revert: allow user to redirect after signin (#40160)

This reverts commit a7eba00690.

api-server/server/boot/authentication.js

@@ -39,12 +39,6 @@ module.exports = function enableAuthentication(app) {
   const ifNoUserRedirectHome = ifNoUserRedirectTo(homeLocation);
   const saveAuthCookies = saveResponseAuthCookies();
   const loginSuccessRedirect = loginRedirect();
-  const addRedirect = (req, res, next) => {
-    if (req && req.query && req.query.returnTo) {
-      req.query.returnTo = `${homeLocation}/${req.query.returnTo}`;
-    }
-    return next();
-  };
   const api = app.loopback.Router();
 
   // Use a local mock strategy for signing in if we are in dev mode.
@@ -53,18 +47,27 @@ module.exports = function enableAuthentication(app) {
   if (process.env.LOCAL_MOCK_AUTH === 'true') {
     api.get(
       '/signin',
-      addRedirect,
       passport.authenticate('devlogin'),
       saveAuthCookies,
       loginSuccessRedirect
     );
   } else {
-    api.get('/signin', addRedirect, ifUserRedirect, (req, res, next) => {
+    api.get(
-      const state = req.query.returnTo
+      '/signin',
-        ? Buffer.from(req.query.returnTo).toString('base64')
+      (req, res, next) => {
-        : null;
+        if (req && req.query && req.query.returnTo) {
-      return passport.authenticate('auth0-login', { state })(req, res, next);
+          req.query.returnTo = `${homeLocation}/${req.query.returnTo}`;
-    });
+        }
+        return next();
+      },
+      ifUserRedirect,
+      (req, res, next) => {
+        const state = req.query.returnTo
+          ? Buffer.from(req.query.returnTo).toString('base64')
+          : null;
+        return passport.authenticate('auth0-login', { state })(req, res, next);
+      }
+    );
 
     api.get(
       '/auth/auth0/callback',

api-server/server/component-passport.js

@@ -81,8 +81,9 @@ export const saveResponseAuthCookies = () => {
 export const loginRedirect = () => {
   return (req, res) => {
     const successRedirect = req => {
-      if (req && req.query && req.query.returnTo) {
+      if (!!req && req.session && req.session.returnTo) {
-        return req.query.returnTo;
+        delete req.session.returnTo;
+        return `${homeLocation}/learn`;
       }
       return `${homeLocation}/learn`;
     };

api-server/server/middleware.json

@@ -29,6 +29,7 @@
   "auth:before": {
     "express-flash": {},
     "./middlewares/express-extensions": {},
+    "./middlewares/add-return-to": {},
     "./middlewares/cookie-parser": {},
     "./middlewares/request-authorization": {}
   },

api-server/server/middlewares/add-return-to.js

@@ -0,0 +1,37 @@
+const pathsOfNoReturn = [
+  'link',
+  'auth',
+  'login',
+  'logout',
+  'signin',
+  'signup',
+  'fonts',
+  'favicon',
+  'js',
+  'css'
+];
+
+const pathsAllowedList = ['challenges', 'map', 'commit'];
+
+const pathsOfNoReturnRegex = new RegExp(pathsOfNoReturn.join('|'), 'i');
+const pathsAllowedRegex = new RegExp(pathsAllowedList.join('|'), 'i');
+
+export default function addReturnToUrl() {
+  return function(req, res, next) {
+    // Remember original destination before login.
+    var path = req.path.split('/')[1];
+
+    if (
+      req.method !== 'GET' ||
+      pathsOfNoReturnRegex.test(path) ||
+      !pathsAllowedRegex.test(path) ||
+      /hot/i.test(req.path)
+    ) {
+      return next();
+    }
+    req.session.returnTo = req.originalUrl.includes('/map')
+      ? '/'
+      : req.originalUrl;
+    return next();
+  };
+}