Fixes #2266 - Login always redirected to dashboard after third party / OAuth2 login (e.g. Google)

This commit is contained in:
Martin Edenhofer 2021-02-25 16:27:17 +00:00 committed by Thorsten Eckel
parent 3b601ac16c
commit c505851e4c
4 changed files with 68 additions and 16 deletions

View file

@ -234,9 +234,7 @@ class App.Controller extends Spine.Controller
return true if @permissionCheck(key)
# remember requested url
location = window.location.hash
if location && location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts'
App.Config.set('requested_url', location)
@requestedUrlToStore()
if closeTab
App.TaskManager.remove(@taskKey)
@ -255,9 +253,7 @@ class App.Controller extends Spine.Controller
return true if @authenticateCheck()
# remember requested url
location = window.location.hash
if location && location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts'
@Config.set('requested_url', location)
@requestedUrlToStore()
# redirect to login
@navigate '#login'
@ -271,6 +267,25 @@ class App.Controller extends Spine.Controller
return true if @Session.get()
false
requestedUrlToStore: ->
location = window.location.hash
return if !location
return if location is '#'
return if location is '#login'
return if location is '#logout'
return if location is '#keyboard_shortcuts'
# remember requested url
@requestedUrlRemember(location)
requestedUrlRemember: (location) ->
App.SessionStorage.set('requested_url', location) # for authentication agains third party
App.Config.set('requested_url', location) # for local re-login
requestedUrlWas: ->
App.SessionStorage.get('requested_url') || App.Config.get('requested_url')
frontendTimeUpdate: =>
update = =>
@frontendTimeUpdateElement($('#app'))

View file

@ -17,6 +17,14 @@ class DefaultRouter extends App.Controller
@navigate '#getting_started', { hideCurrentLocationFromHistory: true }
return
# redirect to requested url
requested_url = @requestedUrlWas()
if requested_url
@requestedUrlRemember('')
@log 'notice', "REDIRECT to '#{requested_url}'"
@navigate requested_url, { hideCurrentLocationFromHistory: true }
return
if @Config.get('default_controller')
@navigate @Config.get('default_controller'), { hideCurrentLocationFromHistory: true }
return

View file

@ -79,14 +79,6 @@ class Login extends App.ControllerFullPage
App.Plugin.init()
# redirect to #
requested_url = @Config.get('requested_url')
if requested_url && requested_url isnt '#login' && requested_url isnt '#logout'
@log 'notice', "REDIRECT to '#{requested_url}'"
@navigate requested_url
# reset
@Config.set('requested_url', '')
else
@log 'notice', 'REDIRECT to -#/-'
@navigate '#/'

View file

@ -25,4 +25,41 @@ RSpec.describe 'Authentication', type: :system do
# check wrong displayed fields in registration form after logout. #2989
expect(page).to have_no_selector('select[name=organization_id]')
end
it 'Login and redirect to requested url', authenticated_as: false do
visit 'ticket/zoom/1'
expect_current_route 'login', wait: 2
login(
username: 'master@example.com',
password: 'test',
)
expect_current_route 'ticket/zoom/1', wait: 2
end
it 'Login and redirect to requested url via external authentication', authenticated_as: false do
visit 'ticket/zoom/1'
expect_current_route 'login', wait: 2
# simulate jump to external ressource
visit 'https://www.zammad.org'
# simulate successful login via third party
user = User.find_by(login: 'master@example.com')
ActiveRecord::SessionStore::Session.all.each do |session|
session.data[:user_id] = user.id
session.save!
end
# jump back and check if origin requested url is shown
visit ''
expect_current_route 'ticket/zoom/1', wait: 2
expect(current_login).to eq('master@example.com')
end
end