Skip to content

feat(authentication): preserve intended URL after re-login#254

Merged
mindsers merged 2 commits into
mainfrom
feat/preserve-login-redirect
Jul 16, 2026
Merged

feat(authentication): preserve intended URL after re-login#254
mindsers merged 2 commits into
mainfrom
feat/preserve-login-redirect

Conversation

@mindsers

Copy link
Copy Markdown
Contributor

Summary

  • Preserve the intended URL through the login bounce so users return to the page they were viewing after their session expires.
  • Only apply to pure not-authenticated cases; wall pages (suspended, trial expired, unverified email, tenant mismatch) stay bare to avoid loops back to inaccessible URLs.
  • All redirect targets flow through the existing safeRedirectUrl helper to block open-redirect attempts, with rejected values logged for ops visibility.

Test plan

  • pnpm test:unit — 1937 tests pass, including new coverage for resolvePostLoginRedirect (form/URL precedence, empty values, malformed URL, open-redirect rejection) and buildLoginRedirectUrl.
  • pnpm test:typecheck clean.
  • pnpm test:lint — no warnings on touched files.
  • E2E login.spec.ts round-trip locally (Playwright): unauthenticated GET /publishers/login?redirectTo=%2Fpublishers → submit creds → back to /publishers.
  • Manual browser check: crafted ?redirectTo=https://evil.com falls back to / and emits the safeRedirectUrl warn log.
  • Manual browser check: wall pages (/suspended, /trial-expired, /verify-email) still redirect bare without a redirectTo tail.

mindsers added 2 commits July 16, 2026 08:27
When a session expires while a user has a deep-linked page open (a
territory, a publisher card, etc.), send them back to that URL after
logging in instead of always landing on /. Only the pure
not-authenticated branches carry the URL through — wall pages
(suspended, trial expired, unverified email, tenant mismatch) stay
bare so users are not looped back into a page they cannot access.

Sanitization flows through the existing safeRedirectUrl helper to
block open-redirect targets in both the URL query and the form field.
Add a WHY comment on the tenant-mismatch bare-redirect so a future
contributor doesn't "fix the inconsistency" and leak a cross-tenant
path back into the URL. Extend the safeRedirectUrl JSDoc to note the
rejection warn log, and expand the auth flow diagram to cover session
expiry, the re-auth destination, and the wall-page exceptions.
@mindsers
mindsers merged commit f35f4cd into main Jul 16, 2026
7 checks passed
@mindsers
mindsers deleted the feat/preserve-login-redirect branch July 16, 2026 06:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant