authx - If using auto-login, then use a redirect to hide the `?_authx…

…=...` gunk

ext/authx/authx.php

@@ -22,7 +22,12 @@
     }
     elseif (!empty($params['_authxSes'])) {
       (new \Civi\Authx\Authenticator('auto'))->auth($e, $params['_authx'], TRUE);
-      _authx_redact(['_authx', '_authxSes']);
+      if ($_SERVER['REQUEST_METHOD'] === 'GET') {
+        _authx_reload(implode('/', $e->args), $_SERVER['QUERY_STRING']);
+      }
+      else {
+        _authx_redact(['_authx', '_authxSes']);
+      }
     }
     else {
       (new \Civi\Authx\Authenticator('param'))->auth($e, $params['_authx']);
@@ -52,6 +57,23 @@ function _authx_redact(array $keys) {
   }
 }
 
+/**
+ * Reload the current page-view.
+ *
+ * @param string $route
+ * @param string $queryString
+ */
+function _authx_reload($route, $queryString) {
+  parse_str($queryString, $query);
+  foreach (array_keys($query) as $key) {
+    if (CRM_Utils_String::startsWith($key, '_authx')) {
+      unset($query[$key]);
+    }
+  }
+  $url = CRM_Utils_System::url($route, $query, TRUE, NULL, FALSE, CRM_Core_Config::singleton()->userSystem->isFrontEndPage());
+  CRM_Utils_System::redirect($url);
+}
+
 /**
  * Implements hook_civicrm_config().
  *

ext/authx/tests/phpunit/Civi/Authx/AllFlowsTest.php

@@ -253,8 +253,9 @@ public function testStatefulAutoAllowed($credType) {
     $request = $this->applyAuth($this->requestMyContact(), $credType, $flowType, $this->getDemoCID());
 
     \Civi::settings()->set("authx_{$flowType}_cred", [$credType]);
+    $this->assertEquals(0, $cookieJar->count());
     $response = $http->send($request);
-    $this->assertHasCookies($response);
+    $this->assertTrue($cookieJar->count() >= 1);
     $this->assertMyContact($this->getDemoCID(), $this->getDemoUID(), $response);
 
     // FIXME: Assert that re-using cookies yields correct result.