feat: redirect back to intended route after login#628
Open
kushalshah5-code wants to merge 1 commit into
Open
Conversation
Changes:
Total lines: 4778 (+40) |
deployed preview: https://628.connect-d5y.pages.devWelcome to connect! Make sure to:
Mobile
Desktop
|
Author
|
Heads up on the red check: the only failing test is geocode.spec.ts > getFullAddress > normal usage, which hits a live geocoding API and asserts a hardcoded address. It's getting "131 Fleet Street / EC4A 2BH" back instead of the expected "133 Fleet Street / EC4A 2BB" - looks like the upstream map data changed. It's unrelated to this PR (I didn't touch geocode), and it fails on master too. My added tests in App.browser.test.tsx pass in CI. Didn't want to touch the geocode assertion since that's out of scope here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #523
What
Signed-out users who open a deep link (like a shared route) get sent to /login, but after logging in they always landed on / instead of where they were going. This sends them back to the original route.
How
src/api/auth/redirect.tswithsaveRedirect(),popRedirect()(read + clear), andisSafeInternalPath().Dashboard.tsx: save the current path before redirecting to /login when not signed in.auth.tsx: changednavigate('/')tonavigate(popRedirect() ?? '/')after the token exchange.storage.ts: added thepostLoginRedirectkey to the key union and aremoveItemhelper.Why not the OAuth state param
The issue links the Auth0 state-param doc. I looked at using it, but the redirect_uri for all 3 providers points at the comma API (
/v2/auth/{g,a,h}/redirect/), which then redirects to/auth?code=&provider=. So the destination goes through the comma backend, not straight back from the provider, and I don't think a state value survives that unless the backend forwards it. Is that something the backend does?For now I store the destination client-side, which works regardless.
popRedirect()only allows internal paths (rejects//host,/\host, and absolute URLs) so a malicious login link can't redirect someone off-site after they log in. It's cleared on read so an old destination can't carry over to a later login.Happy to switch to state if the backend supports it.
Testing
Added a unit test for the path guard and an integration test that checks the destination is saved when you hit a protected route signed out.
Couldn't run the browser tests locally (I'm on Ubuntu 26.04 and the pinned Playwright doesn't support it yet), so I ran check/build/lines/bundle-size locally and left the browser tests to CI. Bundle goes up ~0.46KB gzipped.