From feddb9c32da4ec8246af9fc496f06a7d4d5bed5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czaus?= Date: Thu, 15 Jan 2026 13:54:22 +0100 Subject: [PATCH 1/6] feat: add information about flow changing from register to login and the other way around, SPLAT-682 --- selfservice/strategy/oidc/strategy_login.go | 10 ++++++++-- selfservice/strategy/oidc/strategy_registration.go | 7 +++++++ x/http_secure_redirect.go | 12 ++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/selfservice/strategy/oidc/strategy_login.go b/selfservice/strategy/oidc/strategy_login.go index 4805919f80d1..8514db91f755 100644 --- a/selfservice/strategy/oidc/strategy_login.go +++ b/selfservice/strategy/oidc/strategy_login.go @@ -145,13 +145,19 @@ func (s *Strategy) processLogin(ctx context.Context, w http.ResponseWriter, r *h registrationFlow.IDToken = loginFlow.IDToken registrationFlow.RawIDTokenNonce = loginFlow.RawIDTokenNonce registrationFlow.RequestURL, err = x.TakeOverReturnToParameter(loginFlow.RequestURL, registrationFlow.RequestURL) - registrationFlow.TransientPayload = loginFlow.TransientPayload - registrationFlow.Active = s.ID() + if err != nil { + return nil, s.handleError(ctx, w, r, loginFlow, provider.Config().ID, nil, err) + } + // Add copied_from parameter to track flow conversion + registrationFlow.RequestURL, err = x.AddURLParameter(registrationFlow.RequestURL, "copied_from", "login") if err != nil { return nil, s.handleError(ctx, w, r, loginFlow, provider.Config().ID, nil, err) } + registrationFlow.TransientPayload = loginFlow.TransientPayload + registrationFlow.Active = s.ID() + if _, err := s.processRegistration(ctx, w, r, registrationFlow, token, claims, provider, container); err != nil { return registrationFlow, err } diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go index 95ca97b03b4d..608f53d86cfc 100644 --- a/selfservice/strategy/oidc/strategy_registration.go +++ b/selfservice/strategy/oidc/strategy_registration.go @@ -290,6 +290,13 @@ func (s *Strategy) registrationToLogin(ctx context.Context, w http.ResponseWrite if err != nil { return nil, err } + + // Add copied_from parameter to track flow conversion + lf.RequestURL, err = x.AddURLParameter(lf.RequestURL, "copied_from", "registration") + if err != nil { + return nil, err + } + lf.TransientPayload = rf.TransientPayload lf.Active = s.ID() diff --git a/x/http_secure_redirect.go b/x/http_secure_redirect.go index 1b86b00940db..ad699fb6e188 100644 --- a/x/http_secure_redirect.go +++ b/x/http_secure_redirect.go @@ -98,6 +98,18 @@ func TakeOverReturnToParameter(from string, to string, fallback ...string) (stri return toURL.String(), nil } +// AddURLParameter adds a query parameter to a URL string +func AddURLParameter(urlStr string, key string, value string) (string, error) { + u, err := url.Parse(urlStr) + if err != nil { + return "", err + } + q := u.Query() + q.Set(key, value) + u.RawQuery = q.Encode() + return u.String(), nil +} + // SecureRedirectTo implements a HTTP redirector who mitigates open redirect vulnerabilities by // working with allow lists. func SecureRedirectTo(r *http.Request, defaultReturnTo *url.URL, opts ...SecureRedirectOption) (returnTo *url.URL, err error) { From 91821ad62c61a061da776ff2d99ffa0df7552462 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czaus?= Date: Thu, 15 Jan 2026 14:36:52 +0100 Subject: [PATCH 2/6] feat: add information about flow changing from register to login and the other way around, SPLAT-682 --- selfservice/flow/login/handler_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go index 24ac6172897c..375654b89b24 100644 --- a/selfservice/flow/login/handler_test.go +++ b/selfservice/flow/login/handler_test.go @@ -372,7 +372,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("type=browser", func(t *testing.T) { _, res := run(t, flow.TypeBrowser, url.Values{"method": {"password"}}) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), "https://www.ory.com") }) }) From c20e5bf808d433af54abb60c4f973ff799d01be0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czaus?= Date: Thu, 15 Jan 2026 15:11:58 +0100 Subject: [PATCH 3/6] feat: add information about flow changing from register to login and the other way around, SPLAT-682 --- driver/config/stub/.kratos.courier.channels.yaml | 2 +- selfservice/flow/login/flow_test.go | 10 +++++----- selfservice/flow/registration/flow_test.go | 10 +++++----- selfservice/flow/settings/flow_test.go | 6 +++--- selfservice/flow/verification/flow_test.go | 6 +++--- selfservice/strategy/oidc/provider_generic_test.go | 4 ++-- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/driver/config/stub/.kratos.courier.channels.yaml b/driver/config/stub/.kratos.courier.channels.yaml index 16b116ba276f..981fa0071605 100644 --- a/driver/config/stub/.kratos.courier.channels.yaml +++ b/driver/config/stub/.kratos.courier.channels.yaml @@ -4,7 +4,7 @@ courier: channels: - id: phone request_config: - url: https://ory.sh + url: https://ory.com method: GET body: base64://ZnVuY3Rpb24oY3R4KSB7CkJvZHk6IGN0eC5ib2R5LApUbzogY3R4LnRvLEZyb206IGN0eC5mcm9tCn0= headers: diff --git a/selfservice/flow/login/flow_test.go b/selfservice/flow/login/flow_test.go index 24c9d03dcb52..39a140012680 100644 --- a/selfservice/flow/login/flow_test.go +++ b/selfservice/flow/login/flow_test.go @@ -101,16 +101,16 @@ func TestNewFlow(t *testing.T) { assert.EqualValues(t, r.IssuedAt, r.ExpiresAt) assert.Equal(t, flow.TypeBrowser, r.Type) assert.False(t, r.Refresh) - assert.Equal(t, "https://ory.sh/", r.RequestURL) + assert.Equal(t, "https://ory.com/", r.RequestURL) }) t.Run("case=regular flow creation", func(t *testing.T) { r, err := login.NewFlow(conf, 0, "csrf", &http.Request{ - URL: urlx.ParseOrPanic("https://ory.sh/"), + URL: urlx.ParseOrPanic("https://ory.com/"), Host: "ory.sh", }, flow.TypeBrowser) require.NoError(t, err) - assert.Equal(t, "https://ory.sh/", r.RequestURL) + assert.Equal(t, "https://ory.com/", r.RequestURL) }) }) @@ -141,12 +141,12 @@ func TestNewFlow(t *testing.T) { }) t.Run("should parse login_challenge when Hydra is configured", func(t *testing.T) { - _, err := login.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.sh/?login_challenge=badee1"), Host: "ory.sh"}, flow.TypeBrowser) + _, err := login.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.com/?login_challenge=badee1"), Host: "ory.sh"}, flow.TypeBrowser) require.Error(t, err) conf.MustSet(ctx, config.ViperKeyOAuth2ProviderURL, "https://hydra") - r, err := login.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.sh/?login_challenge=8aadcb8fc1334186a84c4da9813356d9"), Host: "ory.sh"}, flow.TypeBrowser) + r, err := login.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.com/?login_challenge=8aadcb8fc1334186a84c4da9813356d9"), Host: "ory.sh"}, flow.TypeBrowser) require.NoError(t, err) assert.Equal(t, "8aadcb8fc1334186a84c4da9813356d9", string(r.OAuth2LoginChallenge)) }) diff --git a/selfservice/flow/registration/flow_test.go b/selfservice/flow/registration/flow_test.go index d5c13815bb13..1317b5eb63d8 100644 --- a/selfservice/flow/registration/flow_test.go +++ b/selfservice/flow/registration/flow_test.go @@ -54,7 +54,7 @@ func TestNewFlow(t *testing.T) { require.NoError(t, err) assert.EqualValues(t, r.IssuedAt, r.ExpiresAt) assert.Equal(t, flow.TypeBrowser, r.Type) - assert.Equal(t, "https://ory.sh/", r.RequestURL) + assert.Equal(t, "https://ory.com/", r.RequestURL) }) t.Run("type=return_to", func(t *testing.T) { @@ -78,20 +78,20 @@ func TestNewFlow(t *testing.T) { t.Run("case=2", func(t *testing.T) { r, err := registration.NewFlow(conf, 0, "csrf", &http.Request{ - URL: urlx.ParseOrPanic("https://ory.sh/"), + URL: urlx.ParseOrPanic("https://ory.com/"), Host: "ory.sh", }, flow.TypeBrowser) require.NoError(t, err) - assert.Equal(t, "https://ory.sh/", r.RequestURL) + assert.Equal(t, "https://ory.com/", r.RequestURL) }) t.Run("should parse login_challenge when Hydra is configured", func(t *testing.T) { - _, err := registration.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.sh/?login_challenge=badee1"), Host: "ory.sh"}, flow.TypeBrowser) + _, err := registration.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.com/?login_challenge=badee1"), Host: "ory.sh"}, flow.TypeBrowser) require.Error(t, err) conf.MustSet(ctx, config.ViperKeyOAuth2ProviderURL, "https://hydra") - r, err := registration.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.sh/?login_challenge=8aadcb8fc1334186a84c4da9813356d9"), Host: "ory.sh"}, flow.TypeBrowser) + r, err := registration.NewFlow(conf, 0, "csrf", &http.Request{URL: urlx.ParseOrPanic("https://ory.com/?login_challenge=8aadcb8fc1334186a84c4da9813356d9"), Host: "ory.sh"}, flow.TypeBrowser) require.NoError(t, err) assert.Equal(t, "8aadcb8fc1334186a84c4da9813356d9", string(r.OAuth2LoginChallenge)) }) diff --git a/selfservice/flow/settings/flow_test.go b/selfservice/flow/settings/flow_test.go index 26a40b71245d..ab2273b1a86d 100644 --- a/selfservice/flow/settings/flow_test.go +++ b/selfservice/flow/settings/flow_test.go @@ -57,7 +57,7 @@ func TestNewFlow(t *testing.T) { require.NoError(t, err) assert.Equal(t, r.IssuedAt, r.ExpiresAt) assert.Equal(t, flow.TypeBrowser, r.Type) - assert.Equal(t, "https://ory.sh/", r.RequestURL) + assert.Equal(t, "https://ory.com/", r.RequestURL) }) t.Run("type=return_to", func(t *testing.T) { @@ -80,10 +80,10 @@ func TestNewFlow(t *testing.T) { t.Run("case=2", func(t *testing.T) { r, err := settings.NewFlow(conf, 0, &http.Request{ - URL: urlx.ParseOrPanic("https://ory.sh/"), + URL: urlx.ParseOrPanic("https://ory.com/"), Host: "ory.sh"}, id, flow.TypeBrowser) require.NoError(t, err) - assert.Equal(t, "https://ory.sh/", r.RequestURL) + assert.Equal(t, "https://ory.com/", r.RequestURL) }) } diff --git a/selfservice/flow/verification/flow_test.go b/selfservice/flow/verification/flow_test.go index e05482ffa39d..7bdec7256b87 100644 --- a/selfservice/flow/verification/flow_test.go +++ b/selfservice/flow/verification/flow_test.go @@ -145,9 +145,9 @@ func TestFromOldFlow(t *testing.T) { } func TestContinueURL(t *testing.T) { - const globalReturnTo = "https://ory.sh/global-return-to" - const localReturnTo = "https://ory.sh/local-return-to" - const flowReturnTo = "https://ory.sh/flow-return-to" + const globalReturnTo = "https://ory.com/global-return-to" + const localReturnTo = "https://ory.com/local-return-to" + const flowReturnTo = "https://ory.com/flow-return-to" for _, tc := range []struct { desc string diff --git a/selfservice/strategy/oidc/provider_generic_test.go b/selfservice/strategy/oidc/provider_generic_test.go index 7c90da7e3ec5..7543f2f097c3 100644 --- a/selfservice/strategy/oidc/provider_generic_test.go +++ b/selfservice/strategy/oidc/provider_generic_test.go @@ -53,12 +53,12 @@ func makeAuthCodeURL(t *testing.T, r *login.Flow, reg *driver.RegistryDefault) s func TestProviderGenericOIDC_AddAuthCodeURLOptions(t *testing.T) { ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) - conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://ory.sh") + conf.MustSet(ctx, config.ViperKeyPublicBaseURL, "https://ory.com") t.Run("case=redirectURI is public base url", func(t *testing.T) { r := &login.Flow{ID: x.NewUUID(), Refresh: true} actual, err := url.ParseRequestURI(makeAuthCodeURL(t, r, reg)) require.NoError(t, err) - assert.Contains(t, actual.Query().Get("redirect_uri"), "https://ory.sh") + assert.Contains(t, actual.Query().Get("redirect_uri"), "https://ory.com") }) t.Run("case=redirectURI is public base url", func(t *testing.T) { From f436f1b8c9e38252b5c173b3d444dbe180a1277a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czaus?= Date: Thu, 15 Jan 2026 16:33:25 +0100 Subject: [PATCH 4/6] feat: add information about flow changing from register to login and the other way around, SPLAT-682 --- selfservice/hook/web_hook_integration_test.go | 6 +++--- x/http_secure_redirect_test.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go index 6d14848bfc6a..bf4736abb8e5 100644 --- a/selfservice/hook/web_hook_integration_test.go +++ b/selfservice/hook/web_hook_integration_test.go @@ -155,7 +155,7 @@ func TestWebHooks(t *testing.T) { "Some-Cookie-2": "Some-other-Cookie-Value", "Some-Cookie-3": "Third-Cookie-Value" } - }`, f.GetID(), req.Method, "http://www.ory.sh/some_end_point") + }`, f.GetID(), req.Method, "http://www.ory.com/some_end_point") if len(req.Header) != 0 { if ua := req.Header.Get("User-Agent"); ua != "" { body, _ = sjson.Set(body, "headers.User-Agent", []string{ua}) @@ -177,7 +177,7 @@ func TestWebHooks(t *testing.T) { "Some-Cookie-3": "Third-Cookie-Value" }, "transient_payload": %s - }`, f.GetID(), s.Identity.ID, req.Method, "http://www.ory.sh/some_end_point", string(tp)) + }`, f.GetID(), s.Identity.ID, req.Method, "http://www.ory.com/some_end_point", string(tp)) if len(req.Header) != 0 { if ua := req.Header.Get("User-Agent"); ua != "" { body, _ = sjson.Set(body, "headers.User-Agent", []string{ua}) @@ -200,7 +200,7 @@ func TestWebHooks(t *testing.T) { "Some-Cookie-3": "Third-Cookie-Value" }, "transient_payload": %s - }`, f.GetID(), s.Identity.ID, s.ID, req.Method, "http://www.ory.sh/some_end_point", string(tp)) + }`, f.GetID(), s.Identity.ID, s.ID, req.Method, "http://www.ory.com/some_end_point", string(tp)) if len(req.Header) != 0 { if ua := req.Header.Get("User-Agent"); ua != "" { body, _ = sjson.Set(body, "headers.User-Agent", []string{ua}) diff --git a/x/http_secure_redirect_test.go b/x/http_secure_redirect_test.go index 0afedc3f9e89..14bdbf05030b 100644 --- a/x/http_secure_redirect_test.go +++ b/x/http_secure_redirect_test.go @@ -245,7 +245,7 @@ func TestSecureRedirectTo(t *testing.T) { t.Run("case=return to another domain fails if scheme mismatches", func(t *testing.T) { s := newServer(t, false, false, true, func(ts *httptest.Server) []x.SecureRedirectOption { - return []x.SecureRedirectOption{x.SecureRedirectAllowURLs([]url.URL{*urlx.ParseOrPanic("http://www.ory.sh/")})} + return []x.SecureRedirectOption{x.SecureRedirectAllowURLs([]url.URL{*urlx.ParseOrPanic("http://www.ory.com/")})} }) _, body := makeRequest(t, s, "?return_to=https://www.ory.sh/kratos") assert.Equal(t, body, "error") @@ -304,12 +304,12 @@ func TestSecureRedirectTo(t *testing.T) { return []x.SecureRedirectOption{ x.SecureRedirectAllowURLs([]url.URL{ *urlx.ParseOrPanic("https://www.ory.sh"), - *urlx.ParseOrPanic("http://www.ory.sh"), + *urlx.ParseOrPanic("http://www.ory.com"), }), x.SecureRedirectOverrideDefaultReturnTo(urlx.ParseOrPanic("https://www.ory.sh/docs")), } }) _, body := makeRequest(t, s, "?return_to=http:///kratos") - assert.Equal(t, body, "http://www.ory.sh/kratos") + assert.Equal(t, body, "http://www.ory.com/kratos") }) } From c61405be7d20eb90e0182b3b5b2f4fbea7d829f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czaus?= Date: Thu, 15 Jan 2026 17:04:06 +0100 Subject: [PATCH 5/6] feat: add information about flow changing from register to login and the other way around, SPLAT-682 --- .../profiles/email/registration/errors.spec.ts | 12 ++++++------ .../integration/profiles/email/settings/ui.spec.ts | 2 +- .../profiles/mobile/registration/errors.spec.ts | 4 ++-- .../profiles/oidc-provider/registration.spec.ts | 2 +- .../integration/profiles/passwordless/flows.spec.ts | 8 ++++---- test/e2e/cypress/support/commands.ts | 2 +- test/e2e/cypress/support/index.d.ts | 2 +- x/http_test.go | 12 ++++++------ 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts index 54617e8d7d2c..9eb7c92bc454 100644 --- a/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts +++ b/test/e2e/cypress/integration/profiles/email/registration/errors.spec.ts @@ -37,7 +37,7 @@ describe("Registration failures with email profile", () => { it("fails when CSRF cookies are missing", () => { cy.get(`${appPrefix(app)} input[name="traits.website"]`).type( - "https://www.ory.sh", + "http://www.ory.com", ) cy.get('input[name="traits.email"]') .type(identity) @@ -58,7 +58,7 @@ describe("Registration failures with email profile", () => { describe("show errors when invalid signup data is used", () => { it("should show an error when the password has leaked before", () => { - cy.get('input[name="traits.website"]').type("https://www.ory.sh") + cy.get('input[name="traits.website"]').type("http://www.ory.com") cy.get('input[name="traits.email"]') .type(identity) .should("have.value", identity) @@ -74,7 +74,7 @@ describe("Registration failures with email profile", () => { }) it("should show an error when the password is too similar", () => { - cy.get('input[name="traits.website"]').type("https://www.ory.sh") + cy.get('input[name="traits.website"]').type("http://www.ory.com") cy.get('input[name="traits.email"]').type(identity) cy.get('input[name="password"]').type(identity) @@ -86,7 +86,7 @@ describe("Registration failures with email profile", () => { }) it("should show an error when the password is empty", () => { - cy.get('input[name="traits.website"]').type("https://www.ory.sh") + cy.get('input[name="traits.website"]').type("http://www.ory.com") cy.get('input[name="traits.email"]').type(identity) // the browser will prevent the form from being submitted if the input field is required @@ -105,7 +105,7 @@ describe("Registration failures with email profile", () => { }) it("should show an error when the email is empty", () => { - cy.get('input[name="traits.website"]').type("https://www.ory.sh") + cy.get('input[name="traits.website"]').type("http://www.ory.com") cy.get('input[name="password"]').type(password) // the browser will prevent the form from being submitted if the input field is required @@ -125,7 +125,7 @@ describe("Registration failures with email profile", () => { }) it("should show an error when the email is not an email", () => { - cy.get('input[name="traits.website"]').type("https://www.ory.sh") + cy.get('input[name="traits.website"]').type("http://www.ory.com") cy.get('input[name="password"]').type(password) // the browser will prevent the form from being submitted if the input data doesn't conform to the input field type diff --git a/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts b/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts index 6a0cfd1071f4..c02623633403 100644 --- a/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts +++ b/test/e2e/cypress/integration/profiles/email/settings/ui.spec.ts @@ -25,7 +25,7 @@ context("Settings errors with email profile", () => { cy.useConfigProfile(profile) cy.registerApi({ ...identity, - fields: { "traits.website": "https://www.ory.sh/" }, + fields: { "traits.website": "http://www.ory.com/" }, }) cy.proxy(app) }) diff --git a/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts b/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts index 27fc1319f2c7..cb9867868318 100644 --- a/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts +++ b/test/e2e/cypress/integration/profiles/mobile/registration/errors.spec.ts @@ -53,7 +53,7 @@ context("Mobile Profile", () => { }) it("should show an error when the email is empty", () => { - cy.get('input[data-testid="traits.website"]').type("https://www.ory.sh") + cy.get('input[data-testid="traits.website"]').type("http://www.ory.com") cy.get('input[data-testid="password"]').type(password) cy.get('div[data-testid="submit-form"]').click() @@ -64,7 +64,7 @@ context("Mobile Profile", () => { }) it("should show an error when the email is not an email", () => { - cy.get('input[data-testid="traits.website"]').type("https://www.ory.sh") + cy.get('input[data-testid="traits.website"]').type("http://www.ory.com") cy.get('input[data-testid="traits.email"]').type("not-an-email") cy.get('input[data-testid="password"]').type(password) diff --git a/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts b/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts index f29e3665e5f7..401d757ee2bd 100644 --- a/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts +++ b/test/e2e/cypress/integration/profiles/oidc-provider/registration.spec.ts @@ -74,7 +74,7 @@ context("OpenID Provider", () => { email, password, fields: { - "traits.website": "https://www.ory.sh", + "traits.website": "http://www.ory.com", "traits.tos": "1", "traits.age": 22, }, diff --git a/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts b/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts index adf4505dfaff..1eb0899896c5 100644 --- a/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts +++ b/test/e2e/cypress/integration/profiles/passwordless/flows.spec.ts @@ -18,14 +18,14 @@ const signup = (registration: string, app: string, email = gen.email()) => { cy.get('[name="webauthn_register_displayname"]').type("key1") cy.get(emailTrait).type(email) - cy.get(websiteTrait).type("https://www.ory.sh") + cy.get(websiteTrait).type("http://www.ory.com") cy.clickWebAuthButton("register") cy.getSession({ expectAal: "aal1", expectMethods: ["webauthn"], }).then((session) => { expect(session.identity.traits.email).to.equal(email) - expect(session.identity.traits.website).to.equal("https://www.ory.sh") + expect(session.identity.traits.website).to.equal("http://www.ory.com") }) } @@ -116,14 +116,14 @@ context("Passwordless registration", () => { cy.get(websiteTrait).should("have.value", "b") cy.get(emailTrait).should("have.value", email) cy.get(websiteTrait).clear() - cy.get(websiteTrait).type("https://www.ory.sh") + cy.get(websiteTrait).type("http://www.ory.com") cy.clickWebAuthButton("register") cy.getSession({ expectAal: "aal1", expectMethods: ["webauthn"], }).then((session) => { expect(session.identity.traits.email).to.equal(email) - expect(session.identity.traits.website).to.equal("https://www.ory.sh") + expect(session.identity.traits.website).to.equal("http://www.ory.com") }) }) diff --git a/test/e2e/cypress/support/commands.ts b/test/e2e/cypress/support/commands.ts index 89b5c7cb15c5..5c67d67b5c23 100644 --- a/test/e2e/cypress/support/commands.ts +++ b/test/e2e/cypress/support/commands.ts @@ -755,7 +755,7 @@ Cypress.Commands.add("longRegisterLifespan", ({} = {}) => { Cypress.Commands.add("browserReturnUrlOry", ({} = {}) => { updateConfigFile((config) => { config.selfservice.allowed_return_urls = [ - "https://www.ory.sh/", + "http://www.ory.com/", "https://www.example.org/", ] return config diff --git a/test/e2e/cypress/support/index.d.ts b/test/e2e/cypress/support/index.d.ts index a6a7120937de..4c77c316e1ab 100644 --- a/test/e2e/cypress/support/index.d.ts +++ b/test/e2e/cypress/support/index.d.ts @@ -242,7 +242,7 @@ declare global { longLoginLifespan(): Chainable /** - * Change the config so that `https://www.ory.sh/` is a allowed return to URL. + * Change the config so that `http://www.ory.com/` is a allowed return to URL. */ browserReturnUrlOry(): Chainable diff --git a/x/http_test.go b/x/http_test.go index 4541aebea5f2..a11b93392107 100644 --- a/x/http_test.go +++ b/x/http_test.go @@ -43,18 +43,18 @@ func TestAcceptToRedirectOrJSON(t *testing.T) { t.Run("regular payload", func(t *testing.T) { w := httptest.NewRecorder() - AcceptToRedirectOrJSON(w, r, wr, json.RawMessage(`{"foo":"bar"}`), "https://www.ory.sh/redir") + AcceptToRedirectOrJSON(w, r, wr, json.RawMessage(`{"foo":"bar"}`), "http://www.ory.com/redir") loc, err := w.Result().Location() require.NoError(t, err) - assert.Equal(t, "https://www.ory.sh/redir", loc.String()) + assert.Equal(t, "http://www.ory.com/redir", loc.String()) }) t.Run("error payload", func(t *testing.T) { w := httptest.NewRecorder() - AcceptToRedirectOrJSON(w, r, wr, errors.New("foo"), "https://www.ory.sh/redir") + AcceptToRedirectOrJSON(w, r, wr, errors.New("foo"), "http://www.ory.com/redir") loc, err := w.Result().Location() require.NoError(t, err) - assert.Equal(t, "https://www.ory.sh/redir", loc.String()) + assert.Equal(t, "http://www.ory.com/redir", loc.String()) }) }) @@ -65,7 +65,7 @@ func TestAcceptToRedirectOrJSON(t *testing.T) { t.Run("regular payload", func(t *testing.T) { msg := json.RawMessage(`{"foo":"bar"}`) w := httptest.NewRecorder() - AcceptToRedirectOrJSON(w, r, wr, msg, "https://www.ory.sh/redir") + AcceptToRedirectOrJSON(w, r, wr, msg, "http://www.ory.com/redir") _, err := w.Result().Location() require.ErrorIs(t, err, http.ErrNoLocation) @@ -76,7 +76,7 @@ func TestAcceptToRedirectOrJSON(t *testing.T) { t.Run("error payload", func(t *testing.T) { ee := errors.WithStack(herodot.ErrBadRequest) w := httptest.NewRecorder() - AcceptToRedirectOrJSON(w, r, wr, ee, "https://www.ory.sh/redir") + AcceptToRedirectOrJSON(w, r, wr, ee, "http://www.ory.com/redir") _, err := w.Result().Location() require.ErrorIs(t, err, http.ErrNoLocation) From 9ffd2801e5094810a3fff43657b5a31ff3ac3ba7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Czaus?= Date: Thu, 15 Jan 2026 17:29:07 +0100 Subject: [PATCH 6/6] feat: add information about flow changing from register to login and the other way around, SPLAT-682 --- selfservice/flow/login/handler_test.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go index 375654b89b24..9d45fdfec2f3 100644 --- a/selfservice/flow/login/handler_test.go +++ b/selfservice/flow/login/handler_test.go @@ -667,7 +667,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=redirects if aal2 is requested and set up already without refresh", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, url.Values{"aal": {"aal2"}, "set_aal": {"aal2"}}, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), "https://www.ory.com") }) t.Run("case=can not request aal2 on unauthenticated request", func(t *testing.T) { @@ -678,7 +678,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=ignores aal1 if session has aal1 already", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, url.Values{"aal": {"aal1"}}, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), "https://www.ory.com") }) t.Run("case=aal0 is not a valid value", func(t *testing.T) { @@ -707,12 +707,12 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=does not set forced flag on authenticated request without refresh=true", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, url.Values{}, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), "https://www.ory.com") }) t.Run("case=does not set forced flag on authenticated request with refresh=false", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, url.Values{"refresh": {"false"}}, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), "https://www.ory.com") }) t.Run("case=does set forced flag on authenticated request with refresh=true", func(t *testing.T) { @@ -748,7 +748,7 @@ func TestFlowLifecycle(t *testing.T) { conf.MustSet(ctx, config.ViperKeyOAuth2ProviderURL, "https://fake-hydra") t.Run("case=oauth2 flow init should override return_to to the oauth2 request_url", func(t *testing.T) { - conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh", "https://example.com"}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.com", "https://example.com"}) conf.MustSet(ctx, config.ViperKeyOAuth2ProviderOverrideReturnTo, true) t.Cleanup(func() { @@ -774,7 +774,7 @@ func TestFlowLifecycle(t *testing.T) { require.NoError(t, res.Body.Close()) - assert.Equal(t, "https://www.ory.sh", gjson.GetBytes(body, "return_to").Value()) + assert.Equal(t, "https://www.ory.com", gjson.GetBytes(body, "return_to").Value()) }) t.Run("case=invalid oauth2 login challenge returns 400 Bad Request", func(t *testing.T) { @@ -824,7 +824,7 @@ func TestGetFlow(t *testing.T) { require.NoError(t, err) })) conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, ts.URL) - conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.com") t.Cleanup(ts.Close) return ts } @@ -872,7 +872,7 @@ func TestGetFlow(t *testing.T) { }) t.Run("case=expired with return_to", func(t *testing.T) { - returnTo := "https://www.ory.sh" + returnTo := "https://www.ory.com" conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewClientWithCookies(t)