diff --git a/app/features/authentication/routes/login.tsx b/app/features/authentication/routes/login.tsx index e33521b8..22fc5ea7 100644 --- a/app/features/authentication/routes/login.tsx +++ b/app/features/authentication/routes/login.tsx @@ -3,6 +3,10 @@ import { parseWithZod } from '@conform-to/zod' import { data, Form, Link, redirect } from 'react-router' import { loginSchema } from '~/features/authentication/schemas/login.schema' import { needSetupProcess } from '~/features/authentication/server/need-setup-process.server' +import { + buildLoginRedirectUrl, + resolvePostLoginRedirect, +} from '~/features/authentication/server/post-login-redirect.server' import { checkLoginRateLimit, clearLoginAttempts, @@ -19,6 +23,7 @@ import { Button } from '~/shared/ui/button' import { Card, CardContent, CardFooter, CardHeader } from '~/shared/ui/card' import { Input } from '~/shared/ui/input' import { Label } from '~/shared/ui/label' +import { safeRedirectUrl } from '~/shared/utils/safe-redirect.server' import type { Route } from './+types/login' export const meta: Route.MetaFunction = () => { @@ -29,6 +34,8 @@ export async function loader({ request }: Route.LoaderArgs) { // Verify that the subdomain matches an existing congregation await resolveCongregationFromRequest(request) + const redirectTo = safeRedirectUrl(new URL(request.url).searchParams.get('redirectTo'), '/') + const shouldStartSetup = await needSetupProcess() if (shouldStartSetup) { return redirect(process.env.UNITAE_MULTI_TENANT === 'true' ? '/register' : '/setup') @@ -39,7 +46,7 @@ export async function loader({ request }: Route.LoaderArgs) { const uid = Number(session.get('userId')) if (Number.isNaN(uid) || uid <= 0) { return data( - { error: undefined, brandingName: await getBrandingName(request) }, + { error: undefined, brandingName: await getBrandingName(request), redirectTo }, { headers: { 'Set-Cookie': await destroySession(session) } }, ) } @@ -53,18 +60,18 @@ export async function loader({ request }: Route.LoaderArgs) { }) if (!user || user.congregationId !== urlCongregation.id) { return data( - { error: undefined, brandingName: await getBrandingName(request) }, + { error: undefined, brandingName: await getBrandingName(request), redirectTo }, { headers: { 'Set-Cookie': await destroySession(session) } }, ) } } - throw redirect('/') + throw redirect(redirectTo) } const brandingName = await getBrandingName(request) return data( - { error: session.get('error'), brandingName }, + { error: session.get('error'), brandingName, redirectTo }, { headers: { 'Set-Cookie': await commitSession(session), @@ -74,7 +81,7 @@ export async function loader({ request }: Route.LoaderArgs) { } export default function LoginPage({ loaderData, actionData }: Route.ComponentProps) { - const { error, brandingName } = loaderData + const { error, brandingName, redirectTo } = loaderData const [form, fields] = useForm({ lastResult: actionData, @@ -97,6 +104,7 @@ export default function LoginPage({ loaderData, actionData }: Route.ComponentPro )}