Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing redirection issue for logged-in users #26105

Merged
merged 4 commits into from
Jul 27, 2023

Conversation

cassiozareck
Copy link
Contributor

This PR addresses an issue where logged-in users get redirected to the homepage when trying to access a URL with the redirect_to parameter. The issue was traced back to a middleware function in services/auth/middleware.go that redirects logged-in users to the homepage. This function didn't account the redirect_to parameter.

The fix modifies the middleware function to check for this case and redirect the user to the specified URL instead of the homepage.

Closes: #26005

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jul 25, 2023
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 25, 2023
@puni9869
Copy link
Member

@wxiaoguang need your feedback for this change.

@wxiaoguang
Copy link
Contributor

I haven't understood why this change works.

In my mind, the straight fix could be:

  1. Move the m.Get("/login", auth.SignIn) out from the reqSignOut
  2. In auth.SignIn, if the current user "IsSigned", then redirect

@puni9869
Copy link
Member

puni9869 commented Jul 26, 2023

I haven't understood why this change works.

In my mind, the straight fix could be:

  1. Move the m.Get("/login", auth.SignIn) out from the reqSignOut
  2. In auth.SignIn, if the current user "IsSigned", then redirect

Thats what I thought

Signed-off-by: cassiozareck <cassiomilczareck@gmail.com>
@cassiozareck
Copy link
Contributor Author

I haven't thought about it before, but your suggestion makes a lot more sense than changing the middleware itself. I've updated the PR accordingly. Now, I've moved the login route outside of the reqSignOut middleware and discarded the old changes.

The auth.SignIn route handler now checks if the user is logged in. If the user is logged in, it redirects them. If the URL doesn't have the redirect_to parameter, it simply redirects to the / route. This is useful in scenarios where the user wants to access the redirect page only if they're logged in.

Copy link
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, overall it looks good to me, while I think the "POST" method should be kept in the "reqSignOut"

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jul 27, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 27, 2023
@lunny lunny added this to the 1.21.0 milestone Jul 27, 2023
@lunny lunny added type/bug reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Jul 27, 2023
@puni9869
Copy link
Member

Thanks cassiozareck for these changes. 💯

@lunny lunny merged commit 73fb1ec into go-gitea:main Jul 27, 2023
23 checks passed
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 27, 2023
@cassiozareck
Copy link
Contributor Author

Thank you, overall it looks good to me, while I think the "POST" method should be kept in the "reqSignOut"

I tried that first but the login wasn't being saved after login probably because it expects the user should had first signed out to save the post login.
Thanks for the help guys I'll keep contributing for Gitea.

@wxiaoguang
Copy link
Contributor

Sorry maybe I misunderstood the problem. If "SignInPost" also needs to handle "redirect_to", IMO it needs a slightly different approach to keep the old behavior, I will try to figure it out.

@wxiaoguang wxiaoguang mentioned this pull request Jul 28, 2023
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jul 28, 2023
* giteaofficial/main: (21 commits)
  improve unit test for caching (go-gitea#26185)
  Render plaintext task list items for markdown files (go-gitea#26186)
  Add tooltip to describe LFS table column and color `delete LFS file` button red (go-gitea#26181)
  Show branches and tags that contain a commit (go-gitea#25180)
  Release attachments duplicated check (go-gitea#26176)
  Calculate MAX_WORKERS default value by CPU number (go-gitea#26177)
  Fixing redirection issue for logged-in users (go-gitea#26105)
  Update govulncheck, fix typo (go-gitea#26168)
  Fix handling of plenty Nuget package versions (go-gitea#26075)
  Fix typos in Contributing.md (go-gitea#26170)
  Disable download action logs button when there's no logs (go-gitea#26114)
  Re-add static images to docs (go-gitea#26167)
  Update email-setup.en-us.md (go-gitea#26068)
  Improve display of Labels/Projects/Assignees sort options (go-gitea#25886)
  Fix wrong branch name in rename branch modal (go-gitea#26146)
  Doc update swagger doc for POST /orgs/{org}/teams  (go-gitea#26155)
  Fix UI regression of asciinema player (go-gitea#26159)
  refactor improve NoBetterThan (go-gitea#26126)
  Update Chinese documents (go-gitea#26139)
  Fix bugs in LFS meta garbage collection (go-gitea#26122)
  ...
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Oct 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

about the router
5 participants