fix: signout redirect (#42538)

Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>
2021-06-17 11:24:18 -07:00
parent 6fedc48495
commit 7857c3932b
3 changed files with 16 additions and 6 deletions
--- a/api-server/src/server/boot/authentication.js
+++ b/api-server/src/server/boot/authentication.js
@ -63,7 +63,7 @@ module.exports = function enableAuthentication(app) {
  }

  api.get('/signout', (req, res) => {
-    const { origin } = getRedirectParams(req);
+    const { origin, returnTo } = getRedirectParams(req);
    req.logout();
    req.session.destroy(err => {
      if (err) {
@ -74,7 +74,7 @@ module.exports = function enableAuthentication(app) {
        });
      }
      removeCookies(req, res);
-      res.redirect(origin);
+      res.redirect(returnTo);
    });
  });

--- a/api-server/src/server/component-passport.js
+++ b/api-server/src/server/component-passport.js
@ -16,6 +16,7 @@ import {
  isRootPath
 } from './utils/redirection';
 import { jwtSecret } from '../../../config/secrets';
+import { availableLangs } from '../../../config/i18n/all-langs';

 const passportOptions = {
  emailOptional: true,
@ -85,13 +86,22 @@ export const devSaveResponseAuthCookies = () => {

 export const devLoginRedirect = () => {
  return (req, res) => {
-    // this mirrors the production approach, but without any validation
+    // this mirrors the production approach, but only validates the prefix
    let { returnTo, origin, pathPrefix } = getRedirectParams(
      req,
-      params => params
+      ({ returnTo, origin, pathPrefix }) => {
+        pathPrefix = availableLangs.client.includes(pathPrefix)
+          ? pathPrefix
+          : '';
+        return {
+          returnTo,
+          origin,
+          pathPrefix
+        };
+      }
    );
    returnTo += isRootPath(getRedirectBase(origin, pathPrefix), returnTo)
-      ? 'learn'
+      ? '/learn'
      : '';
    return res.redirect(returnTo);
  };
--- a/api-server/src/server/utils/redirection.js
+++ b/api-server/src/server/utils/redirection.js
@ -66,7 +66,7 @@ function getRedirectParams(req, _normalizeParams = normalizeParams) {
  const origin = returnUrl.origin;
  // if this is not one of the client languages, validation will convert
  // this to '' before it is used.
-  const pathPrefix = returnUrl.pathname.split('/')[0];
+  const pathPrefix = returnUrl.pathname.split('/')[1];
  return _normalizeParams({ returnTo: returnUrl.href, origin, pathPrefix });
 }