SIDM-5176: Ensure we don't lose standard OIDC params when the login c…

…ode expires (#545)
hmcts · Dec 1, 2020 · 514ab30 · 514ab30
1 parent 02d0097
commit 514ab30
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/src/main/java/uk/gov/hmcts/reform/idam/web/AppController.java b/src/main/java/uk/gov/hmcts/reform/idam/web/AppController.java
@@ -940,11 +940,15 @@ public String expiredCodeError(@RequestParam("client_id") String clientId,
                                    @RequestParam("redirect_uri") String redirectUri,
                                    @RequestParam(required = false) String state,
                                    @RequestParam(required = false) String scope,
+                                   @RequestParam(required = false) String nonce,
+                                   @RequestParam(required = false) String prompt,
                                    Model model) {
         model.addAttribute(CLIENTID, clientId);
         model.addAttribute(REDIRECTURI, redirectUri);
         model.addAttribute(STATE, state);
         model.addAttribute(SCOPE, scope);
+        model.addAttribute(NONCE, nonce);
+        model.addAttribute(PROMPT, prompt);
         return EXPIRED_CODE_VIEW;
     }
 }
diff --git a/src/main/webapp/WEB-INF/jsp/expiredcode.jsp b/src/main/webapp/WEB-INF/jsp/expiredcode.jsp
@@ -28,6 +28,8 @@
                     <c:param name="client_id" value="${clientId}" />
                     <c:param name="state" value="${state}" />
                     <c:param name="scope" value="${scope}" />
+                    <c:param name="nonce" value="${nonce}" />
+                    <c:param name="prompt" value="${prompt}" />
                 </c:url>
                 <a href="${loginUrl}" class="button">
                     <spring:message code="public.common.button.continue.text" />

diff --git a/src/test/java/uk/gov/hmcts/reform/idam/web/AppControllerTest.java b/src/test/java/uk/gov/hmcts/reform/idam/web/AppControllerTest.java
@@ -133,6 +133,8 @@
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.LOGIN_WITH_PIN_VIEW;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.LOGOUT_ENDPOINT;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.MISSING;
+import static uk.gov.hmcts.reform.idam.web.util.TestConstants.NONCE_PARAMETER;
+import static uk.gov.hmcts.reform.idam.web.util.TestConstants.NONCE_VALUE;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.NOT_FOUND_VIEW;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.PASSWORD_BLACKLISTED_RESPONSE;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.PASSWORD_CONTAINS_PERSONAL_INFO_RESPONSE;
@@ -144,6 +146,8 @@
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.PIN_USER_NOT_LONGER_VALID;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.PLEASE_FIX_THE_FOLLOWING;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.PLEASE_TRY_AGAIN;
+import static uk.gov.hmcts.reform.idam.web.util.TestConstants.PROMPT_PARAMETER;
+import static uk.gov.hmcts.reform.idam.web.util.TestConstants.PROMPT_VALUE;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.REDIRECTURI;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.REDIRECT_URI;
 import static uk.gov.hmcts.reform.idam.web.util.TestConstants.RESETPASSWORD_VIEW_NAME;
@@ -2548,7 +2552,9 @@ public void expiredCode_shouldReturnExpiredCodePage() throws Exception {
             .param(STATE_PARAMETER, STATE)
             .param(RESPONSE_TYPE_PARAMETER, RESPONSE_TYPE)
             .param(CLIENT_ID_PARAMETER, CLIENT_ID)
-            .param(SCOPE_PARAMETER, CUSTOM_SCOPE))
+            .param(SCOPE_PARAMETER, CUSTOM_SCOPE)
+            .param(NONCE_PARAMETER, NONCE_VALUE)
+            .param(PROMPT_PARAMETER, PROMPT_VALUE))
             .andExpect(status().isOk())
             .andExpect(view().name(EXPIRED_CODE_VIEW));
     }

diff --git a/src/test/java/uk/gov/hmcts/reform/idam/web/util/TestConstants.java b/src/test/java/uk/gov/hmcts/reform/idam/web/util/TestConstants.java
@@ -119,6 +119,8 @@ public class TestConstants {
     public static final String JWT_PARAMETER = "jwt";
     public static final String STATE_PARAMETER = "state";
     public static final String SCOPE_PARAMETER = "scope";
+    public static final String NONCE_PARAMETER = "nonce";
+    public static final String PROMPT_PARAMETER = "prompt";
     public static final String CLIENT_ID_PARAMETER = "client_id";
     public static final String CLIENTID_PARAMETER = "clientId";
     public static final String USERNAME_PARAMETER = "username";
@@ -176,6 +178,8 @@ public class TestConstants {
     public static final String STATE = "state test";
     public static final String CLIENT_ID = "clientId";
     public static final String REDIRECTURI = "redirectUri";
+    public static final String NONCE_VALUE = "eshfwrhr09123rksdfnsad";
+    public static final String PROMPT_VALUE = "login";
     public static final String CUSTOM_SCOPE = "manage-roles";
     public static final String INSECURE_SESSION_COOKE = IDAM_SESSION_COOKIE_NAME + "=A_TASTY_TREAT";
     public static final String AUTHENTICATE_SESSION_COOKE = IDAM_SESSION_COOKIE_NAME + "=A_TASTY_TREAT; Path=/; Secure; HttpOnly";