feat: redirect to custom URL when third-party auth account is unlinked

(cherry picked from commit abad25c)
open-craft · Apr 14, 2024 · da55ddd · da55ddd
1 parent 1134c1b
commit da55ddd
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 1 deletion.
diff --git a/.env b/.env
@@ -13,6 +13,7 @@ ORDER_HISTORY_URL=null
 REFRESH_ACCESS_TOKEN_ENDPOINT=null
 SEGMENT_KEY=''
 SITE_NAME=null
+TPA_UNLINKED_ACCOUNT_PROVISION_URL=''
 INFO_EMAIL=''
 # ***** Cookies *****
 USER_RETENTION_COOKIE_NAME=null

diff --git a/README.rst b/README.rst
@@ -112,6 +112,10 @@ The authentication micro-frontend also requires the following additional variabl
      - Name of MFE, this will be used by the API to get runtime configurations for the specific micro frontend. For a frontend repo `frontend-app-appName`, use `appName` as APP_ID.
      - ``authn`` | ``''``
 
+   * - ``TPA_UNLINKED_ACCOUNT_PROVISION_URL``
+     - URL to redirect to when the identity provided by third-party authentication is not yet linked to a platform account. This allows for redirecting to a custom sign-up flow handled by an external service to create the linked account. An empty string (the default) disables this feature.
+     - ``http://example.com/signup`` | ``''``
+
 
 edX-specific Environment Variables
 **********************************
@@ -187,4 +191,4 @@ Please see `LICENSE <https://github.com/openedx/frontend-app-authn/blob/master/L
    :target: https://github.com/openedx/edx-developer-docs/actions/workflows/ci.yml
    :alt: Continuous Integration
 .. |semantic-release| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg
-   :target: https://github.com/semantic-release/semantic-release
+   :target: https://github.com/semantic-release/semantic-release
diff --git a/src/config/index.js b/src/config/index.js
@@ -20,6 +20,7 @@ const configuration = {
   SEARCH_CATALOG_URL: process.env.SEARCH_CATALOG_URL || null,
   TOS_AND_HONOR_CODE: process.env.TOS_AND_HONOR_CODE || null,
   TOS_LINK: process.env.TOS_LINK || null,
+  TPA_UNLINKED_ACCOUNT_PROVISION_URL: process.env.TPA_UNLINKED_ACCOUNT_PROVISION_URL || null,
   // Base container images
   BANNER_IMAGE_LARGE: process.env.BANNER_IMAGE_LARGE || '',
   BANNER_IMAGE_MEDIUM: process.env.BANNER_IMAGE_MEDIUM || '',

diff --git a/src/login/LoginPage.jsx b/src/login/LoginPage.jsx
@@ -310,6 +310,18 @@ class LoginPage extends React.Component {
     } = this.props;
     const { currentProvider, providers, secondaryProviders } = this.props.thirdPartyAuthContext;
 
+    const unlinkedProvisionUrl = getConfig().TPA_UNLINKED_ACCOUNT_PROVISION_URL;
+
+    /**
+     * When currentProvider exists and we are in a login page, it is
+     * because the third-party authenticated account is not linked.
+     * See also ThirdPartyAuthAlert.jsx.
+     */
+    if (currentProvider && unlinkedProvisionUrl) {
+      window.location.href = unlinkedProvisionUrl;
+      return null;
+    }
+
     if (this.tpaHint) {
       if (thirdPartyAuthApiStatus === PENDING_STATE) {
         return <Skeleton height={36} />;

diff --git a/src/login/tests/LoginPage.test.jsx b/src/login/tests/LoginPage.test.jsx
@@ -766,4 +766,50 @@ describe('LoginPage', () => {
 
     expect(store.dispatch).toHaveBeenCalledWith(loginRemovePasswordResetBanner());
   });
+
+  it('should not redirect to provisioning URL when not configured', () => {
+    mergeConfig({
+      TPA_UNLINKED_ACCOUNT_PROVISION_URL: '',
+    });
+
+    store = mockStore({
+      ...initialState,
+      commonComponents: {
+        ...initialState.commonComponents,
+        thirdPartyAuthContext: {
+          ...initialState.commonComponents.thirdPartyAuthContext,
+          currentProvider: ssoProvider.name,
+        },
+      },
+    });
+
+    delete window.location;
+    window.location = { href: getConfig().BASE_URL.concat(LOGIN_PAGE) };
+
+    render(reduxWrapper(<IntlLoginPage {...props} />));
+    expect(window.location.href).toEqual(getConfig().BASE_URL.concat(LOGIN_PAGE));
+  });
+
+  it('should redirect to provisioning URL on unlinked third-party auth account', () => {
+    mergeConfig({
+      TPA_UNLINKED_ACCOUNT_PROVISION_URL: 'http://example.com/signup',
+    });
+
+    store = mockStore({
+      ...initialState,
+      commonComponents: {
+        ...initialState.commonComponents,
+        thirdPartyAuthContext: {
+          ...initialState.commonComponents.thirdPartyAuthContext,
+          currentProvider: ssoProvider.name,
+        },
+      },
+    });
+
+    delete window.location;
+    window.location = { href: getConfig().BASE_URL.concat(LOGIN_PAGE) };
+
+    render(reduxWrapper(<IntlLoginPage {...props} />));
+    expect(window.location.href).toEqual('http://example.com/signup');
+  });
 });