URL push with passphrase redirects to the passphrase page after successful validation, rather to payload url

[thekamilpro]

I think I found a bug, when creating a new URL push with your website or API, the link redirects back to the URL push, rather than the site hidden by the push; I think it should at this point redirect to the hidden path. You can see in the screenshot below the Link leads to the same address as the actual push.

I had quick at the code and I think this the responsible line

PasswordPusher/app/controllers/urls_controller.rb

Line 91 in ff18f62

redirect_to preliminary_url_path(@push.url_token)

[github-actions]

Hello @thekamilpro, thanks for contributing to the Password Pusher community! We will respond as soon as possible.

[pglombardo]

Hi @thekamilpro - Hrm good find - the 1-click doesn't make much sense when the passphrase lockdown is in use....

I just tested it and the flow was "Click Here to Proceed", Passphrase lockdown form, "Click Here to Proceed" again and then the final URL.

Thanks/I'll fix soon.

[clmcavaney]

I hit this same issue today.

If no passphrase - all good
If 1-click - all good

if passphrase - no good

[pglombardo]

Ok I think I have the right fix in #2059. A bit more testing later today and I'll push it out.

[pglombardo]

Released in v1.40.4.

[clmcavaney]

Just tested this but the view's count doesn't appear to be decreasing.
I can view the URL way more than the number I set.
Could the view check detection be faulty when a passphrase is in the mix?

[pglombardo]

Doh thats not good. I have a fix in progress now. Thanks for the find!

[pglombardo]

Fix released in v1.40.8 which is building now. I added a bunch of tests to validate this going forward for each release.

Thanks for the helpful report @clmcavaney!