Remove email param in cross auth login (#692)

auth0 · Mar 5, 2018 · 4d352f2 · 4d352f2
1 parent ed4ce41
commit 4d352f2
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/src/web-auth/cross-origin-authentication.js b/src/web-auth/cross-origin-authentication.js
@@ -43,9 +43,12 @@ CrossOriginAuthentication.prototype.login = function(options, cb) {
   var _this = this;
   var theWindow = windowHelper.getWindow();
   var url = urljoin(this.baseOptions.rootUrl, '/co/authenticate');
+  options.username = options.username || options.email;
+  delete options.email;
+
   var authenticateBody = {
     client_id: options.clientID || this.baseOptions.clientID,
-    username: options.username || options.email
+    username: options.username
   };
   if (options.password) {
     authenticateBody.password = options.password;

diff --git a/test/web-auth/cross-origin-authentication.test.js b/test/web-auth/cross-origin-authentication.test.js
@@ -44,7 +44,7 @@ describe('auth0.WebAuth.crossOriginAuthentication', function() {
         storage.setItem.restore();
       }
     });
-    it('should call /co/authenticate and redirect to /authorize with login_ticket', function() {
+    it('should call /co/authenticate and redirect to /authorize with login_ticket using `username`', function() {
       stub(request, 'post', function(url) {
         expect(url).to.be('https://me.auth0.com/co/authenticate');
         return new RequestMock({
@@ -79,6 +79,41 @@ describe('auth0.WebAuth.crossOriginAuthentication', function() {
         anotherOption: 'foobar'
       });
     });
+    it('should call /co/authenticate and redirect to /authorize with login_ticket using `email`', function() {
+      stub(request, 'post', function(url) {
+        expect(url).to.be('https://me.auth0.com/co/authenticate');
+        return new RequestMock({
+          body: {
+            client_id: '...',
+            credential_type: 'password',
+            username: 'me@example.com',
+            password: '123456'
+          },
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          cb: function(cb) {
+            cb(null, {
+              body: {
+                login_ticket: 'a_login_ticket',
+                co_verifier: 'co_verifier',
+                co_id: 'co_id'
+              }
+            });
+          }
+        });
+      });
+      this.co.login({
+        email: 'me@example.com',
+        password: '123456',
+        anotherOption: 'foobar'
+      });
+      expect(this.webAuthSpy.authorize.getCall(0).args[0]).to.be.eql({
+        username: 'me@example.com',
+        loginTicket: 'a_login_ticket',
+        anotherOption: 'foobar'
+      });
+    });
     it('should call /co/authenticate and call `webMessageHandler.run` when popup:true', function(
       done
     ) {