Merge pull request #1193 from damienbod/fabiangosebrink/prompt-parameter-sent-multiple-times-with-silent-renew-(azure-integration)

Added fix overwriting param

Author: FabianGosebrink

projects/angular-auth-oidc-client/src/lib/check-auth.service.spec.ts

@@ -436,6 +436,72 @@ describe('CheckAuthService', () => {
         });
       })
     );
+
+    it(
+      'should start check session and validation after forceRefreshSession has been called and is authenticated after forcing with silentrenew',
+      waitForAsync(() => {
+        spyOn(configurationProvider, 'hasAsLeastOneConfig').and.returnValue(true);
+        spyOn(configurationProvider, 'getOpenIDConfiguration').and.returnValue({ authority: 'authority' });
+        spyOn(callBackService, 'isCallback').and.returnValue(false);
+        spyOn(authStateService, 'areAuthStorageTokensValid').and.returnValue(false);
+        spyOn(callBackService, 'handleCallbackAndFireEvents').and.returnValue(of(null));
+        spyOn(checkSessionService, 'isCheckSessionConfigured').and.returnValue(true);
+        spyOn(silentRenewService, 'isSilentRenewConfigured').and.returnValue(true);
+
+        const checkSessionServiceStartSpy = spyOn(checkSessionService, 'start');
+        const periodicallyTokenCheckServiceSpy = spyOn(periodicallyTokenCheckService, 'startTokenValidationPeriodically');
+        const getOrCreateIframeSpy = spyOn(silentRenewService, 'getOrCreateIframe');
+
+        spyOn(refreshSessionService, 'forceRefreshSession').and.returnValue(
+          of({
+            idToken: 'idToken',
+            accessToken: 'access_token',
+            isAuthenticated: true,
+            userData: null,
+            configId: 'configId',
+          })
+        );
+
+        checkAuthService.checkAuthIncludingServer('configId').subscribe((result) => {
+          expect(checkSessionServiceStartSpy).toHaveBeenCalledOnceWith('configId');
+          expect(periodicallyTokenCheckServiceSpy).toHaveBeenCalledTimes(1);
+          expect(getOrCreateIframeSpy).toHaveBeenCalledOnceWith('configId');
+        });
+      })
+    );
+
+    it(
+      'should start check session and validation after forceRefreshSession has been called and is authenticated after forcing without silentrenew',
+      waitForAsync(() => {
+        spyOn(configurationProvider, 'hasAsLeastOneConfig').and.returnValue(true);
+        spyOn(configurationProvider, 'getOpenIDConfiguration').and.returnValue({ authority: 'authority' });
+        spyOn(callBackService, 'isCallback').and.returnValue(false);
+        spyOn(authStateService, 'areAuthStorageTokensValid').and.returnValue(false);
+        spyOn(callBackService, 'handleCallbackAndFireEvents').and.returnValue(of(null));
+        spyOn(checkSessionService, 'isCheckSessionConfigured').and.returnValue(true);
+        spyOn(silentRenewService, 'isSilentRenewConfigured').and.returnValue(false);
+
+        const checkSessionServiceStartSpy = spyOn(checkSessionService, 'start');
+        const periodicallyTokenCheckServiceSpy = spyOn(periodicallyTokenCheckService, 'startTokenValidationPeriodically');
+        const getOrCreateIframeSpy = spyOn(silentRenewService, 'getOrCreateIframe');
+
+        spyOn(refreshSessionService, 'forceRefreshSession').and.returnValue(
+          of({
+            idToken: 'idToken',
+            accessToken: 'access_token',
+            isAuthenticated: true,
+            userData: null,
+            configId: 'configId',
+          })
+        );
+
+        checkAuthService.checkAuthIncludingServer('configId').subscribe((result) => {
+          expect(checkSessionServiceStartSpy).toHaveBeenCalledOnceWith('configId');
+          expect(periodicallyTokenCheckServiceSpy).toHaveBeenCalledTimes(1);
+          expect(getOrCreateIframeSpy).not.toHaveBeenCalled();
+        });
+      })
+    );
   });
 
   describe('checkAuthMultiple', () => {

projects/angular-auth-oidc-client/src/lib/flows/callback-handling/code-flow-callback-handler.service.ts

@@ -27,7 +27,7 @@ export class CodeFlowCallbackHandlerService {
   codeFlowCallback(urlToCheck: string, configId: string): Observable<CallbackContext> {
     const code = this.urlService.getUrlParameter(urlToCheck, 'code');
     const state = this.urlService.getUrlParameter(urlToCheck, 'state');
-    const sessionState = this.urlService.getUrlParameter(urlToCheck, 'session_state') || null;
+    const sessionState = this.urlService.getUrlParameter(urlToCheck, 'session_state');
 
     if (!state) {
       this.loggerService.logDebug(configId, 'no state in url');

projects/angular-auth-oidc-client/src/lib/utils/url/url.service.spec.ts

@@ -323,8 +323,8 @@ describe('UrlService Tests', () => {
         '&scope=openid%20email%20profile' +
         '&nonce=nonce' +
         '&state=state' +
-        '&prompt=myprompt' +
-        '&to=add&as=well';
+        '&to=add&as=well' +
+        '&prompt=myprompt';
 
       expect(value).toEqual(expectValue);
     });
@@ -623,6 +623,47 @@ describe('UrlService Tests', () => {
       expect(value).toEqual(expectValue);
     });
 
+    it('should add the prompt only once even if it is configured AND passed with `none` in silent renew case, taking the passed one', () => {
+      const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
+      config.clientId = '188968487735-b1hh7k87nkkh6vv84548sinju2kpr7gn.apps.googleusercontent.com';
+      config.responseType = 'code';
+      config.scope = 'openid email profile';
+      config.redirectUrl = 'https://localhost:44386';
+
+      config.customParamsAuthRequest = {
+        prompt: 'select_account',
+      };
+
+      configurationProvider.setConfig(config);
+      spyOn(storagePersistenceService, 'read')
+        .withArgs('authWellKnownEndPoints', 'configId')
+        .and.returnValue({ authorizationEndpoint: 'http://example' });
+
+      const value = (service as any).createAuthorizeUrl(
+        '', // Implicit Flow
+        config.redirectUrl,
+        'nonce',
+        'state',
+        'configId',
+        'somePrompt'
+      );
+
+      const expectValue =
+        'http://example?client_id=188968487735-b1hh7k87nkkh6vv84548sinju2kpr7gn.apps.googleusercontent.com' +
+        '&redirect_uri=https%3A%2F%2Flocalhost%3A44386' +
+        '&response_type=code' +
+        '&scope=openid%20email%20profile' +
+        '&nonce=nonce' +
+        '&state=state' +
+        '&code_challenge=' +
+        '&code_challenge_method=S256' +
+        '&prompt=somePrompt';
+
+      expect(value).toEqual(expectValue);
+    });
+  });
+
+  describe('createRevocationEndpointBodyAccessToken', () => {
     it('createRevocationBody access_token default', () => {
       const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
       config.redirectUrl = 'https://localhost:44386';
@@ -653,7 +694,9 @@ describe('UrlService Tests', () => {
 
       expect(value).toBeNull();
     });
+  });
 
+  describe('createRevocationEndpointBodyRefreshToken', () => {
     it('createRevocationBody refresh_token default', () => {
       const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
       config.redirectUrl = 'https://localhost:44386';
@@ -684,7 +727,9 @@ describe('UrlService Tests', () => {
 
       expect(value).toBeNull();
     });
+  });
 
+  describe('getRevocationEndpointUrl', () => {
     it('getRevocationEndpointUrl with params', () => {
       const config = { authority: 'https://localhost:5001' } as OpenIdConfiguration;
       config.redirectUrl = 'https://localhost:44386';

projects/angular-auth-oidc-client/src/lib/utils/url/url.service.ts

@@ -328,20 +328,20 @@ export class UrlService {
       params = params.append('code_challenge_method', 'S256');
     }
 
+    const mergedParams = { ...customParamsAuthRequest, ...customRequestParams };
+
+    if (Object.keys(mergedParams).length > 0) {
+      params = this.appendCustomParams({ ...mergedParams }, params);
+    }
+
     if (prompt) {
-      params = params.append('prompt', prompt);
+      params = this.overWriteParam(params, 'prompt', prompt);
     }
 
     if (hdParam) {
       params = params.append('hd', hdParam);
     }
 
-    const mergedParams = { ...customParamsAuthRequest, ...customRequestParams };
-
-    if (Object.keys(mergedParams).length > 0) {
-      params = this.appendCustomParams({ ...mergedParams }, params);
-    }
-
     return `${authorizationUrl}?${params}`;
   }
 
@@ -495,6 +495,10 @@ export class UrlService {
     return params;
   }
 
+  private overWriteParam(params: HttpParams, key: string, value: string | number | boolean): HttpParams {
+    return params.set(key, value);
+  }
+
   private createHttpParams(existingParams?: string): HttpParams {
     existingParams = existingParams ?? '';