From 9ab230f5b72054a01330c385750d3af281626048 Mon Sep 17 00:00:00 2001 From: Codex Agent Date: Fri, 23 Jan 2026 20:38:22 +0100 Subject: [PATCH] Scope social login callbacks per flow --- app/Http/Controllers/CheckoutFacebookController.php | 1 + app/Http/Controllers/CheckoutGoogleController.php | 1 + app/Http/Controllers/TenantAdminFacebookController.php | 1 + app/Http/Controllers/TenantAdminGoogleController.php | 1 + tests/Feature/Auth/TenantAdminFacebookControllerTest.php | 1 + tests/Feature/Auth/TenantAdminGoogleControllerTest.php | 1 + tests/Feature/CheckoutFacebookControllerTest.php | 1 + tests/Feature/CheckoutGoogleControllerTest.php | 1 + 8 files changed, 8 insertions(+) diff --git a/app/Http/Controllers/CheckoutFacebookController.php b/app/Http/Controllers/CheckoutFacebookController.php index 4871dddc..58fcb191 100644 --- a/app/Http/Controllers/CheckoutFacebookController.php +++ b/app/Http/Controllers/CheckoutFacebookController.php @@ -35,6 +35,7 @@ class CheckoutFacebookController extends Controller $request->session()->put('selected_package_id', $payload['package_id']); return Socialite::driver('facebook') + ->redirectUrl(route('checkout.facebook.callback')) ->scopes(['email']) ->fields(['name', 'email', 'first_name', 'last_name']) ->redirect(); diff --git a/app/Http/Controllers/CheckoutGoogleController.php b/app/Http/Controllers/CheckoutGoogleController.php index 009104d0..1ef4741b 100644 --- a/app/Http/Controllers/CheckoutGoogleController.php +++ b/app/Http/Controllers/CheckoutGoogleController.php @@ -35,6 +35,7 @@ class CheckoutGoogleController extends Controller $request->session()->put('selected_package_id', $payload['package_id']); return Socialite::driver('google') + ->redirectUrl(route('checkout.google.callback')) ->scopes(['email', 'profile']) ->with(['prompt' => 'select_account']) ->redirect(); diff --git a/app/Http/Controllers/TenantAdminFacebookController.php b/app/Http/Controllers/TenantAdminFacebookController.php index 0aee0129..a3bd7d26 100644 --- a/app/Http/Controllers/TenantAdminFacebookController.php +++ b/app/Http/Controllers/TenantAdminFacebookController.php @@ -21,6 +21,7 @@ class TenantAdminFacebookController extends Controller } return Socialite::driver('facebook') + ->redirectUrl(route('tenant.admin.facebook.callback')) ->scopes(['email']) ->fields(['name', 'email', 'first_name', 'last_name']) ->redirect(); diff --git a/app/Http/Controllers/TenantAdminGoogleController.php b/app/Http/Controllers/TenantAdminGoogleController.php index f15707e6..ba1d6650 100644 --- a/app/Http/Controllers/TenantAdminGoogleController.php +++ b/app/Http/Controllers/TenantAdminGoogleController.php @@ -21,6 +21,7 @@ class TenantAdminGoogleController extends Controller } return Socialite::driver('google') + ->redirectUrl(route('tenant.admin.google.callback')) ->scopes(['openid', 'profile', 'email']) ->with(['prompt' => 'select_account']) ->redirect(); diff --git a/tests/Feature/Auth/TenantAdminFacebookControllerTest.php b/tests/Feature/Auth/TenantAdminFacebookControllerTest.php index d7deb5b4..3bd1d605 100644 --- a/tests/Feature/Auth/TenantAdminFacebookControllerTest.php +++ b/tests/Feature/Auth/TenantAdminFacebookControllerTest.php @@ -26,6 +26,7 @@ class TenantAdminFacebookControllerTest extends TestCase { $driver = Mockery::mock(); Socialite::shouldReceive('driver')->once()->with('facebook')->andReturn($driver); + $driver->shouldReceive('redirectUrl')->once()->with(route('tenant.admin.facebook.callback'))->andReturnSelf(); $driver->shouldReceive('scopes')->once()->with(['email'])->andReturnSelf(); $driver->shouldReceive('fields')->once()->with(['name', 'email', 'first_name', 'last_name'])->andReturnSelf(); $driver->shouldReceive('redirect')->once()->andReturn(new RedirectResponse('https://facebook.com/auth')); diff --git a/tests/Feature/Auth/TenantAdminGoogleControllerTest.php b/tests/Feature/Auth/TenantAdminGoogleControllerTest.php index e151f2c1..2003c03d 100644 --- a/tests/Feature/Auth/TenantAdminGoogleControllerTest.php +++ b/tests/Feature/Auth/TenantAdminGoogleControllerTest.php @@ -26,6 +26,7 @@ class TenantAdminGoogleControllerTest extends TestCase { $driver = Mockery::mock(); Socialite::shouldReceive('driver')->once()->with('google')->andReturn($driver); + $driver->shouldReceive('redirectUrl')->once()->with(route('tenant.admin.google.callback'))->andReturnSelf(); $driver->shouldReceive('scopes')->once()->with(['openid', 'profile', 'email'])->andReturnSelf(); $driver->shouldReceive('with')->once()->with(['prompt' => 'select_account'])->andReturnSelf(); $driver->shouldReceive('redirect')->once()->andReturn(new RedirectResponse('https://accounts.google.com')); diff --git a/tests/Feature/CheckoutFacebookControllerTest.php b/tests/Feature/CheckoutFacebookControllerTest.php index 5fd08115..b5570ac8 100644 --- a/tests/Feature/CheckoutFacebookControllerTest.php +++ b/tests/Feature/CheckoutFacebookControllerTest.php @@ -27,6 +27,7 @@ class CheckoutFacebookControllerTest extends TestCase $package = Package::factory()->create(); $provider = Mockery::mock(SocialiteProvider::class); + $provider->shouldReceive('redirectUrl')->with(route('checkout.facebook.callback'))->andReturnSelf(); $provider->shouldReceive('scopes')->andReturnSelf(); $provider->shouldReceive('fields')->andReturnSelf(); $provider->shouldReceive('redirect')->once()->andReturn(redirect('/facebook/auth')); diff --git a/tests/Feature/CheckoutGoogleControllerTest.php b/tests/Feature/CheckoutGoogleControllerTest.php index 2061bef8..c33a31ff 100644 --- a/tests/Feature/CheckoutGoogleControllerTest.php +++ b/tests/Feature/CheckoutGoogleControllerTest.php @@ -27,6 +27,7 @@ class CheckoutGoogleControllerTest extends TestCase $package = Package::factory()->create(); $provider = Mockery::mock(SocialiteProvider::class); + $provider->shouldReceive('redirectUrl')->with(route('checkout.google.callback'))->andReturnSelf(); $provider->shouldReceive('scopes')->andReturnSelf(); $provider->shouldReceive('with')->andReturnSelf(); $provider->shouldReceive('redirect')->once()->andReturn(redirect('/google/auth'));