fix(callback): preserve session redirect url before clearing auth session#160
Open
cgarnier wants to merge 1 commit into
Open
fix(callback): preserve session redirect url before clearing auth session#160cgarnier wants to merge 1 commit into
cgarnier wants to merge 1 commit into
Conversation
…sion The callbackRedirectUrl stored in the auth session was read after session.clear() in the OIDC callback handler, making it always undefined and forcing the final redirect to fall back to '/'. Capture the value into a local variable before clearing the session so resolveCallbackRedirectUrl receives the actual stored URL. Fixes itpropro#159
|
@itpropro any chance we could get this in? I'm currently patching around this behavior |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #159.
Fixes #149.
In
callbackEventHandler(src/runtime/server/handler/callback.ts),session.clear()was called before readingsession.data.callbackRedirectUrl, so the value passed toresolveCallbackRedirectUrlwas alwaysundefined. As a result, users were always redirected to/after sign-in, even when the global middleware had stored the original target path in the session via?callbackRedirectUrl=....Fix
Capture
session.data.callbackRedirectUrlinto a local variable before clearing the session, then pass that local variable toresolveCallbackRedirectUrl. This matches the original intent of the helper and restores the expected behavior of the existingmiddleware-callback-redirectE2E flow.Tests
resolveCallbackRedirectUrl(test/unit/utils/redirect.test.ts) still pass.pnpm test:unit— 9 files, 121 tests passing.pnpm typecheck— clean.pnpm lint— no new errors/warnings introduced by this change.I did not add a new test: a unit test on
resolveCallbackRedirectUrlwould not have caught this regression (the helper itself was already correct). A meaningful regression test would require either a heavily mocked handler test or a full E2E provider flow; happy to add one if you have a preferred approach.