Fix redirection url sent by email during identity validation

src/lib/IdentityValidator.ts

@@ -122,7 +122,8 @@ export class IdentityValidator {
         })
         .then(function (token: string) {
           const redirect_url = objectPath.get<express.Request, string>(req, "body.redirect");
-          const original_url = util.format("https://%s%s", req.headers.host, req.headers["x-original-uri"]);
+          const original_uri = objectPath.get<express.Request, string>(req, "headers.x-original-uri", "");
+          const original_url = util.format("https://%s%s", req.headers.host, original_uri);
           let link_url = util.format("%s?identity_token=%s", original_url, token);
           if (redirect_url) {
             link_url = util.format("%s&redirect=%s", link_url, redirect_url);

test/unitary/IdentityValidator.test.ts

@@ -123,7 +123,12 @@ describe("test identity check process", function() {
       handler(req, res);
     });
 
-    it("should issue a token, send an email and return 204", function(done) {
+    describe("should issue a token, send an email and return 204", () => {
+      function contains(str: string, pattern: string): boolean {
+        return str.indexOf(pattern) > -1;
+      }
+
+      it("with x-original-uri", function(done) {
         const endpoint = "/protected";
         const identity = { userid: "user", email: "abc@example.com" };
         req.headers.host = "localhost";
@@ -135,6 +140,8 @@ describe("test identity check process", function() {
         res.send = sinon.spy(function () {
           assert.equal(res.status.getCall(0).args[0], 204);
           assert(notifier.notify.calledOnce);
+                    console.log(notifier.notify.getCall(0).args[2]);
+          assert(contains(notifier.notify.getCall(0).args[2], "https://localhost/auth/test?identity_token="));
           assert(userDataStore.issue_identity_check_token.calledOnce);
           assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user");
           assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000);
@@ -143,6 +150,28 @@ describe("test identity check process", function() {
         const handler = app_post.getCall(0).args[1];
         handler(req, res);
       });
+
+      it("without x-original-uri", function(done) {
+        const endpoint = "/protected";
+        const identity = { userid: "user", email: "abc@example.com" };
+        req.headers.host = "localhost";
+
+        identityValidable.preValidation.returns(Promise.resolve(identity));
+        IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
+
+        res.send = sinon.spy(function () {
+          assert.equal(res.status.getCall(0).args[0], 204);
+          assert(notifier.notify.calledOnce);
+          assert(contains(notifier.notify.getCall(0).args[2], "https://localhost?identity_token="));
+          assert(userDataStore.issue_identity_check_token.calledOnce);
+          assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user");
+          assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000);
+          done();
+        });
+        const handler = app_post.getCall(0).args[1];
+        handler(req, res);
+      });
+    });
   }
 
   function test_get_handler() {

test/unitary/routes/AuthenticationValidator.test.ts

@@ -106,7 +106,7 @@ describe("test authentication token verification", function () {
       return test_unauthorized({ first_factor: true });
     });
 
-    it.only("should not be authenticated when domain is not allowed for user", function () {
+    it("should not be authenticated when domain is not allowed for user", function () {
       req.headers.host = "test.example.com";
 
       accessController.isDomainAllowedForUser.returns(false);