Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep returnTo when using successReturnToOrRedirect #941

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Keep returnTo when using successReturnToOrRedirect #941

wants to merge 1 commit into from

Conversation

grahamwhiteuk
Copy link

This is a small patch to fix the behaviour of the successReturnToOrRedirect option as illustrated in #919 and #281

As I understand it, the successReturnToOrRedirect option is supposed to, upon success, return or redirect to the string specified in session.returnTo or if session.returnTo is not specified then return/redirect to the string specified in the successReturnToOrRedirect option.

The problem with the situation as-is, is that session.returnTo is wiped out including session.returnTo and thus the user is always routed towards the default as specified in successReturnToOrRedirect. This behaviour is unexpected and one would expect that when you have set a returnTo value in the session and also specified the successReturnToOrRedirect option that the user would be directed towards the value specified in the session. As described in #919, there is a workaround by setting the keepSessionInfo option to true but this workaround involves keeping all of the previous session values rather than the minimal set required for successReturnToOrRedirect to operated as expected.

This patch ensures that if successReturnToOrRedirect is being used and the session contains a returnTo value that the session.returnTo value is maintained and thus the expected behaviour is implemented.

Checklist

  • I have read the CONTRIBUTING guidelines.
  • I have added test cases which verify the correct operation of this feature or patch.
  • I have added documentation pertaining to this feature or patch.
  • The automated test suite ($ make test) executes successfully.
  • The automated code linting ($ make lint) executes successfully.

@sbsamaro
Copy link

@jaredhanson Can we get this fix in?

@shashank686
Copy link

shashank686 commented Nov 4, 2022
edited
Loading

@jaredhanson please fix it, so then there will be no need of a workaround by using keepSessionInfo flag as returnTo will be preserved.

@sbsamaro
Copy link

sbsamaro commented Nov 4, 2022

@shashank686 The work around did not work for me. Did it work for you? So right now the return too is not perserved and my app is failing with that behavior if i upgrade.

@florianwalther-private
Copy link

Is this going to be merged?

@brookback brookback mentioned this pull request Feb 10, 2023
Open
@grahamwhiteuk
Copy link
Author

Is this going to be merged?

I don't think so. Seems like this repo is dead and no longer maintained.

@florianwalther-private
Copy link

Is this going to be merged?

I don't think so. Seems like this repo is dead and no longer maintained.

That sucks to hear. Do you know an alternative package that does the same job?

@jaredhanson
Copy link
Owner

Seems like this repo is dead and no longer maintained.

It's still maintained. As a general rule, I don't merge pull requests that lack corresponding tests. If this PR is updated with test cases, I will merge and publish. Otherwise, it'll wait until I have the time to write the tests.

Thanks.

@drebel drebel mentioned this pull request Apr 15, 2023
Closed
@SISheogorath SISheogorath mentioned this pull request Jul 19, 2023
Closed
4 tasks
@awick awick mentioned this pull request Jan 11, 2024
Closed
davidmehren added a commit to hedgedoc/hedgedoc that referenced this pull request Aug 31, 2024
@davidmehren @grahamwhiteuk
fix(auth): exclude returnTo from passport reset
9598834 
We patch passport with the code from https://github
.com/jaredhanson/passport/pull/941,
which excludes session.returnTo from reset on login.

Fixes #4466

Co-authored-by: Graham White <graham_alton@hotmail.com>
Signed-off-by: David Mehren <git@herrmehren.de>
davidmehren added a commit to hedgedoc/hedgedoc that referenced this pull request Aug 31, 2024
@davidmehren @grahamwhiteuk
fix(auth): exclude returnTo from passport reset
9586425 
We patch passport with the code from https://github
.com/jaredhanson/passport/pull/941,
which excludes session.returnTo from reset on login.

Fixes #4466

Co-authored-by: Graham White <graham_alton@hotmail.com>
Signed-off-by: David Mehren <git@herrmehren.de>
DerMolly pushed a commit to hedgedoc/hedgedoc that referenced this pull request Aug 31, 2024
@davidmehren @grahamwhiteuk @DerMolly
fix(auth): exclude returnTo from passport reset
ef7373f 
We patch passport with the code from https://github
.com/jaredhanson/passport/pull/941,
which excludes session.returnTo from reset on login.

Fixes #4466

Co-authored-by: Graham White <graham_alton@hotmail.com>
Signed-off-by: David Mehren <git@herrmehren.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbsamaro sbsamaro sbsamaro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@grahamwhiteuk @sbsamaro @shashank686 @florianwalther-private @jaredhanson