feat: Add hosted domain hint when signing in through Google SSO from subdomain (#2458)

* feat: Add hosted domain hint when signing in through Google SSO from subdomain closes #2454
2021-08-20 14:03:52 -07:00
parent 0be40609ed
commit e613ec732b
3 changed files with 38 additions and 11 deletions
--- a/server/api/auth.js
+++ b/server/api/auth.js
@ -25,11 +25,19 @@ function filterProviders(team) {
        find(team.authenticationProviders, { name: provider.id, enabled: true })
      );
    })
-    .map((provider) => ({
-      id: provider.id,
-      name: provider.name,
-      authUrl: provider.authUrl,
-    }));
+    .map((provider) => {
+      const authProvider = team
+        ? find(team.authenticationProviders, {
+            name: provider.id,
+          })
+        : undefined;
+
+      return {
+        id: provider.id,
+        name: provider.name,
+        authUrl: `${provider.authUrl}?authProviderId=${authProvider?.id || ""}`,
+      };
+    });
 }

 router.post("auth.config", async (ctx) => {
--- a/server/api/auth.test.js
+++ b/server/api/auth.test.js
@ -56,7 +56,7 @@ describe("#auth.config", () => {
  it("should return available providers for team subdomain", async () => {
    process.env.URL = "http://localoutline.com";

-    await buildTeam({
+    const team = await buildTeam({
      guestSignin: false,
      subdomain: "example",
      authenticationProviders: [
@ -74,6 +74,9 @@ describe("#auth.config", () => {
    expect(res.status).toEqual(200);
    expect(body.data.providers.length).toBe(1);
    expect(body.data.providers[0].name).toBe("Slack");
+    expect(body.data.providers[0].authUrl).toContain(
+      `?authProviderId=${team.authenticationProviders[0].id}`
+    );
  });

  it("should return available providers for team custom domain", async () => {
--- a/server/auth/providers/google.js
+++ b/server/auth/providers/google.js
@ -10,6 +10,7 @@ import {
  GoogleWorkspaceInvalidError,
 } from "../../errors";
 import passportMiddleware from "../../middlewares/passport";
+import { AuthenticationProvider } from "../../models";
 import { getAllowedDomains } from "../../utils/authentication";
 import { StateStore } from "../../utils/passport";

@ -86,13 +87,28 @@ if (GOOGLE_CLIENT_ID) {
    )
  );

-  router.get(
-    "google",
-    passport.authenticate(providerName, {
+  router.get("google", async (ctx) => {
+    const { authProviderId } = ctx.request.query;
+
+    if (authProviderId) {
+      ctx.assertUuid(authProviderId, "authProviderId must be a UUID");
+    }
+
+    const authProvider = authProviderId
+      ? await AuthenticationProvider.findOne({
+          where: {
+            id: authProviderId,
+            name: providerName,
+          },
+        })
+      : undefined;
+
+    return passport.authenticate(providerName, {
      accessType: "offline",
      prompt: "select_account consent",
-    })
-  );
+      hd: authProvider?.providerId,
+    })(ctx);
+  });

  router.get("google.callback", passportMiddleware(providerName));
 }