singleSignOnPath } from '@/constants/env';
import useApi from '@/hooks/use-api'; import useApi from '@/hooks/use-api';
import useErrorHandler from '@/hooks/use-error-handler'; import useErrorHandler from '@/hooks/use-error-handler';
@ -81,7 +80,7 @@ const useCheckSingleSignOn = () => {
return true; return true;
} }
navigate(`/${singleSignOnPath}/connectors`); navigate(`/${experience.routes.sso}/connectors`);
return true; return true;
}, },
[ [

View file

@ -1,4 +1,4 @@
import { SignInIdentifier, type SsoConnectorMetadata } from '@logto/schemas'; import { SignInIdentifier, experience, type SsoConnectorMetadata } from '@logto/schemas';
import { useEffect, useCallback, useContext } from 'react'; import { useEffect, useCallback, useContext } from 'react';
import { useNavigate } from 'react-router-dom'; import { useNavigate } from 'react-router-dom';
@ -6,7 +6,6 @@ import SingleSignOnContext from '@/Providers/SingleSignOnContextProvider/SingleS
import SingleSignOnFormModeContext from '@/Providers/SingleSignOnFormModeContextProvider/SingleSignOnFormModeContext'; import SingleSignOnFormModeContext from '@/Providers/SingleSignOnFormModeContextProvider/SingleSignOnFormModeContext';
import { getSingleSignOnConnectors } from '@/apis/single-sign-on'; import { getSingleSignOnConnectors } from '@/apis/single-sign-on';
import type { IdentifierInputValue } from '@/components/InputFields/SmartInputField'; import type { IdentifierInputValue } from '@/components/InputFields/SmartInputField';
import { singleSignOnPath } from '@/constants/env';
import useApi from '@/hooks/use-api'; import useApi from '@/hooks/use-api';
import useSingleSignOn from '@/hooks/use-single-sign-on'; import useSingleSignOn from '@/hooks/use-single-sign-on';
import { validateEmail } from '@/utils/form'; import { validateEmail } from '@/utils/form';
@ -72,7 +71,7 @@ const useSingleSignOnWatch = (identifierInput?: IdentifierInputValue) => {
return; return;
} }
navigate(`/${singleSignOnPath}/connectors`); navigate(`/${experience.routes.sso}/connectors`);
}, [navigate, showSingleSignOnForm, singleSignOn, ssoConnectors]); }, [navigate, showSingleSignOnForm, singleSignOn, ssoConnectors]);
useEffect(() => { useEffect(() => {

View file

@ -12,7 +12,7 @@ type Parameters = {
}; };
/** /**
* Callback page for SocialSignIn and SingleSignOn * Callback landing page for social sign-in and single sign-on.
*/ */
const Callback = () => { const Callback = () => {
const { connectorId } = useParams<Parameters>(); const { connectorId } = useParams<Parameters>();

View file

@ -33,7 +33,7 @@ const useSocialCallbackHandler = () => {
// Web flow // Web flow
navigate( navigate(
{ {
pathname: `/sign-in/social/${connectorId}`, pathname: `/callback/social/${connectorId}`,
search, search,
}, },
{ {

View file

@ -0,0 +1,81 @@
import { useParams as useParamsMock } from 'react-router-dom';
import renderWithPageContext from '@/__mocks__/RenderWithPageContext';
import { socialConnectors } from '@/__mocks__/logto';
import DirectSignIn from '.';
jest.mock('@/containers/SocialSignInList/use-social', () =>
jest.fn().mockReturnValue({
socialConnectors,
invokeSocialSignIn: jest.fn(() => {
window.location.assign('/social-redirect-to');
}),
})
);
jest.mock('react-router-dom', () => ({
...jest.requireActual('react-router-dom'),
useParams: jest.fn().mockReturnValue({}),
}));
const useParams = useParamsMock as jest.Mock;
const assign = jest.fn();
const replace = jest.fn();
const search = jest.fn();
// eslint-disable-next-line @silverhand/fp/no-mutating-methods
Object.defineProperty(window, 'location', {
value: {
assign,
replace,
},
writable: true,
});
// eslint-disable-next-line @silverhand/fp/no-mutating-methods
Object.defineProperty(window.location, 'search', {
get: search,
});
describe('DirectSignIn', () => {
beforeEach(() => {
jest.clearAllMocks();
});
it('should fallback to the first screen when `directSignIn` is not provided', () => {
renderWithPageContext(<DirectSignIn />);
expect(replace).toBeCalledWith('/sign-in');
});
it('should fallback to the first screen when `directSignIn` is invalid', () => {
useParams.mockReturnValue({ method: 'foo' });
renderWithPageContext(<DirectSignIn />);
expect(replace).toBeCalledWith('/sign-in');
});
it('should fallback to the first screen provided in the fallback parameter', () => {
useParams.mockReturnValue({ method: 'method', target: 'target' });
search.mockReturnValue('?fallback=register');
renderWithPageContext(<DirectSignIn />);
expect(replace).toBeCalledWith('/register');
});
it('should fallback to the first screen when method is valid but target is invalid', () => {
useParams.mockReturnValue({ method: 'social', target: 'something' });
search.mockReturnValue('?fallback=sign-in');
renderWithPageContext(<DirectSignIn />);
expect(replace).toBeCalledWith('/sign-in');
});
it('should invoke social sign-in when method is social and target is valid', () => {
useParams.mockReturnValue({ method: 'social', target: socialConnectors[0]!.target });
search.mockReturnValue(`?fallback=sign-in`);
renderWithPageContext(<DirectSignIn />);
expect(replace).not.toBeCalled();
expect(assign).toBeCalledWith('/social-redirect-to');
});
});

View file

@ -0,0 +1,33 @@
import { experience } from '@logto/schemas';
import { useEffect, useMemo } from 'react';
import { useParams } from 'react-router-dom';
import LoadingLayer from '@/components/LoadingLayer';
import useSocial from '@/containers/SocialSignInList/use-social';
const DirectSignIn = () => {
const { method, target } = useParams();
const { socialConnectors, invokeSocialSignIn } = useSocial();
const fallback = useMemo(() => {
const fallbackKey = new URLSearchParams(window.location.search).get('fallback');
return (
Object.entries(experience.routes).find(([key]) => key === fallbackKey)?.[1] ??
experience.routes.signIn
);
}, []);
useEffect(() => {
if (method === 'social') {
const social = socialConnectors.find((connector) => connector.target === target);
if (social) {
void invokeSocialSignIn(social);
return;
}
}
window.location.replace('/' + fallback);
}, [fallback, invokeSocialSignIn, method, socialConnectors, target]);
return <LoadingLayer />;
};
export default DirectSignIn;

View file

@ -1,4 +1,4 @@
import { SignInIdentifier, type SsoConnectorMetadata } from '@logto/schemas'; import { SignInIdentifier, experience, type SsoConnectorMetadata } from '@logto/schemas';
import { assert } from '@silverhand/essentials'; import { assert } from '@silverhand/essentials';
import { fireEvent, act, waitFor } from '@testing-library/react'; import { fireEvent, act, waitFor } from '@testing-library/react';
@ -10,7 +10,6 @@ import SettingsProvider from '@/__mocks__/RenderWithPageContext/SettingsProvider
import { mockSignInExperienceSettings, mockSsoConnectors } from '@/__mocks__/logto'; import { mockSignInExperienceSettings, mockSsoConnectors } from '@/__mocks__/logto';
import { registerWithUsernamePassword } from '@/apis/interaction'; import { registerWithUsernamePassword } from '@/apis/interaction';
import { sendVerificationCodeApi } from '@/apis/utils'; import { sendVerificationCodeApi } from '@/apis/utils';
import { singleSignOnPath } from '@/constants/env';
import { UserFlow } from '@/types'; import { UserFlow } from '@/types';
import { getDefaultCountryCallingCode } from '@/utils/country-code'; import { getDefaultCountryCallingCode } from '@/utils/country-code';
@ -401,7 +400,7 @@ describe('<IdentifierRegisterForm />', () => {
}); });
await waitFor(() => { await waitFor(() => {
expect(mockedNavigate).toBeCalledWith(`/${singleSignOnPath}/connectors`); expect(mockedNavigate).toBeCalledWith(`/${experience.routes.sso}/connectors`);
}); });
}); });
}); });

View file

@ -1,5 +1,5 @@
import type { SignIn, SsoConnectorMetadata } from '@logto/schemas'; import type { SignIn, SsoConnectorMetadata } from '@logto/schemas';
import { SignInIdentifier } from '@logto/schemas'; import { SignInIdentifier, experience } from '@logto/schemas';
import { assert } from '@silverhand/essentials'; import { assert } from '@silverhand/essentials';
import { fireEvent, act, waitFor } from '@testing-library/react'; import { fireEvent, act, waitFor } from '@testing-library/react';
@ -13,7 +13,6 @@ import {
mockSsoConnectors, mockSsoConnectors,
} from '@/__mocks__/logto'; } from '@/__mocks__/logto';
import { sendVerificationCodeApi } from '@/apis/utils'; import { sendVerificationCodeApi } from '@/apis/utils';
import { singleSignOnPath } from '@/constants/env';
import { UserFlow } from '@/types'; import { UserFlow } from '@/types';
import { getDefaultCountryCallingCode } from '@/utils/country-code'; import { getDefaultCountryCallingCode } from '@/utils/country-code';
@ -310,7 +309,7 @@ describe('IdentifierSignInForm', () => {
}); });
await waitFor(() => { await waitFor(() => {
expect(mockedNavigate).toBeCalledWith(`/${singleSignOnPath}/connectors`); expect(mockedNavigate).toBeCalledWith(`/${experience.routes.sso}/connectors`);
}); });
}); });
}); });

View file

@ -1,4 +1,4 @@
import { SignInIdentifier } from '@logto/schemas'; import { SignInIdentifier, experience } from '@logto/schemas';
import { assert } from '@silverhand/essentials'; import { assert } from '@silverhand/essentials';
import { fireEvent, waitFor } from '@testing-library/react'; import { fireEvent, waitFor } from '@testing-library/react';
import { act } from 'react-dom/test-utils'; import { act } from 'react-dom/test-utils';
@ -9,7 +9,6 @@ import renderWithPageContext from '@/__mocks__/RenderWithPageContext';
import SettingsProvider from '@/__mocks__/RenderWithPageContext/SettingsProvider'; import SettingsProvider from '@/__mocks__/RenderWithPageContext/SettingsProvider';
import { mockSignInExperienceSettings, mockSsoConnectors } from '@/__mocks__/logto'; import { mockSignInExperienceSettings, mockSsoConnectors } from '@/__mocks__/logto';
import { signInWithPasswordIdentifier } from '@/apis/interaction'; import { signInWithPasswordIdentifier } from '@/apis/interaction';
import { singleSignOnPath } from '@/constants/env';
import type { SignInExperienceResponse } from '@/types'; import type { SignInExperienceResponse } from '@/types';
import { getDefaultCountryCallingCode } from '@/utils/country-code'; import { getDefaultCountryCallingCode } from '@/utils/country-code';
@ -260,7 +259,7 @@ describe('UsernamePasswordSignInForm', () => {
}); });
await waitFor(() => { await waitFor(() => {
expect(mockedNavigate).toBeCalledWith(`/${singleSignOnPath}/connectors`); expect(mockedNavigate).toBeCalledWith(`/${experience.routes.sso}/connectors`);
}); });
}); });

View file

@ -1,4 +1,4 @@
import SignIn from '../SignIn'; import LoadingLayer from '@/components/LoadingLayer';
import useSocialSignInListener from './use-social-sign-in-listener'; import useSocialSignInListener from './use-social-sign-in-listener';
@ -12,7 +12,7 @@ type Props = {
const SocialSignIn = ({ connectorId }: Props) => { const SocialSignIn = ({ connectorId }: Props) => {
useSocialSignInListener(connectorId); useSocialSignInListener(connectorId);
return <SignIn />; return <LoadingLayer />;
}; };
export default SocialSignIn; export default SocialSignIn;

View file

@ -1,13 +1,13 @@
import { useParams } from 'react-router-dom'; import { experience } from '@logto/schemas';
import { Navigate, useParams } from 'react-router-dom';
import useConnectors from '@/hooks/use-connectors'; import useConnectors from '@/hooks/use-connectors';
import SignIn from '../SignIn';
import SingleSignOn from './SingleSignOn'; import SingleSignOn from './SingleSignOn';
import SocialSignIn from './SocialSignIn'; import SocialSignIn from './SocialSignIn';
const SocialSignInCallback = () => { /** The real callback page for social sign-in in web browsers. */
const SocialSignInWebCallback = () => {
const parameters = useParams<{ connectorId: string }>(); const parameters = useParams<{ connectorId: string }>();
const { findConnectorById } = useConnectors(); const { findConnectorById } = useConnectors();
const result = findConnectorById(parameters.connectorId); const result = findConnectorById(parameters.connectorId);
@ -21,7 +21,7 @@ const SocialSignInCallback = () => {
} }
// Connector not found, return sign in page // Connector not found, return sign in page
return <SignIn />; return <Navigate to={experience.routes.signIn} />;
}; };
export default SocialSignInCallback; export default SocialSignInWebCallback;

View file

@ -1,4 +1,4 @@
import type { LogtoConfig } from '@logto/node'; import type { LogtoConfig, SignInOptions } from '@logto/node';
import LogtoClient from '@logto/node'; import LogtoClient from '@logto/node';
import { demoAppApplicationId } from '@logto/schemas'; import { demoAppApplicationId } from '@logto/schemas';
import type { Nullable, Optional } from '@silverhand/essentials'; import type { Nullable, Optional } from '@silverhand/essentials';
@ -59,8 +59,11 @@ export default class MockClient {
return map; return map;
} }
public async initSession(callbackUri = demoAppRedirectUri) { public async initSession(
await this.logto.signIn(callbackUri); redirectUri = demoAppRedirectUri,
options: Omit<SignInOptions, 'redirectUri'> = {}
) {
await this.logto.signIn({ redirectUri, ...options });
assert(this.navigateUrl, new Error('Unable to navigate to sign in uri')); assert(this.navigateUrl, new Error('Unable to navigate to sign in uri'));
assert( assert(
@ -75,7 +78,8 @@ export default class MockClient {
// Note: should redirect to sign-in page // Note: should redirect to sign-in page
assert( assert(
response.statusCode === 303 && response.headers.location?.startsWith('/sign-in'), response.statusCode === 303 &&
response.headers.location?.startsWith(options.directSignIn ? '/direct/' : '/sign-in'),
new Error('Visit sign in uri failed') new Error('Visit sign in uri failed')
); );

View file

@ -1,11 +1,15 @@
import type { LogtoConfig } from '@logto/node'; import type { LogtoConfig, SignInOptions } from '@logto/node';
import { assert } from '@silverhand/essentials'; import { assert } from '@silverhand/essentials';
import MockClient from '#src/client/index.js'; import MockClient from '#src/client/index.js';
export const initClient = async (config?: Partial<LogtoConfig>, redirectUri?: string) => { export const initClient = async (
config?: Partial<LogtoConfig>,
redirectUri?: string,
options: Omit<SignInOptions, 'redirectUri'> = {}
) => {
const client = new MockClient(config); const client = new MockClient(config);
await client.initSession(redirectUri); await client.initSession(redirectUri, options);
assert(client.interactionCookie, new Error('Session not found')); assert(client.interactionCookie, new Error('Session not found'));
return client; return client;

View file

@ -30,7 +30,7 @@ const state = 'foo_state';
const redirectUri = 'http://foo.dev/callback'; const redirectUri = 'http://foo.dev/callback';
const code = 'auth_code_foo'; const code = 'auth_code_foo';
describe('Social Identifier Interactions', () => { describe('social sign-in', () => {
const connectorIdMap = new Map<string, string>(); const connectorIdMap = new Map<string, string>();
beforeAll(async () => { beforeAll(async () => {
@ -47,7 +47,7 @@ describe('Social Identifier Interactions', () => {
await clearConnectorsByTypes([ConnectorType.Social, ConnectorType.Email, ConnectorType.Sms]); await clearConnectorsByTypes([ConnectorType.Social, ConnectorType.Email, ConnectorType.Sms]);
}); });
describe('register new and sign-in', () => { describe.only('register and sign-in', () => {
const socialUserId = generateUserId(); const socialUserId = generateUserId();
it('register with social', async () => { it('register with social', async () => {
@ -192,6 +192,39 @@ describe('Social Identifier Interactions', () => {
await logoutClient(client); await logoutClient(client);
await deleteUser(uid); await deleteUser(uid);
}); });
it('can perform direct sign-in with a new social account', async () => {
const connectorId = connectorIdMap.get(mockSocialConnectorId) ?? '';
const client = await initClient(undefined, undefined, {
directSignIn: { method: 'social', target: mockSocialConnectorTarget },
});
await client.successSend(putInteraction, {
event: InteractionEvent.SignIn,
});
await client.successSend(createSocialAuthorizationUri, { state, redirectUri, connectorId });
await client.successSend(patchInteractionIdentifiers, {
connectorId,
connectorData: { state, redirectUri, code, userId: socialUserId },
});
await expectRejects(client.submitInteraction(), {
code: 'user.identity_not_exist',
statusCode: 422,
});
await client.successSend(putInteractionEvent, { event: InteractionEvent.Register });
await client.successSend(putInteractionProfile, { connectorId });
const { redirectTo } = await client.submitInteraction();
const id = await processSession(client, redirectTo);
await logoutClient(client);
await deleteUser(id);
});
}); });
describe('bind with existing email account', () => { describe('bind with existing email account', () => {

View file

@ -0,0 +1,68 @@
import { ConnectorType } from '@logto/connector-kit';
import { SignInIdentifier } from '@logto/schemas';
import { mockSocialConnectorTarget } from '#src/__mocks__/connectors-mock.js';
import { updateSignInExperience } from '#src/api/sign-in-experience.js';
import { demoAppUrl } from '#src/constants.js';
import { clearConnectorsByTypes, setSocialConnector } from '#src/helpers/connector.js';
import ExpectExperience from '#src/ui-helpers/expect-experience.js';
/**
* NOTE: This test suite assumes test cases will run sequentially (which is Jest default).
* Parallel execution will lead to errors.
*/
// Tip: See https://github.com/argos-ci/jest-puppeteer/blob/main/packages/expect-puppeteer/README.md
// for convenient expect methods
describe('direct sign-in', () => {
beforeAll(async () => {
await clearConnectorsByTypes([ConnectorType.Social, ConnectorType.Email, ConnectorType.Sms]);
await setSocialConnector();
await updateSignInExperience({
signUp: { identifiers: [], password: true, verify: false },
signIn: {
methods: [
{
identifier: SignInIdentifier.Username,
password: true,
verificationCode: false,
isPasswordPrimary: true,
},
],
},
socialSignInConnectorTargets: ['mock-social'],
});
});
it('should be landed to the social identity provider directly', async () => {
const experience = new ExpectExperience(await browser.newPage());
const url = new URL(demoAppUrl);
url.searchParams.set('direct_sign_in', `social:${mockSocialConnectorTarget}`);
await experience.page.goto(url.href);
await experience.toProcessSocialSignIn({ socialUserId: 'foo', clickButton: false });
experience.toMatchUrl(demoAppUrl);
await experience.toClick('div[role=button]', /sign out/i);
await experience.page.close();
});
it('should fall back to the sign-in page if the direct sign-in target is invalid', async () => {
const experience = new ExpectExperience(await browser.newPage());
const url = new URL(demoAppUrl);
url.searchParams.set('direct_sign_in', 'social:invalid-target');
await experience.navigateTo(url.href);
experience.toBeAt('sign-in');
await experience.page.close();
});
it('should fall back to the register page if the direct sign-in target is invalid and `first_screen` is `register`', async () => {
const experience = new ExpectExperience(await browser.newPage());
const url = new URL(demoAppUrl);
url.searchParams.set('direct_sign_in', 'social:invalid-target');
url.searchParams.set('first_screen', 'register');
await experience.navigateTo(url.href);
experience.toBeAt('register');
await experience.page.close();
});
});

View file

@ -1,5 +1,7 @@
/* Test the sign-in with different password policies. */ /* Test the sign-in with different password policies. */
import crypto from 'node:crypto';
import { ConnectorType, SignInIdentifier } from '@logto/schemas'; import { ConnectorType, SignInIdentifier } from '@logto/schemas';
import { updateSignInExperience } from '#src/api/sign-in-experience.js'; import { updateSignInExperience } from '#src/api/sign-in-experience.js';
@ -7,11 +9,12 @@ import { demoAppUrl } from '#src/constants.js';
import { clearConnectorsByTypes, setEmailConnector } from '#src/helpers/connector.js'; import { clearConnectorsByTypes, setEmailConnector } from '#src/helpers/connector.js';
import ExpectExperience from '#src/ui-helpers/expect-experience.js'; import ExpectExperience from '#src/ui-helpers/expect-experience.js';
import { setupUsernameAndEmailExperience } from '#src/ui-helpers/index.js'; import { setupUsernameAndEmailExperience } from '#src/ui-helpers/index.js';
import { waitFor } from '#src/utils.js';
const randomString = () => crypto.randomBytes(8).toString('hex');
describe('password policy', () => { describe('password policy', () => {
const username = 'test_pass_policy_30'; const username = 'test_' + randomString();
const emailName = 'a_good_foo_30'; const emailName = 'foo_' + randomString();
const email = emailName + '@bar.com'; const email = emailName + '@bar.com';
const invalidPasswords: Array<[string, string | RegExp]> = [ const invalidPasswords: Array<[string, string | RegExp]> = [
['123', 'minimum length'], ['123', 'minimum length'],
@ -44,7 +47,7 @@ describe('password policy', () => {
await experience.toFillInput('id', username, { submit: true }); await experience.toFillInput('id', username, { submit: true });
// Password tests // Password tests
experience.toBeAt('register/password'); await experience.waitForPathname('register/password');
await experience.toFillNewPasswords( await experience.toFillNewPasswords(
...invalidPasswords, ...invalidPasswords,
[username + 'A', /product context .* personal information/], [username + 'A', /product context .* personal information/],
@ -72,9 +75,7 @@ describe('password policy', () => {
await experience.toFillInput('id', email, { submit: true }); await experience.toFillInput('id', email, { submit: true });
await experience.toCompleteVerification('register', 'Email'); await experience.toCompleteVerification('register', 'Email');
// Wait for the password page to load await experience.waitForPathname('continue/password');
await waitFor(100);
experience.toBeAt('continue/password');
await experience.toFillNewPasswords( await experience.toFillNewPasswords(
...invalidPasswords, ...invalidPasswords,
[emailName, 'personal information'], [emailName, 'personal information'],
@ -101,8 +102,7 @@ describe('password policy', () => {
await experience.toCompleteVerification('forgot-password', 'Email'); await experience.toCompleteVerification('forgot-password', 'Email');
// Wait for the password page to load // Wait for the password page to load
await waitFor(100); await experience.waitForPathname('forgot-password/reset');
experience.toBeAt('forgot-password/reset');
await experience.toFillNewPasswords( await experience.toFillNewPasswords(
...invalidPasswords, ...invalidPasswords,
[emailName, 'personal information'], [emailName, 'personal information'],
@ -110,7 +110,8 @@ describe('password policy', () => {
emailName + 'ABCD135' emailName + 'ABCD135'
); );
experience.toBeAt('sign-in'); await experience.waitForPathname('sign-in');
await experience.waitForToast(/password changed/i);
await experience.toFillInput('identifier', email, { submit: true }); await experience.toFillInput('identifier', email, { submit: true });
await experience.toFillInput('password', emailName + 'ABCD135', { submit: true }); await experience.toFillInput('password', emailName + 'ABCD135', { submit: true });
await experience.verifyThenEnd(); await experience.verifyThenEnd();

View file

@ -90,6 +90,24 @@ export default class ExpectExperience extends ExpectPage {
this.#ongoing = { type, initialUrl }; this.#ongoing = { type, initialUrl };
} }
async waitForUrl(url: URL, retry = 3) {
// eslint-disable-next-line @silverhand/fp/no-let
let retries = retry;
do {
if (this.page.url() === url.href) {
return;
}
// eslint-disable-next-line no-await-in-loop
await this.page.waitForNavigation({ waitUntil: 'networkidle0' });
} while (retries--); // eslint-disable-line @silverhand/fp/no-mutation
}
async waitForPathname(pathname: string, retry = 3) {
return this.waitForUrl(this.buildExperienceUrl(pathname), retry);
}
/** /**
* Ensure the experience is ongoing and the page is at the initial URL; then try to click the "sign out" * Ensure the experience is ongoing and the page is at the initial URL; then try to click the "sign out"
* button (case-insensitive) and close the page. * button (case-insensitive) and close the page.
@ -97,16 +115,11 @@ export default class ExpectExperience extends ExpectPage {
* It will clear the ongoing experience if the experience is ended successfully. * It will clear the ongoing experience if the experience is ended successfully.
*/ */
async verifyThenEnd(closePage = true) { async verifyThenEnd(closePage = true) {
/**
* Wait for the network to be idle since we need to process the sign-in consent
* and handle sign-in success callback, this may take a long time.
*/
await this.page.waitForNetworkIdle();
if (this.#ongoing === undefined) { if (this.#ongoing === undefined) {
return this.throwNoOngoingExperienceError(); return this.throwNoOngoingExperienceError();
} }
this.toMatchUrl(this.#ongoing.initialUrl); await this.waitForUrl(this.#ongoing.initialUrl);
await this.toClick('div[role=button]', /sign out/i); await this.toClick('div[role=button]', /sign out/i);
this.#ongoing = undefined; this.#ongoing = undefined;
@ -227,26 +240,28 @@ export default class ExpectExperience extends ExpectPage {
} }
/** /**
* Assert the page is at the sign-in page with the mock social sign-in method. * Optionally click the "Continue with [social name]" button on the page, then process the social
* Click the 'Mock Social' sign in method and visit the mocked 3rd-party social sign-in page and redirect * sign-in flow with the given user social data.
* back with the given user social data.
*
* @param socialUserData The given user social data.
*/ */
async toProcessSocialSignIn({ async toProcessSocialSignIn({
socialUserId, socialUserId,
socialEmail, socialEmail,
socialPhone, socialPhone,
clickButton = true,
}: { }: {
socialUserId: string; socialUserId: string;
socialEmail?: string; socialEmail?: string;
socialPhone?: string; socialPhone?: string;
/** Whether to click the "Continue with [social name]" button on the page. */
clickButton?: boolean;
}) { }) {
const authPageRequestListener = this.page.waitForRequest((request) => const authPageRequestListener = this.page.waitForRequest((request) =>
request.url().startsWith(mockSocialAuthPageUrl) request.url().startsWith(mockSocialAuthPageUrl)
); );
if (clickButton) {
await this.toClick('button', 'Continue with Mock Social'); await this.toClick('button', 'Continue with Mock Social');
}
const result = await authPageRequestListener; const result = await authPageRequestListener;

View file

@ -0,0 +1,10 @@
const routes = Object.freeze({
signIn: 'sign-in',
register: 'register',
sso: 'single-sign-on',
consent: 'consent',
});
export const experience = Object.freeze({
routes,
});

View file

@ -4,3 +4,4 @@ export * from './oidc.js';
export * from './date.js'; export * from './date.js';
export * from './tenant.js'; export * from './tenant.js';
export * from './subscriptions.js'; export * from './subscriptions.js';
export * from './experience.js';

View file

@ -1,3 +1,5 @@
import { z } from 'zod';
import { type CustomClientMetadata } from '../foundations/index.js'; import { type CustomClientMetadata } from '../foundations/index.js';
import { inSeconds } from './date.js'; import { inSeconds } from './date.js';
@ -9,3 +11,49 @@ export const customClientMetadataDefault = Object.freeze({
refreshTokenTtlInDays: 14, refreshTokenTtlInDays: 14,
rotateRefreshToken: true, rotateRefreshToken: true,
} as const satisfies Partial<CustomClientMetadata>); } as const satisfies Partial<CustomClientMetadata>);
export enum ExtraParamsKey {
/**
* @deprecated Use {@link FirstScreen} instead.
* @see {@link InteractionMode} for the available values.
*/
InteractionMode = 'interaction_mode',
/**
* The first screen to show for the user.
*
* @see {@link FirstScreen} for the available values.
*/
FirstScreen = 'first_screen',
/**
* Directly sign in via the specified method. Note that the method must be properly configured
* in Logto.
*
* @remark
* The format of the value for this key is one of the following:
*
* - `<method>` (e.g. `email`, `sms`)
* - `social:<target>` (e.g. `social:google`, `social:facebook`)
*/
DirectSignIn = 'direct_sign_in',
}
/** @deprecated Use {@link FirstScreen} instead. */
export enum InteractionMode {
SignIn = 'signIn',
SignUp = 'signUp',
}
export enum FirstScreen {
SignIn = 'signIn',
Register = 'register',
}
export const extraParamsObjectGuard = z
.object({
[ExtraParamsKey.InteractionMode]: z.nativeEnum(InteractionMode),
[ExtraParamsKey.FirstScreen]: z.nativeEnum(FirstScreen),
[ExtraParamsKey.DirectSignIn]: z.string(),
})
.partial();
export type ExtraParamsObject = z.infer<typeof extraParamsObjectGuard>;

View file

@ -45,6 +45,7 @@
"dependencies": { "dependencies": {
"@logto/language-kit": "workspace:^1.1.0", "@logto/language-kit": "workspace:^1.1.0",
"@logto/shared": "workspace:^3.1.0", "@logto/shared": "workspace:^3.1.0",
"@silverhand/essentials": "^2.9.0",
"color": "^4.2.3" "color": "^4.2.3"
}, },
"optionalDependencies": { "optionalDependencies": {
@ -53,7 +54,6 @@
"devDependencies": { "devDependencies": {
"@jest/types": "^29.0.3", "@jest/types": "^29.0.3",
"@silverhand/eslint-config": "5.0.0", "@silverhand/eslint-config": "5.0.0",
"@silverhand/essentials": "^2.9.0",
"@silverhand/ts-config": "5.0.0", "@silverhand/ts-config": "5.0.0",
"@silverhand/ts-config-react": "5.0.0", "@silverhand/ts-config-react": "5.0.0",
"@types/color": "^3.0.3", "@types/color": "^3.0.3",

View file

@ -3,6 +3,8 @@ import { type webcrypto } from 'node:crypto';
import { type DeepPartial } from '@silverhand/essentials'; import { type DeepPartial } from '@silverhand/essentials';
import { z } from 'zod'; import { z } from 'zod';
import { getPwnPasswordsForTest, isIntegrationTest } from './utils/integration-test.js';
/** Password policy configuration type. */ /** Password policy configuration type. */
export type PasswordPolicy = { export type PasswordPolicy = {
/** Policy about password length. */ /** Policy about password length. */
@ -300,6 +302,10 @@ export class PasswordPolicyChecker {
* @returns Whether the password has been pwned. * @returns Whether the password has been pwned.
*/ */
async hasBeenPwned(password: string): Promise<boolean> { async hasBeenPwned(password: string): Promise<boolean> {
if (isIntegrationTest()) {
return getPwnPasswordsForTest().includes(password);
}
const hash = await this.subtle.digest('SHA-1', new TextEncoder().encode(password)); const hash = await this.subtle.digest('SHA-1', new TextEncoder().encode(password));
const hashHex = Array.from(new Uint8Array(hash)) const hashHex = Array.from(new Uint8Array(hash))
.map((binary) => binary.toString(16).padStart(2, '0')) .map((binary) => binary.toString(16).padStart(2, '0'))

View file

@ -0,0 +1,10 @@
import { yes } from '@silverhand/essentials';
export const isIntegrationTest = () => yes(process.env.INTEGRATION_TEST);
export const getPwnPasswordsForTest = () => {
if (!isIntegrationTest()) {
throw new Error('This function should only be called in integration tests');
}
return Object.freeze(['123456aA', 'test_password']);
};

6
pnpm-lock.yaml generated
View file

@ -4165,6 +4165,9 @@ importers:
'@logto/shared': '@logto/shared':
specifier: workspace:^3.1.0 specifier: workspace:^3.1.0
version: link:../../shared version: link:../../shared
'@silverhand/essentials':
specifier: ^2.9.0
version: 2.9.0
color: color:
specifier: ^4.2.3 specifier: ^4.2.3
version: 4.2.3 version: 4.2.3
@ -4179,9 +4182,6 @@ importers:
'@silverhand/eslint-config': '@silverhand/eslint-config':
specifier: 5.0.0 specifier: 5.0.0
version: 5.0.0(eslint@8.44.0)(prettier@3.0.0)(typescript@5.3.3) version: 5.0.0(eslint@8.44.0)(prettier@3.0.0)(typescript@5.3.3)
'@silverhand/essentials':
specifier: ^2.9.0
version: 2.9.0
'@silverhand/ts-config': '@silverhand/ts-config':
specifier: 5.0.0 specifier: 5.0.0
version: 5.0.0(typescript@5.3.3) version: 5.0.0(typescript@5.3.3)