Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect users to the intended page after successful login #672

Merged
merged 1 commit into from
Jan 11, 2025
Merged

Redirect users to the intended page after successful login #672

merged 1 commit into from
Jan 11, 2025
+19 −3

Conversation

tjementum
Copy link
Member

Summary & Motivation

Improve the login flow by redirecting users to the page they were attempting to access before being prompted to log in. For example, if a user tries to visit /admin/users without being logged in, they are redirected to the login page with ?returnPath=%2Fadmin%2Fusers in the URL. After logging in, the user is redirected back to /admin/users.

To ensure security, redirects to different domains are explicitly blocked. Only returnPath values starting with / are allowed, preventing open redirect vulnerabilities.

Checklist

  • I have added tests, or done manual regression tests
  • I have updated the documentation, if necessary

@tjementum tjementum added the Enhancement New feature or request label Jan 11, 2025
@tjementum tjementum self-assigned this Jan 11, 2025
@linear Linear
Copy link

linear bot commented Jan 11, 2025

PP-302 Use returnPath as the destination when logging in

@tjementum tjementum changed the title Redirect users to the intended page after successful login Redirect users to the intended page after successful login Jan 11, 2025
@tjementum tjementum force-pushed the pp-302-use-returnpath-as-the-destination-when-logging-in branch from 9a920e4 to 78cbeee Compare January 11, 2025 21:35
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@tjementum tjementum merged commit 00c0022 into main Jan 11, 2025
8 checks passed
@tjementum tjementum deleted the pp-302-use-returnpath-as-the-destination-when-logging-in branch January 11, 2025 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@tjementum tjementum

Labels
Enhancement New feature or request
Projects
Kanban board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tjementum