WIP: fixing destination_url #33072
WIP: fixing destination_url #33072
Conversation
| @@ -67,6 +68,13 @@ export default class LoginMethod extends EmberObject { | |||
| params["signup"] = true; | |||
| } | |||
|
|
|||
| const destinationUrl = cookie("destination_url"); | |||
There was a problem hiding this comment.
When using an "external login" method (aka. social logins), we pass the "origin" to the server (omniauth).
| removeCookie("destination_url"); | ||
| window.location.assign(destinationUrl); | ||
| } else if (this.referrerTopicUrl) { |
There was a problem hiding this comment.
this.referrerTopic is redundant now that we use the destination_url cookie.
|
|
||
| if (ssoDestinationUrl) { |
There was a problem hiding this comment.
Not 100% sure why this uses a different cookie 🤔 This is the main reason this PR is a draft because I don't understand the consequences of this change.
There was a problem hiding this comment.
Curious if @OsamaSayegh or @davidtaylorhq remember the reason for having sso_destination_url vs destination_url.
| @@ -453,7 +453,7 @@ export default class SignupPageController extends Controller { | |||
| const destinationUrl = this.authOptions?.destination_url; | |||
|
|
|||
| if (!isEmpty(destinationUrl)) { | |||
| cookie("destination_url", destinationUrl, { path: "/" }); | |||
| cookie("destination_url", destinationUrl); | |||
There was a problem hiding this comment.
{ path: "/" } is the default.
There was a problem hiding this comment.
Can we also ensure that destinationUrl is subfolder aware?
Unless there's a piece of logic somewhere else modifying the cookie, it doesn't seem like it takes subfolders into account:
discourse/app/assets/javascripts/discourse/app/controllers/login.js
Lines 155 to 162 in a9cf9ae
There was a problem hiding this comment.
What makes you think the behavior changed when it comes to handling subfolder? 🤔
| @@ -278,11 +278,12 @@ export default class ApplicationRoute extends DiscourseRoute { | |||
|
|
|||
| handleShowCreateAccount(createAccountProps) { | |||
| if (this.siteSettings.enable_discourse_connect) { | |||
| const returnPath = encodeURIComponent(window.location.pathname); | |||
| const returnPath = cookie("destination_url") | |||
There was a problem hiding this comment.
When Discourse Connect is enabled, we have a slightly different behavior for the return path when there's a destination_url cookie. I applied the same behavior when going through the signup process too.
This is the 2nd reason why this PR is a draft as I'm not 100% sure the impact this change has 🤔
| "referrerTopicUrl", | ||
| this.internalReferrer || document.referrer | ||
| ); | ||
| cookie("destination_url", this.internalReferrer || document.referrer); |
There was a problem hiding this comment.
Use the destination_url cookie instead of relying on a controller's property.
| @@ -10,7 +12,11 @@ export default class SignupRoute extends DiscourseRoute { | |||
|
|
|||
| authComplete = false; | |||
|
|
|||
| beforeModel() { | |||
| beforeModel({ from }) { | |||
| if (from) { | |||
There was a problem hiding this comment.
Applies the same "store the origin url in a cookie" behavior we do when login in, but for the signup process.
| @@ -21,7 +21,7 @@ | |||
| request.session[:auth_reconnect] = !!request.params["reconnect"] | |||
|
|
|||
| # If the client provided an origin, store in session to redirect back | |||
| request.session[:destination_url] = request.params["origin"] | |||
| request.session[:destination_url] = request.params["origin"] if request.params["origin"].present? | |||
| @@ -32,6 +32,9 @@ def register_middleware(omniauth) | |||
| opts[:client_id] = SiteSetting.google_oauth2_client_id | |||
| opts[:client_secret] = SiteSetting.google_oauth2_client_secret | |||
|
|
|||
| # NOTE: uncomment when testing locally | |||
| # opts[:redirect_uri] = "http://localhost:4200/auth/google_oauth2/callback" | |||
There was a problem hiding this comment.
Took me a while to figure that one out :|
There was a problem hiding this comment.
I think we can fix this properly: #33102
(and then drop these comments)
|
|
||
| if (ssoDestinationUrl) { |
There was a problem hiding this comment.
Curious if @OsamaSayegh or @davidtaylorhq remember the reason for having sso_destination_url vs destination_url.
| "referrerTopicUrl", | ||
| this.internalReferrer || document.referrer | ||
| ); | ||
| cookie("destination_url", this.internalReferrer || document.referrer); |
edd138c to
6d92925
Compare
6d92925 to
1f37a23
Compare
Since the introduction of dedicated login and signup pages (as opposed to modals), we've been seeing reports of issues where visitors aren't redirected back to the "page" they were at when they initiated the authentication process.
Since we have a bazillion of ways a user might authenticate (credentials, social logins, SSO, passkeys, discourse connect, etc...), it's really hard to know what a change will impact.
The goal of this PR is to "simplify" the way we handle this "redirection back to origin" by leveraging the use of a single
destination_urlcookie set on the client-side.