From 73fb1ecdcf7c72c9b15caa70a8e3f444d311bd7b Mon Sep 17 00:00:00 2001
From: cassiozareck <121526696+cassiozareck@users.noreply.github.com>
Date: Thu, 27 Jul 2023 02:08:51 -0300
Subject: [PATCH] Fixing redirection issue for logged-in users (#26105)

This PR addresses an issue where logged-in users get redirected to the
homepage when trying to access a URL with the redirect_to parameter. The
issue was traced back to a middleware function in
services/auth/middleware.go that redirects logged-in users to the
homepage. This function didn't account the redirect_to parameter.

The fix modifies the middleware function to check for this case and
redirect the user to the specified URL instead of the homepage.

Closes: #26005

---------

Signed-off-by: cassiozareck <cassiomilczareck@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---
 routers/web/web.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/routers/web/web.go b/routers/web/web.go
index 6d5ccad484..d7ef2fb82f 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -374,8 +374,9 @@ func registerRoutes(m *web.Route) {
 	m.Get("/milestones", reqSignIn, reqMilestonesDashboardPageEnabled, user.Milestones)
 
 	// ***** START: User *****
+	// "user/login" doesn't need signOut, then logged-in users can still access this route for redirection purposes by "/user/login?redirec_to=..."
+	m.Get("/user/login", auth.SignIn)
 	m.Group("/user", func() {
-		m.Get("/login", auth.SignIn)
 		m.Post("/login", web.Bind(forms.SignInForm{}), auth.SignInPost)
 		m.Group("", func() {
 			m.Combo("/login/openid").