From ab11435ed5d949866edc42843a222ca930758815 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 13 Jan 2021 16:57:48 -0500
Subject: [PATCH] feat: grant plugins the ability to specify options to the SSO
 handler

... to be handled in the plugin itself (overriding the passport prototype's authorizationParams method)

+ new hook filter:auth.options
---
 src/routes/authentication.js | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index eba27b038f..9831d72677 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -98,13 +98,21 @@ Auth.reloadRoutes = async function (params) {
 	loginStrategies = loginStrategies || [];
 	loginStrategies.forEach(function (strategy) {
 		if (strategy.url) {
-			router.get(strategy.url, Auth.middleware.applyCSRF, function (req, res, next) {
-				req.session.ssoState = req.csrfToken && req.csrfToken();
-				passport.authenticate(strategy.name, {
+			router.get(strategy.url, Auth.middleware.applyCSRF, async function (req, res, next) {
+				let opts = {
 					scope: strategy.scope,
 					prompt: strategy.prompt || undefined,
-					state: strategy.checkState ? req.session.ssoState : undefined,
-				})(req, res, next);
+				};
+
+				if (strategy.checkState) {
+					req.session.ssoState = req.csrfToken && req.csrfToken();
+					opts.state = req.session.ssoState;
+				}
+
+				// Allow SSO plugins to override/append options (for use in passport prototype authorizationParams)
+				({ opts } = await plugins.hooks.fire('filter:auth.options', { req, res, opts }));
+
+				passport.authenticate(strategy.name, opts)(req, res, next);
 			});
 		}