fix: add new message when refresh parameter is true (#1560)

Closes #1117 Co-authored-by: aeneasr <[email protected]>
ory · Jul 30, 2021 · 0525623 · 0525623
1 parent 51b1311
commit 0525623
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 3 deletions.
diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go
@@ -4,6 +4,8 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/ory/kratos/text"
+
 	"github.com/ory/nosurf"
 
 	"github.com/ory/kratos/identity"
@@ -93,6 +95,10 @@ func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, flow flow
 		return nil, err
 	}
 
+	if f.Forced {
+		f.UI.Messages.Set(text.NewInfoLoginReAuth())
+	}
+
 	if err := h.d.LoginHookExecutor().PreLoginHook(w, r, f); err != nil {
 		return nil, err
 	}

diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
@@ -9,6 +9,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ory/kratos/text"
+
 	"github.com/gobuffalo/httptest"
 	"github.com/gofrs/uuid"
 
@@ -124,6 +126,13 @@ func TestInitFlow(t *testing.T) {
 			assert.Contains(t, res.Request.URL.String(), login.RouteInitAPIFlow)
 			assertion(body, true, true)
 		})
+
+		t.Run("case=check info message on authenticated request with refresh=true", func(t *testing.T) {
+			res, body := initAuthenticatedFlow(t, url.Values{"refresh": {"true"}}, true)
+			assert.Contains(t, res.Request.URL.String(), login.RouteInitAPIFlow)
+			assertion(body, true, true)
+			assert.Equal(t, gjson.GetBytes(body, "ui.messages.0.text").String(), text.NewInfoLoginReAuth().Text)
+		})
 	})
 
 	t.Run("flow=browser", func(t *testing.T) {

diff --git a/selfservice/strategy/password/login_test.go b/selfservice/strategy/password/login_test.go
@@ -535,6 +535,16 @@ func TestCompleteLogin(t *testing.T) {
 					assert.Equal(t, identifier, gjson.GetBytes(body, "ui.nodes.#(attributes.name==password_identifier).attributes.value").String(), "%s", body)
 					assert.Empty(t, gjson.GetBytes(body, "ui.nodes.#(attributes.name==password).attributes.value").String(), "%s", body)
 				})
+
+				t.Run("show verification confirmation when refresh is set to true", func(t *testing.T) {
+					res, err := c.Do(testhelpers.NewHTTPGetJSONRequest(t, publicTS.URL+login.RouteInitAPIFlow+"?refresh=true"))
+					require.NoError(t, err)
+					defer res.Body.Close()
+					body := ioutilx.MustReadAll(res.Body)
+
+					assert.True(t, gjson.GetBytes(body, "forced").Bool())
+					assert.Contains(t, gjson.GetBytes(body, "ui.messages.0.text").String(), "verifying that", "%s", body)
+				})
 			})
 		})
 	})

diff --git a/text/message_login.go b/text/message_login.go
@@ -6,9 +6,10 @@ import (
 )
 
 const (
-	InfoSelfServiceLoginRoot ID = 1010000 + iota // 1010000
-	InfoSelfServiceLogin                         // 1010001
-	InfoSelfServiceLoginWith                     // 1010002
+	InfoSelfServiceLoginRoot   ID = 1010000 + iota // 1010000
+	InfoSelfServiceLogin                           // 1010001
+	InfoSelfServiceLoginWith                       // 1010002
+	InfoSelfServiceLoginReAuth                     // 1010003
 )
 
 const (
@@ -21,6 +22,15 @@ const (
 	ErrorValidationVerificationNoStrategyFound                     // 4010006
 )
 
+func NewInfoLoginReAuth() *Message {
+	return &Message{
+		ID:      InfoSelfServiceLoginReAuth,
+		Type:    Info,
+		Text:    "Please confirm this action by verifying that it's you.",
+		Context: context(nil),
+	}
+}
+
 func NewInfoLogin() *Message {
 	return &Message{
 		ID:      InfoSelfServiceLogin,