From 3542fe29da6a7c4ab17bc469403ee6c6f6c04084 Mon Sep 17 00:00:00 2001
From: Joachim Van Herwegen <joachimvh@gmail.com>
Date: Wed, 25 Aug 2021 15:42:50 +0200
Subject: [PATCH] feat: Remove useless fields from IDP JSON response

---
 src/identity/IdentityProviderHttpHandler.ts      | 16 ++++++----------
 .../identity/email-password/confirm.html.ejs     |  2 +-
 .../email-password/forgot-password.html.ejs      |  2 +-
 templates/identity/email-password/login.html.ejs |  6 ++++--
 .../identity/email-password/register.html.ejs    | 15 +++++++--------
 .../email-password/reset-password.html.ejs       |  2 +-
 .../identity/IdentityProviderHttpHandler.test.ts |  4 ++--
 7 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/src/identity/IdentityProviderHttpHandler.ts b/src/identity/IdentityProviderHttpHandler.ts
index d131eabc7..c6e2ddf8f 100644
--- a/src/identity/IdentityProviderHttpHandler.ts
+++ b/src/identity/IdentityProviderHttpHandler.ts
@@ -213,11 +213,7 @@ export class IdentityProviderHttpHandler extends BaseHttpHandler {
   private async resolveRoute(operation: Operation, route: InteractionRoute, oidcInteraction?: Interaction):
   Promise<{ result: InteractionHandlerResult; templateFiles: Record<string, string> }> {
     if (operation.method === 'GET') {
-      // .ejs templates errors on undefined variables
-      return {
-        result: { type: 'response', details: { errorMessage: '', prefilled: {}}},
-        templateFiles: route.viewTemplates,
-      };
+      return { result: { type: 'response' }, templateFiles: route.viewTemplates };
     }
 
     if (operation.method === 'POST') {
@@ -226,12 +222,12 @@ export class IdentityProviderHttpHandler extends BaseHttpHandler {
         return { result, templateFiles: route.responseTemplates };
       } catch (error: unknown) {
         // Render error in the view
-        const prefilled = IdpInteractionError.isInstance(error) ? error.prefilled : {};
         const errorMessage = createErrorMessage(error);
-        return {
-          result: { type: 'response', details: { errorMessage, prefilled }},
-          templateFiles: route.viewTemplates,
-        };
+        const result: InteractionResponseResult = { type: 'response', details: { errorMessage }};
+        if (IdpInteractionError.isInstance(error)) {
+          result.details!.prefilled = error.prefilled;
+        }
+        return { result, templateFiles: route.viewTemplates };
       }
     }
 
diff --git a/templates/identity/email-password/confirm.html.ejs b/templates/identity/email-password/confirm.html.ejs
index 2daa01aa8..46c9ba92b 100644
--- a/templates/identity/email-password/confirm.html.ejs
+++ b/templates/identity/email-password/confirm.html.ejs
@@ -1,7 +1,7 @@
 <h1>Authorize</h1>
 <p>You are authorizing an application to access your Pod.</p>
 <form method="post">
-  <% if (errorMessage) { %>
+  <% if (locals.errorMessage) { %>
     <p class="error"><%= errorMessage %></p>
   <% } %>
 
diff --git a/templates/identity/email-password/forgot-password.html.ejs b/templates/identity/email-password/forgot-password.html.ejs
index 871e0c385..dea8a8d5d 100644
--- a/templates/identity/email-password/forgot-password.html.ejs
+++ b/templates/identity/email-password/forgot-password.html.ejs
@@ -1,6 +1,6 @@
 <h1>Forgot password</h1>
 <form method="post">
-  <% if (errorMessage) { %>
+  <% if (locals.errorMessage) { %>
     <p class="error"><%= errorMessage %></p>
   <% } %>
 
diff --git a/templates/identity/email-password/login.html.ejs b/templates/identity/email-password/login.html.ejs
index 8ee0271f1..b6352431d 100644
--- a/templates/identity/email-password/login.html.ejs
+++ b/templates/identity/email-password/login.html.ejs
@@ -1,6 +1,8 @@
 <h1>Log in</h1>
 <form method="post">
-  <% if (errorMessage) { %>
+  <% const safePrefilled = locals.prefilled || {}; %>
+
+  <% if (locals.errorMessage) { %>
     <p class="error"><%= errorMessage %></p>
   <% } %>
 
@@ -9,7 +11,7 @@
     <ol>
       <li>
         <label for="email">Email</label>
-        <input id="email" type="email" name="email" autofocus <% if (prefilled.email) { %> value="<%= prefilled.email %>" <% } %>>
+        <input id="email" type="email" name="email" autofocus value="<%= safePrefilled.email || '' %>">
       </li>
       <li>
         <label for="password">Password</label>
diff --git a/templates/identity/email-password/register.html.ejs b/templates/identity/email-password/register.html.ejs
index 76c63c0ef..3c1b5d4c5 100644
--- a/templates/identity/email-password/register.html.ejs
+++ b/templates/identity/email-password/register.html.ejs
@@ -1,8 +1,9 @@
 <h1>Sign up</h1>
 <form method="post" id="mainForm">
-  <% const isBlankForm = !('email' in prefilled); %>
+  <% const isBlankForm = !('prefilled' in locals); %>
+  <% const safePrefilled = locals.prefilled || {}; %>
 
-  <% if (errorMessage) { %>
+  <% if (locals.errorMessage) { %>
     <p class="error">Error: <%= errorMessage %></p>
   <% } %>
 
@@ -19,7 +20,7 @@
       <li class="radio">
         <label>
           <input type="radio" id="createWebIdOn" name="createWebId" value="on"<%
-            if (isBlankForm || prefilled.createWebId) { %> checked<% } %>>
+            if (isBlankForm || safePrefilled.createWebId) { %> checked<% } %>>
           Create a new WebID for my Pod.
         </label>
         <p id="createWebIdForm">
@@ -35,7 +36,7 @@
         <ol id="existingWebIdForm">
           <li>
             <label for="webId">Existing WebID:</label>
-            <input id="webId" type="text" name="webId" value="<%= prefilled.webId || '' %>">
+            <input id="webId" type="text" name="webId" value="<%= safePrefilled.webId || '' %>">
           </li>
           <li class="checkbox">
             <label>
@@ -66,8 +67,7 @@
         <ol id="createPodForm">
           <li>
             <label for="podName">Pod name:</label>
-            <input id="podName" type="text" name="podName" <%
-              if (prefilled.podName) { %> value="<%= prefilled.podName %>" <% } %>>
+            <input id="podName" type="text" name="podName" value="<%= safePrefilled.podName || '' %>">
           </li>
         </ol>
       </li>
@@ -83,8 +83,7 @@
       <ol>
         <li>
           <label for="email">Email:</label>
-          <input id="email" type="text" name="email" <%
-            if (prefilled.email) { %> value="<%= prefilled.email %>" <% } %>>
+          <input id="email" type="text" name="email" value="<%= safePrefilled.email || '' %>" >
         </li>
       </ol>
       <ol id="passwordForm">
diff --git a/templates/identity/email-password/reset-password.html.ejs b/templates/identity/email-password/reset-password.html.ejs
index 0fb1d5a69..5cd43397b 100644
--- a/templates/identity/email-password/reset-password.html.ejs
+++ b/templates/identity/email-password/reset-password.html.ejs
@@ -1,6 +1,6 @@
 <h1>Reset password</h1>
 <form method="post">
-  <% if (errorMessage) { %>
+  <% if (locals.errorMessage) { %>
     <p class="error"><%= errorMessage %></p>
   <% } %>
 
diff --git a/test/unit/identity/IdentityProviderHttpHandler.test.ts b/test/unit/identity/IdentityProviderHttpHandler.test.ts
index 2c9e37e9d..a180c6440 100644
--- a/test/unit/identity/IdentityProviderHttpHandler.test.ts
+++ b/test/unit/identity/IdentityProviderHttpHandler.test.ts
@@ -132,7 +132,7 @@ describe('An IdentityProviderHttpHandler', (): void => {
     const { response: mockResponse, result } = responseWriter.handleSafe.mock.calls[0][0];
     expect(mockResponse).toBe(response);
     expect(JSON.parse(await readableToString(result.data!)))
-      .toEqual({ apiVersion, errorMessage: '', prefilled: {}, authenticating: false, controls });
+      .toEqual({ apiVersion, authenticating: false, controls });
     expect(result.statusCode).toBe(200);
     expect(result.metadata?.contentType).toBe('text/html');
     expect(result.metadata?.get(SOLID_META.template)?.value).toBe(routes.response.viewTemplates['text/html']);
@@ -253,7 +253,7 @@ describe('An IdentityProviderHttpHandler', (): void => {
     const { response: mockResponse, result } = responseWriter.handleSafe.mock.calls[0][0];
     expect(mockResponse).toBe(response);
     expect(JSON.parse(await readableToString(result.data!)))
-      .toEqual({ apiVersion, errorMessage: 'handle error', prefilled: {}, authenticating: false, controls });
+      .toEqual({ apiVersion, errorMessage: 'handle error', authenticating: false, controls });
   });
 
   it('calls the errorHandler if there is a problem resolving the request.', async(): Promise<void> => {