adobe · dominique-pfister · Nov 12, 2025 · Nov 12, 2025
diff --git a/.nycrc.json b/.nycrc.json
@@ -5,8 +5,8 @@
     "text-summary"
   ],
   "check-coverage": true,
-  "lines": 70,
-  "branches": 70,
-  "statements": 70,
-  "functions": 70
+  "lines": 95,
+  "branches": 95,
+  "statements": 95,
+  "functions": 95
 }
diff --git a/package.json b/package.json
@@ -32,6 +32,7 @@
     "require": [
       "nock",
       "test/setup-env.js",
+      "test/setup-test-idp.js",
       "mocha-suppress-logs"
     ],
     "recursive": "true",

diff --git a/src/auth/exchange-token.js b/src/auth/exchange-token.js
@@ -23,6 +23,15 @@ import {
 import { setAuthCookie } from './cookie.js';
 import localJWKS from '../idp-configs/jwks-json.js';
 
+/**
+ * Fetch tokens from IDP.
+ *
+ * @param {import('../support/AdminContext').AdminContext} context context
+ * @param {import('../support/RequestInfo').RequestInfo} info request info
+ * @param {import('./auth.d.ts').IDPConfig} idp IDP config
+ * @param {string} [tenantId] optional tenant id for the IDP
+ * @return {Promise<Response>} response
+ */
 async function fetchTokens(context, info, idp, tenantId) {
   const { data, log } = context;
 

diff --git a/src/cache/purge.js b/src/cache/purge.js
@@ -636,7 +636,8 @@ const purge = {
 
     // create new path info with the ref given. this allows code-purges to force a purge of the branch
     const forcedInfo = {
-      ...info,
+      org: info.org,
+      site: info.site,
       owner: info.owner,
       repo: info.repo,
       ref,

diff --git a/src/idp-configs/jwks-json.js b/src/idp-configs/jwks-json.js
@@ -9,14 +9,14 @@
  * OF ANY KIND, either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
+
 /**
  * Public key store for the custom IDP emulation. The helix-html-pipeline reads this via.
  * https://admin.hlx.page/auth/discovery/keys
  *
  * Whenever the private key is rotated, it's public counterpart should be added here.
  * @todo add expiration and certificates
  */
-
 export default {
   keys: [
     {

diff --git a/src/login/handler.js b/src/login/handler.js
@@ -20,6 +20,7 @@ import { createCloseHtml, createSendMessageHtml } from '../auth/responses.js';
 import { IDPS, LOGOUT_PATH, PROFILE_PATH } from '../auth/support.js';
 import { createErrorResponse } from '../contentbus/utils.js';
 import { isDAMountpoint } from '../support/adobe-source.js';
+import { RequestInfo } from '../support/RequestInfo.js';
 import idpAdobe from '../idp-configs/adobe.js';
 import localJWKS from '../idp-configs/jwks-json.js';
 import { loadSiteConfig } from '../config/utils.js';
@@ -220,10 +221,9 @@ export async function auth(context, info) {
       data.org = data.state.org;
       data.site = data.state.site;
 
-      // eslint-disable-next-line no-param-reassign
-      // TODO: info.org = data.org;
-      // eslint-disable-next-line no-param-reassign
-      // TODO: info.site = data.site;
+      const clone = RequestInfo.clone(info, {
+        org: data.org, site: data.site,
+      });
 
       if (!data.code) {
         if (data.state.prompt === 'none') {
@@ -239,7 +239,7 @@ export async function auth(context, info) {
           status: 401,
         });
       }
-      return exchangeToken(context, info, idp, data.state.tenantId);
+      return exchangeToken(context, clone, idp, data.state.tenantId);
     }
   }
   return new Response('', {

diff --git a/src/support/RequestInfo.js b/src/support/RequestInfo.js
@@ -9,6 +9,8 @@
  * OF ANY KIND, either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
+/* eslint-disable max-classes-per-file */
+
 import { parse } from 'cookie';
 import { sanitizeName } from '@adobe/helix-shared-string';
 import { StatusCodeError } from './StatusCodeError.js';
@@ -136,17 +138,10 @@ export function computePaths(path) {
   };
 }
 
-export class RequestInfo {
-  #owner;
-
-  #repo;
-
-  #ref;
-
-  /**
-   * @constructs RequestInfo
-   * @param {import('@adobe/fetch').Request} request request
-   */
+/**
+ * Class containing the aspects of the HTTP request.
+ */
+class HttpRequest {
   constructor(request) {
     this.method = request.method.toUpperCase();
     this.headers = request.headers.plain();
@@ -159,6 +154,71 @@ export class RequestInfo {
     this.host = process.env.HLX_DEV_SERVER_HOST ?? 'api.aem.live';
     this.query = {};
   }
+}
+
+/**
+ * Class containing the aspects of the decomposed path.
+ */
+class PathInfo {
+  constructor(route, org, site, path) {
+    this.route = route;
+    this.org = org;
+    this.site = site;
+    this.path = path;
+
+    if (path) {
+      const { webPath, resourcePath, ext } = computePaths(path);
+      if (ext === '.aspx') {
+        // onedrive doesn't like .aspx extension and reports wit 500. so we just reject it.
+        throw new StatusCodeError('', 404);
+      }
+      Object.assign(this, {
+        rawPath: path, webPath, resourcePath, ext,
+      });
+    }
+  }
+
+  /**
+   * Clone another path info.
+   *
+   * @param {PathInfo} other other info
+   * @param {object} param0 params
+   * @param {string} [param0.org] org, optional
+   * @param {string} [param0.site] site, optional
+   * @param {string} [param0.path] path, optional
+]  * @param {string} [param0.route] route, optional
+   * @returns {PathInfo} clone with the params overwritten
+   */
+  static clone(other, {
+    route, org, site, path,
+  }) {
+    return new PathInfo(
+      route ?? other.route,
+      org ?? other.org,
+      site ?? other.site,
+      path ?? other.path,
+    );
+  }
+}
+
+/**
+ * Class containing the aspects of both HTTP request and decomposed path.
+ */
+export class RequestInfo {
+  #request;
+
+  #pathInfo;
+
+  #owner;
+
+  #repo;
+
+  #ref;
+
+  constructor(request, pathInfo) {
+    this.#request = request;
+    this.#pathInfo = pathInfo;
+  }
 
   // eslint-disable-next-line class-methods-use-this
   get path() {
@@ -178,6 +238,34 @@ export class RequestInfo {
     return this;
   }
 
+  get method() {
+    return this.#request.method;
+  }
+
+  get headers() {
+    return this.#request.headers;
+  }
+
+  get buffer() {
+    return this.#request.buffer;
+  }
+
+  get cookies() {
+    return this.#request.cookies;
+  }
+
+  get scheme() {
+    return this.#request.scheme;
+  }
+
+  get host() {
+    return this.#request.host;
+  }
+
+  get query() {
+    return this.#request.query;
+  }
+
   get owner() {
     return this.#owner;
   }
@@ -190,37 +278,79 @@ export class RequestInfo {
     return this.#ref ?? 'main';
   }
 
+  get route() {
+    return this.#pathInfo.route;
+  }
+
+  get org() {
+    return this.#pathInfo.org;
+  }
+
+  get site() {
+    return this.#pathInfo.site;
+  }
+
+  get rawPath() {
+    return this.#pathInfo.rawPath;
+  }
+
+  get webPath() {
+    return this.#pathInfo.webPath;
+  }
+
+  get resourcePath() {
+    return this.#pathInfo.resourcePath;
+  }
+
+  get ext() {
+    return this.#pathInfo.ext;
+  }
+
   /**
    * Create a new request info.
    *
    * @param {import('@adobe/fetch').Request} request request
    * @param {object} param0 params
-   * @param {string} [param0.org] org
+   * @param {string} [param0.org] org, optional
    * @param {string} [param0.site] site, optional
    * @param {string} [param0.path] path, optional
-   * @param {string} [param0.route] route
+   * @param {string} [param0.ref] ref, optional
+   * @param {string} [param0.route] route, optional
    * @returns {RequestInfo}
    */
   static create(request, {
     org, site, path, ref, route,
   } = {}) {
-    const info = new RequestInfo(request)
-      .withRef(ref);
+    const httpRequest = new HttpRequest(request);
+    const pathInfo = new PathInfo(route, org, site, path);
 
-    info.route = route;
-    info.org = org;
-    info.site = site;
+    return Object.freeze(new RequestInfo(httpRequest, pathInfo).withRef(ref));
+  }
+
+  /**
+   * Clone an existing request info.
+   *
+   * @param {RequestInfo} other
+   * @param {object} param0 params
+   * @param {string} [param0.org] org
+   * @param {string} [param0.site] site, optional
+   * @param {string} [param0.path] path, optional
+   * @param {string} [param0.route] route
+   * @returns {RequestInfo}
+   */
+  static clone(other, {
+    org, site, path, route,
+  }) {
+    const info = new RequestInfo(
+      other.#request,
+      PathInfo.clone(other.#pathInfo, {
+        org, site, path, route,
+      }),
+    );
+    info.#owner = other.#owner;
+    info.#repo = other.#repo;
+    info.#ref = other.#ref;
 
-    if (path) {
-      const { webPath, resourcePath, ext } = computePaths(path);
-      if (ext === '.aspx') {
-        // onedrive doesn't like .aspx extension and reports wit 500. so we just reject it.
-        throw new StatusCodeError('', 404);
-      }
-      Object.assign(info, {
-        rawPath: path, webPath, resourcePath, ext,
-      });
-    }
     return Object.freeze(info);
   }
 

diff --git a/test/contentproxy/onedrive.test.js b/test/contentproxy/onedrive.test.js
@@ -208,7 +208,7 @@ describe('OneDrive Integration Tests (docx)', () => {
   it('Retrieves Document from Word via custom tenant', async () => {
     nock.onedrive(SITE_1D_CONFIG.content)
       .user()
-      .login(undefined, '01234567-abcd')
+      .login(undefined, '01234567-abcd', '01234567-abcd')
       .resolve('')
       .getDocument('/index.docx', { size: 3956 });