Cloned options, to avoid deleting the input object

auth0 · Oct 16, 2020 · 841d260 · 841d260
1 parent f677359
commit 841d260
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 26 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -98,40 +98,51 @@ Strategy.prototype.authenticate = function (req, options) {
 
 Strategy.prototype.authorizationParams = function(options) {
   var options = options || {};
-
-  var {connection, connection_scope, audience, prompt, login_hint, acr_values, nonce, max_age} = options;
-  delete options.connection;
-  delete options.connection_scope;
-  delete options.audience;
-  delete options.prompt;
-  delete options.login_hint;
-  delete options.acr_values;
-  delete options.nonce;
-  delete options.max_age;
+  var params = Object.assign({}, options);
 
   /*
-  When Node.js version 6 support is dropped, the above can be simplified to use,
-  var {connection, connection_scope, audience, prompt, login_hint, acr_values, nonce, max_age, ...extraParams} = options;
-  */
-  var params = Object.assign({}, options);
-  if (connection && typeof connection === 'string') {
-    params.connection = connection;
+  You might wonder why we have delete statements here?
+  The objective is to make it possible for consumers to use the API like this:
 
-    if (connection_scope && typeof connection_scope === 'string') {
-      params.connection_scope = connection_scope;
+    passport.authenticate('auth0', {
+      scope: 'openid email profile',
+      'my_custom_extra_param': true // <== An extra param
+    })
+
+  To keep the validation of all expected options, we therefore take a copy
+  and delete the "reserved" options. This leaves us with any extra params.
+  When node.js version 6 is dropped at one point, this can be done in a single 
+  line of code 😇
+
+  const {connection, connection_scope, audience, prompt, login_hint, acr_value, nonce, max_age, ...theRest} = options;
+  */
+  delete params.connection;
+  delete params.connection_scope;
+  delete params.audience;
+  delete params.prompt;
+  delete params.login_hint;
+  delete params.acr_values;
+  delete params.nonce;
+  delete params.max_age;
+
+  if (options.connection && typeof options.connection === 'string') {
+    params.connection = options.connection;
+
+    if (options.connection_scope && typeof options.connection_scope === 'string') {
+      params.connection_scope = options.connection_scope;
     }
   }
-  if (audience && typeof audience === 'string') {
-    params.audience = audience;
+  if (options.audience && typeof options.audience === 'string') {
+    params.audience = options.audience;
   }
-  if (prompt && typeof prompt === 'string') {
-    params.prompt = prompt;
+  if (options.prompt && typeof options.prompt === 'string') {
+    params.prompt = options.prompt;
   }
-  if (login_hint && typeof login_hint === 'string') {
-    params.login_hint = login_hint;
+  if (options.login_hint && typeof options.login_hint === 'string') {
+    params.login_hint = options.login_hint;
   }
-  if (acr_values && typeof acr_values === 'string') {
-    params.acr_values = acr_values;
+  if (options.acr_values && typeof options.acr_values === 'string') {
+    params.acr_values = options.acr_values;
   }
 
   var strategyOptions = this.options;

diff --git a/test/strategy.test.js b/test/strategy.test.js
@@ -198,6 +198,12 @@ describe('auth0 strategy', function () {
       should.exist(extraParams.my_custom_param1);
       should.exist(extraParams.my_custom_param2);
     });
+
+    it('Should be pure', function() {
+      var params = {connection: '123'};
+      this.strategy.authorizationParams(params);
+      should.exist(params.connection);
+    });
   });
 
   describe('authenticate', function () {