diff --git a/api-server/server/boot/authentication.js b/api-server/server/boot/authentication.js index 19f01f10e6..4fd4176ea6 100644 --- a/api-server/server/boot/authentication.js +++ b/api-server/server/boot/authentication.js @@ -39,6 +39,12 @@ module.exports = function enableAuthentication(app) { const ifNoUserRedirectHome = ifNoUserRedirectTo(homeLocation); const saveAuthCookies = saveResponseAuthCookies(); const loginSuccessRedirect = loginRedirect(); + const addRedirect = (req, res, next) => { + if (req && req.query && req.query.returnTo) { + req.query.returnTo = `${homeLocation}/${req.query.returnTo}`; + } + return next(); + }; const api = app.loopback.Router(); // Use a local mock strategy for signing in if we are in dev mode. @@ -47,27 +53,18 @@ module.exports = function enableAuthentication(app) { if (process.env.LOCAL_MOCK_AUTH === 'true') { api.get( '/signin', + addRedirect, passport.authenticate('devlogin'), saveAuthCookies, loginSuccessRedirect ); } else { - api.get( - '/signin', - (req, res, next) => { - if (req && req.query && req.query.returnTo) { - req.query.returnTo = `${homeLocation}/${req.query.returnTo}`; - } - return next(); - }, - ifUserRedirect, - (req, res, next) => { - const state = req.query.returnTo - ? Buffer.from(req.query.returnTo).toString('base64') - : null; - return passport.authenticate('auth0-login', { state })(req, res, next); - } - ); + api.get('/signin', addRedirect, ifUserRedirect, (req, res, next) => { + const state = req.query.returnTo + ? Buffer.from(req.query.returnTo).toString('base64') + : null; + return passport.authenticate('auth0-login', { state })(req, res, next); + }); api.get( '/auth/auth0/callback', diff --git a/api-server/server/component-passport.js b/api-server/server/component-passport.js index fa12146774..fb467d9edc 100644 --- a/api-server/server/component-passport.js +++ b/api-server/server/component-passport.js @@ -81,9 +81,8 @@ export const saveResponseAuthCookies = () => { export const loginRedirect = () => { return (req, res) => { const successRedirect = req => { - if (!!req && req.session && req.session.returnTo) { - delete req.session.returnTo; - return `${homeLocation}/learn`; + if (req && req.query && req.query.returnTo) { + return req.query.returnTo; } return `${homeLocation}/learn`; }; diff --git a/api-server/server/middleware.json b/api-server/server/middleware.json index 445290954d..3588498b11 100644 --- a/api-server/server/middleware.json +++ b/api-server/server/middleware.json @@ -29,7 +29,6 @@ "auth:before": { "express-flash": {}, "./middlewares/express-extensions": {}, - "./middlewares/add-return-to": {}, "./middlewares/cookie-parser": {}, "./middlewares/request-authorization": {} }, diff --git a/api-server/server/middlewares/add-return-to.js b/api-server/server/middlewares/add-return-to.js deleted file mode 100644 index 47d7bbfc03..0000000000 --- a/api-server/server/middlewares/add-return-to.js +++ /dev/null @@ -1,37 +0,0 @@ -const pathsOfNoReturn = [ - 'link', - 'auth', - 'login', - 'logout', - 'signin', - 'signup', - 'fonts', - 'favicon', - 'js', - 'css' -]; - -const pathsAllowedList = ['challenges', 'map', 'commit']; - -const pathsOfNoReturnRegex = new RegExp(pathsOfNoReturn.join('|'), 'i'); -const pathsAllowedRegex = new RegExp(pathsAllowedList.join('|'), 'i'); - -export default function addReturnToUrl() { - return function(req, res, next) { - // Remember original destination before login. - var path = req.path.split('/')[1]; - - if ( - req.method !== 'GET' || - pathsOfNoReturnRegex.test(path) || - !pathsAllowedRegex.test(path) || - /hot/i.test(req.path) - ) { - return next(); - } - req.session.returnTo = req.originalUrl.includes('/map') - ? '/' - : req.originalUrl; - return next(); - }; -}