Merge branch 'main' into snyk-fix-e60ac74108b14b7d6cee8782479867ff

kinde-oss · May 1, 2024 · 74c08b1 · 74c08b1
2 parents 3b0bae4 + 5662d02
commit 74c08b1
Show file tree

Hide file tree

Showing 8 changed files with 106 additions and 40 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -14,7 +14,7 @@
     "fs": false
   },
   "dependencies": {
-    "@babel/cli": "^7.0.0",
+    "@babel/cli": "^7.24.1",
     "superagent": "^7.0.2"
   },
   "devDependencies": {

diff --git a/src/KindeClient.js b/src/KindeClient.js
@@ -97,6 +97,9 @@ export default class KindeClient extends ApiClient {
    * @property {Object} request - The HTTP request object
    * @property {String} request.query.state - Optional parameter used to pass a value to the authorization server
    * @property {String} request.query.org_code - Organization code
+   * @property {String} request.query.lang - language to display for login page
+   * @property {String} request.query.login_hint - email or phone-number to pre-fill login page
+   * @property {String} request.query.connection_id - connection id string corresponding to social sign in
    * @property {String} request.query.post_login_redirect_url - URL to redirect the user after login
    */
   login() {
@@ -105,6 +108,9 @@ export default class KindeClient extends ApiClient {
       const {
         state = randomString(),
         org_code,
+        lang = '',
+        login_hint = '',
+        connection_id = '',
         post_login_redirect_url = '',
       } = req.query;
 
@@ -130,6 +136,9 @@ export default class KindeClient extends ApiClient {
             authorizationURL = auth.generateAuthorizationURL(this, {
               state,
               org_code,
+              lang,
+              login_hint,
+              connection_id,
               start_page: 'login',
             });
             if (post_login_redirect_url) {
@@ -146,6 +155,9 @@ export default class KindeClient extends ApiClient {
             authorizationURL = auth.generateAuthorizationURL(this, {
               state,
               org_code,
+              lang,
+              login_hint,
+              connection_id,
               start_page: 'login',
             }, codeChallenge);
             if (post_login_redirect_url) {
@@ -168,6 +180,9 @@ export default class KindeClient extends ApiClient {
    * @property {Object} request - The HTTP request object
    * @property {String} request.query.state - Optional parameter used to pass a value to the authorization server
    * @property {String} request.query.org_code - Organization code
+   * @property {String} request.query.lang - language to display for register page
+   * @property {String} request.query.login_hint - email or phone-number to pre-fill register page
+   * @property {String} request.query.connection_id - connection id string corresponding to social sign in
    * @property {String} request.query.post_login_redirect_url - URL to redirect the user after login
    */
   register() {
@@ -176,6 +191,9 @@ export default class KindeClient extends ApiClient {
       const {
         state = randomString(),
         org_code,
+        lang = '',
+        login_hint = '',
+        connection_id = '',
         post_login_redirect_url = '',
       } = req.query;
 
@@ -191,6 +209,9 @@ export default class KindeClient extends ApiClient {
             authorizationURL = auth.generateAuthorizationURL(this, {
               state,
               org_code,
+              lang,
+              login_hint,
+              connection_id,
               start_page: 'registration',
             });
             if (post_login_redirect_url) {
@@ -207,6 +228,9 @@ export default class KindeClient extends ApiClient {
             authorizationURL = auth.generateAuthorizationURL(this, {
               state,
               org_code,
+              lang,
+              login_hint,
+              connection_id,
               start_page: 'registration',
             }, codeChallenge);
             if (post_login_redirect_url) {

diff --git a/src/sdk/oauth2/AuthorizationCode.js b/src/sdk/oauth2/AuthorizationCode.js
@@ -8,6 +8,9 @@ export default class AuthorizationCode {
    * @property {Boolean} options.is_create_org - Flag indicating if the user is creating a new organization
    * @property {String} options.org_code - Organization code
    * @property {String} options.org_name - Organization name
+   * @property {String} options.lang - language to display for page
+   * @property {String} options.login_hint - email or phone-number to pre-fill page
+   * @property {String} options.connection_id - connection id string corresponding to social sign in
    * @returns {String} The authorization URL to redirect the user to
    */
   generateAuthorizationURL(client, options) {
@@ -17,6 +20,9 @@ export default class AuthorizationCode {
       is_create_org,
       org_code,
       org_name,
+      lang,
+      login_hint,
+      connection_id,
     } = options;
 
     const searchParams = {
@@ -29,6 +35,9 @@ export default class AuthorizationCode {
       ...(!!client.audience && { audience: client.audience }),
       ...(!!is_create_org && { is_create_org, org_name }),
       ...(!!org_code && { org_code }),
+      ...(!!lang && { lang }),
+      ...(!!login_hint && { login_hint }),
+      ...(!!connection_id && { connection_id }),
     };
 
     return `${client.authorizationEndpoint}?${new URLSearchParams(searchParams).toString()}`;

diff --git a/src/sdk/oauth2/PKCE.js b/src/sdk/oauth2/PKCE.js
@@ -8,6 +8,9 @@ export default class PKCE {
    * @property {Boolean} options.is_create_org - Flag to indicate if the user wants to create an organization
    * @property {String} options.org_code - Organization code
    * @property {String} options.org_name - Organization name
+   * @property {String} options.lang - language to display for page
+   * @property {String} options.login_hint - email or phone-number to pre-fill page
+   * @property {String} options.connection_id - connection id string corresponding to social sign in
    * @param {String} codeChallenge - Code challenge used in the PKCE flow.
    * @returns {String} url - The authorization URL to redirect the user to
    */
@@ -18,6 +21,9 @@ export default class PKCE {
       is_create_org,
       org_code,
       org_name,
+      lang,
+      login_hint,
+      connection_id,
     } = options;
 
     const searchParams = {
@@ -32,6 +38,9 @@ export default class PKCE {
       ...(!!client.audience && { audience: client.audience }),
       ...(!!is_create_org && { is_create_org, org_name }),
       ...(!!org_code && { org_code }),
+      ...(!!lang && { lang }),
+      ...(!!login_hint && { login_hint }),
+      ...(!!connection_id && { connection_id }),
     };
 
     return `${client.authorizationEndpoint}?${new URLSearchParams(searchParams).toString()}`;

diff --git a/test/sdk/KindeClient.spec.js b/test/sdk/KindeClient.spec.js
@@ -74,14 +74,20 @@ import sinon from 'sinon';
       });
 
       it('should call login successfully', async () => {
-        req.query = { state: 'random_state', org_code: 'org-code' };
+        req.query = { 
+          state: 'random_state', 
+          org_code: 'org-code', 
+          lang: 'lang',
+          login_hint: 'test@test.com',
+          connection_id: 'connnection_id',
+        }
         KindeManagementApi.SessionStore.setData('session-id', {});
         req.headers.cookie = 'kindeSessionId=session-id';
-        sandbox.stub(KindeManagementApi.AuthorizationCode.prototype, 'generateAuthorizationURL').returns('https://example.com/oauth2/auth?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%20profile%20email%20offline&state=random_state&org_code=org_code&start_page=login');
+        sandbox.stub(KindeManagementApi.AuthorizationCode.prototype, 'generateAuthorizationURL').returns('https://example.com/oauth2/auth?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%20profile%20email%20offline&state=random_state&org_code=org_code&start_page=login&lang=lang&login_hint=test@test.com&connection_id=connection_id');
         await instance.login()(req, res, next);
         expect(res.cookie.calledOnce).to.be(true);
         expect(res.redirect.calledOnce).to.be(true);
-        expect(res.redirect.getCall(0).args[0]).to.be(`https://example.com/oauth2/auth?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%20profile%20email%20offline&state=random_state&org_code=org_code&start_page=login`);
+        expect(res.redirect.getCall(0).args[0]).to.be(`https://example.com/oauth2/auth?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%20profile%20email%20offline&state=random_state&org_code=org_code&start_page=login&lang=lang&login_hint=test@test.com&connection_id=connection_id`);
         expect(KindeManagementApi.SessionStore.getDataByKey('session-id', 'kindeOauthState')).to.be('random_state');
       });
 
@@ -125,14 +131,20 @@ import sinon from 'sinon';
       });
 
       it('should call register successfully', async () => {
-        req.query = { state: 'random_state', org_code: 'org-code' };
+        req.query = { 
+          state: 'random_state', 
+          org_code: 'org-code', 
+          lang: 'lang',
+          login_hint: 'test@test.com',
+          connection_id: 'connnection_id',
+        }
         KindeManagementApi.SessionStore.setData('session-id', {});
         req.headers.cookie = 'kindeSessionId=session-id';
-        sandbox.stub(KindeManagementApi.AuthorizationCode.prototype, 'generateAuthorizationURL').returns('https://example.com/oauth2/auth?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%20profile%20email%20offline&state=random_state&org_code=org_code&start_page=registration');
+        sandbox.stub(KindeManagementApi.AuthorizationCode.prototype, 'generateAuthorizationURL').returns('https://example.com/oauth2/auth?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%20profile%20email%20offline&state=random_state&org_code=org_code&start_page=login&lang=lang&login_hint=test@test.com&connection_id=connection_id');
         await instance.register()(req, res, next);
         expect(res.cookie.calledOnce).to.be(true);
         expect(res.redirect.calledOnce).to.be(true);
-        expect(res.redirect.getCall(0).args[0]).to.be(`https://example.com/oauth2/auth?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%20profile%20email%20offline&state=random_state&org_code=org_code&start_page=registration`);
+        expect(res.redirect.getCall(0).args[0]).to.be(`https://example.com/oauth2/auth?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid%20profile%20email%20offline&state=random_state&org_code=org_code&start_page=login&lang=lang&login_hint=test@test.com&connection_id=connection_id`);
         expect(KindeManagementApi.SessionStore.getDataByKey('session-id', 'kindeOauthState')).to.be('random_state');
       });
 

diff --git a/test/sdk/OAuth2AuthorizationCode.spec.js b/test/sdk/OAuth2AuthorizationCode.spec.js
@@ -48,6 +48,9 @@ import sinon from 'sinon';
           is_create_org: true,
           org_code: 'org_code',
           org_name: 'org_name',
+          lang: 'lang',
+          login_hint: 'test@test.com',
+          connection_id: 'connection_id',
         };
         const result = instance.generateAuthorizationURL(client, options);
         const expectedSearchParams = {
@@ -61,6 +64,9 @@ import sinon from 'sinon';
           is_create_org: true,
           org_name: 'org_name',
           org_code: 'org_code',
+          lang: 'lang',
+          login_hint: 'test@test.com',
+          connection_id: 'connection_id',
         };
         expect(result).to.be(`${client.authorizationEndpoint}?${new URLSearchParams(expectedSearchParams).toString()}`);
       });

diff --git a/test/sdk/OAuth2PKCE.spec.js b/test/sdk/OAuth2PKCE.spec.js
@@ -45,6 +45,9 @@ import sinon from 'sinon';
           start_page: 'login',
           state: 'random-state',
           org_code: 'org123',
+          lang: 'lang',
+          login_hint: 'test@test.com',
+          connection_id: 'connection_id',
         };
         const codeChallenge = 'codechallenge';      
         const expectedSearchParams = new URLSearchParams({
@@ -57,6 +60,9 @@ import sinon from 'sinon';
           code_challenge: codeChallenge,
           code_challenge_method: 'S256',
           org_code: 'org123',
+          lang: 'lang',
+          login_hint: 'test@test.com',
+          connection_id: 'connection_id',
         });
         const result = instance.generateAuthorizationURL(client, options, codeChallenge);      
         expect(result).to.be(`${client.authorizationEndpoint}?${new URLSearchParams(expectedSearchParams).toString()}`);