From a33bf0e3a44b51e0ec925060adce0e72247eb011 Mon Sep 17 00:00:00 2001 From: Codex Agent Date: Fri, 23 Jan 2026 20:38:22 +0100 Subject: [PATCH] Scope social login callbacks per flow --- app/Http/Controllers/CheckoutFacebookController.php | 1 + app/Http/Controllers/CheckoutGoogleController.php | 1 + app/Http/Controllers/TenantAdminFacebookController.php | 1 + app/Http/Controllers/TenantAdminGoogleController.php | 1 + tests/Feature/Auth/TenantAdminFacebookControllerTest.php | 1 + tests/Feature/Auth/TenantAdminGoogleControllerTest.php | 1 + tests/Feature/CheckoutFacebookControllerTest.php | 1 + tests/Feature/CheckoutGoogleControllerTest.php | 1 + 8 files changed, 8 insertions(+) diff --git a/app/Http/Controllers/CheckoutFacebookController.php b/app/Http/Controllers/CheckoutFacebookController.php index 4871ddd..58fcb19 100644 --- a/app/Http/Controllers/CheckoutFacebookController.php +++ b/app/Http/Controllers/CheckoutFacebookController.php @@ -35,6 +35,7 @@ class CheckoutFacebookController extends Controller $request->session()->put('selected_package_id', $payload['package_id']); return Socialite::driver('facebook') + ->redirectUrl(route('checkout.facebook.callback')) ->scopes(['email']) ->fields(['name', 'email', 'first_name', 'last_name']) ->redirect(); diff --git a/app/Http/Controllers/CheckoutGoogleController.php b/app/Http/Controllers/CheckoutGoogleController.php index 009104d..1ef4741 100644 --- a/app/Http/Controllers/CheckoutGoogleController.php +++ b/app/Http/Controllers/CheckoutGoogleController.php @@ -35,6 +35,7 @@ class CheckoutGoogleController extends Controller $request->session()->put('selected_package_id', $payload['package_id']); return Socialite::driver('google') + ->redirectUrl(route('checkout.google.callback')) ->scopes(['email', 'profile']) ->with(['prompt' => 'select_account']) ->redirect(); diff --git a/app/Http/Controllers/TenantAdminFacebookController.php b/app/Http/Controllers/TenantAdminFacebookController.php index 0aee012..a3bd7d2 100644 --- a/app/Http/Controllers/TenantAdminFacebookController.php +++ b/app/Http/Controllers/TenantAdminFacebookController.php @@ -21,6 +21,7 @@ class TenantAdminFacebookController extends Controller } return Socialite::driver('facebook') + ->redirectUrl(route('tenant.admin.facebook.callback')) ->scopes(['email']) ->fields(['name', 'email', 'first_name', 'last_name']) ->redirect(); diff --git a/app/Http/Controllers/TenantAdminGoogleController.php b/app/Http/Controllers/TenantAdminGoogleController.php index f15707e..ba1d665 100644 --- a/app/Http/Controllers/TenantAdminGoogleController.php +++ b/app/Http/Controllers/TenantAdminGoogleController.php @@ -21,6 +21,7 @@ class TenantAdminGoogleController extends Controller } return Socialite::driver('google') + ->redirectUrl(route('tenant.admin.google.callback')) ->scopes(['openid', 'profile', 'email']) ->with(['prompt' => 'select_account']) ->redirect(); diff --git a/tests/Feature/Auth/TenantAdminFacebookControllerTest.php b/tests/Feature/Auth/TenantAdminFacebookControllerTest.php index d7deb5b..3bd1d60 100644 --- a/tests/Feature/Auth/TenantAdminFacebookControllerTest.php +++ b/tests/Feature/Auth/TenantAdminFacebookControllerTest.php @@ -26,6 +26,7 @@ class TenantAdminFacebookControllerTest extends TestCase { $driver = Mockery::mock(); Socialite::shouldReceive('driver')->once()->with('facebook')->andReturn($driver); + $driver->shouldReceive('redirectUrl')->once()->with(route('tenant.admin.facebook.callback'))->andReturnSelf(); $driver->shouldReceive('scopes')->once()->with(['email'])->andReturnSelf(); $driver->shouldReceive('fields')->once()->with(['name', 'email', 'first_name', 'last_name'])->andReturnSelf(); $driver->shouldReceive('redirect')->once()->andReturn(new RedirectResponse('https://facebook.com/auth')); diff --git a/tests/Feature/Auth/TenantAdminGoogleControllerTest.php b/tests/Feature/Auth/TenantAdminGoogleControllerTest.php index e151f2c..2003c03 100644 --- a/tests/Feature/Auth/TenantAdminGoogleControllerTest.php +++ b/tests/Feature/Auth/TenantAdminGoogleControllerTest.php @@ -26,6 +26,7 @@ class TenantAdminGoogleControllerTest extends TestCase { $driver = Mockery::mock(); Socialite::shouldReceive('driver')->once()->with('google')->andReturn($driver); + $driver->shouldReceive('redirectUrl')->once()->with(route('tenant.admin.google.callback'))->andReturnSelf(); $driver->shouldReceive('scopes')->once()->with(['openid', 'profile', 'email'])->andReturnSelf(); $driver->shouldReceive('with')->once()->with(['prompt' => 'select_account'])->andReturnSelf(); $driver->shouldReceive('redirect')->once()->andReturn(new RedirectResponse('https://accounts.google.com')); diff --git a/tests/Feature/CheckoutFacebookControllerTest.php b/tests/Feature/CheckoutFacebookControllerTest.php index 5fd0811..b5570ac 100644 --- a/tests/Feature/CheckoutFacebookControllerTest.php +++ b/tests/Feature/CheckoutFacebookControllerTest.php @@ -27,6 +27,7 @@ class CheckoutFacebookControllerTest extends TestCase $package = Package::factory()->create(); $provider = Mockery::mock(SocialiteProvider::class); + $provider->shouldReceive('redirectUrl')->with(route('checkout.facebook.callback'))->andReturnSelf(); $provider->shouldReceive('scopes')->andReturnSelf(); $provider->shouldReceive('fields')->andReturnSelf(); $provider->shouldReceive('redirect')->once()->andReturn(redirect('/facebook/auth')); diff --git a/tests/Feature/CheckoutGoogleControllerTest.php b/tests/Feature/CheckoutGoogleControllerTest.php index 2061bef..c33a31f 100644 --- a/tests/Feature/CheckoutGoogleControllerTest.php +++ b/tests/Feature/CheckoutGoogleControllerTest.php @@ -27,6 +27,7 @@ class CheckoutGoogleControllerTest extends TestCase $package = Package::factory()->create(); $provider = Mockery::mock(SocialiteProvider::class); + $provider->shouldReceive('redirectUrl')->with(route('checkout.google.callback'))->andReturnSelf(); $provider->shouldReceive('scopes')->andReturnSelf(); $provider->shouldReceive('with')->andReturnSelf(); $provider->shouldReceive('redirect')->once()->andReturn(redirect('/google/auth'));