diff --git a/packages/cli/src/sso.ee/oidc/routes/__tests__/oidc.controller.ee.test.ts b/packages/cli/src/sso.ee/oidc/routes/__tests__/oidc.controller.ee.test.ts index 5c5ae96c33..93208f0db2 100644 --- a/packages/cli/src/sso.ee/oidc/routes/__tests__/oidc.controller.ee.test.ts +++ b/packages/cli/src/sso.ee/oidc/routes/__tests__/oidc.controller.ee.test.ts @@ -2,12 +2,13 @@ import type { User } from '@n8n/db'; import { type Request, type Response } from 'express'; import { mock } from 'jest-mock-extended'; -import type { AuthService } from '@/auth/auth.service'; -import type { UrlService } from '@/services/url.service'; - import type { OidcService } from '../../oidc.service.ee'; import { OidcController } from '../oidc.controller.ee'; +import type { AuthService } from '@/auth/auth.service'; +import type { AuthlessRequest } from '@/requests'; +import type { UrlService } from '@/services/url.service'; + const authService = mock(); const oidcService = mock(); const urlService = mock(); @@ -33,8 +34,9 @@ describe('OidcController', () => { describe('callbackHandler', () => { test('Should issue cookie with MFA flag set to true on successful OIDC login', async () => { - const req = mock({ + const req = mock({ originalUrl: '/sso/oidc/callback?code=auth_code&state=state_value', + browserId: 'browser-id-123', }); const res = mock(); @@ -51,16 +53,17 @@ describe('OidcController', () => { expect(oidcService.loginUser).toHaveBeenCalledWith(expectedCallbackUrl); // Verify that issueCookie was called with MFA flag set to true - expect(authService.issueCookie).toHaveBeenCalledWith(res, user, true); + expect(authService.issueCookie).toHaveBeenCalledWith(res, user, true, req.browserId); // Verify redirect to home page expect(res.redirect).toHaveBeenCalledWith('/'); }); test('Should handle callback URL with different query parameters', async () => { - const req = mock({ + const req = mock({ originalUrl: '/sso/oidc/callback?code=different_code&state=different_state&session_state=session123', + browserId: 'browser-id-123', }); const res = mock(); @@ -73,13 +76,14 @@ describe('OidcController', () => { await controller.callbackHandler(req, res); expect(oidcService.loginUser).toHaveBeenCalledWith(expectedCallbackUrl); - expect(authService.issueCookie).toHaveBeenCalledWith(res, user, true); + expect(authService.issueCookie).toHaveBeenCalledWith(res, user, true, req.browserId); expect(res.redirect).toHaveBeenCalledWith('/'); }); test('Should handle callback URL with no query parameters', async () => { - const req = mock({ + const req = mock({ originalUrl: '/sso/oidc/callback', + browserId: undefined, }); const res = mock(); @@ -90,7 +94,7 @@ describe('OidcController', () => { await controller.callbackHandler(req, res); expect(oidcService.loginUser).toHaveBeenCalledWith(expectedCallbackUrl); - expect(authService.issueCookie).toHaveBeenCalledWith(res, user, true); + expect(authService.issueCookie).toHaveBeenCalledWith(res, user, true, undefined); expect(res.redirect).toHaveBeenCalledWith('/'); }); diff --git a/packages/cli/src/sso.ee/oidc/routes/oidc.controller.ee.ts b/packages/cli/src/sso.ee/oidc/routes/oidc.controller.ee.ts index efec7fb79d..f9d2fb8a23 100644 --- a/packages/cli/src/sso.ee/oidc/routes/oidc.controller.ee.ts +++ b/packages/cli/src/sso.ee/oidc/routes/oidc.controller.ee.ts @@ -8,6 +8,7 @@ import { UrlService } from '@/services/url.service'; import { OIDC_CLIENT_SECRET_REDACTED_VALUE } from '../constants'; import { OidcService } from '../oidc.service.ee'; +import { AuthlessRequest } from '@/requests'; @RestController('/sso/oidc') export class OidcController { @@ -51,13 +52,13 @@ export class OidcController { @Get('/callback', { skipAuth: true }) @Licensed('feat:oidc') - async callbackHandler(req: Request, res: Response) { + async callbackHandler(req: AuthlessRequest, res: Response) { const fullUrl = `${this.urlService.getInstanceBaseUrl()}${req.originalUrl}`; const callbackUrl = new URL(fullUrl); const user = await this.oidcService.loginUser(callbackUrl); - this.authService.issueCookie(res, user, true); + this.authService.issueCookie(res, user, true, req.browserId); res.redirect('/'); }