From c84a1ce4f2c670e4f72ba56f62056648eb295d18 Mon Sep 17 00:00:00 2001
From: Romain Lenzotti <romain.lenzotti@gmail.com>
Date: Wed, 27 May 2020 12:05:20 +0200
Subject: [PATCH] fix(@tsed/passport): Use originalUrl when authorize and
 authenticate are used on method.

---
 .../src/decorators/authenticate.spec.ts       | 21 ++++++++++++++++++-
 .../passport/src/decorators/authenticate.ts   | 10 +++++++--
 .../passport/src/decorators/authorize.spec.ts | 19 +++++++++++++++++
 packages/passport/src/decorators/authorize.ts |  8 ++++++-
 .../middlewares/PassportMiddleware.spec.ts    |  5 ++++-
 .../src/middlewares/PassportMiddleware.ts     |  8 +++++--
 6 files changed, 64 insertions(+), 7 deletions(-)

diff --git a/packages/passport/src/decorators/authenticate.spec.ts b/packages/passport/src/decorators/authenticate.spec.ts
index 2d2aa1edf0d..519317d41d8 100644
--- a/packages/passport/src/decorators/authenticate.spec.ts
+++ b/packages/passport/src/decorators/authenticate.spec.ts
@@ -16,7 +16,26 @@ describe("@Authenticate", () => {
       options: {
         security: "security"
       },
-      protocol: "local"
+      protocol: "local",
+      originalUrl: true
+    });
+  });
+  it("should store data (without originalUrl)", () => {
+    class Test {
+      @Authenticate("local", {security: "security", originalUrl: false})
+      test() {}
+    }
+
+    const store = Store.fromMethod(Test, "test");
+
+    expect(store.get(PassportMiddleware)).to.deep.equal({
+      method: "authenticate",
+      options: {
+        security: "security",
+        originalUrl: false
+      },
+      protocol: "local",
+      originalUrl: false
     });
   });
 });
diff --git a/packages/passport/src/decorators/authenticate.ts b/packages/passport/src/decorators/authenticate.ts
index 8953c5f2bfc..7cef0e1c0be 100644
--- a/packages/passport/src/decorators/authenticate.ts
+++ b/packages/passport/src/decorators/authenticate.ts
@@ -1,12 +1,18 @@
 import {UseAuth} from "@tsed/common";
-import {AuthenticateOptions} from "passport";
+import {AuthenticateOptions as PassportAuthenticateOptions} from "passport";
 import {PassportMiddleware} from "../middlewares/PassportMiddleware";
 
-export function Authenticate(protocol: string | string[] = "*", options: AuthenticateOptions & {security?: any} = {}): Function {
+export interface AuthenticateOptions extends PassportAuthenticateOptions {
+  security?: any;
+  originalUrl?: boolean;
+}
+
+export function Authenticate(protocol: string | string[] = "*", options: AuthenticateOptions = {}): Function {
   return UseAuth(PassportMiddleware, {
     protocol,
     method: "authenticate",
     security: options.security,
+    originalUrl: options.originalUrl === undefined ? true : options.originalUrl,
     options
   });
 }
diff --git a/packages/passport/src/decorators/authorize.spec.ts b/packages/passport/src/decorators/authorize.spec.ts
index adcdb6c8e3c..6e31d57449f 100644
--- a/packages/passport/src/decorators/authorize.spec.ts
+++ b/packages/passport/src/decorators/authorize.spec.ts
@@ -16,6 +16,25 @@ describe("@Authorize", () => {
       options: {
         security: "security"
       },
+      originalUrl: true,
+      protocol: "local"
+    });
+  });
+  it("should store data (without originalUrl)", () => {
+    class Test {
+      @Authorize("local", {security: "security", originalUrl: false})
+      test() {}
+    }
+
+    const store = Store.fromMethod(Test, "test");
+
+    expect(store.get(PassportMiddleware)).to.deep.equal({
+      method: "authorize",
+      options: {
+        security: "security",
+        originalUrl: false
+      },
+      originalUrl: false,
       protocol: "local"
     });
   });
diff --git a/packages/passport/src/decorators/authorize.ts b/packages/passport/src/decorators/authorize.ts
index a337e7814d5..504072f6b96 100644
--- a/packages/passport/src/decorators/authorize.ts
+++ b/packages/passport/src/decorators/authorize.ts
@@ -2,11 +2,17 @@ import {UseAuth} from "@tsed/common";
 import {AuthenticateOptions} from "passport";
 import {PassportMiddleware} from "../middlewares/PassportMiddleware";
 
-export function Authorize(protocol: string | string[] = "*", options: AuthenticateOptions & {security?: any} = {}): Function {
+export interface AuthorizeOptions extends AuthenticateOptions {
+  security?: any;
+  originalUrl?: boolean;
+}
+
+export function Authorize(protocol: string | string[] = "*", options: AuthorizeOptions = {}): Function {
   return UseAuth(PassportMiddleware, {
     protocol,
     method: "authorize",
     security: options.security,
+    originalUrl: options.originalUrl === undefined ? true : options.originalUrl,
     options
   });
 }
diff --git a/packages/passport/src/middlewares/PassportMiddleware.spec.ts b/packages/passport/src/middlewares/PassportMiddleware.spec.ts
index 5aac67297b8..21480ed3fc7 100644
--- a/packages/passport/src/middlewares/PassportMiddleware.spec.ts
+++ b/packages/passport/src/middlewares/PassportMiddleware.spec.ts
@@ -1,7 +1,7 @@
+import {Unauthorized} from "@tsed/exceptions";
 import {expect} from "chai";
 import * as Passport from "passport";
 import * as Sinon from "sinon";
-import {Unauthorized} from "@tsed/exceptions";
 import {PassportMiddleware} from "./PassportMiddleware";
 
 const sandbox = Sinon.createSandbox();
@@ -99,6 +99,8 @@ describe("PassportMiddleware", () => {
     } as any;
 
     const request: any = {
+      url: "/",
+      originalUrl: "/rest",
       query: {
         protocol: "basic"
       }
@@ -117,6 +119,7 @@ describe("PassportMiddleware", () => {
     middleware.use(request, endpoint);
 
     // THEN
+    expect(request.url).to.eq(request.originalUrl);
     Passport.authenticate.should.have.been.calledWithExactly("basic", {});
   });
   it("should throw errors", () => {
diff --git a/packages/passport/src/middlewares/PassportMiddleware.ts b/packages/passport/src/middlewares/PassportMiddleware.ts
index 2155ba9e274..d5507025f87 100644
--- a/packages/passport/src/middlewares/PassportMiddleware.ts
+++ b/packages/passport/src/middlewares/PassportMiddleware.ts
@@ -1,6 +1,6 @@
 import {EndpointInfo, Inject, Middleware, Req} from "@tsed/common";
-import * as Passport from "passport";
 import {Unauthorized} from "@tsed/exceptions";
+import * as Passport from "passport";
 import {ProtocolsService} from "../services/ProtocolsService";
 import {getProtocolsFromRequest} from "../utils/getProtocolsFromRequest";
 
@@ -14,13 +14,17 @@ export class PassportMiddleware {
       return;
     }
 
-    const {options, protocol, method} = endpoint.store.get(PassportMiddleware);
+    const {options, protocol, method, originalUrl = true} = endpoint.store.get(PassportMiddleware);
     const protocols = getProtocolsFromRequest(request, protocol, this.protocolsService.getProtocolsNames());
 
     if (protocols.length === 0) {
       throw new Unauthorized("Not authorized");
     }
 
+    if (originalUrl) {
+      request.url = request.originalUrl;
+    }
+
     // @ts-ignore
     return Passport[method](protocols.length === 1 ? protocols[0] : protocols, options);
   }