From 9b37e8eb38bdf807be14d418d3ffa32fffac8f8c Mon Sep 17 00:00:00 2001 From: Christoph Zwerschke Date: Tue, 10 Dec 2024 17:46:23 +0000 Subject: [PATCH 1/3] Memorize location before login in session storage --- src/app/auth/services/auth.service.ts | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/app/auth/services/auth.service.ts b/src/app/auth/services/auth.service.ts index c346e64..9d209f2 100644 --- a/src/app/auth/services/auth.service.ts +++ b/src/app/auth/services/auth.service.ts @@ -31,8 +31,6 @@ export class AuthService { #csrf = inject(CsrfService); #userSignal = signal(undefined); - #redirectAfterLogin = '/'; - #oidcUserManager: OidcUserManager; #authUrl = this.#config.authUrl; @@ -156,7 +154,7 @@ export class AuthService { * to the authorization endpoint of the OIDC provider. */ async login(): Promise { - this.#redirectAfterLogin = location.pathname; + sessionStorage.setItem('afterLogin', location.pathname); this.#oidcUserManager.signinRedirect(); } @@ -215,7 +213,7 @@ export class AuthService { await this.#oidcUserManager.removeUser(); this.#userSignal.set(null); this.#csrf.token = null; - this.#redirectAfterLogin = '/'; + sessionStorage.removeItem('afterLogin'); this.#router.navigate(['/']); }); } @@ -454,6 +452,16 @@ export class AuthService { * Redirect back to the original page after login */ redirectAfterLogin() { - this.#router.navigate([this.#redirectAfterLogin]); + let afterLogin = sessionStorage.getItem('afterLogin'); + sessionStorage.removeItem('afterLogin'); + if ( + !afterLogin || + ['/oauth/callback', '/register', '/setup-totp', '/confirm-totp'].some((path) => + afterLogin!.startsWith(path), + ) + ) { + afterLogin = '/'; + } + this.#router.navigate([afterLogin]); } } From 4bf325448b9c3d724011dc68077a8ad5aee2977e Mon Sep 17 00:00:00 2001 From: Christoph Zwerschke Date: Tue, 10 Dec 2024 17:51:01 +0000 Subject: [PATCH 2/3] Use shorter variable names --- src/app/auth/services/auth.service.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/app/auth/services/auth.service.ts b/src/app/auth/services/auth.service.ts index 9d209f2..e1cee42 100644 --- a/src/app/auth/services/auth.service.ts +++ b/src/app/auth/services/auth.service.ts @@ -452,16 +452,16 @@ export class AuthService { * Redirect back to the original page after login */ redirectAfterLogin() { - let afterLogin = sessionStorage.getItem('afterLogin'); + let path = sessionStorage.getItem('afterLogin'); sessionStorage.removeItem('afterLogin'); if ( - !afterLogin || - ['/oauth/callback', '/register', '/setup-totp', '/confirm-totp'].some((path) => - afterLogin!.startsWith(path), + !path || + ['/oauth/callback', '/register', '/setup-totp', '/confirm-totp'].some((p) => + path!.startsWith(p), ) ) { - afterLogin = '/'; + path = '/'; } - this.#router.navigate([afterLogin]); + this.#router.navigate([path]); } } From 7c920d7e7df33ef7bbbe024c83f840e5e219a7d0 Mon Sep 17 00:00:00 2001 From: Christoph Zwerschke Date: Tue, 10 Dec 2024 17:56:33 +0000 Subject: [PATCH 3/3] Make it even more foolproof --- src/app/auth/services/auth.service.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/app/auth/services/auth.service.ts b/src/app/auth/services/auth.service.ts index e1cee42..deeade3 100644 --- a/src/app/auth/services/auth.service.ts +++ b/src/app/auth/services/auth.service.ts @@ -456,6 +456,7 @@ export class AuthService { sessionStorage.removeItem('afterLogin'); if ( !path || + !path.startsWith('/') || ['/oauth/callback', '/register', '/setup-totp', '/confirm-totp'].some((p) => path!.startsWith(p), )