Merge pull request nexodus-io#1924 from chirino/return-after-login

frontend: redirect back to original window URL after login.

pkg/oidcagent/handlers.go

@@ -78,28 +78,23 @@ func (o *OidcAgent) LoginStart(c *gin.Context) {
 
 	state, err := randString(16)
 	if err != nil {
+		logger.With("error", err).Info("unable generate random state")
 		c.AbortWithStatus(http.StatusInternalServerError)
 		return
 	}
 
 	nonce, err := randString(16)
 	if err != nil {
+		logger.With("error", err).Info("unable generate random nonce")
 		c.AbortWithStatus(http.StatusInternalServerError)
 		return
 	}
-
-	logger = logger.With(
-		"state", state,
-		"nonce", nonce,
-		"redirect", query.Redirect,
-	)
-
-	c.SetSameSite(http.SameSiteStrictMode)
+
+	c.SetSameSite(http.SameSiteLaxMode)
 	c.SetCookie("redirect", query.Redirect, int(time.Hour.Seconds()), "/", "", c.Request.URL.Scheme == "https", true)
-	c.SetCookie("failure", query.Redirect, int(time.Hour.Seconds()), "/", "", c.Request.URL.Scheme == "https", true)
+	c.SetCookie("failure", query.Failure, int(time.Hour.Seconds()), "/", "", c.Request.URL.Scheme == "https", true)
 	c.SetCookie("state", state, int(time.Hour.Seconds()), "/", "", c.Request.URL.Scheme == "https", true)
 	c.SetCookie("nonce", nonce, int(time.Hour.Seconds()), "/", "", c.Request.URL.Scheme == "https", true)
-	logger.Debug("set cookies")
 	url := o.oauthConfig.AuthCodeURL(state, oidc.Nonce(nonce))
 	c.Redirect(http.StatusFound, url)
 }
@@ -135,10 +130,12 @@ func (o *OidcAgent) LoginEnd(c *gin.Context) {
 
 	redirectURL, err := c.Cookie("redirect")
 	if err != nil {
+		logger.With("error", err).Info("unable to access redirect cookie")
 		c.AbortWithStatus(http.StatusBadRequest)
 		return
 	}
 	if redirectURL == "" {
+		logger.Info("redirect URL missing")
 		c.AbortWithStatus(http.StatusBadRequest)
 		return
 	}

ui/src/providers/AuthProvider.tsx

@@ -2,6 +2,7 @@ import { AuthProvider, UserIdentity } from "react-admin";
 import { RefreshManager } from "./RefreshManager";
 import { red } from "@mui/material/colors";
 
+const originalLocationURL = window.location.href;
 export const goOidcAgentAuthProvider = (api: string): AuthProvider => {
   const getMe = async (): Promise<UserIdentity> => {
     const request = new Request(`${api}/api/users/me`, {
@@ -33,7 +34,7 @@ export const goOidcAgentAuthProvider = (api: string): AuthProvider => {
     login: async (params = {}) => {
       console.log("Login Called!!");
 
-      let redirect = window.location.href;
+      let redirect = originalLocationURL;
       if (redirect.endsWith("#/login")) {
         // replace #/login with empty string
         redirect = redirect.replace("#/login", "");
@@ -42,23 +43,26 @@ export const goOidcAgentAuthProvider = (api: string): AuthProvider => {
       console.log("redirect", redirect);
 
       // Send the user to the authentication server, and have them come back to the redirect URL
-      window.location.replace(`${api}/web/login/start?redirect=${redirect}`);
+      window.location.replace(
+        `${api}/web/login/start?redirect=${encodeURIComponent(redirect)}`,
+      );
     },
 
     logout: async () => {
-      console.log("Logout Called");
+      RefreshManager.stopRefreshing();
       try {
         await getMe();
       } catch (err) {
         // If we are not logged in, then we don't need to log out
         return;
       }
 
-      RefreshManager.stopRefreshing();
       let redirect = window.location.href;
       // does the redirect contain a hash? If so, remove it.
       redirect = redirect.split("#")[0];
-      window.location.replace(`${api}/web/logout?redirect=${redirect}`);
+      window.location.replace(
+        `${api}/web/logout?redirect=${encodeURIComponent(redirect)}`,
+      );
     },
 
     checkError: async (error: any) => {