Update GetWebSessionRequest to support masquerading

refs: MBL-17910 affects: Student, Teacher, Parent release note: none test plan: See PR description
instructure · Oct 30, 2024 · dde191a · dde191a
1 parent 66815c5
commit dde191a
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 10 deletions.
diff --git a/Core/Core/Courses/K5/ViewModel/K5SubjectViewMasqueradedSession.swift b/Core/Core/Courses/K5/ViewModel/K5SubjectViewMasqueradedSession.swift
@@ -52,7 +52,7 @@ public class K5SubjectViewMasqueradedSession {
 
     private func startMasqueradedSession(for url: URL, itemIndex: Int) {
         masqueradedSessionRequest?.cancel()
-        masqueradedSessionRequest = env.api.makeRequest(GetWebSessionRequest(to: url, path: "login/session_token")) { [weak self] response, _, _ in
+        masqueradedSessionRequest = env.api.makeRequest(GetWebSessionRequest(to: url)) { [weak self] response, _, _ in
             performUIUpdate {
                 let safeURL = response?.session_url ?? url
                 self?.masqueradedSessionURLSubject.send(safeURL)

diff --git a/Core/Core/Login/APIOAuth.swift b/Core/Core/Login/APIOAuth.swift
@@ -214,19 +214,36 @@ public struct GetWebSessionRequest: APIRequestable {
     public let path: String
 
     public var query: [APIQueryItem] {
+        guard let to else { return [] }
+
         // Inline data content URLs need no extra query params
-        if let to = to, to.scheme == "data" {
+        if to.scheme == "data" {
             return [ .value("return_to", to.absoluteString) ]
         }
 
-        if let returnTo = to?.appendingQueryItems(URLQueryItem(name: "display", value: "borderless")) {
-            return [ .value("return_to", returnTo.absoluteString) ]
+        var returnToUrlQueryItems = [
+            URLQueryItem(name: "display", value: "borderless")
+        ]
+
+        if let actAsUserID = AppEnvironment.shared.currentSession?.actAsUserID {
+            returnToUrlQueryItems.append(URLQueryItem(name: "as_user_id", value: actAsUserID))
+        }
+
+        var returnToUrl = to
+        returnToUrlQueryItems.forEach {
+            returnToUrl = returnToUrl.appendingQueryItems($0)
         }
-        return []
+        return [ .value("return_to", returnToUrl.absoluteString) ]
     }
 
-    public init(to: URL?, path: String = "/login/session_token") {
+    public init(to: URL?) {
         self.to = to
-        self.path = path
+
+        let isMasqueareding = AppEnvironment.shared.currentSession?.masquerader != nil
+        if isMasqueareding {
+            self.path = "/api/v1/login/session_token"
+        } else {
+            self.path = "/login/session_token"
+        }
     }
 }
diff --git a/Core/CoreTests/Courses/K5/ViewModel/K5SubjectViewMasqueradedSessionTests.swift b/Core/CoreTests/Courses/K5/ViewModel/K5SubjectViewMasqueradedSessionTests.swift
@@ -41,7 +41,7 @@ class K5SubjectViewMasqueradedSessionTests: CoreTestCase {
 
     func testFetchesSessionURL() {
         let sessionExpectation = expectation(description: "Session fetched from API")
-        let request = GetWebSessionRequest(to: URL(string: "/first_tab_url")!, path: "login/session_token")
+        let request = GetWebSessionRequest(to: URL(string: "/first_tab_url")!)
         api.mock(request, value: .init(session_url: URL(string: "/session_url")!, requires_terms_acceptance: false))
 
         let testee = K5SubjectViewMasqueradedSession(env: environment)

diff --git a/Core/CoreTests/Login/APIOAuthTests.swift b/Core/CoreTests/Login/APIOAuthTests.swift
@@ -17,9 +17,10 @@
 //
 
 import XCTest
+import TestsFoundation
 @testable import Core
 
-class APIOAuthTests: XCTestCase {
+class APIOAuthTests: CoreTestCase {
     func testGetMobileVerifyRequest() {
         XCTAssertEqual(GetMobileVerifyRequest(domain: "cgnu").path, "https://canvas.instructure.com/api/v1/mobile_verify.json")
         XCTAssertEqual(GetMobileVerifyRequest(domain: "cgnu").queryItems, [
@@ -61,11 +62,24 @@ class APIOAuthTests: XCTestCase {
         XCTAssertEqual(DeleteLoginOAuthRequest().path, "/login/oauth2/token")
     }
 
-    func testGetWebSessionRequest() {
+    func testGetWebSessionRequestWhenNotMasquerading() {
         XCTAssertEqual(GetWebSessionRequest(to: nil).path, "/login/session_token")
         XCTAssertEqual(GetWebSessionRequest(to: nil).queryItems, [])
         XCTAssertEqual(GetWebSessionRequest(to: URL(string: "/")).queryItems, [
             URLQueryItem(name: "return_to", value: "/?display=borderless")
         ])
     }
+
+    func testGetWebSessionRequestWhenMasquerading() {
+        environment.currentSession = .make(
+            masquerader: URL(string: "something"),
+            userID: "42"
+        )
+
+        XCTAssertEqual(GetWebSessionRequest(to: nil).path, "/api/v1/login/session_token")
+        XCTAssertEqual(GetWebSessionRequest(to: nil).queryItems, [])
+        XCTAssertEqual(GetWebSessionRequest(to: URL(string: "/")).queryItems, [
+            URLQueryItem(name: "return_to", value: "/?display=borderless&as_user_id=42"),
+        ])
+    }
 }